2013-11-27 07:53:57 -06:00
|
|
|
#!/usr/bin/python2
|
2010-12-09 06:59:11 -06:00
|
|
|
# Authors:
|
|
|
|
# Jason Gerard DeRose <jderose@redhat.com>
|
|
|
|
# John Dennis <jdennis@redhat.com>
|
|
|
|
#
|
|
|
|
# Copyright (C) 2009 Red Hat
|
|
|
|
# see file 'COPYING' for use and warranty information
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
#
|
2009-02-10 23:49:21 -06:00
|
|
|
|
2009-02-13 14:20:13 -06:00
|
|
|
"""
|
|
|
|
This tests the api.Backend.ra plugin against a test CA server awnuk has runnig.
|
|
|
|
It's only accessible from inside the Red Hat firewall. Obviously this needs
|
|
|
|
work so the community can also run this test, but it's a start.
|
|
|
|
|
|
|
|
Also, awnuk had to help me register the IPA instance I'm running with his
|
|
|
|
server. I don't exactly remember the steps, so ping him for help.
|
|
|
|
|
|
|
|
--jderose 2009-02-13
|
|
|
|
"""
|
2015-08-12 06:44:11 -05:00
|
|
|
from __future__ import print_function
|
2009-02-13 14:20:13 -06:00
|
|
|
|
|
|
|
from os import path
|
|
|
|
import sys
|
|
|
|
parent = path.dirname(path.dirname(path.abspath(__file__)))
|
2009-12-08 15:57:07 -06:00
|
|
|
sys.path.insert(0, parent)
|
|
|
|
verbose = True
|
2009-02-13 14:20:13 -06:00
|
|
|
|
2009-02-10 23:49:21 -06:00
|
|
|
from base64 import b64encode, b64decode
|
|
|
|
from ipalib import api
|
|
|
|
|
2009-12-08 15:57:07 -06:00
|
|
|
subject = u'CN=vm-070.idm.lab.bos.redhat.com'
|
|
|
|
csr = '\
|
|
|
|
MIIBZzCB0QIBADAoMSYwJAYDVQQDEx12bS0wNzAuaWRtLmxhYi5ib3MucmVkaGF0\n\
|
|
|
|
LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAriTSlAG+/xkvtxliWMeO\n\
|
|
|
|
Qu+vFQTz+/fgy7xWIg6WR2At6j/9eJ7LUYhqguqevOAQpuePxY4/FEfpmQ6PTgs/\n\
|
|
|
|
LXKa0vhIkXzkmMjKynUIWHYeaZekcXxye1dV/PdNB6H801xs60YjbScOJj3Hexvm\n\
|
|
|
|
hOKsdmwO1ukqTTEKDXrr3c8CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAG4pTLrE\n\
|
|
|
|
cvrkQXVdMOjgAVJ6KZYl/caIOYhIlcJ3jhf95Bv/Zs3lpfHjXnM8jj4EWfyd0lZx\n\
|
|
|
|
2EUytXXubKJUpjUCeBp4oaQ2Ahvdxo++oUcbXkKxtCOUB6Mw8XEIVYaldZlcHDHM\n\
|
|
|
|
dysLdrZ3K9HOzoeSq2e0m+trQaWnBQG47O7F\n\
|
|
|
|
'
|
|
|
|
|
|
|
|
reference_decode = {
|
|
|
|
'certificate' : b64decode
|
|
|
|
}
|
|
|
|
|
|
|
|
trial_decode = {
|
|
|
|
'certificate' : b64decode
|
|
|
|
}
|
2009-02-10 23:49:21 -06:00
|
|
|
|
2009-02-13 14:20:13 -06:00
|
|
|
api.bootstrap(
|
|
|
|
in_server=True,
|
|
|
|
enable_ra=True,
|
2009-12-08 15:57:07 -06:00
|
|
|
ra_plugin='dogtag',
|
|
|
|
ca_host='vm-070.idm.lab.bos.redhat.com',
|
2009-02-13 14:20:13 -06:00
|
|
|
debug=True,
|
|
|
|
in_tree=True,
|
|
|
|
)
|
2009-02-10 23:49:21 -06:00
|
|
|
api.finalize()
|
|
|
|
ra = api.Backend.ra
|
|
|
|
|
2009-12-08 15:57:07 -06:00
|
|
|
def assert_equal(trial, reference):
|
Use Python3-compatible dict method names
Python 2 has keys()/values()/items(), which return lists,
iterkeys()/itervalues()/iteritems(), which return iterators,
and viewkeys()/viewvalues()/viewitems() which return views.
