README.md

@@ -0,0 +1,3 @@
+# pki-core
+
+The pki-core package

gating.yaml

@@ -0,0 +1,8 @@
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate_modules
+subject_type: redhat-module
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.redhat-module.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: idm-ci.redhat-module.tier1.functional}

pki-core.yaml

@@ -26,17 +26,18 @@ data:
     rpms:
       jss:
         rationale: JSS packages
-        ref: stream-pki-10.6-rhel-8.8.0
-      ldapjdk:
-        rationale: LDAP JDK packages
-        ref: stream-pki-10.6-rhel-8.8.0
-        buildorder: 1
-      pki-core:
-        rationale: PKI Core packages
-        ref: stream-pki-10.6-rhel-8.8.0
-        buildorder: 2
+        ref: stream-pki-core-10.6-rhel-8.9.0
+        buildorder: 50
       tomcatjss:
         rationale: TomcatJSS packages
-        ref: stream-pki-10.6-rhel-8.8.0
-        buildorder: 1
+        ref: stream-pki-core-10.6-rhel-8.9.0
+        buildorder: 51
+      ldapjdk:
+        rationale: LDAP JDK packages
+        ref: stream-pki-core-10.6-rhel-8.9.0
+        buildorder: 52
+      pki-core:
+        rationale: PKI Core packages
+        ref: stream-pki-core-10.6-rhel-8.9.0
+        buildorder: 53
 ...

tests/roles/Test_Execution/files/config_templates/ansible_constants.py

@@ -0,0 +1,56 @@
+#common to all subsystems
+MASTER_HOSTNAME = 'pki1.example.com'
+CLONE_HOSTNAME = 'pki2.example.com'
+
+CLIENT_PKCS12_PASSWORD = 'SECret.123'
+CLIENT_DIR_PASSWORD = 'SECret.123'
+BACKUP_PASSWORD = 'SECret.123'
+CLIENT_DATABASE_PASSWORD = 'SECret.123'
+NSSDB = '/opt/pki/certdb'
+#CA Instance
+CA_HTTPS_PORT = '20443'
+CA_HTTP_PORT = '20080'
+CA_AJP_PORT = '20009'
+CA_TOMCAT_PORT = '20005'
+CA_CLIENT_DIR = '/opt/topology-CA'
+CA_INSTANCE_NAME = 'topology-CA'
+SECURITY_DOMAIN_PASSWORD = 'SECret.123'
+CA_PASSWORD = 'SECret.123'
+CA_SECURITY_DOMAIN_NAME = 'topology_Foobarmaster.org'
+CA_ADMIN_USERNAME = 'caadmin'
+CA_ADMIN_NICK = 'PKI CA Administrator for Example.Org'
+#KRA Instance
+KRA_INSTANCE_NAME = 'topology-KRA'
+KRA_HTTPS_PORT = 21443
+KRA_HTTP_PORT = 21080
+KRA_AJP_PORT = 21009
+KRA_TOMCAT_PORT = 21005
+KRA_PASSWORD = 'SECret.123'
+KRA_CLIENT_DIR = '/opt/topology-KRA'
+KRA_ADMIN_NICK = 'PKI KRA Administrator for Example.Org'
+#OCSP Instance
+OCSP_INSTANCE_NAME = 'topology-OCSP'
+OCSP_HTTPS_PORT = 22443
+OCSP_HTTP_PORT = 22080
+OCSP_AJP_PORT = 22009
+OCSP_TOMCAT_PORT = 22005
+OCSP_PASSWORD = 'SECret.123'
+OCSP_CLIENT_DIR = '/opt/topology-OCSP'
+OCSP_ADMIN_NICK = 'PKI OCSP Administrator for Example.Org'
+#TKS Instance
+TKS_INSTANCE_NAME = 'topology-TKS'
+TKS_HTTPS_PORT = 23443
+TKS_HTTP_PORT = 23080
+TKS_AJP_PORT = 23009
+TKS_TOMCAT_PORT = 23005
+TKS_PASSWORD = 'SECret.123'
+TKS_CLIENT_DIR = '/opt/topology-TKS'
+#TPS instance
+TPS_INSTANCE_NAME = 'topology-TPS'
+TPS_HTTPS_PORT = '25443'
+TPS_HTTP_PORT = '25080'
+TPS_AJP_PORT = '25009'
+TPS_TOMCAT_PORT = '25005'
+TPS_PASSWORD = 'SECret.123'
+TPS_CLIENT_DIR = '/opt/topology-TPS'
+TPS_ADMIN_NICK = 'PKI TPS Administrator for Example.Org'

tests/roles/Test_Execution/files/test/script

@@ -0,0 +1,79 @@
+#!/bin/sh
+#Generate Noise using Openssl
+echo "Defining variables "
+tks_password="/tmp/tkspassword.txt"
+tps_password="/tmp/tpspassword.txt"
+tks_alias="/var/lib/pki/$1-TKS/alias"
+tps_alias="/var/lib/pki/$1-TPS/alias"
+tks_noise="/tmp/tks_noise"
+tks_shared_secret="sharedSecret"
+tks_conf="/var/lib/pki/$1-TKS/tks/conf/CS.cfg"
+tps_conf="/var/lib/pki/$1-TPS/tps/conf/CS.cfg"
+tps_input_file="/tmp/tps-input.txt"
+tks_secret_output="/tmp/secret"
+tks_input_file="/tmp/tks-input.txt"
+tks_input="proceed\r\n"
+tks_secret_output="/tmp/sharedSecret.out"
+tps_key_import_status="/tmp/sharedSecretImport.out"
+echo "proceed\r\n" > $tks_input_file
+echo "Generate Noise using OpenSSL"
+openssl rand -hex 2048 |  perl -p -e 's/\n//' > $tks_noise
+cat /var/lib/pki/$1-TKS/conf/password.conf | sed 's/^internal=//' > $tks_password
+cat /var/lib/pki/$1-TPS/conf/password.conf | sed 's/^internal=//' > $tps_password
+
+echo "Stopping TKS  & TPS instance"
+systemctl stop pki-tomcatd@$1-TKS.service
+systemctl stop pki-tomcatd@$1-TPS.service
+echo "Generating shared secret"
+/usr/bin/tkstool -D -d $tks_alias -n "TPS-`hostname`-25443 sharedSecret" -f $tks_password
+/usr/bin/tkstool -T -d $tks_alias -n $tks_shared_secret -f $tks_password -z $tks_noise > $tks_secret_output < $tks_input_file
+/usr/bin/tkstool -L -d $tks_alias -n $tks_shared_secret -f $tks_password > /tmp/sharedSecretList1.out
+grep "$tks_shared_secret" /tmp/sharedSecretList1.out
+first_session_tmp1=$(cat $tks_secret_output | grep -A1 "first\ssession\skey\sshare:")
+first_session_tmp2=$(echo $first_session_tmp1 | sed 's/^first session key share://')
+first_session_key=$(echo ${first_session_tmp2%% })
+first_session_KCV_tmp1=$(cat $tks_secret_output | grep "first\ssession\skey\sshare\sKCV:")
+first_session_KCV_tmp2=$(echo $first_session_KCV_tmp1 | sed 's/^first session key share KCV://')
+first_session_KCV_key=$(echo ${first_session_KCV_tmp2%% })
+
+second_session_tmp1=$(cat $tks_secret_output | grep -A1 "second\ssession\skey\sshare:")
+second_session_tmp2=$(echo $second_session_tmp1 | sed 's/^second session key share://')
+second_session_key=$(echo ${second_session_tmp2%% })
+second_session_KCV_tmp1=$(cat $tks_secret_output | grep "second\ssession\skey\sshare\sKCV:")
+second_session_KCV_tmp2=$(echo $second_session_KCV_tmp1 | sed 's/^second session key share KCV://')
+second_session_KCV_key=$(echo ${second_session_KCV_tmp2%% })
+
+third_session_tmp1=$(cat $tks_secret_output | grep -A1 "third\ssession\skey\sshare:")
+third_session_tmp2=$(echo $third_session_tmp1 | sed 's/^third session key share://')
+third_session_key=$(echo ${third_session_tmp2%% })
+third_session_KCV_tmp1=$(cat $tks_secret_output | grep "third\ssession\skey\sshare\sKCV:")
+third_session_KCV_tmp2=$(echo $third_session_KCV_tmp1 | sed 's/^third session key share KCV://')
+third_session_KCV_key=$(echo ${third_session_KCV_tmp2%% })
+
+sed -i -e "/tps.0.nickname=/s/=.*/=$tks_shared_secret/g" $tks_conf
+sed -i -e "/tks.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tks_conf
+echo "Restart $1-TKS instance"
+systemctl restart pki-tomcatd@$1-TKS.service
+echo "proceed\r\n" > $tps_input_file
+echo "$first_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$first_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "$second_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$second_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "$third_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$third_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+
+/usr/bin/tkstool -I -d $tps_alias -n $tks_shared_secret -f $tps_password < $tps_input_file > $tps_key_import_status
+/usr/bin/tkstool -L -d $tps_alias -n $tks_shared_secret -f $tps_password > /tmp/sharedSecretList2.out
+grep "$tks_shared_secret" /tmp/sharedSecretList2.out
+sed -i -e "/tps.connector.tks1.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tps_conf
+sed -i -e "/conn.tks1.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tps_conf
+echo "Restart $1-TPS instance"
+systemctl restart pki-tomcatd@$1-TPS.service

