On 05/23/2013 07:17 PM, Tomas Babej wrote:
Hi,
With this patch, there's no need to run make-testcert separately
before running make-test. Unit test framework will check whether
service.crt file exists, and if not, will generate one if needed.
New location of service.crt file is in ~/.ipa directory.
Part of https://fedorahosted.org/freeipa/ticket/3621
Tomas
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I just noticed that one of the descriptions referred to the old
service.cert path. Fixed, updated patch attached.
Tomas
From 618bbe34e0363170a02c619e99b67c5794bc0f29 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Thu, 23 May 2013 12:05:36 +0200
Subject: [PATCH] Make testcert automagically when needed by unit test
framework
With this patch, there's no need to run make-testcert separately
before running make-test. Unit test framework will check whether
service.crt file exists, and if not, will generate one if needed.
New location of service.crt file is in ~/.ipa directory.
Part of https://fedorahosted.org/freeipa/ticket/3621
---
tests/test_xmlrpc/test_host_plugin.py | 29 ++++++++++----
tests/test_xmlrpc/test_service_plugin.py | 28 ++++++++++---
make-testcert => tests/testcert.py | 68 ++++++++++++--------------------
3 files changed, 69 insertions(+), 56 deletions(-)
rename make-testcert => tests/testcert.py (66%)
diff --git a/tests/test_xmlrpc/test_host_plugin.py b/tests/test_xmlrpc/test_host_plugin.py
index 07faf77607284b2193716854b287208f563d9472..7dba8b788c4ac68690e4a7cbfc9f21af1c53c181 100644
--- a/tests/test_xmlrpc/test_host_plugin.py
+++ b/tests/test_xmlrpc/test_host_plugin.py
@@ -34,6 +34,7 @@ from tests.test_xmlrpc.xmlrpc_test import (Declarative, XMLRPC_test,
fuzzy_hex)
from tests.test_xmlrpc import objectclasses
import base64
+from tests import testcert
fqdn1 = u'testhost1.%s' % api.env.domain
@@ -55,18 +56,32 @@ dn4 = DN(('fqdn',fqdn4),('cn','computers'),('cn','accounts'),
api.env.basedn)
invalidfqdn1 = u'foo_bar.lab.%s' % api.env.domain
-# We can use the same cert we generated for the service tests
-fd = open('tests/test_xmlrpc/service.crt', 'r')
-servercert = fd.readlines()
-servercert = ''.join(servercert)
-servercert = x509.strip_header(servercert)
-fd.close()
-
sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test'
sshpubkeyfp = u'13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)'
+servercert = ''
+
+# Create the testing server cert if it does not already exist
+# Returns True if successful, error message if not
+if not os.path.exists(testcert.CERTPATH):
+ servercert_ret = testcert.main()
+
+if os.path.exists(testcert.CERTPATH):
+ fd = open(testcert.CERTPATH, 'r')
+ servercert = fd.readlines()
+ servercert = ''.join(servercert)
+ servercert = x509.strip_header(servercert)
+ fd.close()
+
+
class test_host(Declarative):
+ def setUp(self):
+ super(Declarative, self).setUp()
+ if servercert == '':
+ raise SkipTest('Testcert generation problem: %s' %
+ servercert_ret)
+
cleanup_commands = [
('host_del', [fqdn1], {}),
('host_del', [fqdn2], {}),
diff --git a/tests/test_xmlrpc/test_service_plugin.py b/tests/test_xmlrpc/test_service_plugin.py
index 6f8dbbee713405083d92d65f1add170661527bf9..b7cecf0f602711323be1a7ecbf23b2f7f757f29f 100644
--- a/tests/test_xmlrpc/test_service_plugin.py
+++ b/tests/test_xmlrpc/test_service_plugin.py
@@ -28,6 +28,9 @@ from tests.test_xmlrpc.xmlrpc_test import fuzzy_hex
from tests.test_xmlrpc import objectclasses
import base64
from ipapython.dn import DN
+from tests import testcert
+import nose
+import os.path
fqdn1 = u'testhost1.%s' % api.env.domain
fqdn2 = u'testhost2.%s' % api.env.domain
@@ -39,17 +42,30 @@ host1dn = DN(('fqdn',fqdn1),('cn','computers'),('cn','accounts'),api.env.basedn)
host2dn = DN(('fqdn',fqdn2),('cn','computers'),('cn','accounts'),api.env.basedn)
host3dn = DN(('fqdn',fqdn3),('cn','computers'),('cn','accounts'),api.env.basedn)
-fd = open('tests/test_xmlrpc/service.crt', 'r')
-servercert = fd.readlines()
-servercert = ''.join(servercert)
-servercert = x509.strip_header(servercert)
-fd.close()
-
+servercert = ''
badservercert = 'MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXDuqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHYd+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pekiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0WyDGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv'
