Professional Documents
Culture Documents
TEST SCENARIOS
Development of authentication and authorisation solutions based on strong certificates for EU citizens Procurement No. 113700 - Development of authentication and authorisation solutions based on strong certificates for EU citizens Part I RIA Ott Sarv; Asse Sauga; Indrek Jrve 1.6 v1.4: Documentation milestone.
History of changes
SISUKORD
TABLE OF CONTENTS .......................................................................................................................................... 1 1. TEST SCENARIOS ..................................................................................................................................... 2 1.1. 1.2. 1.3. 1.4. 1.5. 1.6. 1.7. 1.8. 1.9. 1.10. 1.11. Test modules .................................................................................................................................... 2 Authentication to the administration interface ................................................................................ 2 Managing system administrators .................................................................................................... 3 Managing clients ............................................................................................................................. 4 Reports ............................................................................................................................................ 6 Management of prices ..................................................................................................................... 7 Managing services........................................................................................................................... 9 Management of TSL information ................................................................................................... 11 Digital signing operations ............................................................................................................. 12 Certificate status verification operations ...................................................................................... 16 EBR-CR operations ....................................................................................................................... 18
TEST SCENARIOS
1.
TEST SCENARIOS
The tests are performed either by running automated test scripts or by human testing. Human tests are performed on the following platforms with the following web browsers: Web browsers Internet Explorer 8 Firefox 3.6 Operation systems Windows Vista Windows 7
1.1.
Test modules Functional testing tests for softwares implementation of functional requirements Smoke testing tests for the core functionality of the software Investigative testing tests based on specific found errors Regression testing tests for specific modules that have recently been modified by the development Automated testing tests with automated scripts
Use cases are used as a basis for testing. Automated tests are performed with appropriate tools, such as Squish, Selenium, jUnit and/or PyUnit. In addition several custom scipts are used. 1.2. Authentication to the administration interface Test result
Scenario
Action
Result
Comments
P passed F failed
P/F/B/N
TEST SCENARIOS
A valid username and a valid password is entered and the Log in link is clicked.
A valid username and an invalid password is entered and the Log in link is clicked.
An error is displayed.
P/F/B/N
An error is displayed.
P/F/B/N
A valid PIN1 is entered when opening the webpage. A user matching the certificate data exists. A valid PIN1 is entered when opening the webpage. The administration interface is not configured to accept the certificate. A valid PIN1 is entered when opening the webpage. A user matching the certificate data does not exist.
P/F/B/N
An error is displayed.
P/F/B/N
An error is displayed.
P/F/B/N
1.3.
Tests for managing administration interface users. P passed F failed B blocked N not tested
List of users
P/F/B/N
TEST SCENARIOS
Searching users
The user selects the desired status of users and enters text to be searched. The Search button is then clicked.
The administration interface displays the list of users matching the entered criteria.
P/F/B/N
P/F/B/N
Adding users
10
The user inputs the new administrator information and clicks on the button Save
The system saves the administrator information and displays the autogenerated password to the user.
P/F/B/N
11
The user clicks on the Edit link in the list of users The user inputs the modified administrator information and clicks on the button Save
P/F/B/N
12
Editing users
P/F/B/N
13
P/F/B/N
14
Deleting users
P/F/B/N
1.4.
Managing clients
Tests for managing clients through the management interface. P passed F failed B blocked N not tested TEST SCENARIOS
Managing clients
15
List of clients
P/F/B/N
Searching clients
16
The user selects the desired status of clients and enters text to be searched. The Search button is then clicked.
The administration interface displays the list of clients matching the entered criteria.
P/F/B/N
17
The user clicks on the link Add new client The user inputs the new client information and clicks on the button Save
The form for adding a new client is displayed. The system saves the client information and displays the autogenerated password to the user.
