Upload
jennifer123
View
219
Download
0
Embed Size (px)
Citation preview
7/27/2019 CBS-017 Test Scenarios
1/19
Document information
Creation date23.08.2011
Name TEST SCENARIOS
Subject Development of authentication and authorisation solutions
based on strong certificates for EU citizens
Reference
Procurement No. 113700 - Development of authentication and
authorisation solutions based on strong certificates for EU
citizensPart I
Addressee: RIA
Compiled by Ott Sarv; Asse Sauga; Indrek Jrve
Version 1.6
History of changes
v1.4:
Documentation milestone.
v1.5:
Minor fixes
v1.6:
Tests for ID-card authentication
7/27/2019 CBS-017 Test Scenarios
2/19
TESTSCENARIOS
1
SISUKORDTABLE OF CONTENTS .......................................................................................................................................... 1
1. TEST SCENARIOS ........................................................ ................................................................. ............ 21.1. Test modules ....................................................... ................................................................. ............ 21.2. Authentication to the administration interface ......................................................... ....................... 21.3. Managing system administrators ........................................................................................ ............ 31.4. Managing clients ........................................................... .............................................................. .... 41.5. Reports .......................................................................................................... .................................. 61.6. Management of prices .............................................................. ....................................................... 71.7. Managing services................................................................... ........................................................ 91.8. Management of TSL information ........................................................ ........................................... 111.9. Digital signing operations ....................................................... ...................................................... 121.10. Certificate status verification operations ...................................................................................... 161.11. EBR-CR operations ................................................................. ...................................................... 18
7/27/2019 CBS-017 Test Scenarios
3/19
TESTSCENARIOS
2
1. TEST SCENARIOS
The tests are performed either by running automated test scripts or by human testing.
Human tests are performed on the following platforms with the following webbrowsers:
Web browsers Operation systems
Internet Explorer 8 Windows Vista
Firefox 3.6 Windows 7
1.1. Test modules
The following methods are used to perform tests: Functional testing tests for softwares implementation of functional
requirements
Smoke testing tests for the core functionality of the software
Investigative testing tests based on specific found errors
Regression testing tests for specific modules that have recently been
modified by the development
Automated testing tests with automated scripts
Use cases are used as a basis for testing. Automated tests are performed with
appropriate tools, such as Squish, Selenium, jUnit and/or PyUnit. In addition several
custom scipts are used.
1.2. Authentication to the administration interface
Tests for the administration interfaces core functionality.
# Scenario Action ResultTest
resultComments
P passed F failed B blocked N not tested
Authentication to the administration interface
1
Authenticatinga
user
A valid username and avalid password is entered
and the Log in link is
clicked.
A session is created and the
administration interface is opened. P/F/B/N
7/27/2019 CBS-017 Test Scenarios
4/19
TESTSCENARIOS
3
2
Aut
henticating
with
aninvalid
p
assword
A valid username and an
invalid password is
entered and the Log in
link is clicked. An error is displayed. P/F/B/N
3
Authenticatingan
unknownuser
An invalid username is
entered and the Log in
link is clicked. An error is displayed. P/F/B/N
4
Authen
ticatinga
u
ser
with
IDcard
A valid PIN1 is entered
when opening the
webpage. A user matching
the certificate data exists.
A session is created and the
administration interface is opened. P/F/B/N
5
Authenticating
withunknown
certificate
A valid PIN1 is entered
when opening the
webpage. Theadministration interface is
not configured to accept
the certificate. An error is displayed. P/F/B/N
6
Authenticating
withunknownuser
A valid PIN1 is entered
when opening the
webpage. A user matching
the certificate data does
not exist. An error is displayed. P/F/B/N
1.3. Managing system administrators
Tests for managing administration interface users.
P passed F failed B blocked N not tested
Managing system administrators
7
Listofusers
The user clicks on the linkAdministrators. A list of
users is displayed.