+# Create the testing server cert if it does not already exist
+# Returns True if successful, error message if not
+if not os.path.exists(testcert.CERTPATH):
+ servercert_ret = testcert.main()
+
+if os.path.exists(testcert.CERTPATH):
+ fd = open(testcert.CERTPATH, 'r')
+ servercert = fd.readlines()
+ servercert = ''.join(servercert)
+ servercert = x509.strip_header(servercert)
+ fd.close()
+
class test_service(Declarative):
+ def setUp(self):
+ super(Declarative, self).setUp()
+ if servercert == '':
+ raise nose.SkipTest('Testcert generation problem: %s' %
+ servercert_ret)
+
cleanup_commands = [
('host_del', [fqdn1], {}),
('host_del', [fqdn2], {}),
diff --git a/make-testcert b/tests/testcert.py
similarity index 66%
rename from make-testcert
rename to tests/testcert.py
index a5814e1de9428e74a6343f5f13193748e3e04df6..d05fa2b712db894baf14875a0cbd925d70a49f17 100755
--- a/make-testcert
+++ b/tests/testcert.py
@@ -21,19 +21,19 @@
"""
Generate a custom certificate used in the service unit tests. The certificate
-will be created in tests/test_xmlrpc/service.crt
+will be created in ~/.ipa/service.crt
"""
-import sys
+
import os
import tempfile
import shutil
-import nss.nss as nss
-from ipalib import api, x509, backend, errors
+from ipalib import api, errors, x509
from ipaserver.plugins import rabase
from ipapython import ipautil
from ipapython.dn import DN
-CERTPATH = 'tests/test_xmlrpc/service.crt'
+CERTPATH = '{home}/.ipa/service.crt'.format(home=api.env.home)
+
def run_certutil(reqdir, args, stdin=None):
"""
@@ -43,6 +43,7 @@ def run_certutil(reqdir, args, stdin=None):
new_args = new_args + args
return ipautil.run(new_args, stdin)
+
def generateCSR(reqdir, pwname, subject):
"""
Create a CSR for the given subject.
@@ -58,35 +59,17 @@ def generateCSR(reqdir, pwname, subject):
fp.close()
return data
-class client(backend.Executioner):
- """
- A simple-minded IPA client that can execute remote commands.
- """
-
- def run(self, method, *args, **options):
- self.create_context()
- result = self.execute(method, *args, **options)
- return result
-
def makecert(reqdir):
"""
Generate a service certificate that can be used during unit testing.
"""
- cfg = dict(
- context='cli',
- in_server=False,
- debug=False,
- verbose=0,
- )
-
- api.bootstrap(**cfg)
- api.register(client)
- api.finalize()
ra = rabase.rabase()
- if not os.path.exists(ra.sec_dir) and api.env.xmlrpc_uri == 'http://localhost:8888/ipa/xml':
- sys.exit('The in-tree self-signed CA is not configured, see tests/test_xmlrpc/test_cert.py')
+ if not os.path.exists(ra.sec_dir)\
+ and api.env.xmlrpc_uri == 'http://localhost:8888/ipa/xml':
+ return 'The in-tree self-signed CA is not configured, ' + \
+ 'see tests/test_xmlrpc/test_cert.py'
pwname = reqdir + "/pwd"
@@ -98,7 +81,7 @@ def makecert(reqdir):
# Generate NSS cert database to store the private key for our CSR
run_certutil(reqdir, ["-N", "-f", pwname])
- res = api.Backend.client.run('config_show')
+ res = api.Command['config_show']()
subject_base = res['result']['ipacertificatesubjectbase'][0]
cert = None
@@ -107,8 +90,7 @@ def makecert(reqdir):
csr = unicode(generateCSR(reqdir, pwname, str(subject)))
try:
- res = api.Backend.client.run('cert_request', csr, principal=princ,
- add=True)
+ res = api.Command['cert_request'](csr, principal=princ, add=True)
cert = x509.make_pem(res['result']['certificate'])
fd = open(CERTPATH, 'w')
fd.write(cert)
@@ -118,19 +100,19 @@ def makecert(reqdir):
except errors.CommandError:
return "You need to set enable_ra=True in ~/.ipa/default.conf"
- nss.nss_init_nodb()
- c = x509.load_certificate(cert, x509.PEM)
- print c
- return 0
+def main():
+ reqdir = None
-reqdir = None
+ if os.path.exists(CERTPATH):
+ return
-if os.path.exists(CERTPATH):
- print "Test certificate %s exists, skipping." % CERTPATH
- sys.exit(0)
-try:
- reqdir = tempfile.mkdtemp(prefix = "tmp-")
- sys.exit(makecert(reqdir))
-finally:
- shutil.rmtree(reqdir)
+ try:
+ reqdir = tempfile.mkdtemp(prefix="tmp-")
+ ret = makecert(reqdir)
+ except Exception, e:
+ ret = str(e)
+ finally:
+ shutil.rmtree(reqdir)
+
+ return ret
--
1.8.1.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel