Add PTA mapped-search with use-ssl functional test

Gary Williams

21.36.2011 02c92369ae8abd543b0b376dc9b17bb07fad7c26

Add PTA mapped-search with use-ssl functional test

 opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml

@@ -82,6 +82,8 @@
                  testsList.append('basic_pta_002')
                  testsList.append('basic_pta_003')
                  testsList.append('basic_pta_004')
                  testsList.append('basic_pta_005')
                  testsList.append('basic_pta_006')
                </script>

                <!-- Execute the Tests -->

 opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml

@@ -979,5 +979,461 @@
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
  #@TestMarker          Basic: PTA anon mapped-search use-ssl
  #@TestName            Basic: PTA anon mapped-search use-ssl
  #@TestID              basic_pta_003
  #@TestPurpose         Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
  #@TestPreamble        Setup PTA
  #@TestStep            Configure LDAP PTA Policy for mapped-search
  #@TestStep            Read back the "authentication policy" object
  #@TestStep            Add ds-pwp-password-policy-dn to users entry
  #@TestStep            Search users entry as Directory Manager for operational attributes
  #@TestStep            Search users entry as self
  #@TestStep            Modify the users entry
  #@TestStep            ds-pwp-password-policy-dn from users entry
  #@TestStep            Remove LDAP PTA Authentication Policy
  #@TestPostamble       Cleanup PTA
  #@TestResult          Test is successful if the result code is 0
  -->                           
  <function name="basic_pta_005" scope="local">
    <testcase name="getTestCaseName('PTA anon mapped-search use-ssl')">                     
      <sequence> 
        <try>
          <sequence>                
            <call function="'testCase_Preamble'"/>
            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' }
            </call>

            <script>
              options=[]
              options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
              options.append('--set mapped-attribute:cn')
              options.append('--set mapped-search-base-dn:dc=AD,dc=com')
              options.append('--set mapping-policy:mapped-search')
              options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
              options.append('--set trust-manager-provider:JKS')
              options.append('--set use-ssl:true')
              options.append('--type ldap-pass-through')
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'create-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Read back the "authentication policy" object.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
            </call>

            <script>
              remotePTAuserName='uid=jvedder, ou=People, o=example'
              remotePTAuserPSWD='befitting'
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'add'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*' ,
                'dsAttributes'    : '+'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as self.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD ,
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Modify the users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('description: i am now a remote LDAP PTA user')
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD,
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'replace'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'delete'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'delete-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>
   
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <call function="'testCase_Postamble'"/>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>

  <!--- Test Case information
  #@TestMarker          Basic: PTA simple mapped-search use-ssl
  #@TestName            Basic: PTA simple mapped-search use-ssl
  #@TestID              basic_pta_003
  #@TestPurpose         Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
  #@TestPreamble        Setup PTA
  #@TestStep            Configure LDAP PTA Policy for mapped-search
  #@TestStep            Read back the "authentication policy" object
  #@TestStep            Add ds-pwp-password-policy-dn to users entry
  #@TestStep            Search users entry as Directory Manager for operational attributes
  #@TestStep            Search users entry as self
  #@TestStep            Modify the users entry
  #@TestStep            ds-pwp-password-policy-dn from users entry
  #@TestStep            Remove LDAP PTA Authentication Policy
  #@TestPostamble       Cleanup PTA
  #@TestResult          Test is successful if the result code is 0
  -->                           
  <function name="basic_pta_006" scope="local">
    <testcase name="getTestCaseName('PTA simple mapped-search use-ssl')">                     
      <sequence> 
        <try>
          <sequence>                
            <call function="'testCase_Preamble'"/>
            <message>
               'Test Name = %s' % STAXCurrentTestcase
            </message>

            <call function="'testStep'">
              { 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' }
            </call>

