github.com/Venafi/vcert/v5@v5.10.2/aruba/features/enroll/basic.enroll.feature

github.com/Venafi/vcert/v5@v5.10.2/aruba/features/enroll/basic.enroll.feature (about)

     1  Feature: Enroll certificate
     2  
     3    As a user
     4    I want to enroll certificates
     5  
     6    Background:
     7      Given the default aruba exit timeout is 180 seconds
     8  
     9    @FAKE
    10    Scenario: Simple enroll in test mode
    11      When I successfully run `vcert enroll -test-mode -test-mode-delay 0 -cn vfidev.example.com -no-prompt` for up to 10 seconds
    12      Then it should post certificate request
    13        And it should retrieve certificate
    14  
    15    @FAKE
    16    Scenario: Enroll with interactive mode
    17      When I run `vcert enroll -test-mode -test-mode-delay 0 -cn vfidev.example.com` interactively
    18      And I type ""
    19      And I type ""
    20      Then it should post certificate request
    21      And it should retrieve certificate
    22  
    23    @FAKE
    24    Scenario: Passphrases don't match
    25      When I run `vcert enroll -test-mode -test-mode-delay 0 -cn vfidev.example.com` interactively
    26        And I type dummy password
    27        And I type "different password"
    28      Then it should fail with "Passphrases don't match"
    29  
    30    @FAKE
    31    Scenario: request a certificate with default arguments
    32      When I run `vcert enroll -test-mode -test-mode-delay 0 -cn vfidev.example.com -no-prompt -no-pickup`
    33      Then it should output private key
    34        And it should post certificate request
    35  
    36    @FAKE
    37    Scenario: request a certificate with default arguments with -key-password
    38      When I run `vcert enroll -test-mode -test-mode-delay 0 -cn vfidev.example.com -no-prompt -no-pickup -key-password 1234`
    39      Then it should output encrypted private key
    40        And it should post certificate request
    41  
    42    @FAKE
    43    Scenario: enroll a certificate with default arguments
    44      When I enroll a certificate in test-mode with -cn vfidev.example.com -no-pickup -no-prompt
    45      Then it should post certificate request
    46        And it should output private key
    47  
    48    @FAKE
    49    Scenario: writing private key to file
    50      When I enroll a certificate in test-mode with -cn vfidev.example.com -no-pickup -no-prompt -key-file k.pem
    51      Then it should post certificate request
    52        And it should not output private key
    53        And the file named "k.pem" should exist
    54  
    55    @FAKE
    56    Scenario: writing encrypted private key to file
    57      When I enroll a certificate in test-mode with -cn vfidev.example.com -no-pickup -no-prompt -key-file k.pem -key-password 1234
    58      Then it should post certificate request
    59        And "k.pem" should be RSA private key with password "1234"
    60  
    61    @FAKE
    62    Scenario: writing encrypted private key to file with password readed from file
    63      Given a file named "password.txt" with "1234"
    64      When I enroll a certificate in test-mode with -cn vfidev.example.com -no-pickup -no-prompt -key-file k.pem -key-password file:password.txt
    65      Then it should post certificate request
    66        And "k.pem" should be RSA private key with password "1234"
    67  
    68    @FAKE
    69    Scenario: request a certificate with 1024 key size
    70      Given I successfully run `vcert enroll -test-mode -test-mode-delay 0 -cn vfidev.example.com -no-prompt -cert-file c.pem -key-size 1024`
    71      Then "c.pem" should be a certificate with key size 1024 bits
    72  
    73    @FAKE
    74    Scenario: request a certificate with default key size
    75      Given I enroll a certificate in test-mode with -cn vfidev.example.com -no-prompt -cert-file c.pem
    76      Then "c.pem" should be a certificate with key size 2048 bits
    77  
    78    @FAKE
    79    Scenario: request a certificate with 3072 bit key size
    80      Given I enroll a certificate in test-mode with -cn vfidev.example.com -no-prompt -cert-file c.pem -key-size 3072
    81      Then "c.pem" should be a certificate with key size 3072 bits
    82  
    83    @FAKE
    84    Scenario: when -chain-file option is not specified, then the chain is written to -cert-file
    85      Given I enroll a certificate in test-mode with -no-prompt -cn vfidev.example.com -cert-file c.pem
    86      Then the file "c.pem" should match /(-----BEGIN CERTIFICATE-----.+){2}/
    87  
    88    @FAKE
    89    Scenario: when the chain is written to -chain-file
    90      Given I enroll a certificate in test-mode with -no-prompt -cn vfidev.example.com -cert-file c.pem -chain-file ch.pem
    91      Then the file "c.pem" should match /(-----BEGIN CERTIFICATE-----.+){1}/
    92      Then the file "ch.pem" should match /(-----BEGIN CERTIFICATE-----.+){1}/
    93  
    94    @FAKE
    95    Scenario: enroll with wrong csr option should return error
    96      Given I enroll a certificate in test-mode with -cn vfidev.example.com -csr sservice -no-prompt
    97      Then the exit status should not be 0
    98  
    99    @TPP
   100    Scenario: enroll with custom field
   101      Given I enroll random certificate using TPP with -no-prompt -field "custom=12121" -field "Server Names=some server"
   102      Then the exit status should be 0
   103  
   104    @TPP
   105    Scenario: enroll with static instance and certificate and replace-instance
   106      Given I enroll certificate using TPP with  -cn devops-cert-with-instance.example.com -no-prompt -instance devops-instance:nginx_1234567890 -tls-address api-gw-myapp.example:8443  -app-info vcert:1.9.1 -replace-instance
   107      Then the exit status should be 0
   108  
   109    @TPP
   110    Scenario: enroll with random instance and app-info
   111      Given I enroll random certificate and_random_instance using TPP with -no-prompt -tls-address api-gw-myapp.example:8443  -app-info vcert:1.9.1
   112      Then the exit status should be 0
   113  
   114    @TPP
   115    Scenario: enroll with random instance and app-info and deprecated TPP
   116      Given I enroll random certificate and_random_instance using TPPdeprecated with -no-prompt -tls-address api-gw-myapp.example:8443  -app-info vcert:1.9.1
   117      Then the exit status should be 0
   118  
   119  # todo: find a way to test with single instance and avoid ObjectAlreadyExists  error
   120  #  Scenario: enroll with single instance and app-info
   121  #    Given I enroll random certificate using TPP with -no-prompt -instance devops-instance -app-info vcert:1.9.1
   122  #    Then the exit status should be 1
   123  
   124    @TPP
   125    Scenario: enroll with duplicated instance
   126      Given I enroll random certificate using TPP with -no-prompt -field "custom=12121" -field "Server Names=some server" -instance devops-instance:nginx_246 -instance devops-instance
   127      Then the exit status should be 1
   128  
   129    @TPP
   130    Scenario: enroll with duplicated tls-address
   131      Given I enroll random certificate using TPP with -no-prompt -field "custom=12121" -field "Server Names=some server" -tls-address api-gw-myapp.example:8443 -tls-address api-gw-myapp.example
   132      Then the exit status should be 1