P/F/B/N
18
Adding clients
P/F/B/N
19
The user clicks on the Edit link in the list of clients The user inputs the modified client information and clicks on the button Save
P/F/B/N
20
Editing clients
P/F/B/N
21
P/F/B/N
22
Deleting clients
23
P/F/B/N
TEST SCENARIOS
P/F/B/N
24
Managing client Managing client Managing client access access permissions access permissions permissions Data entry form
The user clicks on the link Edit services available for the client
A list of services is displayed, sectioned into two lists: services available to the client, services not yet available to the client.
P/F/B/N
25
P/F/B/N
26
P/F/B/N
27
The user clicks on the link view in more detailed in the client query log section of the client The list of queries performed by the client detailed information page is displayed.
P/F/B/N
1.5.
Reports
Tests for reports through the administration interface. P passed F failed B blocked N not tested
Reports Defining the criteria for the report
28
A page is displayed where the user can specify the criteria for the desired report
P/F/B/N
TEST SCENARIOS
29
Report results
The user specifies the criteria (specific clients) and clicks on the button Show The user specifies the criteria (specific services) and clicks on the button Show
P/F/B/N
30
Report results
P/F/B/N
31
32
33
The user specifies the criteria (a time period) and clicks on the button A report of activity within the scope of Show selected time period is displayed. The user specifies the criteria (grouped by either days, months or years) and clicks on the button A report of activity grouped by the Show selected time period is displayed. The user specifies the criteria (criteria that does not match any data logged) and clicks on the An error message is displayed explaining button Show that no data matches the criteria.
Report results
P/F/B/N
P/F/B/N
P/F/B/N
1.6.
Management of prices
Tests for managing prices through the administration interface. P passed F failed B blocked N not tested
Management of prices Assinging a Assinging a new Service price new price to the price to the service list service 34 The user clicks on the link Services and opens the tab Service prices
A list of services is displayed with the prices for each defined period.
P/F/B/N
35
The user clicks on the link The form for adding a new pricing period Add new price is displayed.
P/F/B/N
36
P/F/B/N
TEST SCENARIOS
37
The user inputs the required data and clicks on Save. An existing price An error is displayed: There is a collision period intersects with the between the entered price period and an new period. exisiting price period.
P/F/B/N
38
The user opens the price period edit form by clicking on the edit link.
P/F/B/N
39
Editing a clientAssinging a new Client-based Date format Editing a service based service Period collision check client-based price service price check Period collision check price price to the service list
P/F/B/N
40
The user inputs the required data and clicks on Save. An existing clientbased price period An error is displayed: There is a collision intersects with the edited between the entered price period and an period. exisiting price period.
P/F/B/N
41
42
An invalid date is entered. The user opens the list of client-based prices by navigating to the detailed information view of a specific client.
An error is displayed: The date entered is not valid or in in the correct format.
P/F/B/N
A list of services is displayed with the client-based prices for each defined period.
P/F/B/N
43
The user clicks on the link Add new price. The user inputs the required data and clicks on Save
P/F/B/N
44
P/F/B/N
45
The user opens the clientbased price period edit form by clicking on the edit link.
P/F/B/N
TEST SCENARIOS
The user clicks on the link Add new price. The user inputs the required data and clicks on Save. An existing client-based price An error is displayed: There is a collision period intersects with the between the entered price period and an new period. exisiting price period.
46
Date format Editing a clientPeriod collision check check based service price
P/F/B/N
47
The user inputs the required data and clicks on Save. An existing clientbased price period An error is displayed: There is a collision intersects with the edited between the entered price period and an period. exisiting price period.
P/F/B/N
48
An error is displayed: The date entered is not valid or in in the correct format.
P/F/B/N
1.7.
Managing services
Tests for managing services through the administration interface. P passed F failed B blocked N not tested
Managing services List of services 49 The user clicks on the link Services. A list of services is displayed. The user selects the desired status of services and enters text to be searched. The Search button is then clicked.
P/F/B/N
50
Searching services
The administration interface displays the list of services matching the entered criteria.
