result.master.override

Pegasus is an open-source implementationof the DMTF CIM and WBEM standards. It is designed to be por

Issuer: /C=US/ST=VIRGINIA/L=Fairfax/O=OpenGroup/OU=OpenPegasus/CN=TestSelfSigned1-Nov
Serial Number: 0
Subject: /C=US/ST=VIRGINIA/L=Fairfax/O=OpenGroup/OU=OpenPegasus/CN=TestSelfSigned1-Nov
Registered User Name: root
Type: Self-signed identity
Validity:
    NotBefore: Nov 9, 2005  20:00:00 (00000)
    NotAfter : Aug 3, 2018  20:00:00 (00000)
---------------------------------------------
Issuer: /C=US/ST=VIRGINIA/L=Fairfax/O=OpenGroup/OU=OpenPegasus/CN=TestSelfSigned1-Dec
Serial Number: 0
Subject: /C=US/ST=VIRGINIA/L=Fairfax/O=OpenGroup/OU=OpenPegasus/CN=TestSelfSigned1-Dec
Registered User Name: root
Type: Self-signed identity
Validity:
    NotBefore: Dec 9, 2005  0:00:00 (00000)
    NotAfter : Sep 2, 2018  0:00:00 (00000)
---------------------------------------------

Remove the Certificates, should all succeed.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.
Certificate removed successfully.

+++++++++ Functional tests - Delete operation testing +++++++++
Delete the self-signed certificate from the truststore.
Certificate removed successfully.

Try to connect, this should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Attempt to delete the certificate we just deleted, this should get a DNE error.
Failed to remove certificate.
Specified certificate does not exist.
CIM_ERR_NOT_FOUND: The requested object could not be found: "The certificate does not exist."

Add the self-signed certificate to the truststore.
Certificate added successfully.

Delete the self-signed certificate from the truststore by subject & issuer.
Certificate removed successfully.

Try to connect, this should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Attempt to delete the certificate we just deleted, this should get a DNE error.
Failed to remove certificate.
Specified certificate does not exist.
CIM_ERR_NOT_FOUND: The requested object could not be found: "The certificate does not exist."

Add the deleted self-signed certificate to the truststore. This should succeed
Certificate added successfully.

Delete the self-signed certificate from the truststore by subject & issuer. This should succeed
Certificate removed successfully.

+++++++++ Functional tests - List operation testing +++++++++
Negative testcases.
Add the self-signed root certificate to the truststore.
Certificate added successfully.

Add the intermediate CA signed certificate to the truststore.
Certificate added successfully.

List certificates, specify non-existent serial number. No certs listed.

List certificates, specify non-existent issuername. No certs listed.

List certificates, specify non-existent subject. No certs listed.

List certificates, specify only the serial number. This should fail.
cimtrust: the "-i" option is required
Use '--help' to obtain command syntax.

List certificates, specify only the subject. This should fail.
cimtrust: the "-i" option is required
Use '--help' to obtain command syntax.

List certificates, specify the only serial number. Should fail since issuer not specified.
cimtrust: the "-i" option is required
Use '--help' to obtain command syntax.

List certificates, specify both serial number & subject, this should fail.
cimtrust: option "-S" was unexpected
Use '--help' to obtain command syntax.

List certificates, specify both subject & serial number, this should fail.
cimtrust: option "-n" was unexpected
Use '--help' to obtain command syntax.

Positive testcases.
List certificates, specify the issuername.
Issuer: /C=US/ST=California/L=Sacramento/O=OpenGroup/OU=OpenPegasus/CN=TestChainCA
Serial Number: 0
Subject: /C=US/ST=California/L=Sacramento/O=OpenGroup/OU=OpenPegasus/CN=TestChainCA
Registered User Name: root
Type: Authority
Validity:
    NotBefore: Jan 4, 2007  9:31:07 (00000)
    NotAfter : Dec 31, 2021  9:31:07 (00000)
---------------------------------------------
Issuer: /C=US/ST=California/L=Sacramento/O=OpenGroup/OU=OpenPegasus/CN=TestChainCA
Serial Number: 2
Subject: /C=US/ST=Nevada/L=LasVegas/O=OpenGroup/OU=OpenPegasus/CN=TestInterCA
Registered User Name: root
Type: Authority
Validity:
    NotBefore: Jan 4, 2007  9:31:07 (00000)
    NotAfter : Dec 31, 2021  9:31:07 (00000)
---------------------------------------------

List certificates, specify the issuername & subject.
Issuer: /C=US/ST=California/L=Sacramento/O=OpenGroup/OU=OpenPegasus/CN=TestChainCA
Serial Number: 0
Subject: /C=US/ST=California/L=Sacramento/O=OpenGroup/OU=OpenPegasus/CN=TestChainCA
Registered User Name: root
Type: Authority
Validity:
    NotBefore: Jan 4, 2007  9:31:07 (00000)
    NotAfter : Dec 31, 2021  9:31:07 (00000)
---------------------------------------------

List certificates, specify the issuername & serial number.
Issuer: /C=US/ST=California/L=Sacramento/O=OpenGroup/OU=OpenPegasus/CN=TestChainCA
Serial Number: 0
Subject: /C=US/ST=California/L=Sacramento/O=OpenGroup/OU=OpenPegasus/CN=TestChainCA
Registered User Name: root
Type: Authority
Validity:
    NotBefore: Jan 4, 2007  9:31:07 (00000)
    NotAfter : Dec 31, 2021  9:31:07 (00000)
---------------------------------------------

Remove the CA certificate from the truststore, this should succeed.
Certificate removed successfully.

