URL: https://github.com/freeipa/freeipa/pull/1680 Author: Rezney Title: #1680: [Backport][ipa-4-5] - Sub ca sign Action: opened
PR body: """ test to verify that replica is able to sign a certificate with new sub CA. https://pagure.io/freeipa/issue/7387 Reviewed-By: Fraser Tweedale <ftwee...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1680/head:pr1680 git checkout pr1680
From 54a6b16619c237224f1966598a07647304b7de78 Mon Sep 17 00:00:00 2001 From: Michal Reznik <mrez...@redhat.com> Date: Mon, 26 Feb 2018 15:58:17 +0100 Subject: [PATCH] ipa_tests: test signing request with subca on replica test to verify that replica is able to sign a certificate with new sub CA. https://pagure.io/freeipa/issue/7387 Reviewed-By: Fraser Tweedale <ftwee...@redhat.com> --- .../test_integration/test_replica_promotion.py | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/ipatests/test_integration/test_replica_promotion.py b/ipatests/test_integration/test_replica_promotion.py index c093369464..4a31828183 100644 --- a/ipatests/test_integration/test_replica_promotion.py +++ b/ipatests/test_integration/test_replica_promotion.py @@ -613,3 +613,26 @@ def test_sub_ca_key_replication(self): encoding='utf-8') # check for cert/key import error message assert self.ERR_MESS not in pki_debug_log + + def test_sign_with_subca_on_replica(self): + master = self.master + replica = self.replicas[0] + + TEST_KEY_FILE = '/etc/pki/tls/private/test_subca.key' + TEST_CRT_FILE = '/etc/pki/tls/private/test_subca.crt' + + caacl_cmd = ['ipa', 'caacl-add-ca', 'hosts_services_caIPAserviceCert', + '--cas', self.SUBCA] + master.run_command(caacl_cmd) + + request_cmd = [paths.IPA_GETCERT, 'request', '-w', '-k', + TEST_KEY_FILE, '-f', TEST_CRT_FILE, '-X', self.SUBCA] + replica.run_command(request_cmd) + + status_cmd = [paths.IPA_GETCERT, 'status', '-v', '-f', TEST_CRT_FILE] + status = replica.run_command(status_cmd) + assert 'State MONITORING, stuck: no' in status.stdout_text + + ssl_cmd = ['openssl', 'x509', '-text', '-in', TEST_CRT_FILE] + ssl = replica.run_command(ssl_cmd) + assert 'Issuer: CN = {}'.format(self.SUBCA) in ssl.stdout_text
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org