fingerprint_mapper.xml revision d81978a0815d5b8a75633c35e3e1f8708d36f017
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<stax>
<defaultcall function="fingerprint_mapper"/>
<function name="fingerprint_mapper" scope="local">
<sequence>
<!--- Test Case : setup -->
<!---
#@TestMarker Setup Tests
#@TestName Set the SASL EXTERNAL mechanism to fingerprint certificate mapper
#@TestIssue
#@TestPurpose Set the SASL EXTERNAL mechanism to fingerprint certificate mapper
#@TestPreamble none
#@TestStep Set the SASL EXTERNAL mechanism to fingerprint certificate mapper
#@TestStep keep the default ds-cfg-subject-attribute which is ds-certificate-subject-dn
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName(' setup - fingerprint_mapper')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'---- Configure the SASL EXTERNAL mechanism -----'
</message>
<call function="'dsconfig'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'subcommand' : 'set-sasl-mechanism-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'EXTERNAL',
'optionsString' : '--set certificate-mapper:"Fingerprint Mapper"',
'expectedRC' : 0 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
#@TestMarker FingerPrint certificate mapper
#@TestName FingerPrint certificate mapper
#@TestIssue
#@TestPurpose Use the FingerPrint certificate mapper
#@TestPurpose Map the MD5 or SHA1 of the provided certificate to a specified attribute in user entries
#@TestPurpose The mapping will be done on the default attribute ds-certificate-fingerprint
#@TestStep Two users entries are used to validate this mapper
#@TestStep USER_1_DN contains an attribute ds-certificate-fingerprint with the subject of the MD5 fingerprint of USER_1_CERT client certificate
#@TestStep USER_2_DN contains an attribute ds-certificate-fingerprint with the subject of the SHA1 fingerprint of USER_2_CERT client certificate
#@TestStep change the mapper to map on SHA1 fingerprint
#@TestPreamble none
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName('fingerprint mapping on ds-certificate-fingerprint attribute')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'">
</call>
<!-- get the fingerprint for USER_1_CERT -->
<call function="'getFingerprint'">
{ 'certAlias' : '%s' % USER_1_CERT,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE }
</call>
<script>
STAXCode = RC
certificateResult = STAXResult[0][1]
</script>
<script>
string_len=len(certificateResult)
index_MD5=certificateResult.find("MD5:")
index_SHA1=certificateResult.find("SHA1:")
index_Signature=certificateResult.find("Signature algorithm name:")
MD5_fingerprint_cert1=certificateResult[index_MD5+5:index_SHA1].strip()
if index_Signature == -1:
SHA1_fingerprint_cert1=certificateResult[index_SHA1+5:string_len].strip()
else:
SHA1_fingerprint_cert1=certificateResult[index_SHA1+5:index_Signature].strip()
</script>
<message>'MD5 fingerprint for %s is : %s ' % (USER_1_CERT,MD5_fingerprint_cert1)</message>
<message>'SHA1 fingerprint for %s is : %s ' % (USER_1_CERT,SHA1_fingerprint_cert1)</message>
<!-- get the fingerprint for USER_2_CERT -->
<call function="'getFingerprint'">
{ 'certAlias' : '%s' % USER_2_CERT,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE }
</call>
<script>
STAXCode = RC
certificateResult = STAXResult[0][1]
</script>
<script>
string_len=len(certificateResult)
index_MD5=certificateResult.find("MD5:")
index_SHA1=certificateResult.find("SHA1:")
index_Signature=certificateResult.find("Signature algorithm name:")
MD5_fingerprint_cert2=certificateResult[index_MD5+5:index_SHA1].strip()
if index_Signature == -1:
SHA1_fingerprint_cert2=certificateResult[index_SHA1+5:string_len].strip()
else:
SHA1_fingerprint_cert2=certificateResult[index_SHA1+5:index_Signature].strip()
</script>
<message>'MD5 fingerprint for %s is : %s ' % (USER_2_CERT,MD5_fingerprint_cert2)</message>
<message>'SHA1 fingerprint for %s is : %s ' % (USER_2_CERT,SHA1_fingerprint_cert2)</message>
<!-- Configure the mapper to map MD5 -->
<!-- fingerprint-attribute:ds-certificate-fingerprint -->
<!-- fingerprint-algorithm:MD5-->
<message>'----- Configure the mapper to map MD5 fingerprint '</message>
<call function="'dsconfig'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'subcommand' : 'set-certificate-mapper-prop' ,
'objectType' : 'mapper-name' ,
'objectName' : 'fingerPrint Mapper',
'optionsString' : '--set fingerprint-attribute:ds-certificate-fingerprint --set fingerprint-algorithm:MD5',
'expectedRC' : 0 }
</call>
<!-- configure the user entries -->
<message>'----- Configure the attribute ds-certificate-fingerprint for user %s ---' % USER_1_DN</message>
<message>'----- ds-certificate-fingerprint is the MD5 fingerprint of the certificate %s ' % USER_1_CERT</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_1_DN,
