diff --git a/.github/workflows/tps-basic-test.yml b/.github/workflows/tps-basic-test.yml index 6ade3d4cf04..1f077d3db8d 100644 --- a/.github/workflows/tps-basic-test.yml +++ b/.github/workflows/tps-basic-test.yml @@ -33,20 +33,18 @@ jobs: tests/bin/ds-create.sh \ --image=${{ env.DS_IMAGE }} \ --hostname=ds.example.com \ + --network=example \ + --network-alias=ds.example.com \ --password=Secret.123 \ ds - - name: Connect DS container to network - run: docker network connect example ds --alias ds.example.com - - name: Set up PKI container run: | - tests/bin/runner-init.sh pki - env: - HOSTNAME: pki.example.com - - - name: Connect PKI container to network - run: docker network connect example pki --alias pki.example.com + tests/bin/runner-init.sh \ + --hostname=pki.example.com \ + --network=example \ + --network-alias=pki.example.com \ + pki - name: Install CA run: | @@ -304,7 +302,7 @@ jobs: # restart TPS subsystem docker exec pki pki-server tps-redeploy --wait - - name: Add token + - name: Add token for testuser1 run: | hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom > cuid CUID=$(cat cuid) @@ -316,11 +314,11 @@ jobs: docker exec pki pki -n caadmin tps-cert-find --token $CUID - - name: Format token + - name: Format testuser1 token using pki tps-client run: | CUID=$(cat cuid) docker exec pki /usr/share/pki/tps/bin/pki-tps-format \ - --user=testuser \ + --user=testuser1 \ --password=Secret.123 \ $CUID @@ -331,11 +329,11 @@ jobs: docker exec pki pki -n caadmin tps-cert-find --token $CUID - - name: Enroll token + - name: Enroll testuser1 token using pki tps-client run: | CUID=$(cat cuid) docker exec pki /usr/share/pki/tps/bin/pki-tps-enroll \ - --user=testuser \ + --user=testuser1 \ --password=Secret.123 \ $CUID @@ -346,21 +344,67 @@ jobs: docker exec pki pki -n caadmin tps-cert-find --token $CUID - - name: KRA key find + - name: Find testuser1 key in KRA run: | CUID=$(cat cuid | tr [:lower:] [:upper:]) - USER="testuser" + USER="testuser1" echo $CUID:$USER > expected docker exec pki pki -n caadmin kra-key-find --owner $CUID:$USER | tee output sed -n 's/\s*Owner:\s\+\(\S\+\)\s*/\1/p' output > actual diff expected actual - - name: Gather artifacts - if: always() + - name: Add token for testuser2 + run: | + hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom > cuid + CUID=$(cat cuid) + docker exec pki pki -n caadmin tps-token-add $CUID | tee output + + echo "UNFORMATTED" > expected + sed -n 's/\s*Status:\s\+\(\S\+\)\s*/\1/p' output > actual + diff expected actual + + docker exec pki pki -n caadmin tps-cert-find --token $CUID + + - name: Format testuser2 token using tpsclient + run: | + CUID=$(cat cuid) + docker exec pki /usr/share/pki/tps/bin/pki-tps-format \ + --client=tpsclient \ + --user=testuser2 \ + --password=Secret.123 \ + $CUID + + echo "FORMATTED" > expected + docker exec pki pki -n caadmin tps-token-show $CUID | tee output + sed -n 's/\s*Status:\s\+\(\S\+\)\s*/\1/p' output > actual + diff expected actual + + docker exec pki pki -n caadmin tps-cert-find --token $CUID + + - name: Enroll testuser2 token using tpsclient + run: | + CUID=$(cat cuid) + docker exec pki /usr/share/pki/tps/bin/pki-tps-enroll \ + --client=tpsclient \ + --user=testuser2 \ + --password=Secret.123 \ + $CUID + + echo "ACTIVE" > expected + docker exec pki pki -n caadmin tps-token-show $CUID | tee output + sed -n 's/\s*Status:\s\+\(\S\+\)\s*/\1/p' output > actual + diff expected actual + + docker exec pki pki -n caadmin tps-cert-find --token $CUID + + - name: Find testuser2 key in KRA run: | - tests/bin/ds-artifacts-save.sh ds - tests/bin/pki-artifacts-save.sh pki - continue-on-error: true + CUID=$(cat cuid | tr [:lower:] [:upper:]) + USER="testuser2" + echo $CUID:$USER > expected + docker exec pki pki -n caadmin kra-key-find --owner $CUID:$USER | tee output + sed -n 's/\s*Owner:\s\+\(\S\+\)\s*/\1/p' output > actual + diff expected actual - name: Remove TPS run: docker exec pki pkidestroy -s TPS -v @@ -484,10 +528,3 @@ jobs: if: always() run: | docker exec pki find /var/lib/pki/pki-tomcat/logs/tps -name "debug.