[Freeipa-devel] [freeipa PR#1645][opened] ipa_tests: test signing request with subca on replica

Thu, 01 Mar 2018 10:31:57 -0800 

   URL: https://github.com/freeipa/freeipa/pull/1645
Author: Rezney
 Title: #1645: ipa_tests: test signing request with subca on replica
Action: opened

PR body:
"""
test to verify that replica is able to sign a certificate with new sub CA.

https://pagure.io/freeipa/issue/7387
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1645/head:pr1645
git checkout pr1645

From 9cce12e1c0520e1ee2176afa15395c2aae9b7b87 Mon Sep 17 00:00:00 2001
From: Michal Reznik <mrez...@redhat.com>
Date: Mon, 26 Feb 2018 15:58:17 +0100
Subject: [PATCH] ipa_tests: test signing request with subca on replica

test to verify that replica is able to sign a certificate with
new sub CA.

https://pagure.io/freeipa/issue/7387
---
 .../test_integration/test_replica_promotion.py     | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index c093369464..7f1c07f431 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -613,3 +613,26 @@ def test_sub_ca_key_replication(self):
                                                   encoding='utf-8')
         # check for cert/key import error message
         assert self.ERR_MESS not in pki_debug_log
+
+    def test_sign_with_subca_on_replica(self):
+        master = self.master
+        replica = self.replicas[0]
+
+        SUBCA_KEY_FILE = '/etc/pki/tls/private/test_subca.key'
+        SUBCA_CRT_FILE = '/etc/pki/tls/private/test_subca.crt'
+
+        caacl_cmd = ['ipa', 'caacl-add-ca', 'hosts_services_caIPAserviceCert',
+                     '--cas', self.SUBCA]
+        master.run_command(caacl_cmd)
+
+        request_cmd = [paths.IPA_GETCERT, 'request', '-w', '-k',
+                       SUBCA_KEY_FILE, '-f', SUBCA_CRT_FILE, '-X', self.SUBCA]
+        replica.run_command(request_cmd)
+
+        status_cmd = [paths.IPA_GETCERT, 'status', '-v', '-f', SUBCA_CRT_FILE]
+        status = replica.run_command(status_cmd)
+        assert 'State MONITORING, stuck: no' in status.stdout_text
+
+        ssl_cmd = ['openssl', 'x509', '-text', '-in', SUBCA_CRT_FILE]
+        ssl = replica.run_command(ssl_cmd)
+        assert 'Issuer: CN = {}'.format(self.SUBCA) in ssl.stdout_text

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to