tests/roles/Test_Execution/handlers/config_templates/ansible_constants.py

@@ -0,0 +1,56 @@
+#common to all subsystems
+MASTER_HOSTNAME = 'pki1.example.com'
+CLONE_HOSTNAME = 'pki2.example.com'
+
+CLIENT_PKCS12_PASSWORD = 'SECret.123'
+CLIENT_DIR_PASSWORD = 'SECret.123'
+BACKUP_PASSWORD = 'SECret.123'
+CLIENT_DATABASE_PASSWORD = 'SECret.123'
+NSSDB = '/opt/pki/certdb'
+#CA Instance
+CA_HTTPS_PORT = '20443'
+CA_HTTP_PORT = '20080'
+CA_AJP_PORT = '20009'
+CA_TOMCAT_PORT = '20005'
+CA_CLIENT_DIR = '/opt/topology-CA'
+CA_INSTANCE_NAME = 'topology-CA'
+SECURITY_DOMAIN_PASSWORD = 'SECret.123'
+CA_PASSWORD = 'SECret.123'
+CA_SECURITY_DOMAIN_NAME = 'topology_Foobarmaster.org'
+CA_ADMIN_USERNAME = 'caadmin'
+CA_ADMIN_NICK = 'PKI CA Administrator for Example.Org'
+#KRA Instance
+KRA_INSTANCE_NAME = 'topology-KRA'
+KRA_HTTPS_PORT = 21443
+KRA_HTTP_PORT = 21080
+KRA_AJP_PORT = 21009
+KRA_TOMCAT_PORT = 21005
+KRA_PASSWORD = 'SECret.123'
+KRA_CLIENT_DIR = '/opt/topology-KRA'
+KRA_ADMIN_NICK = 'PKI KRA Administrator for Example.Org'
+#OCSP Instance
+OCSP_INSTANCE_NAME = 'topology-OCSP'
+OCSP_HTTPS_PORT = 22443
+OCSP_HTTP_PORT = 22080
+OCSP_AJP_PORT = 22009
+OCSP_TOMCAT_PORT = 22005
+OCSP_PASSWORD = 'SECret.123'
+OCSP_CLIENT_DIR = '/opt/topology-OCSP'
+OCSP_ADMIN_NICK = 'PKI OCSP Administrator for Example.Org'
+#TKS Instance
+TKS_INSTANCE_NAME = 'topology-TKS'
+TKS_HTTPS_PORT = 23443
+TKS_HTTP_PORT = 23080
+TKS_AJP_PORT = 23009
+TKS_TOMCAT_PORT = 23005
+TKS_PASSWORD = 'SECret.123'
+TKS_CLIENT_DIR = '/opt/topology-TKS'
+#TPS instance
+TPS_INSTANCE_NAME = 'topology-TPS'
+TPS_HTTPS_PORT = '25443'
+TPS_HTTP_PORT = '25080'
+TPS_AJP_PORT = '25009'
+TPS_TOMCAT_PORT = '25005'
+TPS_PASSWORD = 'SECret.123'
+TPS_CLIENT_DIR = '/opt/topology-TPS'
+TPS_ADMIN_NICK = 'PKI TPS Administrator for Example.Org'

tests/roles/Test_Execution/handlers/main.yml

@@ -0,0 +1,3 @@
+- name: Inclue pki-core handlers
+  include: pki-core.yml
+  tags: pki-core

tests/roles/Test_Execution/handlers/pki-core.yml

@@ -0,0 +1,54 @@
+- name: STOPCA
+  service:
+    name: pki-tomcatd@{{ topology }}-CA
+    state: stopped
+
+- name: STARTCA
+  service:
+    name: pki-tomcatd@{{ topology }}-CA
+    state: started
+
+- name: STOPKRA
+  service:
+    name: pki-tomcatd@{{ topology }}-KRA
+    state: stopped
+
+- name: STARTKRA
+  service:
+    name: pki-tomcatd@{{ topology }}-KRA
+    state: started
+
+- name: STOPOCSP
+  service:
+    name: pki-tomcatd@{{ topology }}-OCSP
+    state: stopped
+
+- name: STARTOCSP
+  service:
+    name: pki-tomcatd@{{ topology }}-OCSP
+    state: started
+
+- name: STOPTKS
+  service:
+    name: pki-tomcatd@{{ topology }}-TKS
+    state: stopped
+
+- name: STARTTKS
+  service:
+    name: pki-tomcatd@{{ topology }}-TKS
+    state: started
+
+- name: STOPTPS
+  service:
+    name: pki-tomcatd@{{ topology }}-TPS
+    state: stopped
+
+- name: STARTTPS
+  service:
+    name: pki-tomcatd@{{ topology }}-TPS
+    state: started
+
+- name: INC_CONSTANTS
+  include_vars:
+    file: /tmp/test_dir/constants.yml
+    name: variable

tests/roles/Test_Execution/tasks/configure_ca.yml

@@ -0,0 +1,18 @@
+- name: Install CA master
+  shell: pkispawn -s CA -f /tmp/test_dir/ca.cfg
+
+- name : Stopping CA Subsystem
+  shell: systemctl stop pki-tomcatd@{{ topology }}-CA.service
+
+- name: Enable SignedAudit for Subsystem
+  replace: dest=/etc/pki/{{ topology }}-CA/ca/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+
+- name: Getting certificate nickname for CA CS.cfg
+  shell: grep "ca.ocsp_signing.nickname" /etc/pki/{{ topology }}-CA/ca/CS.cfg |awk -F"=" ' { print $2 } '
+  register: nickname_ocsp
+
+- name: Importing client certificate for OCSP
+  shell: certutil -L -d /var/lib/pki/{{ topology }}-CA/alias -n "{{ nickname_ocsp.stdout }}" -a > /tmp/test_dir/ocsp_signing.crt
+
+- name : Starting CA Subsystem
+  shell: systemctl start pki-tomcatd@{{ topology }}-CA.service

tests/roles/Test_Execution/tasks/configure_common.yml

@@ -0,0 +1,80 @@
+- name: Disable firewalld before LDAP and Subsystem installation
+  systemd: state=stopped name=firewalld
+  when: ansible_distribution == "RedHat" and ansible_distribution_version <= '7.4'
+
+- name : Set hostname for machines Bydefault we choose pki1 for master and pki2 for clones.
+  hostname: name=pki1.example.com
+  tags: platform-ci
+
+- name: Install a required package for modify hostname task below
+  dnf: pkg={{item}} state=latest
+  with_items:
+    - libselinux-python
+  when: ansible_distribution == "Fedora"
+
+- name : Modify hostname for master in  /etc/hosts
+  lineinfile: dest=/etc/hosts regexp='.*{{ inventory_hostname }}$' create=yes insertafter=EOF line="{{ inventory_hostname }} {{ansible_fqdn}}" state=present
+  tags: platform-ci
+
+- name: install 389-ds-base module rhel8
+  shell: dnf module enable 389-ds:1.4 -y
+  when: ansible_distribution == "RedHat" and ansible_distribution_major_version == '8'
+
+- name: install 389-ds-base 
+  shell: dnf -y install 389-ds-base 389-ds-base-snmp 389-ds-base-legacy-tools
+  when: ansible_distribution == "RedHat" and ansible_distribution_major_version == '8'
+
+- name: install pki-core module rhel8
+  shell: dnf module enable pki-core:10.6 -y
+  when: ansible_distribution == "RedHat" and ansible_distribution_major_version == '8'
+  
+- name: install pki-core module rhel8
+  shell: dnf install pki-ca pki-kra -y
+  when: ansible_distribution == "RedHat" and ansible_distribution_major_version == '8'
+  
+- name: Install list of packages for CS Master for Redhat
+  yum : pkg={{item}} state=latest
+  with_items:
+    - redhat-pki
+    - redhat-pki-console-theme
+    - redhat-pki-server-theme
+    - pki-console
+    - 389-ds-base
+    - pki-ca
+    - pki-kra
+    - pki-ocsp
+    - pki-tks
+    - pki-tps
+    - policycoreutils-python
+    - expect
+    - libselinux-python
+  when: ansible_distribution == "RedHat" and ansible_distribution_version <= '7.6'
+  tags: platform-ci
+
+- name: Install list of packages for CS Master for Fedora
+  dnf : pkg={{item}} state=latest
+  with_items:
+    - 389-ds-base
+    - dogtag-pki
+    - dogtag-pki-console-theme
+    - dogtag-pki-server-theme
+    - policycoreutils-python
+    - expect
+  when: ansible_distribution == "Fedora"
+  tags: platform-ci
+
+- name: Check for Removed dependency from mod_revocator and mod_nss.If failes refer BZ 1295276
+  command: rpm -q {{item}}
+  with_items:
+    - mod_revocator
+    - mod_nss
+  register: rpm_check
+  failed_when: "rpm_check.rc == 0"
+
+- name: Check for Removed dependency of perl from pki-server.If fails, refer BZ 1305769
+  command: rpm -qR pki-server | grep perl
+  register: rpm_check
+  failed_when: "rpm_check.rc == 0"
+
+- name: Making constants.py file compatable for including as vars.
+  shell: sed -e "s/ =/:/g;s/'//g" /tmp/test_dir/constants.py > /tmp/test_dir/constants.yml