'attributeName' : 'ds-certificate-fingerprint',
'newAttributeValue' : MD5_fingerprint_cert1,
'changetype' : 'add',
'expectedRC' : 0 }
</call>
<message> '----- Configure the attribute ds-certificate-fingerprint for user %s ---' % USER_2_DN</message>
<message>'------ ds-certificate-fingerprint is the SHA1 fingerprint of the certificate %s ' % USER_2_CERT</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_2_DN,
'attributeName' : 'ds-certificate-fingerprint',
'newAttributeValue' : SHA1_fingerprint_cert2,
'changetype' : 'add',
'expectedRC' : 0 }
</call>
<!-- Check mapping is working -->
<message>'--- Check SSL communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_1_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_1_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<!-- No bound expected -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<message>'--- Check StartTLS communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_1_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_1_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<!-- Configure the mapper to map SHA1 fingerprint -->
<message>'----- Configure the mapper to map SHA1 fingerprint '</message>
<!-- fingerprint-attribute:ds-certificate-fingerprint -->
<!-- fingerprint-algorithm:SHA1-->
<call function="'dsconfig'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'subcommand' : 'set-certificate-mapper-prop' ,
'objectType' : 'mapper-name' ,
'objectName' : 'fingerPrint Mapper',
'optionsString' : '--set fingerprint-attribute:ds-certificate-fingerprint --set fingerprint-algorithm:SHA1',
'expectedRC' : 0 }
</call>
<!-- Check mapping is working -->
<message>'--- Check SSL communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_2_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_2_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<!-- No bound expected -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<message>'--- Check StartTLS communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_2__DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_2_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<!-- Restore initial users configuration -->
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_1_DN,
'attributeName' : 'ds-certificate-fingerprint',
'newAttributeValue' : MD5_fingerprint_cert1,
'changetype' : 'delete',
'expectedRC' : 0 }
</call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_2_DN,
'attributeName' : 'ds-certificate-fingerprint',
'newAttributeValue' : SHA1_fingerprint_cert2,
'changetype' : 'delete',
'expectedRC' : 0 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
#@TestMarker FingerPrint certificate mapper
#@TestName FingerPrint certificate mapper
#@TestIssue
#@TestPurpose Use the FingerPrint certificate mapper to map on attribute description
#@TestPurpose Map the MD5 or SHA1 of the provided certificate to a specified attribute in user entries
#@TestPurpose The mapping will be done on the attribute description
#@TestStep Two users entries are used to validate this mapper
#@TestStep USER_1_DN contains an attribute ds-certificate-fingerprint with the subject of the SHA1 fingerprint of USER_1_CERT client certificate
#@TestStep USER_2_DN contains an attribute ds-certificate-fingerprint with the subject of the MD5 fingerprint of USER_2_CERT client certificate
#@TestStep change the mapper to map on SHA1 fingerprint
#@TestPreamble none
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
-->
<testcase name="getTestCaseName('fingerprint mapping on description attribute')">
<sequence>
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'">
</call>
<!-- get the fingerprint for USER_1_CERT -->
<call function="'getFingerprint'">
{ 'certAlias' : '%s' % USER_1_CERT,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE }
</call>
<script>
STAXCode = RC
certificateResult = STAXResult[0][1]
</script>
<script>
string_len=len(certificateResult)
index_MD5=certificateResult.find("MD5:")
index_SHA1=certificateResult.find("SHA1:")
index_Signature=certificateResult.find("Signature algorithm name:")
MD5_fingerprint_cert1=certificateResult[index_MD5+5:index_SHA1].strip()
if index_Signature == -1:
SHA1_fingerprint_cert1=certificateResult[index_SHA1+5:string_len].strip()
else:
SHA1_fingerprint_cert1=certificateResult[index_SHA1+5:index_Signature].strip()
</script>
<message>'MD5 fingerprint for %s is : %s ' % (USER_1_CERT,MD5_fingerprint_cert1)</message>
<message>'SHA1 fingerprint for %s is : %s ' % (USER_1_CERT,SHA1_fingerprint_cert1)</message>
<!-- get the fingerprint for USER_2_CERT -->
<call function="'getFingerprint'">
