client_auth_setup.xml revision d25372dc8e65a9ed019a88fdf659ca61313f1b31
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<stax>
<defaultcall function="client_auth_setup"/>
<function name="client_auth_setup" scope="local">
<sequence>
<!--- Test Case : Server Certificate configuration -->
<!---
#@TestMarker Setup Tests
#@TestName Create certificates for server and client
#@TestIssue
#@TestPurpose Create server and client certificates
#@TestPreamble none
#@TestStep Generate server and client certificates.
#@TestStep Self-sign the certificates.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<!-- Generate Server Cert -->
<testcase name="getTestCaseName(' Setup. certificates configuration')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<message>
'---- Generating Server Certicate -----'
</message>
<!-- create a server certificate -->
<call function="'genCertificate'">
{ 'certAlias' : 'server-cert' ,
'dname' : "uid=server,%s" % (DIRECTORY_INSTANCE_SFX),
'keystore' : 'keystore',
'storepass' : SERVER_STOREPASS,
'keypass' : SERVER_KEYPASS,
'storetype' : 'JKS'
}
</call>
<!-- Self-Sign Server Cert -->
<message>
'---- Self-Signing Server Certicate ---- '
</message>
<call function="'SelfSignCertificate'">
{ 'certAlias' : 'server-cert' ,
'storepass' : SERVER_STOREPASS,
'keypass' : SERVER_KEYPASS,
'keystore' : 'keystore',
'storetype' : 'JKS'
}
</call>
<!-- Create folder on local host where are store client keystore and certificate-->
<message>
'Create folder %s' % (CERT_TMP)
</message>
<call function="'createFolder'">
{ 'location' : DIRECTORY_INSTANCE_HOST,
'foldername' : CERT_TMP }
</call>
<call function="'checktestRC'">
{ 'returncode' : RC ,
'result' : STAXResult }
</call>
<message>
'---- Generating client Certicate : %s ---- ' % (USER_1_CERT)
</message>
<!-- create a client certificate : USER_1_CERT -->
<call function="'genCertificate'">
{ 'certAlias' : USER_1_CERT,
'dname' : USER_1_DN,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'keypass' : CLIENT_KEYPASS,
'storetype' : 'JKS'
}
</call>
<!-- Self-Sign client Certificate : USER_1_CERT -->
<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_1_CERT)</message>
<call function="'SelfSignCertificate'">
{ 'certAlias' : USER_1_CERT,
'storepass' : CLIENT_STOREPASS,
'keypass' : CLIENT_KEYPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<!-- create a client certificate : USER_2_CERT -->
<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT)</message>
<call function="'genCertificate'">
{ 'certAlias' : USER_2_CERT,
'dname' : USER_2_DN,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'keypass' : CLIENT_KEYPASS,
'storetype' : 'JKS'
}
</call>
<!-- Self-Sign client Certificate : USER_2_CERT -->
<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT)</message>
<call function="'SelfSignCertificate'">
{ 'certAlias' : USER_2_CERT,
'storepass' : CLIENT_STOREPASS,
'keypass' : CLIENT_KEYPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<call function="'testCase_Postamble'" />
</sequence>
</testcase>
<!--- Test Case : export client and server certificates -->
<!---
#@TestMarker Setup Tests
#@TestName Export and Import Certificates
#@TestIssue
#@TestPurpose Export and import client and server certificates
#@TestPreamble none
#@TestStep Export client and server certificates
#@TestStep Import the certificates in the server and clients Database
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName(' setup. Export and Import certificates')">
<sequence>
<call function="'testCase_Preamble'" />
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<!-- Export the server Cert -->
<message>'---- Export the Server Certicate ----'</message>
<call function="'ExportCertificate'">
{ 'certAlias' : 'server-cert' ,
'outputfile' : SERVER_CERT_FILE,
'storepass' : SERVER_STOREPASS,
'storetype' : 'JKS'
}
</call>
<!-- export client certificate : USER_1_CERT -->
<message> '---- Export the client certificate : : %s ---- ' % (USER_1_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_1_CERT,
