Jump to: navigation, search

V4/Certificate Profiles/Test Plan

Important.png
Work in progress
This design is not complete yet.

Name: V4/Certificate Profiles/Test Plan
Target version: 4.2.0
Design: V4/Certificate_Profiles
Reviewer: Incomplete.png missing
Last updated: 2016-04-25 by Alich

Test Plan - Certificate Profiles

Test case: Check for the default profile caIPAserviceCert

Autotest

{{{autotest}}}

Setup

Actions

ipa certprofile-show caIPAserviceCert

Expected results

the profile information is returned

Test case: Import valid profile

Autotest

{{{autotest}}}

Setup

Valid certificate profile available

Actions

ipa certprofile-import cpTest1 path/to/profile

Expected results

The profile is imported.

Test case: Reuse profile id in an import

Autotest

{{{autotest}}}

Setup

Valid profile is available

Actions

ipa certprofile-import cpTest1 path/to/file

Expected results

The import is refused.

Test case: Import of malformed profile.

Autotest

{{{autotest}}}

Setup

A file with some content.

Actions

ipa certprofile-import cpTestError path/to/file

Expected results

The profile is refused with an error.

Test case: Import profile with incorrect values.

Autotest

{{{autotest}}}

Setup

A profile with invalid values, otherwise syntactically correct

Actions

ipa certprofile-import cpTestInvalidValues path/to/file

Expected results

??

Test case: Import profile in XML format

Autotest

{{{autotest}}}

Setup

A profile configuration file in XML format

Actions

ipa certprofile-import cpTestXML path/to/file

Expected results

The certificate is refused.

Test case: Delete profile

Autotest

{{{autotest}}}

Setup

Disable a profile <PROFILE>

Actions

ipa certprofile-del <PROFILE>

Expected results

the profile is deleted

Test case: Delete default profile

Autotest

{{{autotest}}}

Setup

import a profile <PROFILE>

Actions

ipa certprofile-del <PROFILE>

Expected results

The operation fails.

Test case: Delete bogus profile id

Autotest

{{{autotest}}}

Setup

Actions

ipa certprofile-del bogusID

Expected results

an error is returned


Test case: Modify profile description

Autotest

{{{autotest}}}

Setup

Valid profile is available

Actions

ipa certprofile-mod <PROFILE> --desc='new profile description'

Expected results

The change is applied

Test case: Change the store option on a profile

Autotest

{{{autotest}}}

Setup

Valid profile is available and store is enabled

Actions

ipa certprofile-mod <PROFILE> --store=FALSE

Expected results

The change is applied

Test case: Try to rename the profile entry with setattr

Autotest

{{{autotest}}}

Setup

Valid profile is available

Actions

ipa certprofile-mod <PROFILE> --setattr 'cn=bogus'

Expected results

The change should be refused as it breaks the data integrity

Test case: Try to rename the profile entry with rename option

Autotest

{{{autotest}}}

Setup

Valid profile is available

Actions

ipa certprofile-mod <PROFILE> --rename <NEWNAME>

Expected results

The operation fails. There should be no 'rename' option for a profile.


Test case: Check if the find command returns all profiles

Autotest

{{{autotest}}}

Setup

imported an user profile, default profile must be present

Actions

ipa certprofile-find --

Expected results

Information about both profiles is shown. Summary message contains correct information about the number of profiles.

Test case: Check if the find command returns filtered view by store option

Autotest

{{{autotest}}}

Setup

imported an user profile, default profile must be present

Actions

ipa certprofile-find --

Expected results

Information about both profiles is shown. Summary message contains correct information about the number of profiles.

Test case: Retrieve the information about the profile

Autotest

{{{autotest}}}

Setup

Imported profile with known values of the attributes

Actions

ipa certprofile-show <PROFILE>

Expected results

The attributes on the returned profile match.

Test case: Export the profile

Autotest

{{{autotest}}}

Setup

Profile PROFILE present on the server

Actions

ipa certprofile-show <PROFILE> --out FILE

Expected results

The file exists. In the file there is a line with 'profileID=PROFILE'

Test Plan - CA ACLs

Complex test cases - notes

1. test the store option. To do this, issue a certificate.

   1.1 store=true
   1.2 store=false

how does this work?

2. Disable/enable of an ACL

   2.1 Enabled ACL for a particular profile
   2.2 Disabled ACL

3. Issue certificate with a custom profile (s-mime)

   3.1 Make sure the certificate is issued
   3.2 Check the certificate extensions against the CSR
   

4. Update an existing profile

   4.1 Update a profile with new data
   4.2 Sign a certificate with the profile. Make sure it doesn't fail.
   4.3 Check if the generated certificate matches constraints set by the updated profile.