tests/roles/Test_Execution/tasks/configure_kra.yml

@@ -0,0 +1,36 @@
+- name: Install KRA master
+  shell: pkispawn -s KRA -f /tmp/test_dir/kra.cfg
+
+- name : Stopping KRA Subsystem
+  shell: echo "Stopping Subsystem for enabling Audit logging"
+  notify:
+    - STOPKRA
+    - INC_CONSTANTS
+
+- meta: flush_handlers
+
+- name: Enable SignedAudit
+  replace: dest=/etc/pki/{{ topology }}-KRA/kra/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+
+- name: Enable OCSP for KRA
+  replace: dest=/etc/pki/{{ topology }}-KRA/server.xml regexp='enableOCSP="false"' replace='enableOCSP="true"'
+
+- name: Pointing KRA to correct OCSP port
+  replace: dest=/etc/pki/{{ topology }}-KRA/server.xml regexp='([0-9]+)/ca/ocsp' replace={{ variable.CA_HTTP_PORT }}/ca/ocsp
+
+- name: Picking the password in run-time from password.conf of KRA
+  shell: grep -i "internal=" /etc/pki/{{ topology }}-KRA/password.conf | awk -F"=" ' { print $2 } ' > /tmp/test_dir/certutil_password
+
+- name: Importing OCSP certificate in kra nssdb
+  shell: certutil -A -d /etc/pki/{{ topology }}-KRA/alias -n "ocspSigningCert cert-pki-ca" -t "C,," -i  /tmp/test_dir/ocsp_signing.crt -f /tmp/test_dir/certutil_password
+  notify:
+    - STARTKRA
+    
+- name: Removing file generated with password
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    -  /tmp/test_dir/certutil_password
+
+

tests/roles/Test_Execution/tasks/configure_ldap.yml

@@ -0,0 +1,26 @@
+- name: add nondefault port to selinux context
+  shell: |
+    semanage port -a -t ldap_port_t -p tcp 3389
+    semanage port -a -t ldap_port_t -p udp 3389
+    semanage port -l | grep ldap_port_t
+  when: topology == "topology-02"
+
+- name: Setup DS Service
+  shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap.cfg
+  when: topology  == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology  == "topology-05" or topology == "topology-ecc"
+
+- name: Setup DS Service
+  shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap_kra.cfg
+  when: topology  == "topology-05"
+
+- name: Setup DS Service
+  shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap_ocsp.cfg
+  when: topology  == "topology-05"
+
+- name: Setup DS Service
+  shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap_tks.cfg
+  when: topology  == "topology-05"
+
+- name: Setup DS Service
+  shell: setup-ds.pl --silent --file=/tmp/test_dir/ldap_tps.cfg
+  when: topology  == "topology-05"

tests/roles/Test_Execution/tasks/configure_ocsp.yml

@@ -0,0 +1,35 @@
+- name: sleep
+  shell: sleep 5s
+  
+- name: Install OCSP master
+  shell: pkispawn -s OCSP -f /tmp/test_dir/ocsp.cfg
+
+- name : Stopping OCSP Subsystem
+  shell: echo "Stopping Subsystem for enabling Audit logging"
+  notify:
+    - STOPOCSP
+
+- name: Enable SignedAudit
+  replace: dest=/etc/pki/{{ topology }}-OCSP/ocsp/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+  notify:
+    - STARTOCSP
+
+- meta: flush_handlers
+
+- name: Enable OCSP 
+  replace: dest=/etc/pki/{{ topology }}-OCSP/server.xml regexp='enableOCSP="false"' replace='enableOCSP="true"'
+
+- name: Picking the password in run-time from password.conf of OCSP.
+  shell: grep -i "internal=" /etc/pki/{{ topology }}-OCSP/password.conf | awk -F"=" ' { print $2 } ' > /tmp/test_dir/certutil_password
+
+- name: Importing OCSP certificate in ocsp nssdb
+  shell: certutil -A -d /etc/pki/{{ topology }}-OCSP/alias -n "ocspSigningCert cert-pki-ca" -t "C,," -i  /tmp/test_dir/ocsp_signing.crt -f /tmp/test_dir/certutil_password
+  notify:
+    - STARTOCSP
+    
+- name: Removing file generated with password
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    -  /tmp/test_dir/certutil_password

tests/roles/Test_Execution/tasks/configure_shared.yml

@@ -0,0 +1,19 @@
+- name: Install CA master
+  shell: pkispawn -s CA -f /tmp/test_dir/ca.cfg
+
+- name: Install KRA master
+  shell: pkispawn -s KRA -f /tmp/test_dir/kra.cfg
+
+- name : Stopping pki-tomcat Instance
+  shell: systemctl stop pki-tomcatd@pki-tomcat.service
+#  notify:
+#  - INC_CONSTANTS
+
+- name: Enable SignedAudit for all subsystem
+  replace: dest=/etc/pki/pki-tomcat/{{ item }}/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+  with_items:
+    - ca
+    - kra
+
+- name : Starting pki-tomcat Instance
+  shell: systemctl start pki-tomcatd@pki-tomcat.service

tests/roles/Test_Execution/tasks/configure_sharedsecret.yml

@@ -0,0 +1,4 @@
+- name: Shared Secret sharing between TPS and TKS
+  script: test/script {{ topology }}
+  when: topology  == "topology-02" or topology  == "topology-05"
+  tags: platform-ci

tests/roles/Test_Execution/tasks/configure_tks.yml

@@ -0,0 +1,39 @@
+- name: Install TKS master
+  shell: pkispawn -s TKS -f /tmp/test_dir/tks.cfg
+
+- name : Stopping TKS Subsystem
+  shell: echo "Stopping Subsystem for enabling Audit logging"
+  notify:
+    - STOPTKS
+    - INC_CONSTANTS
+
+- meta: flush_handlers
+
+- name: Enable SignedAudit
+  replace: dest=/etc/pki/{{ topology }}-TKS/tks/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+
+- name: Enable OCSP for TKS
+  replace: dest=/etc/pki/{{ topology }}-TKS/server.xml regexp='enableOCSP="false"' replace='enableOCSP="true"'
+
+- name: Pointing TKS to correct OCSP port
+  replace: dest=/etc/pki/{{ topology }}-TKS/server.xml regexp='([0-9]+)/ca/ocsp' replace={{ variable.CA_HTTP_PORT }}/ca/ocsp
+
+- name: Picking the password in run-time from password.conf of TKS
+  shell: grep -i "internal=" /etc/pki/{{ topology }}-TKS/password.conf | awk -F"=" ' { print $2 } ' > /tmp/test_dir/certutil_password
+
+- name: Importing OCSP certificate in TKS nssdb
+  shell: certutil -A -d /etc/pki/{{ topology }}-TKS/alias -n "ocspSigningCert cert-pki-ca" -t "C,," -i  /tmp/test_dir/ocsp_signing.crt -f /tmp/test_dir/certutil_password
+  notify:
+    - STARTTKS
+
+- meta: flush_handlers
+
+- name: Sleep for a while to start TKS
+  shell: sleep 3s
+
+- name: Removing file generated with password
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    -  /tmp/test_dir/certutil_password

