IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Remove os.chdir() from test_ipap11helper

Browse Source 
test_ipap11helper no longer changes directory for the entire test suite.
The fix revealed a bug in another test suite. test_secrets now uses a
proper temporary directory.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Christian Heimes
2018-04-05 13:12:59 +02:00
parent 807a5cbe7c
commit 1b320ac3e7
3 changed files with 72 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
ipatests/test_integration/test_caless.py
View File

@@ -17,6 +17,7 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
import functools
import logging import logging
import os import os
import tempfile import tempfile
@@ -178,10 +179,14 @@ class CALessBase(IntegrationTest):
if host is None: if host is None:
host = cls.master host = cls.master
extra_args = ['--http-cert-file', http_pkcs12, destname = functools.partial(os.path.join, host.config.test_dir)
'--dirsrv-cert-file', dirsrv_pkcs12,
'--ca-cert-file', root_ca_file, extra_args = [
'--ip-address', host.ip] '--http-cert-file', destname(http_pkcs12),
'--dirsrv-cert-file', destname(dirsrv_pkcs12),
'--ca-cert-file', destname(root_ca_file),
'--ip-address', host.ip
]
if http_pin is _DEFAULT: if http_pin is _DEFAULT:
http_pin = cls.cert_password http_pin = cls.cert_password
@@ -197,7 +202,9 @@ class CALessBase(IntegrationTest):
files_to_copy.append(dirsrv_pkcs12) files_to_copy.append(dirsrv_pkcs12)
if pkinit_pkcs12_exists: if pkinit_pkcs12_exists:
files_to_copy.append(pkinit_pkcs12) files_to_copy.append(pkinit_pkcs12)
extra_args.extend(['--pkinit-cert-file', pkinit_pkcs12]) extra_args.extend(
['--pkinit-cert-file', destname(pkinit_pkcs12)]
)
else: else:
extra_args.append('--no-pkinit') extra_args.append('--no-pkinit')
for filename in set(files_to_copy): for filename in set(files_to_copy):
@@ -277,11 +284,20 @@ class CALessBase(IntegrationTest):
extra_args = [] extra_args = []
if http_pkcs12_exists: if http_pkcs12_exists:
extra_args.extend(['--http-cert-file', http_pkcs12]) extra_args.extend([
'--http-cert-file',
os.path.join(destination_host.config.test_dir, http_pkcs12)
])
if dirsrv_pkcs12_exists: if dirsrv_pkcs12_exists:
extra_args.extend(['--dirsrv-cert-file', dirsrv_pkcs12]) extra_args.extend([
'--dirsrv-cert-file',
os.path.join(destination_host.config.test_dir, dirsrv_pkcs12)
])
if pkinit_pkcs12_exists and domain_level != DOMAIN_LEVEL_0: if pkinit_pkcs12_exists and domain_level != DOMAIN_LEVEL_0:
extra_args.extend(['--pkinit-cert-file', pkinit_pkcs12]) extra_args.extend([
'--pkinit-cert-file',
os.path.join(destination_host.config.test_dir, pkinit_pkcs12)
])
else: else:
extra_args.append('--no-pkinit') extra_args.append('--no-pkinit')