            <script>
              options=[]
              options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
              options.append('--set mapped-attribute:cn')
              options.append('--set mapped-search-base-dn:dc=AD,dc=com')
              options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
              options.append('--set mapped-search-bind-password:secret12')
              options.append('--set mapping-policy:mapped-search')
              options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
              options.append('--set trust-manager-provider:JKS')
              options.append('--set use-ssl:true')
              options.append('--type ldap-pass-through')
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'create-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Read back the "authentication policy" object.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'get-password-policy-prop',
                'optionsString'       : dsconfigOptions
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
            </call>

            <script>
              remotePTAuserName='uid=jvedder, ou=People, o=example'
              remotePTAuserPSWD='befitting'
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'add'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*' ,
                'dsAttributes'    : '+'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Search users entry as self.' }
            </call>

            <call function="'ldapSearchWithScript'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD ,
                'dsBaseDN'        : remotePTAuserName ,
                'dsFilter'        : 'objectclass=*'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Modify the users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('description: i am now a remote LDAP PTA user')
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : remotePTAuserName,
                'dsInstancePswd'  : remotePTAuserPSWD,
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'replace'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
            </call>

            <script>
              ldapObject=[]
              ldapObject.append('ds-pwp-password-policy-dn: %s' \
                                  % ldapPtaPolicyDn)
           </script>

            <call function="'modifyAnAttribute'">
              { 'location'        : local_ldap_server.getHostname(),
                'dsPath'                 : '%s/%s' \
                                           % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'  : local_ldap_server.getHostname() ,
                'dsInstancePort'  : local_ldap_server.getPort(),
                'dsInstanceDn'    : local_ldap_server.getRootDn(),
                'dsInstancePswd'  : local_ldap_server.getRootPwd(),
                'DNToModify'      : remotePTAuserName ,
                'listAttributes'  : ldapObject ,
                'changetype'      : 'delete'
              }
            </call>

            <call function="'testStep'">
              { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
            </call>

            <script>
              options=[]
              options.append('--policy-name "%s"' % ldapPtaPolicyName)
              dsconfigOptions=' '.join(options)
            </script>

            <call function="'dsconfig'">
              { 'location'            : local_ldap_server.getHostname(),
                'dsPath'              : '%s/%s' \
                                         % (local_ldap_server.getDir(),OPENDSNAME),
                'dsInstanceHost'      : local_ldap_server.getHostname(),
                'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
                'dsInstanceDn'        : local_ldap_server.getRootDn(),
                'dsInstancePswd'      : local_ldap_server.getRootPwd(),
                'subcommand'          : 'delete-password-policy',
                'optionsString'       : dsconfigOptions
              }
            </call>
   
          </sequence>
  
          <catch exception="'STAXException'" typevar="eType" var="eInfo">
            <message log="1" level="'fatal'">
              '%s: Test failed. eInfo(%s)' % (eType,eInfo)
            </message>
          </catch>
          <finally>
            <call function="'testCase_Postamble'"/>
          </finally>
        </try>
      </sequence>
    </testcase>
  </function>
  
</stax>

 opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml

@@ -80,14 +80,28 @@
                primary_remote_ldap_server = _topologyServerList[primary_remote_ldap]
                secondary_remote_ldap_server = _topologyServerList[secondary_remote_ldap]
                
                primaryHost   = primary_remote_ldap_server.getHostname()
                primaryPort   = primary_remote_ldap_server.getPort()
                secondaryHost = secondary_remote_ldap_server.getHostname()
                secondaryPort = secondary_remote_ldap_server.getPort()
                primaryHost       = primary_remote_ldap_server.getHostname()
                primaryPort       = primary_remote_ldap_server.getPort()
                primarySslPort    = primary_remote_ldap_server.getSslPort()
                secondaryHost     = secondary_remote_ldap_server.getHostname()
                secondaryPort     = secondary_remote_ldap_server.getPort()
                secondarySslPort  = secondary_remote_ldap_server.getSslPort()
              </script>

              <!-- Get the local server store password from keystore.pin -->
              <call function="'getFile'">
                { 'location'    : local_ldap_server.getHostname(),
                  'filename'    : '%s/%s/config/keystore.pin' \
                                    % (local_ldap_server.getDir(),OPENDSNAME)
                }
              </call>
              <script>
                LocalKeyStorePin = STAXResult[1].replace('\n','')
                print "Local store password = %s" % LocalKeyStorePin
              </script>
    