Python 3 has only keys()/values()/items(), which return views.
To get iterators, one can use iter() or a for loop/comprehension;
for lists there's the list() constructor.
When iterating through the entire dict, without modifying the dict,
the difference between Python 2's items() and iteritems() is
negligible, especially on small dicts (the main overhead is
extra memory, not CPU time). In the interest of simpler code,
this patch changes many instances of iteritems() to items(),
iterkeys() to keys() etc.
In other cases, helpers like six.itervalues are used.
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-08-11 06:51:14 -05:00
|
|
|
keys = sorted(reference)
|
2009-12-08 15:57:07 -06:00
|
|
|
for key in keys:
|
|
|
|
reference_val = reference[key]
|
|
|
|
trial_val = trial[key]
|
2009-02-10 23:49:21 -06:00
|
|
|
|
2015-07-30 10:29:39 -05:00
|
|
|
if key in reference_decode:
|
2009-12-08 15:57:07 -06:00
|
|
|
reference_val = reference_decode[key](reference_val)
|
2009-02-10 23:49:21 -06:00
|
|
|
|
2015-07-30 10:29:39 -05:00
|
|
|
if key in trial_decode:
|
2009-12-08 15:57:07 -06:00
|
|
|
trial_val = trial_decode[key](trial_val)
|
|
|
|
|
|
|
|
assert reference_val == trial_val, \
|
|
|
|
'%s: not equal\n\nreference_val:\n%r\ntrial_val:\n%r' % \
|
|
|
|
(key, reference[key], trial[key])
|
2009-02-10 23:49:21 -06:00
|
|
|
|
|
|
|
|
|
|
|
api.log.info('******** Testing ra.request_certificate() ********')
|
2015-05-08 01:23:24 -05:00
|
|
|
request_result = ra.request_certificate(csr, ra.DEFAULT_PROFILE)
|
2015-08-12 06:44:11 -05:00
|
|
|
if verbose: print("request_result=\n%s" % request_result)
|
2009-12-08 15:57:07 -06:00
|
|
|
assert_equal(request_result,
|
|
|
|
{'subject' : subject,
|
|
|
|
})
|
|
|
|
|
|
|
|
api.log.info('******** Testing ra.check_request_status() ********')
|
|
|
|
status_result = ra.check_request_status(request_result['request_id'])
|
2015-08-12 06:44:11 -05:00
|
|
|
if verbose: print("status_result=\n%s" % status_result)
|
2009-12-08 15:57:07 -06:00
|
|
|
assert_equal(status_result,
|
|
|
|
{'serial_number' : request_result['serial_number'],
|
|
|
|
'request_id' : request_result['request_id'],
|
|
|
|
'cert_request_status' : u'complete',
|
|
|
|
})
|
|
|
|
|
|
|
|
api.log.info('******** Testing ra.get_certificate() ********')
|
|
|
|
get_result = ra.get_certificate(request_result['serial_number'])
|
2015-08-12 06:44:11 -05:00
|
|
|
if verbose: print("get_result=\n%s" % get_result)
|
2009-12-08 15:57:07 -06:00
|
|
|
assert_equal(get_result,
|
|
|
|
{'serial_number' : request_result['serial_number'],
|
|
|
|
'certificate' : request_result['certificate'],
|
|
|
|
})
|
2009-02-10 23:49:21 -06:00
|
|
|
|
|
|
|
api.log.info('******** Testing ra.revoke_certificate() ********')
|
2009-12-08 15:57:07 -06:00
|
|
|
revoke_result = ra.revoke_certificate(request_result['serial_number'],
|
|
|
|
revocation_reason=6) # Put on hold
|
2015-08-12 06:44:11 -05:00
|
|
|
if verbose: print("revoke_result=\n%s" % revoke_result)
|
2009-12-08 15:57:07 -06:00
|
|
|
assert_equal(revoke_result,
|
|
|
|
{'revoked' : True
|
|
|
|
})
|
|
|
|
|
2009-02-10 23:49:21 -06:00
|
|
|
|
|
|
|
api.log.info('******** Testing ra.take_certificate_off_hold() ********')
|
2009-12-08 15:57:07 -06:00
|
|
|
unrevoke_result = ra.take_certificate_off_hold(request_result['serial_number'])
|
2015-08-12 06:44:11 -05:00
|
|
|
if verbose: print("unrevoke_result=\n%s" % unrevoke_result)
|
2009-12-08 15:57:07 -06:00
|
|
|
assert_equal(unrevoke_result,
|
|
|
|
{'unrevoked' : True
|
|
|
|
})
|
|
|
|
|