The administration interface displays the
list of users registered. P/F/B/N
7/27/2019 CBS-017 Test Scenarios
5/19
TESTSCENARIOS
4
8
Searchingusers
The user selects the
desired status of users and
enters text to be searched.The Search button is
then clicked.
The administration interface displays the
list of users matching the entered criteria. P/F/B/N
9
Addingusers
Dataentryform
The user clicks on the link
Add new administrator
The form for adding a new administrator
is displayed. P/F/B/N
10
Ad
dingusers
The user inputs the new
administrator information
and clicks on the buttonSave
The system saves the administrator
information and displays theautogenerated password to the user. P/F/B/N
11
Editingusers
Dataentryform
The user clicks on the
Edit link in the list of
users
The form for editing an existing
administrator is displayed. P/F/B/N
12
Editingusers
The user inputs the
modified administrator
information and clicks on
the button Save
The system saves the administrator
information. P/F/B/N
13
Deletingusers
Dataentryform
The user clicks on the
Delete link in the list of
users
The confirmation dialog for deleting an
existing administrator is displayed. P/F/B/N
14
Deletingusers
The user confirms the
request to delete the
administrator.
The system sets the administrator status
to Deleted P/F/B/N
1.4. Managing clients
Tests for managing clients through the management interface.
P passed F failed B blocked N not tested
Managing clients
7/27/2019 CBS-017 Test Scenarios
6/19
TESTSCENARIOS
5
15
Listo
fclients
The user clicks on the link
Clients. A list of users is
displayed.
The administration interface displays the
list of clients registered. P/F/B/N
16
Searchingclients
The user selects the
desired status of clients
and enters text to be
searched. The Searchbutton is then clicked.
The administration interface displays the
list of clients matching the enteredcriteria. P/F/B/N
17
Addingclients
Dataentryf
orm
The user clicks on the link
Add new client
The form for adding a new client is
displayed. P/F/B/N
18
Adding
clients The user inputs the new
client information and
clicks on the buttonSave
The system saves the client information
and displays the autogenerated passwordto the user. P/F/B/N
19
Editingclients
Dataentryform
The user clicks on theEdit link in the list of
clients
The form for editing an existing client is
displayed. P/F/B/N
20Editing
clients
The user inputs the
modified client
information and clicks on
the button Save The system saves the client information. P/F/B/N
21
D
eletingclients
D
ataentryform
The user clicks on the
Delete link in the list ofclients The confirmation dialog for deleting anexisting client is displayed. P/F/B/N
22
Deleting
clients
The user confirms the
request to delete the client.
The system sets the client status to
Deleted P/F/B/N
23
Detailed
informationabout
aclient
The user clicks on the
View link in the list of
clients
A page displaying detailed information
about the client is shown. P/F/B/N
7/27/2019 CBS-017 Test Scenarios
7/19
TESTSCENARIOS
6
24
Managingclient
accesspermissions
Dataentryform
The user clicks on the link
Edit services available
for the client
A list of services is displayed, sectioned
into two lists: services available to the
client, services not yet available to the
client. P/F/B/N
25
Managingclient
accesspermissions
The user assigns services
to the user or removes
them
The selected services transition to the
appropriate list of services. P/F/B/N
26
Managin
gclient
access
permissions
The user clicks on the
Save button The service access list is saved. P/F/B/N
27
Displayingthelogofuser
queries
The user clicks on the link
view in more detailed in
the client query log
section of the client
detailed information page
The list of queries performed by the client
is displayed.P/F/B/N
1.5. Reports
Tests for reports through the administration interface.
