external-software/github_OpenIdentityPlatform_OpenDJ.git

			@@ -1,5 +1,5 @@
			<?xml version="1.0" encoding="UTF-8" standalone="no"?>
			<!DOCTYPE stax SYSTEM "../../../stax.dtd">
			<!DOCTYPE stax SYSTEM "../../shared/stax.dtd">
			<!--
			! CDDL HEADER START
			!
			@@ -26,13 +26,9 @@
			! Portions Copyright 2006-2007 Sun Microsystems, Inc.
			! -->
			<stax>

			<defaultcall function="client_auth_setup"/>

			<function name="client_auth_setup" scope="local">

			<sequence>

			<!--- Test Case : Server Certificate configuration -->
			<!---
			#@TestMarker Setup Tests
			@@ -45,16 +41,12 @@
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 0 for all operations
			-->

			<!-- Generate Server Cert -->

			<testcase name="'Security: client_auth: Setup. certificates configuration'">
			<sequence>

			<call function="'testCase_Preamble'"/>
			<!-- Load in the local shared python objects from libraries -->
			<call function="'loadVariables'">
			</call>

			<call function="'loadVariables'" />
			<message>
			'---- Generating Server Certicate -----'
			</message>
			@@ -67,11 +59,11 @@
			'keystore' : 'keystore',
			'storepass' : SERVER_STOREPASS,
			'keypass' : SERVER_KEYPASS,
			'storetype' : 'JKS' }
			'storetype' : 'JKS'
			}
			</call>

			<!-- Self-Sign Server Cert -->

			<message>
			'---- Self-Signing Server Certicate ---- '
			</message>
			@@ -81,14 +73,14 @@
			'storepass' : SERVER_STOREPASS,
			'keypass' : SERVER_KEYPASS,
			'keystore' : 'keystore',
			'storetype' : 'JKS' }
			'storetype' : 'JKS'
			}
			</call>

			<!-- Create folder on local host where are store client keystore and certificate-->
			<message>
			'Create folder %s' % (CERT_TMP)
			</message>

			<call function="'createFolder'">
			{ 'location' : '%s' % (DIRECTORY_INSTANCE_HOST),
			'foldername' : '%s' % (CERT_TMP) }
			@@ -104,49 +96,51 @@

			<!-- create a client certificate : USER_1_CERT -->
			<call function="'genCertificate'">
			{ 'certAlias' : '%s' % USER_1_CERT,
			'dname' : '%s' % (USER_1_DN),
			'storepass' : '%s' % (CLIENT_STOREPASS),
			'keystore' : '%s' % (CLIENT_KEYSTORE),
			'keypass' : '%s' % (CLIENT_KEYPASS),
			'storetype' : 'JKS' }
			{ 'certAlias' : USER_1_CERT,
			'dname' : USER_1_DN,
			'storepass' : CLIENT_STOREPASS,
			'keystore' : CLIENT_KEYSTORE,
			'keypass' : CLIENT_KEYPASS,
			'storetype' : 'JKS'
			}
			</call>

			<!-- Self-Sign client Certificate : USER_1_CERT -->
			<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_1_CERT)</message>

			<call function="'SelfSignCertificate'">
			{ 'certAlias' : '%s' % USER_1_CERT,
			'storepass' : '%s' % (CLIENT_STOREPASS),
			'keypass' : '%s' % (CLIENT_KEYPASS),
			'keystore' : '%s' % (CLIENT_KEYSTORE),
			'storetype' : 'JKS' }
			{ 'certAlias' : USER_1_CERT,
			'storepass' : CLIENT_STOREPASS,
			'keypass' : CLIENT_KEYPASS,
			'keystore' : CLIENT_KEYSTORE,
			'storetype' : 'JKS'
			}
			</call>

			<!-- create a client certificate : USER_2_CERT -->
			<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT)</message>

			<call function="'genCertificate'">
			{ 'certAlias' : '%s' % USER_2_CERT,
			'dname' : '%s' % (USER_2_DN),
			'storepass' : '%s' % (CLIENT_STOREPASS),
			'keystore' : '%s' % (CLIENT_KEYSTORE),
			'keypass' : '%s' % (CLIENT_KEYPASS),
			'storetype' : 'JKS' }
			{ 'certAlias' : USER_2_CERT,
			'dname' : USER_2_DN,
			'storepass' : CLIENT_STOREPASS,
			'keystore' : CLIENT_KEYSTORE,
			'keypass' : CLIENT_KEYPASS,
			'storetype' : 'JKS'
			}
			</call>