P/F/B/N
51
Adding a Adding a Editing a new EBR new EBR service product product
The user clicks on the link Add a new service" The user inputs the required data and clicks on Save
P/F/B/N
52
P/F/B/N
P/F/B/N
54
The product is saved. In case of a predefined service only the status and the name can be altered.
P/F/B/N
TEST SCENARIOS
53
The user clicks on the link The form for editing an existing service is edit " displayed.
Editing a service
55
56
Adding a Adding a Editing an Editing an Searchign new EBR new EBR EBR node EBR node EBR nodes node node
The user opens the tab EBR countries and nodes The user selects the desired status of nodes and enters text to be searched. The Search button is then clicked. The user clicks on the link Add a new node" The user inputs the required data and clicks on Save
P/F/B/N
The administration interface displays the list of nodes matching the entered criteria. The form for adding a new EBR node is displayed.
P/F/B/N
57
P/F/B/N
58
P/F/B/N
59
The user clicks on the link edit " The user inputs the required data and clicks on Save
P/F/B/N
60
P/F/B/N
61
The user clicks on the link edit" and confirms the request to delete the node.
P/F/B/N
62
Editing an Adding a new Adding a new List of EBR EBR service EBR service EBR service services
P/F/B/N
63
P/F/B/N
64
P/F/B/N
65
P/F/B/N
66
P/F/B/N
10
TEST SCENARIOS
1.8.
Tests for managing supported CAs through the administration interface. P passed F failed B blocked N not tested
Management of TSL information 67 List of TSLs The user clicks on the link TSL management The user clicks on the link Add a new TSL, inputs the required data and clicks on Save The user clicks on the link edit, inputs the required data and clicks on Save The user clicks on the link refresh The user clicks on the link refresh. The URL specified in the TSL information is invalid or inaccessible. The user clicks on the link TSP services The administration interface displays the list of TSLs registered.
P/F/B/N
68
P/F/B/N
69
Refreshing a List of TSL in case Refreshin Editing a TSP of an invalid g a TSL TSL services URL
The TSL reference is saved. The TSL is downloaded and the TSP services related to the TSL are updated.
P/F/B/N
70
P/F/B/N
71
The system displays an error. The administration interface displays the list of TSP services registered.
P/F/B/N
72
P/F/B/N
73
P/F/B/N
74
P/F/B/N
75
The user inputs the required data and clicks on Save An obligatory data field is not filled.
P/F/B/N
76
P/F/B/N
11
TEST SCENARIOS
1.9.
Tests for creating and managing digitally signed containers and documents through the Web Services Framework. Tests for the signing operations are implemented as automated tests in the Testsuite3.py script, referenced by numbers 30a through 35d. The following list describes the typical use cases tested. P passed F failed
#
Scenario
Action
The user initializes the service The service initBDOC initBDOC, providing a correct is run. A session set of username and identificator is returned password. to the user.
P/F/B/N
77
The service initBDOC is not run and an error is returned to the user.
P/F/B/N
The service initBDOC is not run and an error is returned to the user.
P/F/B/N
The user initializes the service The service initBDOC initBDOC, providing a correct is run. A session set of username and password identificator is returned in addition to the BDOC to the user. container.
P/F/B/N
78
The service initBDOC is not run and an error is returned to the user.
P/F/B/N
12
TEST SCENARIOS
79
The user initializes the service addBDOCDataFile, providing the session identificator and the data file to be added.
P/F/B/N
The service addBDOCDataFile is not run and an error is returned to the user.
P/F/B/N
The service addBDOCDataFile is not run and an error is returned to the user.
P/F/B/N
The user initializes the service delBDOCDataFile, providing the session identificator and the data file id to be removed. Removing files from the container
P/F/B/N
80
The service delBDOCDataFile is not run and an error is returned to the user.
P/F/B/N
The service delBDOCDataFile is not run and an error is returned to the user. The service delBDOCDataFile is not run and an error is returned to the user.
P/F/B/N
P/F/B/N
13
TEST SCENARIOS
81
The service prepBDOCSignature is The user initializes the service run. The signature prepBDOCSignature, structures are prepared providing the session in the container and the identificator and the hash code to be signed certificate of the signer. and the signature identificator are returned to the user.