P passed F failed B blocked N not tested
Reports
28
Definingthecriteriafor
thereport
The user clicks on the linkReports
A page is displayed where the user canspecify the criteria for the desired report P/F/B/N
7/27/2019 CBS-017 Test Scenarios
8/19
TESTSCENARIOS
7
29
Reportresults
The user specifies thecriteria (specific clients)
and clicks on the buttonShow
A report of activity within the scope ofselected users is displayed. P/F/B/N
30Report
results The user specifies the
criteria (specific services)and clicks on the button
Show
A report of activity within the scope of
selected services is displayed. P/F/B/N
31Report
results The user specifies the
criteria (a time period) and
clicks on the button
Show
A report of activity within the scope of
selected time period is displayed. P/F/B/N
32
Reportresults The user specifies the
criteria (grouped by either
days, months or years) and
clicks on the buttonShow
A report of activity grouped by theselected time period is displayed. P/F/B/N
33
Reportresults The user specifies the
criteria (criteria that does
not match any data
logged) and clicks on the
button Show
An error message is displayed explaining
that no data matches the criteria. P/F/B/N
1.6. Management of prices
Tests for managing prices through the administration interface.
P passed F failed B blocked N not tested
Management of prices
34
Serviceprice
list The user clicks on the link
Services and opens the
tab Service prices
A list of services is displayed with the
prices for each defined period. P/F/B/N
35
Assinginga
newpricetoth
e
service
The user clicks on the link
Add new price
The form for adding a new pricing period
is displayed. P/F/B/N
36
Assinginganew
pricetotheservice
The user inputs the
required data and clicks on
Save. The new pricing period is saved. P/F/B/N
7/27/2019 CBS-017 Test Scenarios
9/19
TESTSCENARIOS
8
37
Periodco
llisioncheck
The user inputs the
required data and clicks on
Save. An existing price
period intersects with the
new period.
An error is displayed: There is a collision
between the entered price period and an
exisiting price period. P/F/B/N
38
Editinga
serviceprice
The user opens the price
period edit form byclicking on the edit link.
The form for editing an existing pricingperiod is displayed. P/F/B/N
39
Editing
aservice
p
rice
The user inputs therequired data and clicks on
Save.
The changes to the pricing period are
saved. P/F/B/N
40
Periodcollisioncheck
The user inputs the
required data and clicks on
Save. An existing client-
based price period
intersects with the editedperiod.
An error is displayed: There is a collision
between the entered price period and anexisiting price period. P/F/B/N
41
Datefo
rmat
check
An invalid date is entered.
An error is displayed: The date entered is
not valid or in in the correct format. P/F/B/N
42
Client-based
serviceprice
list
The user opens the list of
client-based prices by
navigating to the detailed
information view of a
specific client.
A list of services is displayed with the
client-based prices for each defined
period. P/F/B/N
43
Assinginganew
client-basedprice
to
theservice
The user clicks on the link
Add new price. The user
inputs the required dataand clicks on Save The new pricing period is saved. P/F/B/N
44
Periodcollisioncheck
The user clicks on the linkAdd new price. The user
inputs the required data
and clicks on Save. An
existing client-based price
period intersects with the
new period.
An error is displayed: There is a collision
between the entered price period and an
exisiting price period. P/F/B/N
45
Editing
aclient-
based
service
price The user opens the client-
based price period editform by clicking on the
edit link.
The form for editing an existing client-
based pricing period is displayed. P/F/B/N
7/27/2019 CBS-017 Test Scenarios
10/19
TESTSCENARIOS
9
46
Editingaclient-
based
serviceprice
The user inputs the
required data and clicks on
Save.
The changes to the pricing period are
saved. P/F/B/N
47
Periodcollisioncheck
The user inputs the
required data and clicks on
Save. An existing client-
based price period
intersects with the edited
period.
An error is displayed: There is a collision
between the entered price period and an
exisiting price period. P/F/B/N
48
Date
format
check
An invalid date is entered.An error is displayed: The date entered is
not valid or in in the correct format. P/F/B/N
1.7. Managing services
Tests for managing services through the administration interface.
P passed F failed B blocked N not tested
Managing services
49Listof
services The user clicks on the link
Services. A list of
services is displayed.
The administration interface displays the
list of services registered. P/F/B/N
50
Searching
services
The user selects the
desired status of services
and enters text to be
searched. The Search
button is then clicked.