'outputfile' : USER_1_CERT_FILE,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<!-- export client certificate RFC format : USER_1_CERT -->
<message> '---- Export the client certificate in RFC : : %s ---- ' % (USER_1_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_1_CERT,
'outputfile' : USER_1_CERT_FILE_RFC,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'format' : 'rfc',
'storetype' : 'JKS'
}
</call>
<!-- export client certificate : USER_2_CERT -->
<message>'---- Export the client certificate : : %s ---- ' % (USER_2_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_2_CERT,
'outputfile' : USER_2_CERT_FILE,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<!-- export client certificate RFC format : USER_2_CERT -->
<message>'---- Export the client certificate in RFC format : : %s ---- ' % (USER_2_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_2_CERT,
'outputfile' : USER_2_CERT_FILE_RFC,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'format' : 'rfc',
'storetype' : 'JKS'
}
</call>
<!-- Import the server Certificate under the client database -->
<message>'---- Import the Server Certificate under the client keystore----'</message>
<call function="'ImportCertificate'">
{ 'certAlias' : 'server-cert',
'inputfile' : SERVER_CERT_FILE,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
}
</call>
<!-- Import the client Certificates under the server keystore -->
<message> '---- Import the client Certificates %s under the server keystore----' % (USER_1_CERT)</message>
<call function="'ImportCertificate'">
{ 'certAlias' : USER_1_CERT,
'inputfile' : USER_1_CERT_FILE,
'storepass' : SERVER_STOREPASS,
'storetype' : 'JKS'
}
</call>
<message> '---- Import the client Certificates %s under the server keystore----' % (USER_2_CERT)</message>
<call function="'ImportCertificate'">
{ 'certAlias' : USER_2_CERT,
'inputfile' : USER_2_CERT_FILE,
'storepass' : SERVER_STOREPASS,
'storetype' : 'JKS'
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : configure SSL and StartTLS -->
<!---
#@TestMarker Setup Tests
#@TestName Configure SSL and startTLS
#@TestIssue
#@TestPurpose Configure SSL and StartTLS
#@TestPreamble none
#@TestStep Configure SSL
#@TestStep Configure StartTLS
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName('setup. Configure SSL and StartTLS')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<!-- Configure SSL and TLS -->
<message>'---- Configure SSL and TLS----'</message>
<call function="'configureSSL_TLS'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'keystorePin' : SERVER_STOREPASS,
'certAlias' : 'server-cert'}
</call>
<!--- Initial Search With SSL -->
<message>'Security: Client_auth: Searching with SSL Connection'</message>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsScope' : 'base',
'dsFilter' : 'objectclass=*' ,
'dsUseSSL' : ' ',
'dsTrustAll' : ' ',
'expectedRC' : 0
}
</call>
<!--- Initial Search With startTLS-->
<message>'Security: Client_auth: Searching with StartTLS Connection'</message>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsScope' : 'base',
'dsFilter' : 'objectclass=*' ,
'dsUseStartTLS' : ' ',
'dsTrustAll' : ' ',
'expectedRC' : 0
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Create users entries with userCertificates -->
<!---
#@TestMarker Setup Tests
#@TestName Create users entries
#@TestIssue
#@TestPurpose Create users entries
#@TestPreamble none
#@TestStep Create users entries with usercertificates
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName('setup. Create users entries')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<!-- Create users entries-->
<!-- Create USER_1_DN -->
<message> '---- Create User entry : %s----' % USER_1_DN</message>
<script>
listAttr = []
listAttr.append('objectclass:top')
listAttr.append('objectclass:organizationalperson')
listAttr.append('objectclass:inetorgperson')
listAttr.append('objectclass:person')