P/F/B/N
The service prepBDOCSignature is not run and an error is returned to the user.
P/F/B/N
The service prepBDOCSignature is not run and an error is returned to the user.
P/F/B/N
The service prepBDOCSignature is not run and an error is returned to the user.
P/F/B/N
The user initializes the service finBDOCSignature, providing the session identificator, the signed hash code and the ID of the signature.
P/F/B/N
82
The service finBDOCSignature is not run and an error is returned to the user.
P/F/B/N
14
TEST SCENARIOS
The service finBDOCSignature is not run and an error is returned to the user.
P/F/B/N
The user initializes the service The service initPDF is initPDF, providing a correct run. A session set of username and password identificator is returned in addition to the PDF file. to the user. The service initPDF is not run and an error is returned to the user.
P/F/B/N
83
P/F/B/N
84
The service prepPDFSignature is run. The signature The user initializes the service structures are prepared prepPDFSignature, providing in the container and the the session identificator and hash code to be signed the certificate of the signer. and the signature identificator are returned to the user. The service The user enters an invalid prepPDFSignature is session identificator. not run and an error is returned to the user. The user enters an invalid certificate. The service prepPDFSignature is not run and an error is returned to the user. The service prepPDFSignature is not run and an error is returned to the user. The service finPDFSignature is run. The signature finalized. The service finPDFSignature is not run and an error is returned to the user. The service finPDFSignature is not run and an error is returned to the user.
P/F/B/N
P/F/B/N
P/F/B/N
P/F/B/N
The user initializes the service finPDFSignature, providing the session identificator and the signed hash code. Finalizing the 85 signature in the PDF The user enters an invalid session identificator.
P/F/B/N
P/F/B/N
P/F/B/N
15
TEST SCENARIOS
1.10. Certificate status verification operations Tests for the certificate status verification operations are implemented as automated tests in the Testsuite3.py script, referenced by numbers 14 through 21. The following list describes the typical use cases tested. P passed F failed B blocked N not tested
Scenario
Action
Result
Test result
Comments
The user initializes the service getOCSP, The service getOCSP providing a correct set is run. The OCSP of username and response is returned to password in addition to the user. the certificate to be checked.
P/F/B/N
86
OCSP gateway
The service getOCSP is not run and an error is returned to the user.
P/F/B/N
The service getOCSP is not run and an error is returned to the user. The service getOCSP is not run and an error is returned to the user.
P/F/B/N
P/F/B/N
The service getOCSP is not run and an error is returned to the user.
P/F/B/N
16
TEST SCENARIOS
The user initializes the The service getOCSP service getOCSP, is run. The OCSP providing a correct set response is generated of username and in the CRL2OCSP password in addition to responder and returned the certificate to be to the user. checked.
P/F/B/N
87
OCSP-CRL gateway
The service getOCSP is not run and an error is returned to the user.
P/F/B/N
The service getOCSP is not run and an error is returned to the user.
P/F/B/N
The service getOCSP is not run and an error is returned to the user.
P/F/B/N
17
TEST SCENARIOS
The service getOCSP is not run and an error is returned to the user.
P/F/B/N
The user initializes the service The service getCertificateStatus, getCertificateStatus is providing a correct set run. The certificate of username and status from the OCSP password in addition to response is returned to the certificate to be the user. checked.
P/F/B/N
88
The service getCertificateStatus is not run and an error is returned to the user.
P/F/B/N
The service getCertificateStatus is not run and an error is returned to the user.
P/F/B/N
The service getCertificateStatus is not run and an error is returned to the user.
P/F/B/N
1.11. EBR-CR operations Tests for the EBR-CR operations are implemented as automated tests in the Testsuite3.py script, referenced by numbers 2 through 13. As version 3 of the EBR central services is not supported by the framework, the legacy tests will not be described in this document.
18
TEST SCENARIOS