<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at legal-notices/CDDLv1_0.txt.
! If applicable, add the following below this CDDL HEADER, with the
! fields enclosed by brackets "[]" replaced with your own identifying
! information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2007-2009 Sun Microsystems, Inc.
! Portions Copyright 2012 ForgeRock AS.
! -->
<stax>
<defaultcall function="client_auth_setup"/>
<function name="client_auth_setup" scope="local">
<sequence>
<!--- Test Case : Server Certificate configuration -->
<!---
#@TestMarker Setup Tests
#@TestName Create certificates for server and client
#@TestIssue
#@TestPurpose Create server and client certificates
#@TestPreamble none
#@TestStep Generate server and client certificates.
#@TestStep Self-sign the certificates.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<!-- Generate Server Cert -->
<testcase name="getTestCaseName(' Setup. certificates configuration')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<message>
'---- Generating Server Certificate -----'
</message>
<!-- create a server certificate -->
<call function="'genCertificate'">
{ 'certAlias' : 'server-cert' ,
'dname' : "uid=server,%s" % (DIRECTORY_INSTANCE_SFX),
'keystore' : 'keystore',
'storepass' : SERVER_STOREPASS,
'keypass' : SERVER_KEYPASS,
'storetype' : 'JKS'
}
</call>
<!-- Self-Sign Server Cert -->
<message>
'---- Self-Signing Server Certificate ---- '
</message>
<call function="'SelfSignCertificate'">
{ 'certAlias' : 'server-cert' ,
'storepass' : SERVER_STOREPASS,
'keypass' : SERVER_KEYPASS,
'keystore' : 'keystore',
'storetype' : 'JKS'
}
</call>
<!-- Create folder on local host where are store client keystore and certificate-->
<message>
'Create folder %s' % (CERT_TMP)
</message>
<call function="'createFolder'">
{ 'location' : DIRECTORY_INSTANCE_HOST,
'foldername' : CERT_TMP }
</call>
<call function="'checktestRC'">
{ 'returncode' : RC ,
'result' : STAXResult }
</call>
<message>
'---- Generating client Certificate : %s ---- ' % (USER_1_CERT)
</message>
<!-- create a client certificate : USER_1_CERT -->
<call function="'genCertificate'">
{ 'certAlias' : USER_1_CERT,
'dname' : USER_1_DN,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'keypass' : CLIENT_KEYPASS,
'storetype' : 'JKS'
}
</call>
<!-- Self-Sign client Certificate : USER_1_CERT -->
<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_1_CERT)</message>
<call function="'SelfSignCertificate'">
{ 'certAlias' : USER_1_CERT,
'storepass' : CLIENT_STOREPASS,
'keypass' : CLIENT_KEYPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<!-- create a client certificate : USER_2_CERT -->
<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT)</message>
<call function="'genCertificate'">
{ 'certAlias' : USER_2_CERT,
'dname' : USER_2_DN,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'keypass' : CLIENT_KEYPASS,
'storetype' : 'JKS'
}
</call>
<!-- Self-Sign client Certificate : USER_2_CERT -->
<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT)</message>
<call function="'SelfSignCertificate'">
{ 'certAlias' : USER_2_CERT,
'storepass' : CLIENT_STOREPASS,
'keypass' : CLIENT_KEYPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<call function="'testCase_Postamble'" />
</sequence>
</testcase>
<!--- Test Case : export client and server certificates -->
<!---
#@TestMarker Setup Tests
#@TestName Export and Import Certificates
#@TestIssue
#@TestPurpose Export and import client and server certificates
#@TestPreamble none
#@TestStep Export client and server certificates
#@TestStep Import the certificates in the server and clients Database
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName(' setup. Export and Import certificates')">
<sequence>
<call function="'testCase_Preamble'" />
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<!-- Export the server Cert -->
<message>'---- Export the Server Certificate ----'</message>
<call function="'ExportCertificate'">
{ 'certAlias' : 'server-cert' ,
'outputfile' : SERVER_CERT_FILE,
'storepass' : SERVER_STOREPASS,
'storetype' : 'JKS'
}
</call>
<!-- export client certificate : USER_1_CERT -->
<message> '---- Export the client certificate : : %s ---- ' % (USER_1_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_1_CERT,
