IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

test_acme: Use ipalib.x509

Browse Source 
Use IPA's x509 module instead of `cryptography.x509`. This fixes a
regression which was introduced in commit a45a7a20.

Related: https://pagure.io/freeipa/issue/9518
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
This commit is contained in:
Christian Heimes 2024-01-25 08:56:11 +01:00 committed by Florence Blanc-Renaud
parent a45a7a20d9
commit 22875ea2c6
2 changed files with 6 additions and 8 deletions
ipatests/test_integration
test_acme.pytest_ipa_cert_fix.py

9
ipatests/test_integration/test_acme.py
View File

@ -4,11 +4,10 @@
import time import time
from cryptography.hazmat.backends import default_backend
from cryptography import x509
import pytest import pytest
from ipalib.constants import IPA_CA_RECORD from ipalib.constants import IPA_CA_RECORD
from ipalib import x509
from ipatests.test_integration.base import IntegrationTest from ipatests.test_integration.base import IntegrationTest
from ipatests.pytest_ipa.integration.firewall import Firewall from ipatests.pytest_ipa.integration.firewall import Firewall
from ipatests.pytest_ipa.integration import tasks from ipatests.pytest_ipa.integration import tasks
@ -278,7 +277,7 @@ class TestACME(CALessBase):
cert_path = \ cert_path = \
f'/etc/letsencrypt/live/{self.clients[0].hostname}/cert.pem' f'/etc/letsencrypt/live/{self.clients[0].hostname}/cert.pem'
data = self.clients[0].get_file_contents(cert_path) data = self.clients[0].get_file_contents(cert_path)
cert = x509.load_pem_x509_certificate(data, backend=default_backend()) cert = x509.load_pem_x509_certificate(data)
# revoke cert via ACME # revoke cert via ACME
self.clients[0].run_command( self.clients[0].run_command(
@ -669,7 +668,7 @@ class TestACMERenew(IntegrationTest):
data = self.clients[0].get_file_contents( data = self.clients[0].get_file_contents(
f'/etc/letsencrypt/live/{self.clients[0].hostname}/cert.pem' f'/etc/letsencrypt/live/{self.clients[0].hostname}/cert.pem'
) )
cert = x509.load_pem_x509_certificate(data, backend=default_backend()) cert = x509.load_pem_x509_certificate(data)
initial_expiry = cert.not_valid_after_utc initial_expiry = cert.not_valid_after_utc
self.clients[0].run_command(['certbot', 'renew']) self.clients[0].run_command(['certbot', 'renew'])
@ -677,7 +676,7 @@ class TestACMERenew(IntegrationTest):
data = self.clients[0].get_file_contents( data = self.clients[0].get_file_contents(
f'/etc/letsencrypt/live/{self.clients[0].hostname}/cert.pem' f'/etc/letsencrypt/live/{self.clients[0].hostname}/cert.pem'
) )
cert = x509.load_pem_x509_certificate(data, backend=default_backend()) cert = x509.load_pem_x509_certificate(data)
renewed_expiry = cert.not_valid_after_utc renewed_expiry = cert.not_valid_after_utc
assert initial_expiry != renewed_expiry assert initial_expiry != renewed_expiry

5
ipatests/test_integration/test_ipa_cert_fix.py
View File

@ -5,13 +5,12 @@
""" """
Module provides tests for ipa-cert-fix CLI. Module provides tests for ipa-cert-fix CLI.
""" """
from cryptography.hazmat.backends import default_backend
from cryptography import x509
from datetime import datetime, date from datetime import datetime, date
import pytest import pytest
import time import time
import logging import logging
from ipalib import x509
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ipapython.ipaldap import realm_to_serverid from ipapython.ipaldap import realm_to_serverid
from ipatests.pytest_ipa.integration import tasks from ipatests.pytest_ipa.integration import tasks
@ -91,7 +90,7 @@ def get_cert_expiry(host, nssdb_path, cert_nick):
'-o', '/root/cert.pem' '-o', '/root/cert.pem'
]) ])
data = host.get_file_contents('/root/cert.pem') data = host.get_file_contents('/root/cert.pem')
cert = x509.load_pem_x509_certificate(data, backend=default_backend()) cert = x509.load_pem_x509_certificate(data)
return cert.not_valid_after_utc return cert.not_valid_after_utc