tests/roles/Test_Execution/tasks/configure_tps.yml

@@ -0,0 +1,34 @@
+- name: Install TPS master
+  shell: pkispawn -s TPS -f /tmp/test_dir/tps.cfg
+
+- name : Stopping TPS Subsystem
+  shell: echo "Stopping Subsystem for enabling Audit logging"
+  notify:
+    - STOPTPS
+    - INC_CONSTANTS
+
+- meta: flush_handlers
+
+- name: Enable SignedAudit
+  replace: dest=/etc/pki/{{ topology }}-TPS/tps/CS.cfg regexp="log.instance.SignedAudit.logSigning=false" replace="log.instance.SignedAudit.logSigning=true"
+
+- name: Enable OCSP for TPS
+  replace: dest=/etc/pki/{{ topology }}-TPS/server.xml regexp='enableOCSP="false"' replace='enableOCSP="true"'
+
+- name: Pointing TPS to correct OCSP port
+  replace: dest=/etc/pki/{{ topology }}-TPS/server.xml regexp='([0-9]+)/ca/ocsp' replace={{ variable.CA_HTTP_PORT }}/ca/ocsp
+
+- name: Picking the password in run-time from password.conf of TPS
+  shell: grep -i "internal=" /etc/pki/{{ topology }}-TPS/password.conf | awk -F"=" ' { print $2 } ' > /tmp/test_dir/certutil_password
+
+- name: Importing OCSP certificate in tps nssdb
+  shell: certutil -A -d /etc/pki/{{ topology }}-TPS/alias -n "ocspSigningCert cert-pki-ca" -t "C,," -i  /tmp/test_dir/ocsp_signing.crt -f /tmp/test_dir/certutil_password
+  notify:
+    - STARTTPS
+    
+- name: Removing file generated with password
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    -  /tmp/test_dir/certutil_password

tests/roles/Test_Execution/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- include: configure_common.yml
+  when: topology == "topology-00" or topology  == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_ldap.yml
+  when: topology  == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_shared.yml
+  when: topology  == "topology-01"
+- include: configure_ca.yml
+  when: topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_kra.yml
+  when: topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"

tests/roles/Test_Trigger/files/config_templates/ansible_constants.py

@@ -0,0 +1,75 @@
+#common to all subsystems
+MASTER_HOSTNAME = 'pki1.example.com'
+CLONE_HOSTNAME = 'pki2.example.com'
+
+CLIENT_PKCS12_PASSWORD = 'SECret.123'
+CLIENT_DIR_PASSWORD = 'SECret.123'
+BACKUP_PASSWORD = 'SECret.123'
+CLIENT_DATABASE_PASSWORD = 'SECret.123'
+NSSDB = '/opt/pki/certdb'
+#CA Instance
+CA_HTTPS_PORT = '20443'
+CA_HTTP_PORT = '20080'
+CA_AJP_PORT = '20009'
+CA_TOMCAT_PORT = '20005'
+CA_CLIENT_DIR = '/opt/topology-CA'
+CA_INSTANCE_NAME = 'topology-CA'
+SECURITY_DOMAIN_PASSWORD = 'SECret.123'
+CA_PASSWORD = 'SECret.123'
+CA_SECURITY_DOMAIN_NAME = 'topology_Foobarmaster.org'
+CA_ADMIN_USERNAME = 'caadmin'
+CA_ADMIN_NICK = 'PKI CA Administrator for Example.Org'
+#KRA Instance
+KRA_INSTANCE_NAME = 'topology-KRA'
+KRA_HTTPS_PORT = 21443
+KRA_HTTP_PORT = 21080
+KRA_AJP_PORT = 21009
+KRA_TOMCAT_PORT = 21005
+KRA_PASSWORD = 'SECret.123'
+KRA_CLIENT_DIR = '/opt/topology-KRA'
+KRA_ADMIN_NICK = 'PKI KRA Administrator for Example.Org'
+#OCSP Instance
+OCSP_INSTANCE_NAME = 'topology-OCSP'
+OCSP_HTTPS_PORT = 22443
+OCSP_HTTP_PORT = 22080
+OCSP_AJP_PORT = 22009
+OCSP_TOMCAT_PORT = 22005
+OCSP_PASSWORD = 'SECret.123'
+OCSP_CLIENT_DIR = '/opt/topology-OCSP'
+OCSP_ADMIN_NICK = 'PKI OCSP Administrator for Example.Org'
+#TKS Instance
+TKS_INSTANCE_NAME = 'topology-TKS'
+TKS_HTTPS_PORT = 23443
+TKS_HTTP_PORT = 23080
+TKS_AJP_PORT = 23009
+TKS_TOMCAT_PORT = 23005
+TKS_PASSWORD = 'SECret.123'
+TKS_CLIENT_DIR = '/opt/topology-TKS'
+#TPS instance
+TPS_INSTANCE_NAME = 'topology-TPS'
+TPS_HTTPS_PORT = '25443'
+TPS_HTTP_PORT = '25080'
+TPS_AJP_PORT = '25009'
+TPS_TOMCAT_PORT = '25005'
+TPS_PASSWORD = 'SECret.123'
+TPS_CLIENT_DIR = '/opt/topology-TPS'
+TPS_ADMIN_NICK = 'PKI TPS Administrator for Example.Org'
+#LDAP Details
+LDAP_PORT = 'ldapServerPort'
+LDAP_BIND_DN = 'cn=Directory Manager'
+LDAP_PASSWD = 'SECret.123'
+LDAP_BASE_DN = 'dc=example,dc=org'
+LDAP_KRA_PORT = 'ldapkraServerPort'
+LDAP_OCSP_PORT = 'ldapocspServerPort'
+LDAP_TKS_PORT = 'ldaptksServerPort'
+LDAP_TPS_PORT = 'ldaptpsServerPort'
+LDAP_USER = 'foobar'
+LDAP_USER_ENROLL = 'testuser'
+CUID = '40906145C76224192D2B'
+CUID_01 = '40906145C76224192D11'
+TPS_OPERATION = 'ra_enroll'
+#Details for tps-activity cli automation
+LDAP_USER1 = 'jdoe'
+TOKEN_FORMAT = 'ra_format'
+TOKEN_RESET_PIN = 'ra_reset_pin'
+TOKEN_CUID = '40000000000000000002'

tests/roles/Test_Trigger/files/test/ca.cfg

@@ -0,0 +1,55 @@
+[DEFAULT]
+pki_instance_name = topology-CA
+pki_https_port = capki_https_port
+pki_http_port = capki_http_port
+
+pki_token_password = SECret.123
+
+
+pki_admin_password = SECret.123
+pki_admin_key_type=rsa
+pki_admin_key_size=2048
+pki_admin_key_algorithm=SHA512withRSA
+
+pki_hostname = SERVERNAME
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+
+pki_client_dir = /opt/topology-CA
+pki_client_pkcs12_password = SECret.123
+pki_backup_keys = True
+pki_backup_password = SECret.123
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+
+pki_sslserver_key_algorithm=SHA512withRSA
+pki_sslserver_key_size=2048
+pki_sslserver_key_type=rsa
+
+pki_subsystem_key_type=rsa
+pki_subsystem_key_size=2048
+pki_subsystem_key_algorithm=SHA512withRSA
+
+pki_audit_signing_key_algorithm=SHA512withRSA
+pki_audit_signing_key_size=2048
+pki_audit_signing_key_type=rsa
+pki_audit_signing_signing_algorithm=SHA512withRSA
+
+[Tomcat]
+pki_ajp_port = capki_ajp_port
+pki_tomcat_server_port = capki_tomcat_port
+
+[CA]
+pki_import_admin_cert = False
+pki_ds_hostname = SERVERNAME
+pki_admin_nickname = PKI CA Administrator for Example.Org
+
+pki_ca_signing_key_algorithm=SHA512withRSA
+pki_ca_signing_key_size=2048
+pki_ca_signing_key_type=rsa
+pki_ca_signing_signing_algorithm=SHA512withRSA
+
+pki_ocsp_signing_key_algorithm=SHA512withRSA
+pki_ocsp_signing_key_size=2048
+pki_ocsp_signing_key_type=rsa
+pki_ocsp_signing_signing_algorithm=SHA512withRSA