36
ipatests/test_ipaserver/test_ipap11helper.py
View File

@@ -47,17 +47,25 @@ replica_non_existent_label = u"replica-nonexistent"
@pytest.fixture(scope="module") @pytest.fixture(scope="module")
def p11(request): def token_path():
token_path = tempfile.mkdtemp(prefix='pytest_', suffix='_pkcs11') token_path = tempfile.mkdtemp(prefix='pytest_', suffix='_pkcs11')
os.chdir(token_path) os.mkdir(os.path.join(token_path, 'tokens'))
os.mkdir('tokens') return token_path
with open('softhsm2.conf', 'w') as cfg:
@pytest.fixture(scope="module")
def p11(request, token_path):
with open(os.path.join(token_path, 'softhsm2.conf'), 'w') as cfg:
cfg.write(CONFIG_DATA % token_path) cfg.write(CONFIG_DATA % token_path)
args = [
SOFTHSM2_UTIL, '--init-token', '--free',
'--label', 'test',
'--pin', '1234',
'--so-pin', '1234'
]
os.environ['SOFTHSM2_CONF'] = os.path.join(token_path, 'softhsm2.conf') os.environ['SOFTHSM2_CONF'] = os.path.join(token_path, 'softhsm2.conf')
subprocess.check_call([SOFTHSM2_UTIL, '--init-token', '--free', subprocess.check_call(args, cwd=token_path)
'--label', 'test', '--pin', '1234', '--so-pin',
'1234'])
try: try:
p11 = _ipap11helper.P11_Helper('test', "1234", LIBSOFTHSM) p11 = _ipap11helper.P11_Helper('test', "1234", LIBSOFTHSM)
@@ -71,7 +79,9 @@ def p11(request):
pytest.fail('Failed to finalize the helper object.', pytrace=False) pytest.fail('Failed to finalize the helper object.', pytrace=False)
finally: finally:
subprocess.call( subprocess.call(
[SOFTHSM2_UTIL, '--delete-token', '--label', 'test']) [SOFTHSM2_UTIL, '--delete-token', '--label', 'test'],
cwd=token_path
)
del os.environ['SOFTHSM2_CONF'] del os.environ['SOFTHSM2_CONF']
request.addfinalizer(fin) request.addfinalizer(fin)
@@ -134,13 +144,14 @@ class test_p11helper(object):
"'%s' should not exist" % "'%s' should not exist" %
replica_non_existent_label) replica_non_existent_label)
def test_export_import_of_public_key(self, p11): def test_export_import_of_public_key(self, p11, token_path):
rep1_pub = p11.find_keys(_ipap11helper.KEY_CLASS_PUBLIC_KEY, rep1_pub = p11.find_keys(_ipap11helper.KEY_CLASS_PUBLIC_KEY,
label=replica1_key_label, cka_wrap=True)[0] label=replica1_key_label, cka_wrap=True)[0]
pub = p11.export_public_key(rep1_pub) pub = p11.export_public_key(rep1_pub)
log.debug("Exported public key %s", hexlify(pub)) log.debug("Exported public key %s", hexlify(pub))
with open("public_key.asn1.der", "wb") as f: pubfile = os.path.join(token_path, "public_key.asn1.der")
with open(pubfile, "wb") as f:
f.write(pub) f.write(pub)
rep1_pub_import = p11.import_public_key(replica1_import_label, rep1_pub_import = p11.import_public_key(replica1_import_label,
@@ -166,7 +177,7 @@ class test_p11helper(object):
log.debug('rep1_pub_exp_import = 0x%s', hexlify(rep1_pub_exp_import)) log.debug('rep1_pub_exp_import = 0x%s', hexlify(rep1_pub_exp_import))
assert rep1_pub_exp_import == rep1_pub_exp_orig assert rep1_pub_exp_import == rep1_pub_exp_orig
def test_wrap_unwrap_key_by_master_key_with_AES(self, p11): def test_wrap_unwrap_key_by_master_key_with_AES(self, p11, token_path):
master_key = p11.find_keys(_ipap11helper.KEY_CLASS_SECRET_KEY, master_key = p11.find_keys(_ipap11helper.KEY_CLASS_SECRET_KEY,
label=master_key_label, id=master_key_id)[0] label=master_key_label, id=master_key_id)[0]
rep2_priv = p11.find_keys(_ipap11helper.KEY_CLASS_PRIVATE_KEY, rep2_priv = p11.find_keys(_ipap11helper.KEY_CLASS_PRIVATE_KEY,
@@ -179,7 +190,8 @@ class test_p11helper(object):
assert wrapped_priv assert wrapped_priv
log.debug("wrapped_dnssec priv key: %s", hexlify(wrapped_priv)) log.debug("wrapped_dnssec priv key: %s", hexlify(wrapped_priv))
with open("wrapped_priv.der", "wb") as f: privfile = os.path.join(token_path, "wrapped_priv.der")
with open(privfile, "wb") as f:
f.write(wrapped_priv) f.write(wrapped_priv)
assert p11.import_wrapped_private_key( assert p11.import_wrapped_private_key(

39
ipatests/test_ipaserver/test_secrets.py
View File

@@ -5,6 +5,7 @@ from ipaserver.secrets.store import iSecStore, NAME_DB_MAP, NSSCertDB
import os import os
import shutil import shutil
import subprocess import subprocess
import tempfile
import unittest import unittest
@@ -17,28 +18,36 @@ def _test_password_callback():
class TestiSecStore(unittest.TestCase): class TestiSecStore(unittest.TestCase):
@classmethod @classmethod
def setUpClass(cls): def setUpClass(cls):
try: cls.testdir = tempfile.mkdtemp(suffix='ipa-sec-store')
shutil.rmtree('test-ipa-sec-store') pwfile = os.path.join(cls.testdir, 'pwfile')
except Exception: # pylint: disable=broad-except
pass
testdir = 'test-ipa-sec-store'
pwfile = os.path.join(testdir, 'pwfile')
os.mkdir(testdir)
with open(pwfile, 'w') as f: with open(pwfile, 'w') as f:
f.write('testpw') f.write('testpw')
cls.certdb = os.path.join(testdir, 'certdb') cls.certdb = os.path.join(cls.testdir, 'certdb')
os.mkdir(cls.certdb) os.mkdir(cls.certdb)
cls.cert2db = os.path.join(testdir, 'cert2db') cls.cert2db = os.path.join(cls.testdir, 'cert2db')
os.mkdir(cls.cert2db) os.mkdir(cls.cert2db)
seedfile = os.path.join(testdir, 'seedfile') seedfile = os.path.join(cls.testdir, 'seedfile')
with open(seedfile, 'wb') as f: with open(seedfile, 'wb') as f:
seed = os.urandom(1024) seed = os.urandom(1024)
f.write(seed) f.write(seed)
subprocess.call(['certutil', '-d', cls.certdb, '-N', '-f', pwfile]) subprocess.call(
subprocess.call(['certutil', '-d', cls.cert2db, '-N', '-f', pwfile]) ['certutil', '-d', cls.certdb, '-N', '-f', pwfile],
subprocess.call(['certutil', '-d', cls.certdb, '-S', '-f', pwfile, cwd=cls.testdir
'-s', 'CN=testCA', '-n', 'testCACert', '-x', )
'-t', 'CT,C,C', '-m', '1', '-z', seedfile]) subprocess.call(
['certutil', '-d', cls.cert2db, '-N', '-f', pwfile],
cwd=cls.testdir
)
subprocess.call(
['certutil', '-d', cls.certdb, '-S', '-f', pwfile,
'-s', 'CN=testCA', '-n', 'testCACert', '-x',
'-t', 'CT,C,C', '-m', '1', '-z', seedfile],
cwd=cls.testdir
)
@classmethod
def tearDownClass(cls):
shutil.rmtree(cls.testdir)
def test_iSecStore(self): def test_iSecStore(self):
iss = iSecStore({}) iss = iSecStore({})