Trustmanager Test Plan

Service Description

Trustmanager takes care of java (tomcat) certificate handling and also includes client libraries for certificate usage. More info at TrustManager.

The testing should be split up in a few parts. First it must be tested that tomcat webapps can access the certificate information on successful handshakes. Then the certificate acceptance of trustmanager needs to be tested with various working and broken certificates and proxies. Finally the client side needs to be tested.

Look at the test instructions for the required certificates for this test.

Features/Scenarios to be tested

'Certificate info' (implemented)

This should test that a webapp can access the certificate information after a successful handshake.

Normal work flow - correct input

A client should connect to tomcat with a valid certificate, and the certificate information needs to be visible by the webapp. This should be repeated with different types of certificates, e.g. normal, proxies, voms proxies.

Pass/Fail Criteria

This should succeed if all client certificates are identified correctly.

Error work flow - erroneous input

N/A

Pass/Fail Criteria

N/A

'Certificate acceptance - CA' (implemented)

This test should test that trustmanager correctly handles trusted/untrusted CAs

Normal work flow - correct input

A client should connect to tomcat with at least

• a valid x509 certificate from a valid CA

Pass/Fail Criteria

The connections should be established.

Error work flow - erroneous input

The client should connect to tomcat with a bunch of invalid certificates. For example

• An untrusted CA
• A trusted CA, but the certificate isn't valid yet
• A trusted CA, but the certificate has expired
• A trusted CA, but the certificate does not match the .namespaces file for the CA
• A trusted CA, but the certificate does not match the .signing_policy file for the CA
• A certificate from a CA with an expired CA certificate

Pass/Fail Criteria

All test must fail the SSL handshake.

'Certificate acceptance - CRLs' (implemented)

This test should test that trustmanager correctly handles CRLs.

Normal workflow - correct input

N/A (tested previously)

Pass/Fail Criteria

N/A

Error workflow - erroneous input

The client should connect to tomcat with certificates that have a different states of CRLs, e.g.

• A certificate that has been revoked
• A certificate where the CRL of the CA does not exists
• A certificate where the CRL of the CA has expired
• A certificate where the CRL of the CA is invalid

Pass/Fail Criteria

All test must fail the SSL handshake.

'Certificate acceptance - proxies' (implemented)

This test should test that trustmanager correctly handles proxies.

Normal workflow - correct input

The client should connect to the server with various valid proxy certificates. This includes at least

• a legacy proxy certificate
• a normal proxy certificate
• a plain voms proxy certificate
• a voms proxy certificate with groups
• a voms proxy certificate with roles

Pass/Fail Criteria

All SSL handshakes should be accepted.

Error workflow - erroneous input

The client should connect to tomcat erroneous proxies, e.g.

• Proxy that isn't valid yet
• Proxy that has expired
• Proxy with invalid DN
• Proxy with invalid signature

Pass/Fail Criteria

All test must fail the SSL handshake.

'Server side certificate information (implemented)

This test should check that the server side on trustmanager work as expected, and report the correct certificate information.

Normal workflow - correct input

The server should be connected to with normal and proxy certificates, and the correctness of at least the following information must be checked

• The DN of the certificate (both final DN and user DN)
• The issuer of the certificate
• The certificate type

Pass/Fail Criteria

All information should match between the used certificate and what the server reports. In the case of proxies the DN and issuer of the certificate, not the proxy should be reported.

Error workflow - erroneous input

N/A

Pass/Fail Criteria

N/A

'Client side connection tests (implemented)

These tests should check that the client libraries work, and they only allow connections to valid servers

Normal workflow - correct input

For simplicity's sake, these can be a bit briefer than the server side certificate tests. At least the following test should be made. These should be simple since invalid client side connections are already tested.

• Connecting to a server with a valid certificate
• Connecting to a server with a valid proxy

Pass/Fail Criteria

The SSL handshakes should work.

Error workflow - erroneous input

These should test connecting to an invalid server with various conditions

• The server certificate has expired
• The server certificate is revoked
• The CA of the server certificate has an expired CRL
• The CA of the server certificate has no CRL
• The CA of the server certificate is not trusted
• The server certificate does not match the CA's signing policy

Pass/Fail Criteria

All these SSL handshakes must fail

Features not to be tested

'Feature Summary'

Description and explanation for not being included in the current test plan

Testing details

1. start the machine

2. install basic SL5 or use preinstalled clean image when starting the machine. (basic SL5 installation with all package groups unchecked)

3. login as root or login and sudo to root

4. download the script that sets everything up: yourmachine> wget --no-check-certificate http://tinyurl.com/4bmfazc (http://tinyurl.com/cru3hja for sl6) (this is the script on page https://twiki.cern.ch/twiki/bin/view/EGEE/TrustmanagerTestplan)

5. change the permissions: yourmachine> chmod a+x trustmanager.testing.sh

6. Turn on script to record everything: yourmachine> script

7. run the script: yourmachine> ./trustmanager.testing.sh

8. stop recording: yourmachine> exit

9. save the typescript file and put it into the patch and certification report