			<!-- Self-Sign client Certificate : USER_2_CERT -->
			<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT)</message>

			<call function="'SelfSignCertificate'">
			{ 'certAlias' : '%s' % USER_2_CERT,
			'storepass' : '%s' % (CLIENT_STOREPASS),
			'keypass' : '%s' % (CLIENT_KEYPASS),
			'keystore' : '%s' % (CLIENT_KEYSTORE),
			'storetype' : 'JKS' }
			{ 'certAlias' : USER_2_CERT,
			'storepass' : CLIENT_STOREPASS,
			'keypass' : CLIENT_KEYPASS,
			'keystore' : CLIENT_KEYSTORE,
			'storetype' : 'JKS'
			}
			</call>


			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>
			@@ -167,109 +161,101 @@

			<testcase name="'Security: client_auth: setup. Export and Import certificates'">
			<sequence>

			<call function="'testCase_Preamble'"/>

			<!-- Load in the local shared python objects from libraries -->
			<call function="'loadVariables'">
			</call>
			<call function="'loadVariables'" />

			<!-- Export the server Cert -->

			<message>'---- Export the Server Certicate ----'</message>

			<call function="'ExportCertificate'">
			{ 'certAlias' : 'server-cert' ,
			'outputfile' : '%s' % (SERVER_CERT_FILE),
			'outputfile' : SERVER_CERT_FILE,
			'storepass' : SERVER_STOREPASS,
			'storetype' : 'JKS' }
			'storetype' : 'JKS'
			}
			</call>

			<!-- export client certificate : USER_1_CERT -->
			<message> '---- Export the client certificate : : %s ---- ' % (USER_1_CERT)</message>

			<call function="'ExportCertificate'">
			{ 'certAlias' : '%s' % USER_1_CERT,
			'outputfile' : '%s' % (USER_1_CERT_FILE),
			'storepass' : '%s' % (CLIENT_STOREPASS),
			'keystore' : '%s' % (CLIENT_KEYSTORE),
			'storetype' : 'JKS' }
			{ 'certAlias' : USER_1_CERT,
			'outputfile' : USER_1_CERT_FILE,
			'storepass' : CLIENT_STOREPASS,
			'keystore' : CLIENT_KEYSTORE,
			'storetype' : 'JKS'
			}
			</call>

			<!-- export client certificate RFC format : USER_1_CERT -->
			<message> '---- Export the client certificate in RFC : : %s ---- ' % (USER_1_CERT)</message>


			<call function="'ExportCertificate'">
			{ 'certAlias' : '%s' % USER_1_CERT,
			'outputfile' : '%s' % (USER_1_CERT_FILE_RFC),
			'storepass' : '%s' % (CLIENT_STOREPASS),
			'keystore' : '%s' % (CLIENT_KEYSTORE),
			{ 'certAlias' : USER_1_CERT,
			'outputfile' : USER_1_CERT_FILE_RFC,
			'storepass' : CLIENT_STOREPASS,
			'keystore' : CLIENT_KEYSTORE,
			'format' : 'rfc',
			'storetype' : 'JKS' }
			'storetype' : 'JKS'
			}
			</call>

			<!-- export client certificate : USER_2_CERT -->

			<message>'---- Export the client certificate : : %s ---- ' % (USER_2_CERT)</message>

			<call function="'ExportCertificate'">
			{ 'certAlias' :'%s' % USER_2_CERT,
			'outputfile' : '%s' % (USER_2_CERT_FILE),
			'storepass' : '%s' % (CLIENT_STOREPASS),
			'keystore' : '%s' % (CLIENT_KEYSTORE),
			'storetype' : 'JKS' }
			{ 'certAlias' : USER_2_CERT,
			'outputfile' : USER_2_CERT_FILE,
			'storepass' : CLIENT_STOREPASS,
			'keystore' : CLIENT_KEYSTORE,
			'storetype' : 'JKS'
			}
			</call>