*" -exec cat {} \; - - - name: Upload artifacts - if: always() - uses: actions/upload-artifact@v4 - with: - name: tps-basic - path: /tmp/artifacts diff --git a/base/tools/src/main/java/com/netscape/cmstools/tps/TPSCLI.java b/base/tools/src/main/java/com/netscape/cmstools/tps/TPSCLI.java index aa28a84a78a..6df29e0e997 100644 --- a/base/tools/src/main/java/com/netscape/cmstools/tps/TPSCLI.java +++ b/base/tools/src/main/java/com/netscape/cmstools/tps/TPSCLI.java @@ -58,6 +58,7 @@ public TPSCLI(MainCLI mainCLI) { addModule(new SelfTestCLI(this)); addModule(new TokenCLI(this)); addModule(new UserCLI(this)); + addModule(new TPSClientCLI(this)); } @Override diff --git a/base/tools/src/main/java/com/netscape/cmstools/tps/TPSClientCLI.java b/base/tools/src/main/java/com/netscape/cmstools/tps/TPSClientCLI.java new file mode 100644 index 00000000000..8a58d445f92 --- /dev/null +++ b/base/tools/src/main/java/com/netscape/cmstools/tps/TPSClientCLI.java @@ -0,0 +1,46 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package com.netscape.cmstools.tps; + +import org.apache.commons.cli.CommandLine; +import org.dogtagpki.cli.CommandCLI; + +import com.netscape.cmstools.cli.MainCLI; + +/** + * @author Endi S. Dewata + */ +public class TPSClientCLI extends CommandCLI { + + public static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(TPSClientCLI.class); + + static { + System.loadLibrary("pki-tps"); + } + + public TPSCLI tpsCLI; + + public TPSClientCLI(TPSCLI tpsCLI) { + super("client", "TPS client", tpsCLI); + this.tpsCLI = tpsCLI; + } + + @Override + public void printHelp() { + formatter.printHelp(getFullName() + " [OPTIONS...]", options); + } + + public native void execute() throws Exception; + + @Override + public void execute(CommandLine cmd) throws Exception { + + MainCLI mainCLI = (MainCLI) getRoot(); + mainCLI.init(); + + execute(); + } +} diff --git a/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp b/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp index 1dd8e07a0d5..c4187d6d862 100644 --- a/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp +++ b/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp @@ -21,6 +21,7 @@ #include #include #include +#include #include "prinrval.h" #include "prmem.h" @@ -1631,3 +1632,11 @@ RA_Client::Execute () } } } /* Execute */ + +extern "C" JNIEXPORT void JNICALL +Java_com_netscape_cmstools_tps_TPSClientCLI_execute +(JNIEnv* env, jclass clazz) +{ + RA_Client client; + client.Execute(); +} diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp b/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp index 604e60fa020..511dca54ed7 100644 --- a/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp +++ b/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp @@ -45,6 +45,8 @@ main (int argc, char *argv[]) PK11SlotInfo *slot = NULL; PRUint32 flags = 0; + fprintf(stderr, "WARNING: tpsclient has been deprecated. Use pki tps-client instead.