Try to connect with the intermediate certificate issued by the CA, this should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Try to connect with the leaf certificate issued by the CA, this should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Remove the intermediate CA certificate from the truststore, this should succeed.
Certificate removed successfully.

+++++++++ Functional tests - Certificate chain tests +++++++++
+++++++++ Single-level chain tests +++++++++
Add the CA certificate to the truststore.
Certificate added successfully.

Try to connect with the 1st certificate issued by the CA, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Try to connect with the 2nd certificate issued by the CA, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Try to connect with the 3rd certificate issued by the CA, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Try to connect with the 1st certificate issued by CA1, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Add the second CA certificate to the truststore.
Certificate added successfully.

Add the self-signed certificate to the truststore.
Certificate added successfully.

Try to connect with testdn1, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Try to connect with testdup (same subject as testdn1) issued by CA2, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Remove the CA1 certificate from the truststore, this should succeed.
Certificate removed successfully.

Try to connect with the 1st certificate issued by the CA, this should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Try to connect with the 2nd certificate issued by the CA, this should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Try to connect with the 3rd certificate issued by the CA, this should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Remove the CA2 certificate from the truststore, this should succeed.
Certificate removed successfully.

Add the testdup certificate to the truststore, this should fail with duplicate subject error.
Failed to add certificate.
Specified certificate already exists.
CIM_ERR_ALREADY_EXISTS: Operation cannot be carried out because an object already exists: "Another certificate with the same subject name already exists."

Delete the self-signed certificate from the truststore by subject & issuer. This should succeed
Certificate removed successfully.

+++++++++ Functional tests - multi-level chain tests +++++++++
Add the root CA certificate to the truststore without an associated username.
NOTE: No user name will be associated with the certificate in the truststore.
Certificate added successfully.

Try to connect, this should fail since the root CA does not have an associated username.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized): Detail = "The username registered to this certificate is not a valid user.".

Add the intermediate CA signed certificate to the truststore without an associated username.
NOTE: No user name will be associated with the certificate in the truststore.
Certificate added successfully.

Try to connect, this should fail since the root CA does not have an associated username.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized): Detail = "The username registered to this certificate is not a valid user.".

Add the leaf CA signed certificate to the truststore with an associated username.
Certificate added successfully.

List the leaf certificate, specify the issuername.
Issuer: /C=US/ST=Nevada/L=LasVegas/O=OpenGroup/OU=OpenPegasus/CN=TestInterCA
Serial Number: 2
Subject: /C=US/ST=SouthDakota/L=SeouxFalls/O=OpenGroup/OU=OpenPegasus/CN=TestLeaf
Registered User Name: root
Type: Authority issued end-entity
Validity:
    NotBefore: Jan 4, 2007  9:31:07 (00000)
    NotAfter : Dec 31, 2021  9:31:07 (00000)
---------------------------------------------

Try to connect, this should succeed since the leaf has an associated username.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Remove the CA certificate from the truststore, this should succeed.
Certificate removed successfully.

Remove the intermediate CA certificate from the truststore, this should succeed.
Certificate removed successfully.

Remove the leaf CA signed certificate from the truststore, this should succeed.
Certificate removed successfully.

Add the self-signed root certificate with an associated user to the truststore.
Certificate added successfully.

Try to connect with root cert, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Try to connect with intermediate cert, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Add the intermediate CA signed certificate to the truststore.
Certificate added successfully.

Try to connect with root cert, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Try to connect with intermediate cert, this should succeed.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Try to connect, this should succeed since the intermediate cert has associated username.
TestCertClient::Connecting to 127.0.0.1:5989
Result: CIM_ComputerSystem
+++++ TestCertClient Terminated Normally

Remove the CA certificate from the truststore, this should succeed.
Certificate removed successfully.

Remove the intermediate CA certificate from the truststore, this should succeed.
Certificate removed successfully.

+++++++++ Funtional tests - Tests for special cases +++++++++
Invalid X509 certificate.
Failed to add certificate.
CIM_ERR_FAILED: A general error occurred that is not covered by a more specific error code: "Could not read x509 PEM format."

Connect with an expired certificate -- should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Add the expired certificate to the truststore -- should get an expiration error.
Failed to add certificate.
CIM_ERR_FAILED: A general error occurred that is not covered by a more specific error code: "The certificate has expired."

Connect with a not yet valid certificate -- should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Add the not yet valid certificate to the truststore -- should get a not yet valid error.
Failed to add certificate.
CIM_ERR_FAILED: A general error occurred that is not covered by a more specific error code: "The certificate is not valid yet.  Check the timestamps on your machine."

Connect with an untrusted certificate -- should fail.
TestCertClient::Connecting to 127.0.0.1:5989
Exception: HTTP Error (401 Unauthorized).

Non-existent certificate file -- should fail.
Failed to add certificate.
no such file: ./nosuchfile.cert