			<!-- export client certificate RFC format : USER_2_CERT -->

			<message>'---- Export the client certificate in RFC format : : %s ---- ' % (USER_2_CERT)</message>

			<call function="'ExportCertificate'">
			{ 'certAlias' :'%s' % USER_2_CERT,
			'outputfile' : '%s' % (USER_2_CERT_FILE_RFC),
			'storepass' : '%s' % (CLIENT_STOREPASS),
			'keystore' : '%s' % (CLIENT_KEYSTORE),
			{ 'certAlias' : USER_2_CERT,
			'outputfile' : USER_2_CERT_FILE_RFC,
			'storepass' : CLIENT_STOREPASS,
			'keystore' : CLIENT_KEYSTORE,
			'format' : 'rfc',
			'storetype' : 'JKS' }
			'storetype' : 'JKS'
			}
			</call>

			<!-- Import the server Certificate under the client database -->

			<message>
			'---- Import the Server Certificate under the client keystore----'
			</message>

			<message>'---- Import the Server Certificate under the client keystore----'</message>
			<call function="'ImportCertificate'">
			{ 'certAlias' : 'server-cert' ,
			'inputfile' : '%s' % (SERVER_CERT_FILE),
			'storepass' : '%s' % (CLIENT_STOREPASS),
			'keystore' : '%s' % (CLIENT_KEYSTORE),
			'storetype' : 'JKS' }
			'inputfile' : SERVER_CERT_FILE,
			'storepass' : CLIENT_STOREPASS,
			'keystore' : CLIENT_KEYSTORE,
			'storetype' : 'JKS'
			}
			</call>

			<!-- Import the client Certificates under the server keystore -->

			<message> '---- Import the client Certificates %s under the server keystore----' % (USER_1_CERT)</message>


			<call function="'ImportCertificate'">
			{ 'certAlias' : '%s' % (USER_1_CERT),
			'inputfile' : '%s' % (USER_1_CERT_FILE),
			{ 'certAlias' : USER_1_CERT,
			'inputfile' : USER_1_CERT_FILE,
			'storepass' : SERVER_STOREPASS,
			'storetype' : 'JKS' }
			'storetype' : 'JKS'
			}
			</call>

			<message> '---- Import the client Certificates %s under the server keystore----' % (USER_2_CERT)</message>

			<call function="'ImportCertificate'">
			{ 'certAlias' : '%s' % (USER_2_CERT),
			'inputfile' : '%s' % (USER_2_CERT_FILE),
			{ 'certAlias' : USER_2_CERT,
			'inputfile' : USER_2_CERT_FILE,
			'storepass' : SERVER_STOREPASS,
			'storetype' : 'JKS' }
			'storetype' : 'JKS'
			}
			</call>


			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>
			@@ -287,23 +273,14 @@
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 0 for all operations
			-->


			<testcase name="'Security: client_auth: setup. Configure SSL and StartTLS'">
			<sequence>

			<call function="'testCase_Preamble'"/>

			<!-- Load in the local shared python objects from libraries -->
			<call function="'loadVariables'">
			</call>
			<call function="'loadVariables'" />

			<!-- Configure SSL and TLS -->

			<message>
			'---- Configure SSL and TLS----'
			</message>

			<message>'---- Configure SSL and TLS----'</message>
			<call function="'configureSSL_TLS'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			@@ -313,12 +290,8 @@
			'certAlias' : 'server-cert'}
			</call>


			<!--- Initial Search With SSL -->
			<message>
			'Security: Client_auth: Searching with SSL Connection'
			</message>

			<message>'Security: Client_auth: Searching with SSL Connection'</message>
			<call function="'ldapSearchWithScript'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
			@@ -329,15 +302,12 @@
			'dsFilter' : 'objectclass=*' ,
			'dsUseSSL' : ' ',
			'dsTrustAll' : ' ',
			'expectedRC' : 0 }
			'expectedRC' : 0
			}
			</call>


			<!--- Initial Search With startTLS-->
			<message>
			'Security: Client_auth: Searching with StartTLS Connection'
			</message>