              <!-- On remote servers create suffixes -->
              <paralleliterate var="server"
              <!-- On all servers create suffixes -->
              <iterate var="server"
                                 in="_topologyServerList"
                                 indexvar="whoami">
                <sequence>
@@ -257,12 +271,87 @@
                          'rejectFile'          : serverRejectFile
                        }
                      </call>
    

                      <!-- Get the store password from keystore.pin -->
                      <call function="'getFile'">
                        { 'location'    : server.getHostname(),
                          'filename'    : '%s/%s/config/keystore.pin' \
                                            % (server.getDir(),OPENDSNAME)
                        }
                      </call>
                      <script>
                        keyStorePin = STAXResult[1].replace('\n','')
                        serverCertPEM = '%s/%s/config/server-cert%s.pem' \
                                            % (server.getDir(),OPENDSNAME,whoami)
                        print "Remote store password = %s" % keyStorePin
                      </script>

                      <!-- Show the certificate details for remote servers -->
                      <call function="'ListCertificate'">
                        { 'location'   : server.getHostname(),
                          'dsPath'     : '%s/%s' \
                                            % (server.getDir(),OPENDSNAME),
                          'certAlias'  : 'server-cert' ,
                          'keystore'   : 'truststore' ,
                          'storepass'  : keyStorePin,
                        }
                      </call>
                      
                      <!-- Export certificates from remote servers -->
                      <call function="'ExportCertificate'">
                        { 'location'   : server.getHostname(),
                          'dsPath'     : '%s/%s' \
                                            % (server.getDir(),OPENDSNAME),
                          'certAlias'  : 'server-cert' ,
                          'outputfile' : serverCertPEM,
                          'storepass'  : keyStorePin,
                          'storetype'  : 'JKS',
                          'format'     : 'rfc'
                        }
                      </call>
                      
                      <!-- Copy the certificates to local server -->
                      <script>
                        LocalServerCertPEM = '%s/%s/config/server-cert%s.pem' \
                                            % (local_ldap_server.getDir(),OPENDSNAME,whoami)
                      </script>

                      <call function="'copyFile'">
                        { 'location'   : server.getHostname(),
                          'srcfile'    : serverCertPEM,
                          'destfile'   : LocalServerCertPEM,
                          'remotehost' : local_ldap_server.getHostname() }
                      </call>

                      <!-- Import Certificates into local server -->
                      <call function="'ImportCertificate'">
                        { 'location'   : local_ldap_server.getHostname(),
                          'dsPath'     : '%s/%s' \
                                            % (local_ldap_server.getDir(),OPENDSNAME),
                          'certAlias'  : 'server-cert%s' % whoami,
                          'inputfile'  : LocalServerCertPEM,
                          'keystore'   : 'truststore' ,
                          'storepass'  : LocalKeyStorePin,
                          'storetype'  : 'JKS'
                        }
                      </call>

                      <!-- Show the certificate details for local server -->
                      <call function="'ListCertificate'">
                        { 'location'   : local_ldap_server.getHostname(),
                          'dsPath'     : '%s/%s' \
                                            % (local_ldap_server.getDir(),OPENDSNAME),
                          'certAlias'  : 'server-cert%s' % whoami ,
                          'keystore'   : 'truststore' ,
                          'storepass'  : LocalKeyStorePin
                        }
                      </call>

                    </sequence>
                  </else>
                  </if>
                </sequence>
              </paralleliterate>
              </iterate>
    