{ 'certAlias' : '%s' % USER_2_CERT,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE }
</call>
<script>
STAXCode = RC
certificateResult = STAXResult[0][1]
</script>
<script>
string_len=len(certificateResult)
index_MD5=certificateResult.find("MD5:")
index_SHA1=certificateResult.find("SHA1:")
index_Signature=certificateResult.find("Signature algorithm name:")
MD5_fingerprint_cert2=certificateResult[index_MD5+5:index_SHA1].strip()
if index_Signature == -1:
SHA1_fingerprint_cert2=certificateResult[index_SHA1+5:string_len].strip()
else:
SHA1_fingerprint_cert2=certificateResult[index_SHA1+5:index_Signature].strip()
</script>
<message>'MD5 fingerprint for %s is : %s ' % (USER_2_CERT,MD5_fingerprint_cert2)</message>
<message>'SHA1 fingerprint for %s is : %s ' % (USER_2_CERT,SHA1_fingerprint_cert2)</message>
<!-- Configure the mapper to map MD5 -->
<message>'----- Configure the mapper to map MD5 fingerprint on the attribute description'</message>
<!-- Configure the mapper to map MD5 -->
<script>
listAttr = []
listAttr.append('ds-cfg-fingerprint-attribute:description')
listAttr.append('ds-cfg-fingerprint-algorithm:MD5')
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config',
'listAttributes' : listAttr,
'changetype' : 'replace',
'expectedRC' : 0 }
</call>
<!-- configure the user entries -->
<message>'----- Configure the attribute description for user %s ---' % USER_1_DN</message>
<message>'----- description is the MD5 fingerprint of the certificate %s ' % USER_1_CERT</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_1_DN,
'attributeName' : 'description',
'newAttributeValue' : MD5_fingerprint_cert1,
'changetype' : 'add',
'expectedRC' : 0 }
</call>
<message> '----- Configure the attribute description for user %s ---' % USER_2_DN</message>
<message>'------ description is the SHA1 fingerprint of the certificate %s ' % USER_2_CERT</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_2_DN,
'attributeName' : 'description',
'newAttributeValue' : SHA1_fingerprint_cert2,
'changetype' : 'add' ,
'expectedRC' : 0 }
</call>
<!-- Check mapping is working -->
<message>'--- Check SSL communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_1_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_1_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<!-- No bound expected -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<message>'--- Check StartTLS communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_1_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_1_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<!-- Configure the mapper to map SHA1 fingerprint -->
<message>'----- Configure the mapper to map SHA1 fingerprint on the attributes description'</message>
<script>
listAttr = []
listAttr.append('ds-cfg-fingerprint-attribute:description')
listAttr.append('ds-cfg-fingerprint-algorithm:SHA1')
</script>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Fingerprint Mapper,cn=Certificate Mappers,cn=config',
'listAttributes' : listAttr,
'changetype' : 'replace',
'expectedRC' : 0 }
</call>
<!-- Check mapping is working -->
<message>'--- Check SSL communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_2_DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_2_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<!-- No bound expected -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseSSL' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<message>'--- Check StartTLS communication with SASL EXTERNAL authentication'</message>
<!-- bound as USER_2__DN -->
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_2_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 0 }
</call>
<script>
STAXCode = RC
ldapSearchResult = STAXResult[0][1]
</script>
<call function="'CheckMatches'">
{ 'string2find' : USER_2_DN ,
'mainString' : ldapSearchResult ,
'nbExpected' : 1
}
</call>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsBaseDN' : DIRECTORY_INSTANCE_SFX,
'dsFilter' : 'objectclass=*' ,
'dsKeyStorePassword' : CLIENT_STOREPASS,
'dsUseStartTLS' : ' ',
'dsUseSASLExternal' : ' ',
'dsCertNickname' : USER_1_CERT,
'dsTrustStorePath' : CLIENT_KEYSTORE,
'dsKeyStorePath' : CLIENT_KEYSTORE,
'dsReportAuthzID' : ' ',
'dsScope' : 'base',
'expectedRC' : 49 }
</call>
<!-- Restore initial users configuration -->
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_1_DN,
'attributeName' : 'description',
'newAttributeValue' : MD5_fingerprint_cert1,
'changetype' : 'delete',
'expectedRC' : 0 }
</call>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : USER_2_DN,
'attributeName' : 'description',
'newAttributeValue' : SHA1_fingerprint_cert2,
'changetype' : 'delete',
'expectedRC' : 0 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
</function>
</stax>