From 9fbef39c92f5b1cdadcfec734dcabe50e85cae83 Mon Sep 17 00:00:00 2001
From: Gary Williams <gary.williams@forgerock.com>
Date: Wed, 21 Sep 2011 06:36:52 +0000
Subject: [PATCH] Add PTA mapped-search with use-ssl functional test
---
opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml | 105 ++++++++
opendj-sdk/opends/tests/staf-tests/shared/functions/dsadm.xml | 10
opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml | 2
opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml | 456 +++++++++++++++++++++++++++++++++++++++++
opendj-sdk/opends/tests/staf-tests/shared/functions/security.xml | 81 +++++++
opendj-sdk/opends/tests/staf-tests/shared/functions/topology.xml | 3
6 files changed, 647 insertions(+), 10 deletions(-)
diff --git a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml
index 6275ad6..4abf143 100755
--- a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml
+++ b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic.xml
@@ -82,6 +82,8 @@
testsList.append('basic_pta_002')
testsList.append('basic_pta_003')
testsList.append('basic_pta_004')
+ testsList.append('basic_pta_005')
+ testsList.append('basic_pta_006')
</script>
<!-- Execute the Tests -->
diff --git a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml
index 5a84146..6a4159f 100755
--- a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml
+++ b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/basic/pta_basic_tests.xml
@@ -979,5 +979,461 @@
</sequence>
</testcase>
</function>
+
+ <!--- Test Case information
+ #@TestMarker Basic: PTA anon mapped-search use-ssl
+ #@TestName Basic: PTA anon mapped-search use-ssl
+ #@TestID basic_pta_003
+ #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
+ #@TestPreamble Setup PTA
+ #@TestStep Configure LDAP PTA Policy for mapped-search
+ #@TestStep Read back the "authentication policy" object
+ #@TestStep Add ds-pwp-password-policy-dn to users entry
+ #@TestStep Search users entry as Directory Manager for operational attributes
+ #@TestStep Search users entry as self
+ #@TestStep Modify the users entry
+ #@TestStep ds-pwp-password-policy-dn from users entry
+ #@TestStep Remove LDAP PTA Authentication Policy
+ #@TestPostamble Cleanup PTA
+ #@TestResult Test is successful if the result code is 0
+ -->
+ <function name="basic_pta_005" scope="local">
+ <testcase name="getTestCaseName('PTA anon mapped-search use-ssl')">
+ <sequence>
+ <try>
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
+ options.append('--set mapped-attribute:cn')
+ options.append('--set mapped-search-base-dn:dc=AD,dc=com')
+ options.append('--set mapping-policy:mapped-search')
+ options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
+ options.append('--set trust-manager-provider:JKS')
+ options.append('--set use-ssl:true')
+ options.append('--type ldap-pass-through')
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'create-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Read back the "authentication policy" object.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
+ </call>
+
+ <script>
+ remotePTAuserName='uid=jvedder, ou=People, o=example'
+ remotePTAuserPSWD='befitting'
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'add'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'dsAttributes' : '+'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as self.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD ,
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Modify the users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('description: i am now a remote LDAP PTA user')
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD,
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'replace'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'delete'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'delete-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <call function="'testCase_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
+ <!--- Test Case information
+ #@TestMarker Basic: PTA simple mapped-search use-ssl
+ #@TestName Basic: PTA simple mapped-search use-ssl
+ #@TestID basic_pta_003
+ #@TestPurpose Verify user with a LDAP PTA mapped-search policy can authenticated to remote server
+ #@TestPreamble Setup PTA
