[Freeipa-devel] [freeipa PR#1680][opened] [Backport][ipa-4-5] - Sub ca sign

Wed, 14 Mar 2018 02:49:42 -0700 

   URL: https://github.com/freeipa/freeipa/pull/1680
Author: Rezney
 Title: #1680: [Backport][ipa-4-5] - Sub ca sign
Action: opened

PR body:
"""
test to verify that replica is able to sign a certificate with
new sub CA.

https://pagure.io/freeipa/issue/7387

Reviewed-By: Fraser Tweedale <ftwee...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1680/head:pr1680
git checkout pr1680

From 54a6b16619c237224f1966598a07647304b7de78 Mon Sep 17 00:00:00 2001
From: Michal Reznik <mrez...@redhat.com>
Date: Mon, 26 Feb 2018 15:58:17 +0100
Subject: [PATCH] ipa_tests: test signing request with subca on replica

test to verify that replica is able to sign a certificate with
new sub CA.

https://pagure.io/freeipa/issue/7387

Reviewed-By: Fraser Tweedale <ftwee...@redhat.com>
---
 .../test_integration/test_replica_promotion.py     | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py
index c093369464..4a31828183 100644
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@@ -613,3 +613,26 @@ def test_sub_ca_key_replication(self):
                                                   encoding='utf-8')
         # check for cert/key import error message
         assert self.ERR_MESS not in pki_debug_log
+
+    def test_sign_with_subca_on_replica(self):
+        master = self.master
+        replica = self.replicas[0]
+
+        TEST_KEY_FILE = '/etc/pki/tls/private/test_subca.key'
+        TEST_CRT_FILE = '/etc/pki/tls/private/test_subca.crt'
+
+        caacl_cmd = ['ipa', 'caacl-add-ca', 'hosts_services_caIPAserviceCert',
+                     '--cas', self.SUBCA]
+        master.run_command(caacl_cmd)
+
+        request_cmd = [paths.IPA_GETCERT, 'request', '-w', '-k',
+                       TEST_KEY_FILE, '-f', TEST_CRT_FILE, '-X', self.SUBCA]
+        replica.run_command(request_cmd)
+
+        status_cmd = [paths.IPA_GETCERT, 'status', '-v', '-f', TEST_CRT_FILE]
+        status = replica.run_command(status_cmd)
+        assert 'State MONITORING, stuck: no' in status.stdout_text
+
+        ssl_cmd = ['openssl', 'x509', '-text', '-in', TEST_CRT_FILE]
+        ssl = replica.run_command(ssl_cmd)
+        assert 'Issuer: CN = {}'.format(self.SUBCA) in ssl.stdout_text

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to