The administration interface displays the
list of services matching the entered
criteria. P/F/B/N
51
Addinga
newEBR
product
The user clicks on the link
Add a new service"
The form for adding a new EBR product
is displayed. P/F/B/N
52
Addinga
newEBR
product
The user inputs the
required data and clicks on
Save The product is saved. P/F/B/N
53
Editinga
service
The user clicks on the link
edit "
The form for editing an existing service is
displayed. P/F/B/N
54
Editinga
service
The user inputs the
required data and clicks on
Save
The product is saved. In case of a pre-
defined service only the status and the
name can be altered. P/F/B/N
7/27/2019 CBS-017 Test Scenarios
11/19
TESTSCENARIOS
10
55Listof
EBR
nodes The user opens the tab
EBR countries andnodes
The administration interface displays thelist of nodes registered. P/F/B/N
56
Searchign
EBRnode
s The user selects the
desired status of nodes
and enters text to be
searched. The Search
button is then clicked.
The administration interface displays the
list of nodes matching the entered criteria. P/F/B/N
57
Addinga
newEBR
node
The user clicks on the link
Add a new node"
The form for adding a new EBR node is
displayed. P/F/B/N
58
Addinga
newEBR
node The user inputs the
required data and clicks on
Save The node is saved. P/F/B/N
59
Editing
an
EBRno
de
The user clicks on the link
edit "
The form for editing an existing EBR
node is displayed. P/F/B/N
60
Editingan
EBRnode
The user inputs the
required data and clicks on
Save The node is saved. P/F/B/N
61
Deletingan
EBRnode
The user clicks on the link
edit" and confirms the
request to delete the node. The node is marked as deleted. P/F/B/N
62
ListofEBR
services
Kasutaja vajutab sakil
"EBR teenused".
The administration interface displays the
list of EBR services registered. P/F/B/N
63
Addinganew
EBRservice
The user clicks on the link
Add a new EBR service"
The form for adding a new EBR service
is displayed. P/F/B/N
64
Adding
anew
EBRservice
The user inputs therequired data and clicks on
Save The EBR service is saved. P/F/B/N
65
Editingan
EBRservice
The user clicks on the link
edit "
The form for editing an existing EBR
service is displayed. P/F/B/N
66
Editingan
EBRservice
The user inputs the
required data and clicks on
Save The EBR service is saved.P/F/B/N
7/27/2019 CBS-017 Test Scenarios
12/19
TESTSCENARIOS
11
1.8. Management of TSL information
Tests for managing supported CAs through the administration interface.
P passed F failed B blocked N not tested
Management of TSL information
67Listof
TSLs
The user clicks on the linkTSL management
The administration interface displays thelist of TSLs registered. P/F/B/N
68
Addinga
newTSL The user clicks on the link
Add a new TSL, inputsthe required data and
clicks on Save A new TSL reference is saved. P/F/B/N
69
Editing
a
TSL The user clicks on the link
edit, inputs the required
data and clicks on Save The TSL reference is saved. P/F/B/N
70
Refreshin
gaTSL
The user clicks on the link
refresh
The TSL is downloaded and the TSP
services related to the TSL are updated. P/F/B/N
71
Reres
nga
TSLincase
ofaninvalid
URL
The user clicks on the link
refresh. The URL
specified in the TSLinformation is invalid or
inaccessible. The system displays an error. P/F/B/N
72Listo
f
TSP
services
The user clicks on the link
TSP services
The administration interface displays the
list of TSP services registered. P/F/B/N
73
EditingaTSPservice
The user clicks on the link
edit.
The form for editing a TSP service is
displayed. P/F/B/N
74
EditingaTSPservic
e
The user clicks on the link
edit.The form for editing a TSP service is
displayed. P/F/B/N
75
Editinga
TSP
service The user inputs the
required data and clicks on
Save The TSP service is saved. P/F/B/N
76Editinga
TS
P
serv
ice
An obligatory data field isnot filled. The system displays an error. P/F/B/N
7/27/2019 CBS-017 Test Scenarios
13/19
TESTSCENARIOS
12
1.9. Digital signing operations
Tests for creating and managing digitally signed containers and documents throughthe Web Services Framework.