listAttr.append('objectclass:ds-certificate-user')
listAttr.append('objectclass:strongAuthenticationUser')
listAttr.append('userCertificate;binary: bad_certificate')
listAttr.append('givenname:%s' % USER_1_CERT)
listAttr.append('sn:%s' % USER_1_CERT)
listAttr.append('cn:%s' % USER_1_CERT)
</script>
<call function="'addAnEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToAdd' : USER_1_DN,
'listAttributes' : listAttr,
'expectedRC' : 0
}
</call>
<call function="'getFile'">
{ 'location' : STAF_REMOTE_HOSTNAME,
'filename' : USER_1_CERT_FILE_RFC
}
</call>
<message>
'Certificate contents:\n %s' % cmdResult
</message>
<!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
<script>
certList=STAXResult[1].split('\n')
ret_str = ""
for line in certList:
index_cert = line.find("CERTIFICATE")
if index_cert == -1:
ret_str+=line.strip()
</script>
<script>
listAttr = []
listAttr.append('dn: %s' % USER_1_DN)
listAttr.append('changetype: modify')
listAttr.append('replace: userCertificate;binary')
listAttr.append('userCertificate;binary:: %s' % ret_str)
</script>
<!-- Write out the ldif -->
<script>
outfile = open(localUser1LdifFile,"w")
for line in listAttr:
outfile.write("%s\n" % line)
</script>
<!-- Copy the ldif file containing user certificate to remote host -->
<message>'Copy ldif (%s) file to user entry %s to %s' % (localUser1LdifFile,USER_1_DN,remoteUser1LdifFile)</message>
<call function="'copyFile'">
{ 'location' : STAXServiceMachine,
'srcfile' : localUser1LdifFile,
'destfile' : remoteUser1LdifFile,
'remotehost' : STAF_REMOTE_HOSTNAME
}
</call>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'entryToBeModified' : remoteUser1LdifFile,
'expectedRC' : 0
}
</call>
<!-- Create USER_2_DN : this used contains the objectclass ds-certificate-user -->
<message>'---- Create User entry : %s----' % USER_2_DN </message>
<message>'---- This user contains an objectclass ds-certificate-user' </message>
<script>
listAttr = []
listAttr.append('objectclass:top')
listAttr.append('objectclass:organizationalperson')
listAttr.append('objectclass:inetorgperson')
listAttr.append('objectclass:person')
listAttr.append('objectclass:ds-certificate-user')
listAttr.append('objectclass:strongAuthenticationUser')
listAttr.append('userCertificate;binary: bad_certificate')
listAttr.append('givenname:%s' % USER_2_CERT)
listAttr.append('sn:%s' % USER_2_CERT)
listAttr.append('cn:%s' % USER_2_CERT)
</script>
<call function="'addAnEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'DNToAdd' : USER_2_DN,
'listAttributes' : listAttr,
'expectedRC' : 0
}
</call>
<call function="'getFile'">
{ 'location' : STAF_REMOTE_HOSTNAME,
'filename' : USER_2_CERT_FILE_RFC
}
</call>
<message>
'Certificate contents:\n %s' % cmdResult
</message>
<!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
<script>
certList=STAXResult[1].split('\n')
ret_str = ""
for line in certList:
index_cert = line.find("CERTIFICATE")
if index_cert == -1:
ret_str+=line.strip()
</script>
<!-- Modify the user Entry to store the certificates -->
<script>
listAttr = []
listAttr.append('dn: %s' % USER_2_DN)
listAttr.append('changetype: modify')
listAttr.append('replace: userCertificate;binary')
listAttr.append('userCertificate;binary:: %s' % ret_str)
</script>
<!-- Write out the ldif -->
<script>
outfile = open(localUser2LdifFile,"w")
for line in listAttr:
outfile.write("%s\n" % line)
</script>
<!-- Copy the ldif file containing user certificate to remote host -->
<message>'Copy ldif (%s) file to user entry %s to %s' % (localUser2LdifFile,USER_2_DN,remoteUser2LdifFile)</message>
<call function="'copyFile'">
{ 'location' : STAXServiceMachine,
'srcfile' : localUser2LdifFile,
'destfile' : remoteUser2LdifFile,
'remotehost' : STAF_REMOTE_HOSTNAME
}
</call>
<call function="'modifyEntry'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
'entryToBeModified' : '%s' % remoteUser2LdifFile,
'expectedRC' : 0
}
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
</function>
</stax>