Passing test output: https://paste.fedoraproject.org/385774/71035231/
-- Oleg Fayans Quality Engineer FreeIPA team RedHat.
From 7bc97eb762c951a8bc3762d8bd23da4ee06a6edb Mon Sep 17 00:00:00 2001 From: Oleg Fayans <ofay...@redhat.com> Date: Tue, 28 Jun 2016 10:33:13 +0200 Subject: [PATCH] Added methods to manipulate certs --- ipatests/test_integration/tasks.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ipatests/test_integration/tasks.py b/ipatests/test_integration/tasks.py index 38218fa709c2c220d5fea98a092b55e995d48d77..41b44ae8389510ec0ec9c8c1c4c5a9ee21e81ae4 100644 --- a/ipatests/test_integration/tasks.py +++ b/ipatests/test_integration/tasks.py @@ -1209,3 +1209,18 @@ def assert_error(result, stderr_text, returncode=None): assert result.returncode == returncode else: assert result.returncode > 0 + + +def run_certutil(host, args, reqdir, stdin=None): + new_args = [paths.CERTUTIL, "-d", reqdir] + new_args = new_args + args + return host.run_command(new_args, raiseonerr=False, + stdin_text=stdin) + + +def generate_csr(host, subject, reqdir, reqfile, pwname): + args = ["-R", "-s", subject, "-o", reqfile, + "-z", paths.GROUP, "-f", pwname, "-a"] + result = run_certutil(host, args, reqdir) + host.run_command(['cat', reqfile], raiseonerr=False) + return result.stdout_text -- 1.8.3.1
From f032df3a1d58e200d0f8bf8dbc121e5f03eb041e Mon Sep 17 00:00:00 2001 From: Oleg Fayans <ofay...@redhat.com> Date: Tue, 28 Jun 2016 10:16:06 +0200 Subject: [PATCH] Automated test for certs in idoverrides feature https://fedorahosted.org/freeipa/ticket/6005 --- .../test_integration/test_certs_in_idoverrides.py | 85 ++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 ipatests/test_integration/test_certs_in_idoverrides.py diff --git a/ipatests/test_integration/test_certs_in_idoverrides.py b/ipatests/test_integration/test_certs_in_idoverrides.py new file mode 100644 index 0000000000000000000000000000000000000000..a6b5a60ad5c171ef9fb35848d81a637df979ccaf --- /dev/null +++ b/ipatests/test_integration/test_certs_in_idoverrides.py @@ -0,0 +1,85 @@ +# +# Copyright (C) 2016 FreeIPA Contributors see COPYING for license +# + +import os +import re +from ipatests.test_integration import tasks +from ipatests.test_integration.base import IntegrationTest +from ipatests.test_integration.test_caless import assert_error + + +class TestCertsInIDOverrides(IntegrationTest): + topology = "line" + service_certprofile = 'caIPAserviceCert' + user_certprofile = 'caIPAuserCert' + user = 'testuser' + user_cn = "CN=%s" % user + idview = 'MyView' + cert_re = re.compile('Certificate: (?P<cert>.*?)\\s+.*') + + @classmethod + def install(cls, mh): + super(TestCertsInIDOverrides, cls).install(mh) + master = cls.master + master.run_command(['ipa', 'certprofile-show', cls.service_certprofile, + "--out=%s.txt" % cls.user_certprofile]) + master.run_command("sed -i \"s/profileId=%s/profileId=%s/\" %s.txt" % ( + cls.service_certprofile, cls.user_certprofile, + cls.user_certprofile) + ) + master.run_command(['ipa', 'certprofile-import', cls.user_certprofile, + "--file=%s.txt" % cls.user_certprofile, + '--store=true', '--desc="User Certs"']) + + master.run_command(['ipa', 'idview-add', cls.idview, + '--desc=description']) + + cls.reqdir = os.path.join(master.config.test_dir, "certs") + cls.reqfile1 = os.path.join(cls.reqdir, "test1.csr") + cls.reqfile2 = os.path.join(cls.reqdir, "test2.csr") + cls.pwname = os.path.join(cls.reqdir, "pwd") + + # Create an empty password file + master.run_command(['mkdir', cls.reqdir]) + # Create an empty password file + master.run_command(["touch", cls.pwname]) + + # Create our temporary NSS database + tasks.run_certutil(master, ["-N", "-f", cls.pwname], cls.reqdir) + tasks.generate_csr(master, cls.user_cn, cls.reqdir, + cls.reqfile1, cls.pwname) + tasks.generate_csr(master, cls.user_cn, cls.reqdir, + cls.reqfile2, cls.pwname) + master.run_command(['ipa', 'user-add', cls.user, + '--first', 'a', '--last', 'b', '--random']) + + def test_certs_in_idoverrides(self): + self.master.run_command(['ipa', 'idoverrideuser-add', + self.idview, self.user]) + result1 = self.master.run_command([ + 'ipa', 'cert-request', self.reqfile1, + "--principal=%s" % self.user, '--add', + "--profile-id=%s" % self.user_certprofile]) + cert1 = self.cert_re.search(result1.stdout_text).group('cert') + result2 = self.master.run_command([ + 'ipa', 'cert-request', self.reqfile2, + "--principal=%s" % self.user, '--add', + "--profile-id=%s" % self.user_certprofile]) + cert2 = self.cert_re.search(result2.stdout_text).group('cert') + + args1 = ['ipa', 'idoverrideuser-add-cert', self.idview, + self.user, "--certificate=%s" % cert1] + args2 = ['ipa', 'idoverrideuser-add-cert', self.idview, + self.user, "--certificate=%s" % cert2] + self.master.run_command(args1) + result3 = self.master.run_command(args1, raiseonerr=False) + assert_error(result3, "already contains one or more values") + result4 = self.master.run_command(args2, raiseonerr=False) + assert(result4.returncode == 0), 'Failed to add second certificate' + self.master.run_command(['ipa', 'idoverrideuser-remove-cert', + self.idview, self.user, + "--certificate=%s" % cert2]) + self.master.run_command(['ipa', 'idoverrideuser-remove-cert', + self.idview, self.user, + "--certificate=%s" % cert1]) -- 1.8.3.1
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code