github.com/Venafi/vcert/v5@v5.10.2/aruba/features/enroll/enroll-with-csr-PS-tests.feature (about) 1 @TPP 2 Feature: few more tests from Ryan 3 4 As a user 5 I want to be sure they all pass 6 7 Background: 8 And the default aruba exit timeout is 180 seconds 9 10 # cls 11 # title ~ Service Generated CSR with RSA key ~ 12 # VCert enroll -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -z "%POLICY%" -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json -key-password %KEY_PASS% 13 # if ERRORLEVEL 1 goto :DONE 14 # timeout /t 10 15 Scenario: ~ Service Generated CSR with RSA key ~ 16 When I enroll a certificate with dummy password in TPP with -csr service -key-type rsa -key-size 4096 -cn service-gen-rsa.vcert.example -format json 17 Then it should retrieve certificate 18 Then I get JSON response 19 And that certificate should contain "Public-Key: (4096 bit)" 20 21 # cls 22 # title ~ Service Generated CSR with ECC key ~ 23 # VCert enroll -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -z "%ECC_POLICY%" -csr service -key-type ecdsa -key-curve p521 -cn service-gen-ecc.vcert.example -format json -key-password %KEY_PASS% 24 # if ERRORLEVEL 1 goto :DONE 25 # timeout /t 10 26 Scenario: ~ Service Generated CSR with ECC key ~ 27 When I enroll random certificate with dummy password using TPPecdsa with -csr service -key-type ecdsa -key-curve p521 -format json 28 Then it should post certificate request 29 And it should retrieve certificate 30 And the JSON response at "PrivateKey" should include "-----BEGIN EC PRIVATE KEY-----" 31 And the JSON response at "PrivateKey" should include "ENCRYPTED" 32 33 # cls 34 # title ~ Service Generated CSR pickup later ID as param ~ 35 # for /f "tokens=2 delims==" %%i in ( 'VCert enroll -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -z "%POLICY%" -csr service -cn service-gen-pickup-id-as-param.vcert.example -no-pickup 2^>^&1 ^| find "PickupID="' ) do set PICKUP_ID=%%i 36 # echo PickupID=%PICKUP_ID% 37 # timeout /t 15 /nobreak 38 # echo. 39 # VCert pickup -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -pickup-id %PICKUP_ID% -key-password %KEY_PASS% 40 # if ERRORLEVEL 1 goto :DONE 41 # timeout /t 10 42 Scenario: ~ Service Generated CSR pickup later ID as param ~ 43 When I enroll certificate using TPP with -csr service -cn service-gen-pickup-id-as-param.vcert.example -no-pickup 44 Then it should post certificate request 45 And I retrieve the certificate from TPP using the same Pickup ID and using a dummy password with -timeout 59 46 Then it should retrieve certificate 47 Then it should output encrypted private key 48 49 # cls 50 # title ~ Service Generated CSR pickup later ID in file~ 51 # VCert enroll -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -z "%POLICY%" -csr service -cn service-gen-pickup-id-in-file.vcert.example -no-pickup -pickup-id-file pickup_id.txt 52 # timeout /t 15 /nobreak 53 # echo. 54 # VCert pickup -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -pickup-id-file pickup_id.txt -key-password %KEY_PASS% 55 # if ERRORLEVEL 1 goto :DONE 56 # timeout /t 10 57 Scenario: ~ Service Generated CSR pickup later ID in file~ 58 When I enroll certificate using TPP with -csr service -cn service-gen-pickup-id-in-file.vcert.example -no-pickup -pickup-id-file pickup_id.txt 59 Then it should post certificate request 60 And I retrieve the certificate using a dummy password from TPP with -pickup-id-file pickup_id.txt -timeout 59 61 Then it should retrieve certificate 62 Then it should output encrypted private key 63 64 65 # cls 66 # title ~ User Provided CSR with RSA key ~ 67 # VCert gencsr -cn user-provided-rsa.vcert.example -key-type rsa -key-size 4096 -key-file user-provided-rsa.key -csr-file user-provided-rsa.req -no-prompt 68 # echo. 69 # VCert enroll -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -z "%POLICY%" -csr file:user-provided-rsa.req 70 # if ERRORLEVEL 1 goto :DONE 71 # timeout /t 10 72 Scenario: ~ User Provided CSR with RSA key ~ 73 Given I generate CSR with -cn user-provided-rsa.vcert.example -key-type rsa -key-size 4096 -key-file user-provided-rsa.key -csr-file user-provided-rsa.req -no-prompt 74 When I enroll certificate using TPP with -csr file:user-provided-rsa.req -cert-file c.pem 75 And it should retrieve certificate 76 And I decode certificate from file "c.pem" 77 Then that certificate should contain "Public-Key: (4096 bit)" 78 79 # cls 80 # title ~ User Provided CSR with ECC key ~ 81 # VCert gencsr -cn user-provided-ecc.vcert.example -key-type ecdsa -key-curve p521 -key-file user-provided-ecc.key -csr-file user-provided-ecc.req -no-prompt 82 # echo. 83 # VCert enroll -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -z "%ECC_POLICY%" -csr file:user-provided-ecc.req 84 # if ERRORLEVEL 1 goto :DONE 85 # timeout /t 10 86 Scenario: ~ User Provided CSR with ECC key ~ 87 Given I generate CSR with -cn user-provided-ecc.vcert.example -key-type ecdsa -key-curve p521 -key-file user-provided-ecc.key -csr-file user-provided-ecc.req -no-prompt 88 When I enroll certificate using TPPecdsa with -csr file:user-provided-ecc.req -cert-file c.pem 89 And it should retrieve certificate 90 And I decode certificate from file "c.pem" 91 Then that certificate should contain "CURVE: P-521" 92 93 # cls 94 # title ~ Service Generated CSR with SANS and should be no log output ~ 95 # VCert enroll -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -z "%POLICY%" -csr service -cn service-gen-with-sans.vcert.example -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -format json -key-password %KEY_PASS% 2>nul 96 # if ERRORLEVEL 1 goto :DONE 97 # timeout /t 10 98 Scenario: ~ Service Generated CSR with SANS and should be no log output ~ 99 When I enroll random certificate with dummy password using TPP with -csr service -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -format json 100 And I get JSON response 101 And that certificate should contain "DNS:one.vcert.example" 102 And that certificate should contain "DNS:two.vcert.example" 103 And that certificate should contain "email:zack.jackson@vcert.example" 104 And that certificate should contain "IP Address:10.20.30.40" 105 And that certificate should contain "IP Address:198.168.144.120" 106 107 # cls 108 # title ~ User Provided CSR with SANs ~ 109 # VCert gencsr -cn user-provided-with-sans.vcert.example -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -key-file user-provided-with-sans.key -csr-file user-provided-with-sans.req -key-password %KEY_PASS% 110 # echo. 111 # VCert enroll -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -z "%POLICY%" -csr file:user-provided-with-sans.req 112 # if ERRORLEVEL 1 goto :DONE 113 # timeout /t 10 114 Scenario: ~ User Provided CSR with SANs ~ 115 Given I generate CSR using dummy password with flags -cn user-provided-with-sans.vcert.example -san-dns one.vcert.example -san-dns two.vcert.example -san-ip 10.20.30.40 -san-ip 198.168.144.120 -san-email zack.jackson@vcert.example -key-file user-provided-with-sans.key -csr-file user-provided-with-sans.req 116 And I enroll certificate using TPP with -csr file:user-provided-with-sans.req -cert-file c.pem 117 And I decode certificate from file "c.pem" 118 And that certificate should contain "DNS:one.vcert.example" 119 And that certificate should contain "DNS:two.vcert.example" 120 And that certificate should contain "email:zack.jackson@vcert.example" 121 And that certificate should contain "IP Address:10.20.30.40" 122 And that certificate should contain "IP Address:198.168.144.120" 123 And that certificate Subject should contain "CN = user-provided-with-sans.vcert.example" 124 125 # cls 126 # title ~ User Provided CSR with full Subject DN ~ 127 # VCert gencsr -cn user-provided-full-subject.vcert.example -ou "DevOps Integrations" -o "Swordfish Security" -l "St. Petersburg" -st Russia -c RU -key-file user-provided-full-subject.key -csr-file user-provided-full-subject.req -key-password %KEY_PASS% 128 # echo. 129 # VCert enroll -tpp-url %TPP_URL% -tpp-user %TPP_USER% -tpp-password %TPP_PASS% -z "%POLICY%" -csr file:user-provided-full-subject.req 130 # if ERRORLEVEL 1 goto :DONE 131 # timeout /t 10 132 Scenario: ~ User Provided CSR with full Subject DN ~ 133 Given I generate CSR using dummy password with flags -cn user-provided-full-subject.vcert.example -ou "DevOps Integrations" -o "Swordfish Security" -l "St. Petersburg" -st Russia -c RU -key-file user-provided-full-subject.key -csr-file user-provided-full-subject.req 134 And I enroll certificate using TPP with -csr file:user-provided-full-subject.req -format json 135 And I get JSON response 136 Then that certificate Subject should contain "C = RU" 137 And that certificate Subject should contain "ST = Russia" 138 And that certificate Subject should contain "L = St. Petersburg" 139 And that certificate Subject should contain "O = Swordfish Security" 140 And that certificate Subject should contain "OU = DevOps Integrations" 141 And that certificate Subject should contain "CN = user-provided-full-subject.vcert.example"