2015-05-08 12:39:29 -05:00
|
|
|
# Copyright (C) 2015 FreeIPA Project Contributors - see LICENSE file
|
|
|
|
|
|
|
|
from __future__ import print_function
|
2016-11-22 10:55:10 -06:00
|
|
|
from ipaserver.secrets.store import iSecStore, NAME_DB_MAP, NSSCertDB
|
2015-05-08 12:39:29 -05:00
|
|
|
import os
|
|
|
|
import shutil
|
|
|
|
import subprocess
|
2018-04-05 06:12:59 -05:00
|
|
|
import tempfile
|
2019-10-15 05:24:11 -05:00
|
|
|
|
|
|
|
import pytest
|
2015-05-08 12:39:29 -05:00
|
|
|
|
|
|
|
|
|
|
|
def _test_password_callback():
|
|
|
|
with open('test-ipa-sec-store/pwfile') as f:
|
|
|
|
password = f.read()
|
|
|
|
return password
|
|
|
|
|
|
|
|
|
2019-10-15 05:24:11 -05:00
|
|
|
class TestiSecStore:
|
|
|
|
certdb = None
|
|
|
|
cert2db = None
|
|
|
|
|
|
|
|
@pytest.fixture(autouse=True, scope="class")
|
|
|
|
def isec_store_setup(self, request):
|
|
|
|
cls = request.cls
|
2018-04-05 06:12:59 -05:00
|
|
|
cls.testdir = tempfile.mkdtemp(suffix='ipa-sec-store')
|
|
|
|
pwfile = os.path.join(cls.testdir, 'pwfile')
|
2015-05-08 12:39:29 -05:00
|
|
|
with open(pwfile, 'w') as f:
|
|
|
|
f.write('testpw')
|
2018-04-05 06:12:59 -05:00
|
|
|
cls.certdb = os.path.join(cls.testdir, 'certdb')
|
2015-05-08 12:39:29 -05:00
|
|
|
os.mkdir(cls.certdb)
|
2018-04-05 06:12:59 -05:00
|
|
|
cls.cert2db = os.path.join(cls.testdir, 'cert2db')
|
2015-05-08 12:39:29 -05:00
|
|
|
os.mkdir(cls.cert2db)
|
2018-04-05 06:12:59 -05:00
|
|
|
seedfile = os.path.join(cls.testdir, 'seedfile')
|
2015-10-20 11:14:14 -05:00
|
|
|
with open(seedfile, 'wb') as f:
|
2015-05-08 12:39:29 -05:00
|
|
|
seed = os.urandom(1024)
|
|
|
|
f.write(seed)
|
2018-04-05 06:12:59 -05:00
|
|
|
subprocess.call(
|
|
|
|
['certutil', '-d', cls.certdb, '-N', '-f', pwfile],
|
|
|
|
cwd=cls.testdir
|
|
|
|
)
|
|
|
|
subprocess.call(
|
|
|
|
['certutil', '-d', cls.cert2db, '-N', '-f', pwfile],
|
|
|
|
cwd=cls.testdir
|
|
|
|
)
|
|
|
|
subprocess.call(
|
|
|
|
['certutil', '-d', cls.certdb, '-S', '-f', pwfile,
|
|
|
|
'-s', 'CN=testCA', '-n', 'testCACert', '-x',
|
|
|
|
'-t', 'CT,C,C', '-m', '1', '-z', seedfile],
|
|
|
|
cwd=cls.testdir
|
|
|
|
)
|
|
|
|
|
2019-10-15 05:24:11 -05:00
|
|
|
def fin():
|
|
|
|
shutil.rmtree(cls.testdir)
|
|
|
|
request.addfinalizer(fin)
|
2015-05-08 12:39:29 -05:00
|
|
|
|
|
|
|
def test_iSecStore(self):
|
|
|
|
iss = iSecStore({})
|
|
|
|
|
|
|
|
NAME_DB_MAP['test'] = {
|
|
|
|
'type': 'NSSDB',
|
|
|
|
'path': self.certdb,
|
|
|
|
'handler': NSSCertDB,
|
|
|
|
'pwcallback': _test_password_callback,
|
|
|
|
}
|
|
|
|
value = iss.get('keys/test/testCACert')
|
|
|
|
|
|
|
|
NAME_DB_MAP['test']['path'] = self.cert2db
|
|
|
|
iss.set('keys/test/testCACert', value)
|