+ #@TestStep Configure LDAP PTA Policy for mapped-search
+ #@TestStep Read back the "authentication policy" object
+ #@TestStep Add ds-pwp-password-policy-dn to users entry
+ #@TestStep Search users entry as Directory Manager for operational attributes
+ #@TestStep Search users entry as self
+ #@TestStep Modify the users entry
+ #@TestStep ds-pwp-password-policy-dn from users entry
+ #@TestStep Remove LDAP PTA Authentication Policy
+ #@TestPostamble Cleanup PTA
+ #@TestResult Test is successful if the result code is 0
+ -->
+ <function name="basic_pta_006" scope="local">
+ <testcase name="getTestCaseName('PTA simple mapped-search use-ssl')">
+ <sequence>
+ <try>
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Test Name = %s' % STAXCurrentTestcase
+ </message>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Configure LDAP PTA Policy for anon mapped-search over ssl.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--set primary-remote-ldap-server:%s:%s' % (primaryHost,primarySslPort))
+ options.append('--set mapped-attribute:cn')
+ options.append('--set mapped-search-base-dn:dc=AD,dc=com')
+ options.append('--set mapped-search-bind-dn:"cn=Directory Manager"')
+ options.append('--set mapped-search-bind-password:secret12')
+ options.append('--set mapping-policy:mapped-search')
+ options.append('--set secondary-remote-ldap-server:%s:%s' % (secondaryHost,secondarySslPort))
+ options.append('--set trust-manager-provider:JKS')
+ options.append('--set use-ssl:true')
+ options.append('--type ldap-pass-through')
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'create-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Read back the "authentication policy" object.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'get-password-policy-prop',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Add ds-pwp-password-policy-dn to users entry.' }
+ </call>
+
+ <script>
+ remotePTAuserName='uid=jvedder, ou=People, o=example'
+ remotePTAuserPSWD='befitting'
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'add'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as Directory Manager for operational attributes.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'dsAttributes' : '+'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Search users entry as self.' }
+ </call>
+
+ <call function="'ldapSearchWithScript'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD ,
+ 'dsBaseDN' : remotePTAuserName ,
+ 'dsFilter' : 'objectclass=*'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Modify the users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('description: i am now a remote LDAP PTA user')
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : remotePTAuserName,
+ 'dsInstancePswd' : remotePTAuserPSWD,
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'replace'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Delete ds-pwp-password-policy-dn from users entry.' }
+ </call>
+
+ <script>
+ ldapObject=[]
+ ldapObject.append('ds-pwp-password-policy-dn: %s' \
+ % ldapPtaPolicyDn)
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname() ,
+ 'dsInstancePort' : local_ldap_server.getPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'DNToModify' : remotePTAuserName ,
+ 'listAttributes' : ldapObject ,
+ 'changetype' : 'delete'
+ }
+ </call>
+
+ <call function="'testStep'">
+ { 'stepMessage' : 'Remove LDAP PTA Authentication Policy.' }
+ </call>
+
+ <script>
+ options=[]
+ options.append('--policy-name "%s"' % ldapPtaPolicyName)
+ dsconfigOptions=' '.join(options)
+ </script>
+
+ <call function="'dsconfig'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'dsInstanceHost' : local_ldap_server.getHostname(),
+ 'dsInstanceAdminPort' : local_ldap_server.getAdminPort(),
+ 'dsInstanceDn' : local_ldap_server.getRootDn(),
+ 'dsInstancePswd' : local_ldap_server.getRootPwd(),
+ 'subcommand' : 'delete-password-policy',
+ 'optionsString' : dsconfigOptions
+ }
+ </call>
+
+ </sequence>
+
+ <catch exception="'STAXException'" typevar="eType" var="eInfo">
+ <message log="1" level="'fatal'">
+ '%s: Test failed. eInfo(%s)' % (eType,eInfo)
+ </message>
+ </catch>
+ <finally>
+ <call function="'testCase_Postamble'"/>
+ </finally>
+ </try>
+ </sequence>
+ </testcase>
+ </function>
+