'outputfile' : USER_1_CERT_FILE,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<!-- export client certificate RFC format : USER_1_CERT -->
<message> '---- Export the client certificate in RFC : : %s ---- ' % (USER_1_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_1_CERT,
'outputfile' : USER_1_CERT_FILE_RFC,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'format' : 'rfc',
'storetype' : 'JKS'
}
</call>
<!-- export client certificate : USER_2_CERT -->
<message>'---- Export the client certificate : : %s ---- ' % (USER_2_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_2_CERT,
'outputfile' : USER_2_CERT_FILE,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<!-- export client certificate RFC format : USER_2_CERT -->
<message>'---- Export the client certificate in RFC format : : %s ---- ' % (USER_2_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_2_CERT,
'outputfile' : USER_2_CERT_FILE_RFC,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'format' : 'rfc',
'storetype' : 'JKS'
}
</call>
<!-- Import the server Certificate under the client database -->
<message>'---- Import the Server Certificate under the client keystore----'</message>
<call function="'ImportCertificate'">
{ 'certAlias' : 'server-cert',
'inputfile' : SERVER_CERT_FILE,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<!-- Import the client Certificates under the server keystore -->
<message> '---- Import the client Certificates %s under the server keystore----' % (USER_1_CERT)</message>
<call function="'ImportCertificate'">
{ 'certAlias' : USER_1_CERT,
'inputfile' : USER_1_CERT_FILE,
'storepass' : SERVER_STOREPASS,
'storetype' : 'JKS'
}
</call>
<message> '---- Import the client Certificates %s under the server keystore----' % (USER_2_CERT)</message>
<call function="'ImportCertificate'">
{ 'certAlias' : USER_2_CERT,
'inputfile' : USER_2_CERT_FILE,
'storepass' : SERVER_STOREPASS,
'storetype' : 'JKS'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : configure SSL and StartTLS -->
<!---
#@TestMarker Setup Tests
#@TestName Configure SSL and startTLS
#@TestIssue
#@TestPurpose Configure SSL and StartTLS
#@TestPreamble none
#@TestStep Configure SSL
#@TestStep Configure StartTLS
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName('setup. Configure SSL and StartTLS')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<!-- Configure SSL and TLS -->
<message>'---- Configure SSL and TLS----'</message>
<call function="'configureSSL_TLS'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'keystorePin' : SERVER_STOREPASS,
'certAlias' : 'server-cert'}
</call>
<!--- Initial Search With SSL -->
<message>'Security: Client_auth: Searching with SSL Connection'</message>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsScope' : 'base',
'dsFilter' : 'objectclass=*' ,
'dsUseSSL' : ' ',
'dsTrustAll' : ' ',
'expectedRC' : 0
}
</call>
<!--- Initial Search With startTLS-->
<message>'Security: Client_auth: Searching with StartTLS Connection'</message>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsScope' : 'base',
'dsFilter' : 'objectclass=*' ,
'dsUseStartTLS' : ' ',
'dsTrustAll' : ' ',
'expectedRC' : 0
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Create users entries with userCertificates -->
<!---
#@TestMarker Setup Tests
#@TestName Create users entries
#@TestIssue
#@TestPurpose Create users entries
#@TestPreamble none
#@TestStep Create users entries with usercertificates
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName('setup. Create users entries')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<call function="'createStrongUserEntries'">
{ 'location' : STAF_REMOTE_HOSTNAME,
'certificate' : USER_1_CERT,
'filename' : USER_1_CERT_FILE_RFC,
'userdn' : USER_1_DN,
'localLdifFile' : localUser1LdifFile,
'remoteLdifFile' : remoteUser1LdifFile
}
</call>
<call function="'createStrongUserEntries'">
{ 'location' : STAF_REMOTE_HOSTNAME,
'certificate' : USER_2_CERT,
'filename' : USER_2_CERT_FILE_RFC,
'userdn' : USER_2_DN,
'localLdifFile' : localUser2LdifFile,
'remoteLdifFile' : remoteUser2LdifFile
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
</function>
</stax>