Fix invalid issuer in unit tests

Fix several test failures when issuer does not match the one
generated by make-testcert (CN=Certificate Authority,O=<realm>).

https://fedorahosted.org/freeipa/ticket/1527

ipalib/x509.py

@@ -45,6 +45,10 @@ from ipalib import errors
 PEM = 0
 DER = 1
 
+def valid_issuer(issuer, realm):
+    return issuer in ('CN=%s Certificate Authority' % realm,
+                      'CN=Certificate Authority,O=%s' % realm,)
+
 def strip_header(pem):
     """
     Remove the header and footer from a certificate.
@@ -187,8 +191,7 @@ def verify_cert_subject(ldap, hostname, dercert):
     issuer = str(nsscert.issuer)
 
     # Handle both supported forms of issuer, from selfsign and dogtag.
-    if ((issuer != 'CN=%s Certificate Authority' % api.env.realm) and
-        (issuer != 'CN=Certificate Authority,O=%s' % api.env.realm)):
+    if (not valid_issuer(issuer, api.env.realm)):
         raise errors.CertificateOperationError(error=_('Issuer "%(issuer)s" does not match the expected issuer') % \
         {'issuer' : issuer})
 

tests/test_xmlrpc/test_host_plugin.py

@@ -24,7 +24,7 @@ Test the `ipalib.plugins.host` module.
 
 from ipalib import api, errors, x509
 from tests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_uuid, fuzzy_digits
-from tests.test_xmlrpc.xmlrpc_test import fuzzy_hash, fuzzy_date
+from tests.test_xmlrpc.xmlrpc_test import fuzzy_hash, fuzzy_date, fuzzy_issuer
 from tests.test_xmlrpc import objectclasses
 import base64
 
@@ -239,7 +239,7 @@ class test_host(Declarative):
                     serial_number=fuzzy_digits,
                     md5_fingerprint=fuzzy_hash,
                     sha1_fingerprint=fuzzy_hash,
-                    issuer=u'CN=%s Certificate Authority' % api.env.realm,
+                    issuer=fuzzy_issuer,
                 ),
             ),
         ),
@@ -266,7 +266,7 @@ class test_host(Declarative):
                     serial_number=fuzzy_digits,
                     md5_fingerprint=fuzzy_hash,
                     sha1_fingerprint=fuzzy_hash,
-                    issuer=u'CN=%s Certificate Authority' % api.env.realm,
+                    issuer=fuzzy_issuer,
                 ),
             ),
         ),

tests/test_xmlrpc/test_service_plugin.py

@@ -23,7 +23,7 @@ Test the `ipalib/plugins/service.py` module.
 
 from ipalib import api, errors, x509
 from tests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_uuid, fuzzy_hash
-from tests.test_xmlrpc.xmlrpc_test import fuzzy_digits, fuzzy_date
+from tests.test_xmlrpc.xmlrpc_test import fuzzy_digits, fuzzy_date, fuzzy_issuer
 from tests.test_xmlrpc import objectclasses
 import base64
 
@@ -375,7 +375,7 @@ class test_host(Declarative):
                     serial_number=fuzzy_digits,
                     md5_fingerprint=fuzzy_hash,
                     sha1_fingerprint=fuzzy_hash,
-                    issuer=u'CN=%s Certificate Authority' % api.env.realm,
+                    issuer=fuzzy_issuer,
                 ),
             ),
         ),
@@ -401,7 +401,7 @@ class test_host(Declarative):
                     serial_number=fuzzy_digits,
                     md5_fingerprint=fuzzy_hash,
                     sha1_fingerprint=fuzzy_hash,
-                    issuer=u'CN=%s Certificate Authority' % api.env.realm,
+                    issuer=fuzzy_issuer,
                 ),
             ),
         ),

tests/test_xmlrpc/xmlrpc_test.py

@@ -27,6 +27,7 @@ import nose
 from tests.util import assert_deepequal, Fuzzy
 from ipalib import api, request
 from ipalib import errors
+from ipalib.x509 import valid_issuer
 
 
 # Matches a gidnumber like '1391016742'
@@ -50,6 +51,8 @@ fuzzy_hash = Fuzzy('^([a-f0-9][a-f0-9]:)+[a-f0-9][a-f0-9]$', type=basestring)
 # Matches a date, like Tue Apr 26 17:45:35 2016 UTC
 fuzzy_date = Fuzzy('^[a-zA-Z]{3} [a-zA-Z]{3} \d{2} \d{2}:\d{2}:\d{2} \d{4} UTC$')
 
+fuzzy_issuer = Fuzzy(type=basestring, test=lambda issuer: valid_issuer(issuer, api.env.realm))
+
 try:
     if not api.Backend.xmlclient.isconnected():
         api.Backend.xmlclient.connect(fallback=False)