            </sequence>
              

 opends/tests/staf-tests/shared/functions/dsadm.xml

@@ -88,6 +88,12 @@
        </function-arg-description>
        <function-arg-property name="type" value="Port number"/>
      </function-arg-def>
      <function-arg-def name="dsSslPort" type="optional">
        <function-arg-description>
          Directory server SSL port number
        </function-arg-description>
        <function-arg-property name="type" value="Port number"/>
      </function-arg-def>
      <function-arg-def name="dsJmxPort" type="optional">
        <function-arg-description>
          Directory server JMX port number
@@ -167,6 +173,10 @@
        if dsAdminPort:
          STAFCmdParamsList.append('--adminConnectorPort %s' % dsAdminPort)

        if dsSslPort:
          STAFCmdParamsList.append('-Z %s' % dsSslPort)
          STAFCmdParamsList.append('--generateSelfSignedCertificate')

        if dsJmxPort:
          STAFCmdParamsList.append('-x %s' % dsJmxPort)
              

 opends/tests/staf-tests/shared/functions/security.xml

@@ -328,7 +328,86 @@
      <return>STAXResult</return>
    </sequence>
  </function>
  

  <!-- **************************************************** -->
  <!--                       List a certificate                                 -->
  <!-- **************************************************** -->  
  <function name="ListCertificate">
    <function-prolog>
      This function lists a certificate
    </function-prolog>
    <function-map-args>
      <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
        <function-arg-description>
          Location of target host
        </function-arg-description>
      </function-arg-def>
      <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
        <function-arg-description>
          Pathname to installation root
        </function-arg-description>
      </function-arg-def>
      <function-arg-def name="certAlias" type="optional" default="'server-cert'">
        <function-arg-description>
          Alias certificate
        </function-arg-description>
      </function-arg-def>
      <function-arg-def name="keystore" type="optional" default="'keystore'">
        <function-arg-description>
          Path for the key store file
        </function-arg-description>
      </function-arg-def>
      <function-arg-def name="storepass" type="optional" default="'servercert'">
        <function-arg-description>
          Password to protect the contents of the key store
        </function-arg-description>
      </function-arg-def>
      <function-arg-def name="expectedRC" type="optional" default="0">
        <function-arg-description>
          Expected return code value. Default value is 0.
          Wildcard 'noCheck' to not check the RC
        </function-arg-description>
      </function-arg-def>
    </function-map-args>
    
    <sequence>
      <!-- Local variables -->
      <script>
        if dsPath:
          dsConfigPath='%s/config' % (dsPath)
          dsBinPath='%s/%s' % (dsPath,fileFolder)
        
        STAFCmdParamsList=[]
        STAFCmdParams=''

        STAFCmdParamsList.append('-list')
        STAFCmdParamsList.append('-v')
        
        if certAlias:
          STAFCmdParamsList.append('-alias %s' % certAlias)
        
        if keystore:
          STAFCmdParamsList.append('-keystore %s' % keystore)

        if storepass:
          STAFCmdParamsList.append('-storepass %s' % storepass)
        
        STAFCmdParams=' '.join(STAFCmdParamsList)

      </script>
      
      <call function="'runCommand'">
        { 'name'       : 'List a Certificate',
          'location'   : location,
          'command'    : '%s/bin/keytool' % JAVA_HOME,
          'arguments'  : STAFCmdParams ,
          'path'       : dsConfigPath,
          'expectedRC' : expectedRC
        }
      </call>
      <return>STAXResult</return>  
    </sequence>
  </function>  
  
  <!-- **************************************************** -->
  <!--                      Add certificate to an attribute -->

 opends/tests/staf-tests/shared/functions/topology.xml

@@ -306,7 +306,7 @@
      </function-arg-def>
      <function-arg-def name="dsSslPort"
                        type="optional"
                        default="DIRECTORY_INSTANCE_SSL_PORT">
                        default="None">
        <function-arg-description>
          Directory Server SSL port number      
        </function-arg-description>
@@ -474,6 +474,7 @@
          'dsPath'                 : '%s/%s' % (dsDir, OPENDSNAME),
          'dsPort'                 : dsPort,
          'dsAdminPort'            : dsAdminPort,
          'dsSslPort'              : dsSslPort,
          'dsJmxPort'              : dsJmxPort,
          'dsBindDN'               : dsBindDN,
          'dsBindPwd'              : dsBindPwd,