</stax>
diff --git a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml
index a256348..2d0d276 100644
--- a/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml
+++ b/opendj-sdk/opends/tests/staf-tests/functional-tests/testcases/pta/pta_setup.xml
@@ -80,14 +80,28 @@
primary_remote_ldap_server = _topologyServerList[primary_remote_ldap]
secondary_remote_ldap_server = _topologyServerList[secondary_remote_ldap]
- primaryHost = primary_remote_ldap_server.getHostname()
- primaryPort = primary_remote_ldap_server.getPort()
- secondaryHost = secondary_remote_ldap_server.getHostname()
- secondaryPort = secondary_remote_ldap_server.getPort()
+ primaryHost = primary_remote_ldap_server.getHostname()
+ primaryPort = primary_remote_ldap_server.getPort()
+ primarySslPort = primary_remote_ldap_server.getSslPort()
+ secondaryHost = secondary_remote_ldap_server.getHostname()
+ secondaryPort = secondary_remote_ldap_server.getPort()
+ secondarySslPort = secondary_remote_ldap_server.getSslPort()
+ </script>
+
+ <!-- Get the local server store password from keystore.pin -->
+ <call function="'getFile'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'filename' : '%s/%s/config/keystore.pin' \
+ % (local_ldap_server.getDir(),OPENDSNAME)
+ }
+ </call>
+ <script>
+ LocalKeyStorePin = STAXResult[1].replace('\n','')
+ print "Local store password = %s" % LocalKeyStorePin
</script>
- <!-- On remote servers create suffixes -->
- <paralleliterate var="server"
+ <!-- On all servers create suffixes -->
+ <iterate var="server"
in="_topologyServerList"
indexvar="whoami">
<sequence>
@@ -257,12 +271,87 @@
'rejectFile' : serverRejectFile
}
</call>
-
+
+ <!-- Get the store password from keystore.pin -->
+ <call function="'getFile'">
+ { 'location' : server.getHostname(),
+ 'filename' : '%s/%s/config/keystore.pin' \
+ % (server.getDir(),OPENDSNAME)
+ }
+ </call>
+ <script>
+ keyStorePin = STAXResult[1].replace('\n','')
+ serverCertPEM = '%s/%s/config/server-cert%s.pem' \
+ % (server.getDir(),OPENDSNAME,whoami)
+ print "Remote store password = %s" % keyStorePin
+ </script>
+
+ <!-- Show the certificate details for remote servers -->
+ <call function="'ListCertificate'">
+ { 'location' : server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (server.getDir(),OPENDSNAME),
+ 'certAlias' : 'server-cert' ,
+ 'keystore' : 'truststore' ,
+ 'storepass' : keyStorePin,
+ }
+ </call>
+
+ <!-- Export certificates from remote servers -->
+ <call function="'ExportCertificate'">
+ { 'location' : server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (server.getDir(),OPENDSNAME),
+ 'certAlias' : 'server-cert' ,
+ 'outputfile' : serverCertPEM,
+ 'storepass' : keyStorePin,
+ 'storetype' : 'JKS',
+ 'format' : 'rfc'
+ }
+ </call>
+
+ <!-- Copy the certificates to local server -->
+ <script>
+ LocalServerCertPEM = '%s/%s/config/server-cert%s.pem' \
+ % (local_ldap_server.getDir(),OPENDSNAME,whoami)
+ </script>
+
+ <call function="'copyFile'">
+ { 'location' : server.getHostname(),
+ 'srcfile' : serverCertPEM,
+ 'destfile' : LocalServerCertPEM,
+ 'remotehost' : local_ldap_server.getHostname() }
+ </call>
+
+ <!-- Import Certificates into local server -->
+ <call function="'ImportCertificate'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'certAlias' : 'server-cert%s' % whoami,
+ 'inputfile' : LocalServerCertPEM,
+ 'keystore' : 'truststore' ,
+ 'storepass' : LocalKeyStorePin,
+ 'storetype' : 'JKS'
+ }
+ </call>
+
+ <!-- Show the certificate details for local server -->
+ <call function="'ListCertificate'">
+ { 'location' : local_ldap_server.getHostname(),
+ 'dsPath' : '%s/%s' \
+ % (local_ldap_server.getDir(),OPENDSNAME),
+ 'certAlias' : 'server-cert%s' % whoami ,
+ 'keystore' : 'truststore' ,
+ 'storepass' : LocalKeyStorePin
+ }
+ </call>
+
</sequence>
</else>
</if>
</sequence>
- </paralleliterate>
+ </iterate>
</sequence>
diff --git a/opendj-sdk/opends/tests/staf-tests/shared/functions/dsadm.xml b/opendj-sdk/opends/tests/staf-tests/shared/functions/dsadm.xml
index 8578574..3e8c8c8 100755
--- a/opendj-sdk/opends/tests/staf-tests/shared/functions/dsadm.xml
+++ b/opendj-sdk/opends/tests/staf-tests/shared/functions/dsadm.xml
@@ -88,6 +88,12 @@
</function-arg-description>
<function-arg-property name="type" value="Port number"/>