tests/roles/Test_Trigger/files/test/constants.py

@@ -0,0 +1,76 @@
+#common to all subsystems
+MASTER_HOSTNAME = 'pki1.example.com'
+CLONE_HOSTNAME = 'pki2.example.com'
+
+CLIENT_PKCS12_PASSWORD = 'SECret.123'
+CLIENT_DIR_PASSWORD = 'SECret.123'
+BACKUP_PASSWORD = 'SECret.123'
+CLIENT_DATABASE_PASSWORD = 'SECret.123'
+NSSDB = '/opt/pki/certdb'
+#CA Instance
+CA_HTTPS_PORT = 'capki_https_port'
+CA_HTTP_PORT = 'capki_http_port'
+CA_AJP_PORT = 'capki_ajp_port'
+CA_TOMCAT_PORT = 'capki_tomcat_port'
+CA_CLIENT_DIR = '/opt/topology-CA'
+CA_INSTANCE_NAME = 'topology-CA'
+SECURITY_DOMAIN_PASSWORD = 'SECret.123'
+CA_PASSWORD = 'SECret.123'
+CA_SECURITY_DOMAIN_NAME = 'topology_Foobarmaster.org'
+CA_ADMIN_USERNAME = 'caadmin'
+CA_ADMIN_NICK = 'PKI CA Administrator for Example.Org'
+#KRA Instance
+KRA_INSTANCE_NAME = 'topology-KRA'
+KRA_HTTPS_PORT = 'krapki_https_port'
+KRA_HTTP_PORT = 'krapki_http_port'
+KRA_AJP_PORT = 'krapki_ajp_port'
+KRA_TOMCAT_PORT = 'krapki_tomcat_server_port'
+KRA_PASSWORD = 'SECret.123'
+KRA_CLIENT_DIR = '/opt/topology-KRA'
+KRA_ADMIN_NICK = 'PKI KRA Administrator for Example.Org'
+#OCSP Instance
+OCSP_INSTANCE_NAME = 'topology-OCSP'
+OCSP_HTTPS_PORT = 'ocsppki_https_port'
+OCSP_HTTP_PORT = 'ocsppki_http_port'
+OCSP_AJP_PORT = 'ocsppki_ajp_port'
+OCSP_TOMCAT_PORT = 'ocsppki_tomcat_server_port'
+OCSP_PASSWORD = 'SECret.123'
+OCSP_CLIENT_DIR = '/opt/topology-OCSP'
+OCSP_ADMIN_NICK = 'PKI OCSP Administrator for Example.Org'
+#TKS Instance
+TKS_INSTANCE_NAME = 'topology-TKS'
+TKS_HTTPS_PORT = 'tkspki_https_port'
+TKS_HTTP_PORT = 'tkspki_http_port'
+TKS_AJP_PORT = 'tkspki_ajp_port'
+TKS_TOMCAT_PORT = 'tkspki_tomcat_server_port'
+TKS_PASSWORD = 'SECret.123'
+TKS_CLIENT_DIR = '/opt/topology-TKS'
+TKS_ADMIN_NICK = 'PKI TKS Administrator for Example.Org'
+#TPS instance
+TPS_INSTANCE_NAME = 'topology-TPS'
+TPS_HTTPS_PORT = 'tpspki_https_port'
+TPS_HTTP_PORT = 'tpspki_http_port'
+TPS_AJP_PORT = 'tpspki_ajp_port'
+TPS_TOMCAT_PORT = 'tpspki_tomcat_server_port'
+TPS_PASSWORD = 'SECret.123'
+TPS_CLIENT_DIR = '/opt/topology-TPS'
+TPS_ADMIN_NICK = 'PKI TPS Administrator for Example.Org'
+#LDAP Details
+LDAP_PORT = 'ldapServerPort'
+LDAP_BIND_DN = 'cn=Directory Manager'
+LDAP_PASSWD = 'SECret.123'
+LDAP_BASE_DN = 'dc=example,dc=org'
+LDAP_KRA_PORT = 'ldapkraServerPort'
+LDAP_OCSP_PORT = 'ldapocspServerPort'
+LDAP_TKS_PORT = 'ldaptksServerPort'
+LDAP_TPS_PORT = 'ldaptpsServerPort'
+LDAP_USER = 'foobar'
+LDAP_USER_ENROLL = 'testuser'
+CUID = '40906145C76224192D2B'
+CUID_01 = '40906145C76224192D11'
+TPS_OPERATION = 'ra_enroll'
+#Details for tps-activity cli automation
+LDAP_USER1 = 'jdoe'
+TOKEN_FORMAT = 'ra_format'
+TOKEN_RESET_PIN = 'ra_reset_pin'
+TOKEN_CUID = '40000000000000000002'

tests/roles/Test_Trigger/files/test/kra.cfg

@@ -0,0 +1,61 @@
+[DEFAULT]
+pki_instance_name = topology-KRA
+pki_https_port = krapki_https_port
+pki_http_port = krapki_http_port
+
+pki_token_password = SECret.123
+pki_admin_password = SECret.123
+pki_admin_key_type=rsa
+pki_admin_key_size=2048
+pki_admin_key_algorithm=SHA512withRSA
+
+pki_hostname = SERVERNAME
+pki_security_domain_hostname = SERVERNAME
+pki_security_domain_https_port = secure_domain_port
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+
+pki_client_dir = /opt/topology-KRA
+pki_client_pkcs12_password = SECret.123
+pki_client_database_password = SECret.123
+
+pki_backup_keys = True
+pki_backup_password = SECret.123
+
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+
+
+pki_sslserver_key_algorithm=SHA512withRSA
+pki_sslserver_key_size=2048
+pki_sslserver_key_type=rsa
+
+pki_subsystem_key_algorithm=SHA512withRSA
+pki_subsystem_key_size=2048
+pki_subsystem_key_type=rsa
+
+pki_audit_signing_key_algorithm=SHA512withRSA
+pki_audit_signing_key_size=2048
+pki_audit_signing_key_type=rsa
+pki_audit_signing_signing_algorithm=SHA512withRSA
+
+[Tomcat]
+pki_ajp_port = krapki_ajp_port
+pki_tomcat_server_port = krapki_tomcat_server_port
+
+[KRA]
+pki_import_admin_cert = False
+pki_admin_nickname = PKI KRA Administrator for Example.Org
+
+pki_ds_hostname = SERVERNAME
+
+pki_storage_key_algorithm=SHA512withRSA
+pki_storage_key_size=2048
+pki_storage_key_type=rsa
+pki_storage_signing_algorithm=SHA512withRSA
+
+pki_transport_key_algorithm=SHA512withRSA
+pki_transport_key_size=2048
+pki_transport_key_type=rsa
+pki_transport_signing_algorithm=SHA512withRSA
+

tests/roles/Test_Trigger/files/test/ldap.cfg

@@ -0,0 +1,12 @@
+[General]
+FullMachineName = SERVERNAME 
+SuiteSpotUserID = nobody
+SuiteSpotGroup = nobody
+ConfigDirectoryAdminID = admin
+
+[slapd]
+ServerIdentifier = topology-testingmaster
+ServerPort = ldapServerPort 
+Suffix = dc=example,dc=com
+RootDN = CN=Directory Manager
+RootDNPwd = SECret.123

tests/roles/Test_Trigger/files/test/ocsp.cfg

@@ -0,0 +1,56 @@
+[DEFAULT]
+pki_instance_name = topology-OCSP
+pki_https_port = ocsppki_https_port
+pki_http_port = ocsppki_http_port
+
+pki_token_password = SECret.123
+
+pki_admin_password = SECret.123
+pki_admin_key_type=rsa
+pki_admin_key_size=2048
+pki_admin_key_algorithm=SHA512withRSA
+
+pki_hostname = SERVERNAME
+pki_security_domain_hostname = SERVERNAME
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+pki_security_domain_https_port = secure_domain_port
+
+pki_client_dir = /opt/topology-OCSP
+pki_client_pkcs12_password = SECret.123
+pki_client_database_password = SECret.123
+
+pki_backup_keys = True
+pki_backup_password = SECret.123
+
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+
+pki_sslserver_key_algorithm=SHA512withRSA
+pki_sslserver_key_size=2048
+pki_sslserver_key_type=rsa
+
+pki_subsystem_key_algorithm=SHA512withRSA
+pki_subsystem_key_size=2048
+pki_subsystem_key_type=rsa
+
+pki_audit_signing_key_type=rsa
+pki_audit_signing_key_size=2048
+pki_audit_signing_key_algorithm=SHA512withRSA
+pki_audit_signing_signing_algorithm=SHA512withRSA
+
+[Tomcat]
+pki_ajp_port = ocsppki_ajp_port
+pki_tomcat_server_port = ocsppki_tomcat_server_port
+
+[OCSP]
+pki_import_admin_cert = False
+pki_admin_nickname= PKI OCSP Administrator for Example.Org
+
+
+pki_ds_hostname = SERVERNAME
+
+pki_ocsp_signing_key_algorithm=SHA512withRSA
+pki_ocsp_signing_key_size=2048
+pki_ocsp_signing_key_type=rsa
+pki_ocsp_signing_signing_algorithm=SHA512withRSA

