URL: https://github.com/freeipa/freeipa/pull/1645 Author: Rezney Title: #1645: ipa_tests: test signing request with subca on replica Action: opened
PR body: """ test to verify that replica is able to sign a certificate with new sub CA. https://pagure.io/freeipa/issue/7387 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1645/head:pr1645 git checkout pr1645
From 9cce12e1c0520e1ee2176afa15395c2aae9b7b87 Mon Sep 17 00:00:00 2001 From: Michal Reznik <mrez...@redhat.com> Date: Mon, 26 Feb 2018 15:58:17 +0100 Subject: [PATCH] ipa_tests: test signing request with subca on replica test to verify that replica is able to sign a certificate with new sub CA. https://pagure.io/freeipa/issue/7387 --- .../test_integration/test_replica_promotion.py | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index c093369464..7f1c07f431 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -613,3 +613,26 @@ def test_sub_ca_key_replication(self): encoding='utf-8') # check for cert/key import error message assert self.ERR_MESS not in pki_debug_log + + def test_sign_with_subca_on_replica(self): + master = self.master + replica = self.replicas[0] + + SUBCA_KEY_FILE = '/etc/pki/tls/private/test_subca.key' + SUBCA_CRT_FILE = '/etc/pki/tls/private/test_subca.crt' + + caacl_cmd = ['ipa', 'caacl-add-ca', 'hosts_services_caIPAserviceCert', + '--cas', self.SUBCA] + master.run_command(caacl_cmd) + + request_cmd = [paths.IPA_GETCERT, 'request', '-w', '-k', + SUBCA_KEY_FILE, '-f', SUBCA_CRT_FILE, '-X', self.SUBCA] + replica.run_command(request_cmd) + + status_cmd = [paths.IPA_GETCERT, 'status', '-v', '-f', SUBCA_CRT_FILE] + status = replica.run_command(status_cmd) + assert 'State MONITORING, stuck: no' in status.stdout_text + + ssl_cmd = ['openssl', 'x509', '-text', '-in', SUBCA_CRT_FILE] + ssl = replica.run_command(ssl_cmd) + assert 'Issuer: CN = {}'.format(self.SUBCA) in ssl.stdout_text
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org