</function-arg-def>
+ <function-arg-def name="dsSslPort" type="optional">
+ <function-arg-description>
+ Directory server SSL port number
+ </function-arg-description>
+ <function-arg-property name="type" value="Port number"/>
+ </function-arg-def>
<function-arg-def name="dsJmxPort" type="optional">
<function-arg-description>
Directory server JMX port number
@@ -167,6 +173,10 @@
if dsAdminPort:
STAFCmdParamsList.append('--adminConnectorPort %s' % dsAdminPort)
+ if dsSslPort:
+ STAFCmdParamsList.append('-Z %s' % dsSslPort)
+ STAFCmdParamsList.append('--generateSelfSignedCertificate')
+
if dsJmxPort:
STAFCmdParamsList.append('-x %s' % dsJmxPort)
diff --git a/opendj-sdk/opends/tests/staf-tests/shared/functions/security.xml b/opendj-sdk/opends/tests/staf-tests/shared/functions/security.xml
index c3c9c58..2660aef 100755
--- a/opendj-sdk/opends/tests/staf-tests/shared/functions/security.xml
+++ b/opendj-sdk/opends/tests/staf-tests/shared/functions/security.xml
@@ -328,7 +328,86 @@
<return>STAXResult</return>
</sequence>
</function>
-
+
+ <!-- **************************************************** -->
+ <!-- List a certificate -->
+ <!-- **************************************************** -->
+ <function name="ListCertificate">
+ <function-prolog>
+ This function lists a certificate
+ </function-prolog>
+ <function-map-args>
+ <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
+ <function-arg-description>
+ Location of target host
+ </function-arg-description>
+ </function-arg-def>
+ <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
+ <function-arg-description>
+ Pathname to installation root
+ </function-arg-description>
+ </function-arg-def>
+ <function-arg-def name="certAlias" type="optional" default="'server-cert'">
+ <function-arg-description>
+ Alias certificate
+ </function-arg-description>
+ </function-arg-def>
+ <function-arg-def name="keystore" type="optional" default="'keystore'">
+ <function-arg-description>
+ Path for the key store file
+ </function-arg-description>
+ </function-arg-def>
+ <function-arg-def name="storepass" type="optional" default="'servercert'">
+ <function-arg-description>
+ Password to protect the contents of the key store
+ </function-arg-description>
+ </function-arg-def>
+ <function-arg-def name="expectedRC" type="optional" default="0">
+ <function-arg-description>
+ Expected return code value. Default value is 0.
+ Wildcard 'noCheck' to not check the RC
+ </function-arg-description>
+ </function-arg-def>
+ </function-map-args>
+
+ <sequence>
+ <!-- Local variables -->
+ <script>
+ if dsPath:
+ dsConfigPath='%s/config' % (dsPath)
+ dsBinPath='%s/%s' % (dsPath,fileFolder)
+
+ STAFCmdParamsList=[]
+ STAFCmdParams=''
+
+ STAFCmdParamsList.append('-list')
+ STAFCmdParamsList.append('-v')
+
+ if certAlias:
+ STAFCmdParamsList.append('-alias %s' % certAlias)
+
+ if keystore:
+ STAFCmdParamsList.append('-keystore %s' % keystore)
+
+ if storepass:
+ STAFCmdParamsList.append('-storepass %s' % storepass)
+
+ STAFCmdParams=' '.join(STAFCmdParamsList)
+
+ </script>
+
+ <call function="'runCommand'">
+ { 'name' : 'List a Certificate',
+ 'location' : location,
+ 'command' : '%s/bin/keytool' % JAVA_HOME,
+ 'arguments' : STAFCmdParams ,
+ 'path' : dsConfigPath,
+ 'expectedRC' : expectedRC
+ }
+ </call>
+ <return>STAXResult</return>
+ </sequence>
+ </function>
<!-- **************************************************** -->
<!-- Add certificate to an attribute -->
diff --git a/opendj-sdk/opends/tests/staf-tests/shared/functions/topology.xml b/opendj-sdk/opends/tests/staf-tests/shared/functions/topology.xml
index f99ef81..3668621 100755
--- a/opendj-sdk/opends/tests/staf-tests/shared/functions/topology.xml
+++ b/opendj-sdk/opends/tests/staf-tests/shared/functions/topology.xml
@@ -306,7 +306,7 @@
</function-arg-def>
<function-arg-def name="dsSslPort"
type="optional"
- default="DIRECTORY_INSTANCE_SSL_PORT">
+ default="None">
<function-arg-description>
Directory Server SSL port number
</function-arg-description>
@@ -474,6 +474,7 @@
'dsPath' : '%s/%s' % (dsDir, OPENDSNAME),
'dsPort' : dsPort,
'dsAdminPort' : dsAdminPort,
+ 'dsSslPort' : dsSslPort,
'dsJmxPort' : dsJmxPort,
'dsBindDN' : dsBindDN,
'dsBindPwd' : dsBindPwd,
--
Gitblit v1.10.0