tests/roles/Test_Trigger/files/test/script

@@ -0,0 +1,79 @@
+#!/bin/sh
+#Generate Noise using Openssl
+echo "Defining variables "
+tks_password="/tmp/tkspassword.txt"
+tps_password="/tmp/tpspassword.txt"
+tks_alias="/var/lib/pki/$1-TKS/alias"
+tps_alias="/var/lib/pki/$1-TPS/alias"
+tks_noise="/tmp/tks_noise"
+tks_shared_secret="sharedSecret"
+tks_conf="/var/lib/pki/$1-TKS/tks/conf/CS.cfg"
+tps_conf="/var/lib/pki/$1-TPS/tps/conf/CS.cfg"
+tps_input_file="/tmp/tps-input.txt"
+tks_secret_output="/tmp/secret"
+tks_input_file="/tmp/tks-input.txt"
+tks_input="proceed\r\n"
+tks_secret_output="/tmp/sharedSecret.out"
+tps_key_import_status="/tmp/sharedSecretImport.out"
+echo "proceed\r\n" > $tks_input_file
+echo "Generate Noise using OpenSSL"
+openssl rand -hex 2048 |  perl -p -e 's/\n//' > $tks_noise
+cat /var/lib/pki/$1-TKS/conf/password.conf | sed 's/^internal=//' > $tks_password
+cat /var/lib/pki/$1-TPS/conf/password.conf | sed 's/^internal=//' > $tps_password
+
+echo "Stopping TKS  & TPS instance"
+systemctl stop pki-tomcatd@$1-TKS.service
+systemctl stop pki-tomcatd@$1-TPS.service
+echo "Generating shared secret"
+/usr/bin/tkstool -D -d $tks_alias -n "TPS-`hostname`-25443 sharedSecret" -f $tks_password
+/usr/bin/tkstool -T -d $tks_alias -n $tks_shared_secret -f $tks_password -z $tks_noise > $tks_secret_output < $tks_input_file
+/usr/bin/tkstool -L -d $tks_alias -n $tks_shared_secret -f $tks_password > /tmp/sharedSecretList1.out
+grep "$tks_shared_secret" /tmp/sharedSecretList1.out
+first_session_tmp1=$(cat $tks_secret_output | grep -A1 "first\ssession\skey\sshare:")
+first_session_tmp2=$(echo $first_session_tmp1 | sed 's/^first session key share://')
+first_session_key=$(echo ${first_session_tmp2%% })
+first_session_KCV_tmp1=$(cat $tks_secret_output | grep "first\ssession\skey\sshare\sKCV:")
+first_session_KCV_tmp2=$(echo $first_session_KCV_tmp1 | sed 's/^first session key share KCV://')
+first_session_KCV_key=$(echo ${first_session_KCV_tmp2%% })
+
+second_session_tmp1=$(cat $tks_secret_output | grep -A1 "second\ssession\skey\sshare:")
+second_session_tmp2=$(echo $second_session_tmp1 | sed 's/^second session key share://')
+second_session_key=$(echo ${second_session_tmp2%% })
+second_session_KCV_tmp1=$(cat $tks_secret_output | grep "second\ssession\skey\sshare\sKCV:")
+second_session_KCV_tmp2=$(echo $second_session_KCV_tmp1 | sed 's/^second session key share KCV://')
+second_session_KCV_key=$(echo ${second_session_KCV_tmp2%% })
+
+third_session_tmp1=$(cat $tks_secret_output | grep -A1 "third\ssession\skey\sshare:")
+third_session_tmp2=$(echo $third_session_tmp1 | sed 's/^third session key share://')
+third_session_key=$(echo ${third_session_tmp2%% })
+third_session_KCV_tmp1=$(cat $tks_secret_output | grep "third\ssession\skey\sshare\sKCV:")
+third_session_KCV_tmp2=$(echo $third_session_KCV_tmp1 | sed 's/^third session key share KCV://')
+third_session_KCV_key=$(echo ${third_session_KCV_tmp2%% })
+
+sed -i -e "/tps.0.nickname=/s/=.*/=$tks_shared_secret/g" $tks_conf
+sed -i -e "/tks.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tks_conf
+echo "Restart $1-TKS instance"
+systemctl restart pki-tomcatd@$1-TKS.service
+echo "proceed\r\n" > $tps_input_file
+echo "$first_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$first_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "$second_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$second_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+echo "$third_session_key\r\n" >> $tps_input_file
+echo "\r\n" >> $tps_input_file
+echo "$third_session_KCV_key\r\n" >> $tps_input_file
+echo "proceed\r\n" >> $tps_input_file
+
+/usr/bin/tkstool -I -d $tps_alias -n $tks_shared_secret -f $tps_password < $tps_input_file > $tps_key_import_status
+/usr/bin/tkstool -L -d $tps_alias -n $tks_shared_secret -f $tps_password > /tmp/sharedSecretList2.out
+grep "$tks_shared_secret" /tmp/sharedSecretList2.out
+sed -i -e "/tps.connector.tks1.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tps_conf
+sed -i -e "/conn.tks1.tksSharedSymKeyName=/s/=.*/=$tks_shared_secret/g" $tps_conf
+echo "Restart $1-TPS instance"
+systemctl restart pki-tomcatd@$1-TPS.service

tests/roles/Test_Trigger/files/test/tks.cfg

@@ -0,0 +1,52 @@
+[DEFAULT]
+pki_instance_name = topology-TKS
+pki_https_port = tkspki_https_port
+pki_http_port = tkspki_http_port
+
+pki_token_password = SECret.123
+
+pki_admin_password = SECret.123
+pki_admin_key_type=rsa
+pki_admin_key_size=2048
+pki_admin_key_algorithm=SHA512withRSA
+
+pki_hostname = SERVERNAME
+pki_security_domain_hostname = SERVERNAME
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+pki_security_domain_https_port = secure_domain_port
+
+pki_client_dir = /opt/topology-TKS
+pki_client_pkcs12_password = SECret.123
+pki_client_database_password = SECret.123
+
+pki_backup_keys = True
+pki_backup_password = SECret.123
+
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+
+pki_subsystem_key_type=rsa
+pki_subsystem_key_size=2048
+pki_subsystem_key_algorithm=SHA512withRSA
+pki_subsystem_signing_algorithm=SHA512withRSA
+
+pki_sslserver_key_type=rsa
+pki_sslserver_key_size=2048
+pki_sslserver_key_algorithm=SHA512withRSA
+pki_sslserver_signing_algorithm=SHA512withRSA
+
+[Tomcat]
+pki_ajp_port = tkspki_ajp_port
+pki_tomcat_server_port = tkspki_tomcat_server_port
+
+[TKS]
+pki_import_admin_cert = False
+pki_admin_nickname= PKI TKS Administrator for Example.Org
+
+pki_ds_hostname = SERVERNAME
+
+pki_audit_signing_key_algorithm=SHA512withRSA
+pki_audit_signing_key_size=2048
+pki_audit_signing_key_type=rsa
+pki_audit_signing_signing_algorithm=SHA512withRSA

tests/roles/Test_Trigger/files/test/tps.cfg

@@ -0,0 +1,34 @@
+[DEFAULT]
+pki_instance_name = topology-TPS
+pki_https_port = tpspki_https_port
+pki_http_port = tpspki_http_port
+pki_token_password = SECret.123
+pki_admin_password = SECret.123
+pki_hostname = SERVERNAME
+pki_security_domain_hostname = SERVERNAME
+pki_security_domain_https_port = secure_domain_port
+pki_security_domain_name = topology_Foobarmaster.org
+pki_security_domain_password = SECret.123
+pki_client_dir = /opt/topology-TPS
+pki_client_pkcs12_password = SECret.123
+pki_backup_keys = True
+pki_backup_password = SECret.123
+pki_ds_password = SECret.123
+pki_ds_ldap_port = ldapServerPort
+pki_client_database_password = SECret.123
+
+[Tomcat]
+pki_ajp_port = tpspki_ajp_port
+pki_tomcat_server_port = tpspki_tomcat_server_port
+
+[TPS]
+pki_import_admin_cert = False
+pki_ds_hostname = SERVERNAME
+pki_authdb_basedn = ou=People,dc=example,dc=org
+pki_authdb_hostname=SERVERNAME
+pki_authdb_port=3389
+pki_ca_uri=https://SERVERNAME:capki_https_port
+pki_tks_uri=https://SERVERNAME:tkspki_https_port
+pki_kra_uri=https://SERVERNAME:krapki_https_port
+pki_admin_nickname=PKI TPS Administrator for Example.Org
+pki_enable_server_side_keygen=True

tests/roles/Test_Trigger/tasks/configure_ca.yml

@@ -0,0 +1,24 @@
+
+- name: Replace CA specific changes
+  replace: dest={{item}} regexp="capki_https_port" replace={{capki_https_port}}
+  with_items:
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace http port for CA.
+  replace: dest={{item}} regexp="capki_http_port" replace={{capki_http_port}}
+  with_items:
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for CA
+  replace: dest={{item}} regexp="capki_ajp_port" replace={{capki_ajp_port}}
+  with_items:
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for CA
+  replace: dest={{item}} regexp="capki_tomcat_port" replace={{capki_tomcat_port}}
+  with_items:
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/constants.py