Tests for the signing operations are implemented as automated tests in the
Testsuite3.py script, referenced by numbers 30a through 35d. The following list
describes the typical use cases tested.
P passed F failed B blocked N not tested
# Scenario Action ResultTest
resultComments
77
Cr
eatingaBDOCcontainer
The user initializes the service
initBDOC, providing a correct
set of username and
password.
The service initBDOC
is run. A session
identificator is returned
to the user.
P/F/B/N
The user enters invalid
credentials.
The service initBDOC
is not run and an error
is returned to the user.P/F/B/N
Creating a session fails.The service initBDOC
is not run and an error
is returned to the user.P/F/B/N
78
Creatingasessionbasedonanexisting
container
The user initializes the service
initBDOC, providing a correct
set of username and password
in addition to the BDOC
container.
The service initBDOCis run. A session
identificator is returned
to the user.
P/F/B/N
Adding the container to the
session fails.
The service initBDOC
is not run and an error
is returned to the user.P/F/B/N
7/27/2019 CBS-017 Test Scenarios
14/19
TESTSCENARIOS
13
79
Addingfilestothecontainer
The user initializes the service
addBDOCDataFile, providingthe session identificator and
the data file to be added.
The service
addBDOCDataFile isrun. A file is added to
the container.
P/F/B/N
The user enters an invalid
session identificator.
The serviceaddBDOCDataFile is
not run and an error is
returned to the user.
P/F/B/N
The operation fails.
The service
addBDOCDataFile is
not run and an error is
returned to the user.
P/F/B/N
80
Removingfilesfromthecontainer
The user initializes the service
delBDOCDataFile, providing
the session identificator and
the data file id to be removed.
The service
delBDOCDataFile is
run. A file is removed
from the container.
P/F/B/N
The user enters an invalid
session identificator.
The service
delBDOCDataFile is
not run and an error is
returned to the user.
P/F/B/N
The user enters an invalid
data file id.
The service
delBDOCDataFile is
not run and an error isreturned to the user.
P/F/B/N
The operation fails.
The service
delBDOCDataFile is
not run and an error is
returned to the user.
P/F/B/N
7/27/2019 CBS-017 Test Scenarios
15/19
TESTSCENARIOS
14
81
Preparingasignature
inthecontainer
The user initializes the service
prepBDOCSignature,
providing the session
identificator and the
certificate of the signer.
The service
prepBDOCSignature is
run. The signature
structures are prepared
in the container and the
hash code to be signed
and the signatureidentificator are
returned to the user.
P/F/B/N
The user enters an invalid
session identificator.
The service
prepBDOCSignature is
not run and an error is
returned to the user.
P/F/B/N
The user enters an invalid
certificate.
The service
prepBDOCSignature is
not run and an error isreturned to the user.
P/F/B/N
The operation fails.
The serviceprepBDOCSignature is
not run and an error is
returned to the user.
P/F/B/N
82
Finallizingasignatureinthecontainer The user initializes the service
finBDOCSignature, providing
the session identificator, the
signed hash code and the IDof the signature.
The servicefinBDOCSignature is
run. The signaturefinalized.
P/F/B/N
The user enters an invalid
session identificator.
The service
finBDOCSignature is
not run and an error is
returned to the user.
P/F/B/N
7/27/2019 CBS-017 Test Scenarios
16/19
TESTSCENARIOS
15
The operation fails.
The service
finBDOCSignature isnot run and an error is
returned to the user.
P/F/B/N
83
Creatingasessionbasedon
anexistingPDF
The user initializes the service
initPDF, providing a correctset of username and password
in addition to the PDF file.
The service initPDF is
run. A sessionidentificator is returned
to the user.
P/F/B/N
Adding the file to the session
fails.