\n"); + /* Initialize NSPR & NSS */ PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); PK11_SetPasswordFunc (ownPasswd); diff --git a/base/tps/auth/ds/example.ldif b/base/tps/auth/ds/example.ldif index 943c464604a..2c0e1da2e62 100644 --- a/base/tps/auth/ds/example.ldif +++ b/base/tps/auth/ds/example.ldif @@ -8,3 +8,25 @@ cn: Test User sn: User givenName: Test userPassword: Secret.123 + +dn: uid=testuser1,ou=people,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: testuser1 +cn: Test User 1 +sn: User 1 +givenName: Test +userPassword: Secret.123 + +dn: uid=testuser2,ou=people,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: testuser2 +cn: Test User 2 +sn: User 2 +givenName: Test +userPassword: Secret.123 diff --git a/base/tps/bin/pki-tps-enroll b/base/tps/bin/pki-tps-enroll index 8191b5931c0..7c9e703c63b 100755 --- a/base/tps/bin/pki-tps-enroll +++ b/base/tps/bin/pki-tps-enroll @@ -1,5 +1,6 @@ #!/bin/bash +TPS_CLIENT="pki tps-client" TPS_HOSTNAME=$HOSTNAME TPS_PORT=8080 TPS_PATH=/tps/tps @@ -28,6 +29,9 @@ while getopts v-: arg ; do LONG_OPTARG="${OPTARG#*=}" case $OPTARG in + client=?*) + TPS_CLIENT="$LONG_OPTARG" + ;; hostname=?*) TPS_HOSTNAME="$LONG_OPTARG" ;; @@ -43,7 +47,7 @@ while getopts v-: arg ; do '') break # "--" terminates argument processing ;; - hostname* | port* | user* | password*) + client* | hostname* | port* | user* | password*) echo "ERROR: Missing argument for --$OPTARG option" >&2 exit 1 ;; @@ -64,7 +68,7 @@ shift $((OPTIND-1)) CUID=$1 -tpsclient << EOF +$TPS_CLIENT << EOF op=var_set name=ra_host value=$TPS_HOSTNAME op=var_set name=ra_port value=$TPS_PORT op=var_set name=ra_uri value=$TPS_PATH @@ -80,11 +84,17 @@ op=ra_enroll uid=$USERNAME pwd=$PASSWORD num_threads=$THREADS extensions=$EXTENS op=exit EOF -# tpsclient returns 1 on success and 0 on failure, -# so the return code needs to be inverted +rc=$? + +if [ "$TPS_CLIENT" == "tpsclient" ]; then + # tpsclient returns 1 on success and 0 on failure, + # so the return code needs to be inverted + + if [ "$rc" == "0" ]; then + exit 1 + fi -if [ "$?" == "0" ]; then - exit 1 + exit 0 fi -exit 0 +exit $rc diff --git a/base/tps/bin/pki-tps-format b/base/tps/bin/pki-tps-format index b0a5ebc1f5f..5991bf07c03 100755 --- a/base/tps/bin/pki-tps-format +++ b/base/tps/bin/pki-tps-format @@ -1,5 +1,6 @@ #!/bin/bash +TPS_CLIENT="pki tps-client" TPS_HOSTNAME=$HOSTNAME TPS_PORT=8080 TPS_PATH=/tps/tps @@ -26,6 +27,9 @@ while getopts v-: arg ; do LONG_OPTARG="${OPTARG#*=}" case $OPTARG in + client=?*) + TPS_CLIENT="$LONG_OPTARG" + ;; hostname=?*) TPS_HOSTNAME="$LONG_OPTARG" ;; @@ -41,7 +45,7 @@ while getopts v-: arg ; do '') break # "--" terminates argument processing ;; - hostname* | port* | user* | password*) + client* | hostname* | port* | user* | password*) echo "ERROR: Missing argument for --$OPTARG option" >&2 exit 1 ;; @@ -62,7 +66,7 @@ shift $((OPTIND-1)) CUID=$1 -tpsclient << EOF +$TPS_CLIENT << EOF op=var_set name=ra_host value=$TPS_HOSTNAME op=var_set name=ra_port value=$TPS_PORT op=var_set name=ra_uri value=$TPS_PATH @@ -78,11 +82,17 @@ op=ra_format uid=$USERNAME pwd=$PASSWORD num_threads=$THREADS extensions=$EXTENS op=exit EOF -# tpsclient returns 1 on success and 0 on failure, -# so the return code needs to be inverted +rc=$? + +if [ "$TPS_CLIENT" == "tpsclient" ]; then + # tpsclient returns 1 on success and 0 on failure, + # so the return code needs to be inverted + + if [ "$rc" == "0" ]; then + exit 1 + fi -if [ "$?" == "0" ]; then - exit 1 + exit 0 fi -exit 0 +exit $rc diff --git a/docs/changes/v11.7.0/Tools-Changes.adoc b/docs/changes/v11.7.0/Tools-Changes.adoc new file mode 100644 index 00000000000..9390b766187 --- /dev/null +++ b/docs/changes/v11.7.0/Tools-Changes.adoc @@ -0,0 +1,5 @@ += Tools Changes = + +== Deprecate tpsclient == + +`tpsclient` has been deprecated. Use `pki tps-client` instead.