tests/roles/Test_Trigger/tasks/configure_common.yml

@@ -0,0 +1,145 @@
+- name: Pick constants based on {{topology}}
+  include_vars: "{{ item }}"
+  with_items:
+  - "{{ playbook_dir }}/vars/ldap_shared.yml"
+  - "{{ playbook_dir }}/vars/ca_shared.yml"
+  when: topology  == "topology-01"
+
+- name: Pick constants based on {{topology}}
+  include_vars: "{{ item }}"
+  with_items:
+  - "{{ playbook_dir }}/vars/ldap.yml"
+  - "{{ playbook_dir }}/vars/ca.yml"
+  - "{{ playbook_dir }}/vars/kra.yml"
+  - "{{ playbook_dir }}/vars/ocsp.yml"
+  - "{{ playbook_dir }}/vars/tks.yml"
+  - "{{ playbook_dir }}/vars/tps.yml"
+  when: topology  == "topology-02"
+
+- name: Pick constants based on {{topology}}
+  include_vars: "{{ item }}"
+  with_items:
+  - "{{ playbook_dir }}/vars/ldap.yml"
+  - "{{ playbook_dir }}/vars/ca.yml"
+  - "{{ playbook_dir }}/vars/kra.yml"
+  - "{{ playbook_dir }}/vars/ocsp.yml"
+  when: topology  == "topology-03"
+
+- name: Pick constants based on {{topology}}
+  include_vars: "{{ item }}"
+  with_items:
+  - "{{ playbook_dir }}/vars/ldap.yml"
+  - "{{ playbook_dir }}/vars/ca.yml"
+  - "{{ playbook_dir }}/vars/kra.yml"
+  - "{{ playbook_dir }}/vars/tks.yml"
+  - "{{ playbook_dir }}/vars/tps.yml"
+  when: topology  == "topology-04"
+
+- name: Pick constants based on {{topology}}
+  include_vars: "{{ item }}"
+  with_items:
+  - "{{ playbook_dir }}/vars/ldap.yml"
+  - "{{ playbook_dir }}/vars/ca.yml"
+  - "{{ playbook_dir }}/vars/kra.yml"
+  - "{{ playbook_dir }}/vars/ocsp.yml"
+  - "{{ playbook_dir }}/vars/tks.yml"
+  - "{{ playbook_dir }}/vars/tps.yml"
+  when: topology  == "topology-05"
+
+- name: Pick constants based on {{topology}}
+  include_vars: "{{ item }}"
+  with_items:
+  - "{{ playbook_dir }}/vars/ldap.yml"
+  - "{{ playbook_dir }}/vars/ca.yml"
+  - "{{ playbook_dir }}/vars/kra.yml"
+  - "{{ playbook_dir }}/vars/ocsp.yml"
+  - "{{ playbook_dir }}/vars/tks.yml"
+  - "{{ playbook_dir }}/vars/tps.yml"
+  when: topology  == "topology-ecc"
+
+- name: Creates directory
+  file: path=/tmp/test_files state=directory
+
+- name: Copying templates to /tmp folder
+  copy : src=test/  dest=/tmp/test_dir
+
+- name: Replace  Ldap server port in all configuration files
+  replace: dest={{item}} regexp="ldapServerPort" replace={{ldapServerPort}}
+  with_items:
+  - /tmp/test_dir/ldap.cfg
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/tks.cfg
+  - /tmp/test_dir/tps.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace topology in use in all configuration files
+  replace: dest={{item}} regexp="topology" replace={{topology}}
+  with_items:
+  - /tmp/test_dir/ldap.cfg
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/tks.cfg
+  - /tmp/test_dir/tps.cfg
+  - /tmp/test_dir/constants.py
+
+
+- name : Substitute SHA512withEC with SHA512withRSA when topology=topology-ecc
+  replace: dest={{item}} regexp="SHA512withRSA" replace="SHA512withEC"
+  with_items:
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/tks.cfg
+  when: topology == "topology-ecc"
+
+- name : Substitute ecc with rsa when topology=topology-ecc
+  replace: dest={{item}} regexp="rsa" replace="ecc"
+  with_items:
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/tks.cfg
+  when: topology == "topology-ecc"
+
+- name : Substitute keysize nistp521 with keysize 2048 when topology=topology-ecc
+  replace: dest={{item}} regexp="2048" replace="nistp521"
+  with_items:
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/tks.cfg
+  when: topology == "topology-ecc"
+
+- name : For topology-01
+  replace: dest={{item}} regexp="pki_instance_name" replace="#pki_instance_name"
+  with_items:
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/tks.cfg
+  - /tmp/test_dir/tps.cfg
+  when:
+    - topology == "topology-01"
+
+
+- name: Replace ServerName in all configuration files.
+  replace: dest={{item}} regexp="SERVERNAME" replace=pki1.example.com
+  with_items:
+  - /tmp/test_dir/ldap.cfg
+  - /tmp/test_dir/ca.cfg
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/tks.cfg
+  - /tmp/test_dir/tps.cfg
+
+- name: Replace ServerName in all configuration files.
+  replace: dest={{item}} regexp="SERVERNAME" replace=pki1.example.com
+  with_items:
+  - /tmp/test_dir/ldap_kra.cfg
+  - /tmp/test_dir/ldap_ocsp.cfg
+  - /tmp/test_dir/ldap_tks.cfg
+  - /tmp/test_dir/ldap_tps.cfg
+  when: topology  == "topology-05"

tests/roles/Test_Trigger/tasks/configure_kra.yml

@@ -0,0 +1,28 @@
+- name: Replace KRA specific changes
+  replace: dest={{item}} regexp="krapki_https_port" replace={{krapki_https_port}}
+  with_items:
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace http port for KRA.
+  replace: dest={{item}} regexp="krapki_http_port" replace={{krapki_http_port}}
+  with_items:
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for KRA
+  replace: dest={{item}} regexp="krapki_ajp_port" replace={{krapki_ajp_port}}
+  with_items:
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for KRA
+  replace: dest={{item}} regexp="krapki_tomcat_server_port" replace={{krapki_tomcat_server_port}}
+  with_items:
+  - /tmp/test_dir/kra.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for KRA
+  replace: dest={{item}} regexp="secure_domain_port" replace={{capki_https_port}}
+  with_items:
+  - /tmp/test_dir/kra.cfg

tests/roles/Test_Trigger/tasks/configure_ldap.yml

@@ -0,0 +1,47 @@
+- name : Create different ldap files for ca,kra,ocsp,tks and tps.
+  shell : for i in kra ocsp tks tps ;do cp /tmp/test_dir/ldap.cfg /tmp/test_dir/ldap_$i.cfg ; sed -i "s/testingmaster/$i-testingmaster/" /tmp/test_dir/ldap_$i.cfg; done
+  when: topology  == "topology-05"
+
+- name : Conditional check before replacing values in ldap.cfg file.
+  replace: dest={{item}} regexp="3389" replace={{ldapkraServerPort}}
+  with_items:
+  - /tmp/test_dir/ldap_kra.cfg
+  - /tmp/test_dir/kra.cfg
+  when: topology  == "topology-05"
+
+- name : Conditional check before replacing values in ldap.cfg file.
+  replace: dest={{item}} regexp="3389" replace={{ldapocspServerPort}}
+  with_items:
+  - /tmp/test_dir/ldap_ocsp.cfg
+  - /tmp/test_dir/ocsp.cfg
+  when: topology  == "topology-05"
+
+- name : Conditional check before replacing values in ldap.cfg file.
+  replace: dest={{item}} regexp="3389" replace={{ldaptksServerPort}}
+  with_items:
+  - /tmp/test_dir/ldap_tks.cfg
+  - /tmp/test_dir/tks.cfg
+  when: topology  == "topology-05"
+
+- name : Conditional check before replacing values in ldap.cfg file.
+  replace: dest={{item}} regexp="3389" replace={{ldaptpsServerPort}}
+  with_items:
+  - /tmp/test_dir/ldap_tps.cfg
+  - /tmp/test_dir/tps.cfg
+  when: topology  == "topology-05"
+
+- name: Replace  Ldap server port in all configuration files
+  replace: dest=/tmp/test_dir/constants.py regexp="ldapkraServerPort" replace={{ldapkraServerPort}}
+  when: topology  == "topology-05"
+
+- name: Replace  Ldap server port in all configuration files
+  replace: dest=/tmp/test_dir/constants.py regexp="ldapocspServerPort" replace={{ldapocspServerPort}}
+  when: topology  == "topology-05"
+
+- name: Replace  Ldap server port in all configuration files
+  replace: dest=/tmp/test_dir/constants.py regexp="ldaptksServerPort" replace={{ldaptksServerPort}}
+  when: topology  == "topology-05"
+
+- name: Replace  Ldap server port in all configuration files
+  replace: dest=/tmp/test_dir/constants.py regexp="ldaptpsServerPort" replace={{ldaptpsServerPort}}
+  when: topology  == "topology-05"