The service initPDF is
not run and an error is
returned to the user.P/F/B/N
84
PreparingasignatureintheP
DF
The user initializes the service
prepPDFSignature, providing
the session identificator and
the certificate of the signer.
The service
prepPDFSignature is
run. The signature
structures are prepared
in the container and the
hash code to be signedand the signature
identificator are
returned to the user.
P/F/B/N
The user enters an invalid
session identificator.
The service
prepPDFSignature is
not run and an error isreturned to the user.
P/F/B/N
The user enters an invalid
certificate.
The service
prepPDFSignature is
not run and an error is
returned to the user.
P/F/B/N
The operation fails.
The service
prepPDFSignature is
not run and an error is
returned to the user.
P/F/B/N
85Finalizing the
signature in the
The user initializes the service
finPDFSignature, providing
the session identificator and
the signed hash code.
The service
finPDFSignature is
run. The signature
finalized.
P/F/B/N
The user enters an invalid
session identificator.
The servicefinPDFSignature is not
run and an error is
returned to the user.
P/F/B/N
The operation fails.
The service
finPDFSignature is not
run and an error is
returned to the user.
P/F/B/N
7/27/2019 CBS-017 Test Scenarios
17/19
TESTSCENARIOS
16
1.10. Certificate status verification operations
Tests for the certificate status verification operations are implemented as automatedtests in the Testsuite3.py script, referenced by numbers 14 through 21. The following
list describes the typical use cases tested.
P passed F failed B blocked N not tested
# Scenario Action ResultTest
resultComments
86
OCSPgateway
The user initializes the
service getOCSP,
providing a correct set
of username and
password in addition tothe certificate to be
checked.
The service getOCSP
is run. The OCSP
response is returned to
the user.
P/F/B/N
The user enters invalid
credentials.
The service getOCSP
is not run and an error
is returned to the user.P/F/B/N
The operation fails.The service getOCSPis not run and an error
is returned to the user.
P/F/B/N
The OCSP responder
does not respond.
The service getOCSP
is not run and an error
is returned to the user.P/F/B/N
The user enters an
invalid certificate.
The service getOCSP
is not run and an error
is returned to the user.P/F/B/N
7/27/2019 CBS-017 Test Scenarios
18/19
TESTSCENARIOS
17
87
OCS
P-CRLgateway
The user initializes the
service getOCSP,
providing a correct set
of username and
password in addition to
the certificate to be
checked.
The service getOCSP
is run. The OCSPresponse is generated
in the CRL2OCSP
responder and returned
to the user.
P/F/B/N
The user enters invalid
credentials.
The service getOCSP
is not run and an error
is returned to the user.
P/F/B/N
The user enters aninvalid certificate.
The service getOCSP
is not run and an erroris returned to the user.
P/F/B/N
The OCSP responder
does not respond.
The service getOCSP
is not run and an erroris returned to the user.
P/F/B/N
The operation fails.The service getOCSP
is not run and an error
is returned to the user.P/F/B/N
7/27/2019 CBS-017 Test Scenarios
19/19
TESTSCENARIOS
18
88
Certificatestatuscheck
The user initializes the
service
getCertificateStatus,
providing a correct setof username and
password in addition to
the certificate to be
checked.
The service
getCertificateStatus is
run. The certificatestatus from the OCSP
response is returned to
the user.
P/F/B/N
The user enters invalid
credentials.
The service
getCertificateStatus is
not run and an error is
returned to the user.
P/F/B/N
The user enters an
invalid certificate.
The servicegetCertificateStatus is
not run and an error is
returned to the user.
P/F/B/N
The operation fails.
The service
getCertificateStatus is
not run and an error is
returned to the user.
P/F/B/N
1.11. EBR-CR operations
Tests for the EBR-CR operations are implemented as automated tests in the
Testsuite3.py script, referenced by numbers 2 through 13. As version 3 of the EBR
central services is not supported by the framework, the legacy tests will not be
described in this document.