			<message>'Security: Client_auth: Searching with StartTLS Connection'</message>
			<call function="'ldapSearchWithScript'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			@@ -348,10 +318,9 @@
			'dsFilter' : 'objectclass=*' ,
			'dsUseStartTLS' : ' ',
			'dsTrustAll' : ' ',
			'expectedRC' : 0 }
			'expectedRC' : 0
			}
			</call>


			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>
			@@ -368,22 +337,15 @@
			#@TestPostamble none
			#@TestResult Success if OpenDS returns 0 for all operations
			-->


			<testcase name="'Security: client_auth: setup. Create users entries'">
			<sequence>

			<call function="'testCase_Preamble'"/>

			<!-- Load in the local shared python objects from libraries -->
			<call function="'loadVariables'">
			</call>
			<call function="'loadVariables'" />

			<!-- Create users entries-->

			<!-- Create USER_1_DN -->
			<message> '---- Create User entry : %s----' % USER_1_DN</message>

			<script>
			listAttr = []
			listAttr.append('objectclass:top')
			@@ -405,10 +367,10 @@
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToAdd' : USER_1_DN,
			'listAttributes' : listAttr,
			'expectedRC' : 0 }
			'expectedRC' : 0
			}
			</call>


			<!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
			<script>
			cert_file = open(USER_1_CERT_FILE_RFC,"r")
			@@ -418,8 +380,7 @@
			if index_cert == -1:
			line=line.strip()
			ret_str = ret_str + line
			</script>
			<script>

			listAttr = []
			listAttr.append('dn: %s' % USER_1_DN)
			listAttr.append('changetype: modify')
			@@ -443,7 +404,8 @@
			{ 'location' : STAXServiceMachine,
			'srcfile' : localUser1LdifFile,
			'destfile' : remoteUser1LdifFile,
			'remotehost' : STAF_REMOTE_HOSTNAME }
			'remotehost' : STAF_REMOTE_HOSTNAME
			}
			</call>

			<call function="'modifyEntry'">
			@@ -451,12 +413,12 @@
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'entryToBeModified' : '%s' % remoteUser1LdifFile,
			'expectedRC' : 0 }
			'entryToBeModified' : remoteUser1LdifFile,
			'expectedRC' : 0
			}
			</call>

			<!-- Create USER_2_DN : this used contains the objectclass ds-certificate-user -->

			<message>'---- Create User entry : %s----' % USER_2_DN </message>
			<message>'---- This user contains an objectclass ds-certificate-user' </message>

			@@ -473,7 +435,6 @@
			listAttr.append('sn:%s' % USER_2_CERT)
			listAttr.append('cn:%s' % USER_2_CERT)
			</script>

			<call function="'addAnEntry'">
			{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
			'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
			@@ -481,11 +442,10 @@
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'DNToAdd' : USER_2_DN,
			'listAttributes' : listAttr,
			'expectedRC' : 0 }
			'expectedRC' : 0
			}
			</call>



			<!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
			<script>
			cert_file = open(USER_2_CERT_FILE_RFC,"r")
			@@ -498,7 +458,6 @@
			</script>

			<!-- Modify the user Entry to store the certificates -->

			<script>
			listAttr = []
			listAttr.append('dn: %s' % USER_2_DN)
			@@ -510,10 +469,8 @@
			<!-- Write out the ldif -->
			<script>
			outfile = open(localUser2LdifFile,"w")

			for line in listAttr:
			outfile.write("%s\n" % line)

			outfile.close()
			</script>

			@@ -523,7 +480,8 @@
			{ 'location' : STAXServiceMachine,
			'srcfile' : localUser2LdifFile,
			'destfile' : remoteUser2LdifFile,
			'remotehost' : STAF_REMOTE_HOSTNAME }
			'remotehost' : STAF_REMOTE_HOSTNAME
			}
			</call>

			<call function="'modifyEntry'">
			@@ -532,15 +490,12 @@
			'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
			'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
			'entryToBeModified' : '%s' % remoteUser2LdifFile,
			'expectedRC' : 0 }
			'expectedRC' : 0
			}
			</call>


			<call function="'testCase_Postamble'"/>
			</sequence>
			</testcase>

			</sequence>
			</function>

			</stax>