tests/roles/Test_Trigger/tasks/configure_ocsp.yml

@@ -0,0 +1,28 @@
+- name: Replace OCSP specific changes
+  replace: dest={{item}} regexp="ocsppki_https_port" replace={{ocsppki_https_port}}
+  with_items:
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace http port for OCSP.
+  replace: dest={{item}} regexp="ocsppki_http_port" replace={{ocsppki_http_port}}
+  with_items:
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for OCSP
+  replace: dest={{item}} regexp="ocsppki_ajp_port" replace={{ocsppki_ajp_port}}
+  with_items:
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for OCSP
+  replace: dest={{item}} regexp="ocsppki_tomcat_server_port" replace={{ocsppki_tomcat_server_port}}
+  with_items:
+  - /tmp/test_dir/ocsp.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for OCSP
+  replace: dest={{item}} regexp="secure_domain_port" replace={{capki_https_port}}
+  with_items:
+  - /tmp/test_dir/ocsp.cfg

tests/roles/Test_Trigger/tasks/configure_tks.yml

@@ -0,0 +1,28 @@
+- name: Replace TKS specific changes
+  replace: dest={{item}} regexp="tkspki_https_port" replace={{tkspki_https_port}}
+  with_items:
+  - /tmp/test_dir/tks.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace http port for TKS.
+  replace: dest={{item}} regexp="tkspki_http_port" replace={{tkspki_http_port}}
+  with_items:
+  - /tmp/test_dir/tks.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for TKS
+  replace: dest={{item}} regexp="tkspki_ajp_port" replace={{tkspki_ajp_port}}
+  with_items:
+  - /tmp/test_dir/tks.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for TKS
+  replace: dest={{item}} regexp="tkspki_tomcat_server_port" replace={{tkspki_tomcat_server_port}}
+  with_items:
+  - /tmp/test_dir/tks.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for TKS
+  replace: dest={{item}} regexp="secure_domain_port" replace={{capki_https_port}}
+  with_items:
+  - /tmp/test_dir/tks.cfg

tests/roles/Test_Trigger/tasks/configure_tps.yml

@@ -0,0 +1,39 @@
+- name: Replace TPS specific changes 
+  replace: dest={{item}} regexp="tpspki_https_port" replace={{tpspki_https_port}}
+  with_items:
+  - /tmp/test_dir/tps.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace http port for TPS.
+  replace: dest={{item}} regexp="tpspki_http_port" replace={{tpspki_http_port}}
+  with_items:
+  - /tmp/test_dir/tps.cfg
+  - /tmp/test_dir/constants.py
+
+- name: Replace ajp port for TPS
+  replace: dest={{item}} regexp="tpspki_ajp_port" replace={{tpspki_ajp_port}}
+  with_items:
+  - /tmp/test_dir/tps.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for TPS
+  replace: dest={{item}} regexp="tpspki_tomcat_server_port" replace={{tpspki_tomcat_server_port}}
+  with_items:
+  - /tmp/test_dir/tps.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace tomcat port for TPS
+  replace: dest={{item}} regexp="secure_domain_port" replace={{capki_https_port}}
+  with_items:
+  - /tmp/test_dir/tps.cfg
+  - /tmp/test_dir/constants.py
+
+- name : Replace ca uri for TPS
+  replace: dest=/tmp/test_dir/tps.cfg regexp="capki_https_port" replace={{capki_https_port}}
+
+- name : Replace kra uri for TPS
+  replace: dest=/tmp/test_dir/tps.cfg regexp="krapki_https_port" replace={{krapki_https_port}}
+
+- name : Replace tks uri for TPS
+  replace: dest=/tmp/test_dir/tps.cfg regexp="tkspki_https_port" replace={{tkspki_https_port}}
+

tests/roles/Test_Trigger/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- include: configure_common.yml
+  when: topology  == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology == "topology-05" or topology == "topology-ecc"
+- include: configure_ca.yml
+  when: topology  == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology  == "topology-05" or topology == "topology-ecc"
+- include: configure_ldap.yml
+  when: topology  == "topology-05"
+- include: configure_kra.yml
+  when: topology  == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology == "topology-04" or topology  == "topology-05" or topology == "topology-ecc"
+- include: configure_ocsp.yml
+  when: topology  == "topology-01" or topology == "topology-02" or topology == "topology-03" or topology  == "topology-05" or topology == "topology-ecc"
+- include: configure_tks.yml
+  when: topology  == "topology-01" or topology == "topology-02" or topology == "topology-04" or topology  == "topology-05"
+- include: configure_tps.yml
+  when: topology  == "topology-01" or topology == "topology-02" or topology == "topology-04" or topology  == "topology-05"

tests/tests.yml

@@ -0,0 +1,32 @@
+- hosts: localhost
+  vars:
+    - topology: 'topology-01'
+  remote_user: root
+  roles:
+  - role: Test_Trigger
+  - role: Test_Execution
+  - role: standard-test-basic
+    tags:
+    - classic
+    tests:
+    - verify_spawn_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep '<Status>running</Status>'"
+    - verify_spawn_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep '<Status>running</Status>'"
+    - destroy_kra:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
+    - verify_destroy_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
+    - destroy_ca:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s CA"
+    - verify_destroy_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus  &> testfile.log || true && grep 'Connection refused' testfile.log"
+    required_packages:
+    - pki-ca
+    - pki-kra

tests/vars/ca.yml

@@ -0,0 +1,4 @@
+capki_https_port: '20443'
+capki_http_port: '20080'
+capki_ajp_port: '20009'
+capki_tomcat_port: '20005'

tests/vars/ca_shared.yml

@@ -0,0 +1,24 @@
+capki_https_port: '8443'
+capki_http_port: '8080'
+capki_ajp_port: '8009'
+capki_tomcat_port: '8005'
+capki_https_port: '8443'
+capki_http_port: '8080'
+capki_ajp_port: '8009'
+capki_tomcat_port: '8005'
+krapki_https_port: '8443'
+krapki_http_port: '8080'
+krapki_ajp_port: '8009'
+krapki_tomcat_server_port: '8005'
+ocsppki_https_port: '8443'
+ocsppki_http_port: '8080'
+ocsppki_ajp_port: '8009'
+ocsppki_tomcat_server_port: '8005'
+tkspki_https_port: '8443'
+tkspki_http_port: '8080'
+tkspki_ajp_port: '8009'
+tkspki_tomcat_server_port: '8005'
+tpspki_https_port: '8443'
+tpspki_http_port: '8080'
+tpspki_ajp_port: '8009'
+tpspki_tomcat_server_port: '8005'

tests/vars/kra.yml

@@ -0,0 +1,4 @@
+krapki_https_port: '21443'
+krapki_http_port: '21080'
+krapki_ajp_port: '21009'
+krapki_tomcat_server_port: '21005'

tests/vars/ldap.yml

@@ -0,0 +1,8 @@
+ldapServerPort: '3389'
+ldapRootDN: CN=Directory Manager
+ldapRootDNPwd: Secret123
+ldapcaServerPort: '4389'
+ldapkraServerPort: '5389'
+ldapocspServerPort: '6389'
+ldaptksServerPort: '7389'
+ldaptpsServerPort: '8389'

tests/vars/ldap_shared.yml

@@ -0,0 +1,3 @@
+ldapServerPort: '2389'
+ldapRootDN: CN=Directory Manager
+ldapRootDNPwd: Secret123

tests/vars/ocsp.yml

@@ -0,0 +1,4 @@
+ocsppki_https_port: '22443'
+ocsppki_http_port: '22080'
+ocsppki_ajp_port: '22009'
+ocsppki_tomcat_server_port: '22005'

tests/vars/tks.yml

@@ -0,0 +1,4 @@
+tkspki_https_port: '23443'
+tkspki_http_port: '23080'
+tkspki_ajp_port: '23009'
+tkspki_tomcat_server_port: '23005'

tests/vars/tps.yml

@@ -0,0 +1,4 @@
+tpspki_https_port: '25443'
+tpspki_http_port: '25080'
+tpspki_ajp_port: '25009'
+tpspki_tomcat_server_port: '25005'