mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Some PKCS#12 errors are reported with full path names
This is related to change in certutil which does a cwd to the location of the NSS database. certutil is used as part of loading a PKCS#12 file to do validation. https://pagure.io/freeipa/issue/7489 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexey Slaykovsky <alexey@slaykovsky.com>
This commit is contained in:
Rob Crittenden
parent
138ae4abe7
commit
3384147ca1
@ -424,8 +424,8 @@ class TestServerInstall(CALessBase):
|
|||||||
|
|
||||||
result = self.install_server(root_ca_file='does_not_exist')
|
result = self.install_server(root_ca_file='does_not_exist')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'Failed to open does_not_exist: No such file '
|
'Failed to open %s/does_not_exist: No such file '
|
||||||
'or directory')
|
'or directory' % self.master.config.test_dir)
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_unknown_ca(self):
|
def test_unknown_ca(self):
|
||||||
@ -436,7 +436,8 @@ class TestServerInstall(CALessBase):
|
|||||||
|
|
||||||
result = self.install_server()
|
result = self.install_server()
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The full certificate chain is not present in server.p12')
|
'The full certificate chain is not present in '
|
||||||
|
'%s/server.p12' % self.master.config.test_dir)
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_ca_server_cert(self):
|
def test_ca_server_cert(self):
|
||||||
@ -447,7 +448,8 @@ class TestServerInstall(CALessBase):
|
|||||||
|
|
||||||
result = self.install_server()
|
result = self.install_server()
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The full certificate chain is not present in server.p12')
|
'The full certificate chain is not present in '
|
||||||
|
'%s/server.p12' % self.master.config.test_dir)
|
||||||
|
|
||||||
@pytest.mark.xfail(reason='Ticket N 6289')
|
@pytest.mark.xfail(reason='Ticket N 6289')
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
@ -473,7 +475,8 @@ class TestServerInstall(CALessBase):
|
|||||||
|
|
||||||
result = self.install_server(http_pkcs12='does_not_exist',
|
result = self.install_server(http_pkcs12='does_not_exist',
|
||||||
http_pkcs12_exists=False)
|
http_pkcs12_exists=False)
|
||||||
assert_error(result, 'Failed to open does_not_exist')
|
assert_error(result, 'Failed to open %s/does_not_exist' %
|
||||||
|
self.master.config.test_dir)
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_nonexistent_ds_pkcs12_file(self):
|
def test_nonexistent_ds_pkcs12_file(self):
|
||||||
@ -484,7 +487,8 @@ class TestServerInstall(CALessBase):
|
|||||||
|
|
||||||
result = self.install_server(dirsrv_pkcs12='does_not_exist',
|
result = self.install_server(dirsrv_pkcs12='does_not_exist',
|
||||||
dirsrv_pkcs12_exists=False)
|
dirsrv_pkcs12_exists=False)
|
||||||
assert_error(result, 'Failed to open does_not_exist')
|
assert_error(result, 'Failed to open %s/does_not_exist' %
|
||||||
|
self.master.config.test_dir)
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_missing_http_password(self):
|
def test_missing_http_password(self):
|
||||||
@ -543,8 +547,9 @@ class TestServerInstall(CALessBase):
|
|||||||
result = self.install_server(http_pkcs12='http.p12',
|
result = self.install_server(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in http.p12 is not valid: '
|
'The server certificate in %s/http.p12 is not valid: '
|
||||||
'invalid for server %s' % self.master.hostname)
|
'invalid for server %s' %
|
||||||
|
(self.master.config.test_dir, self.master.hostname))
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_invalid_ds_cn(self):
|
def test_invalid_ds_cn(self):
|
||||||
@ -557,8 +562,9 @@ class TestServerInstall(CALessBase):
|
|||||||
result = self.install_server(http_pkcs12='http.p12',
|
result = self.install_server(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in dirsrv.p12 is not valid: '
|
'The server certificate in %s/dirsrv.p12 is not valid: '
|
||||||
'invalid for server %s' % self.master.hostname)
|
'invalid for server %s' %
|
||||||
|
(self.master.config.test_dir, self.master.hostname))
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_expired_http(self):
|
def test_expired_http(self):
|
||||||
@ -571,8 +577,9 @@ class TestServerInstall(CALessBase):
|
|||||||
result = self.install_server(http_pkcs12='http.p12',
|
result = self.install_server(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in http.p12 is not valid: {err}'
|
'The server certificate in {dir}/http.p12 is not valid: '
|
||||||
.format(err=CERT_EXPIRED_MSG))
|
'{err}'.format(dir=self.master.config.test_dir,
|
||||||
|
err=CERT_EXPIRED_MSG))
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_expired_ds(self):
|
def test_expired_ds(self):
|
||||||
@ -585,8 +592,9 @@ class TestServerInstall(CALessBase):
|
|||||||
result = self.install_server(http_pkcs12='http.p12',
|
result = self.install_server(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in dirsrv.p12 is not valid: {err}'
|
'The server certificate in {dir}/dirsrv.p12 is not '
|
||||||
.format(err=CERT_EXPIRED_MSG))
|
'valid: {err}'.format(dir=self.master.config.test_dir,
|
||||||
|
err=CERT_EXPIRED_MSG))
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_http_bad_usage(self):
|
def test_http_bad_usage(self):
|
||||||
@ -599,8 +607,9 @@ class TestServerInstall(CALessBase):
|
|||||||
result = self.install_server(http_pkcs12='http.p12',
|
result = self.install_server(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in http.p12 is not valid: {err}'
|
'The server certificate in {dir}/http.p12 is not '
|
||||||
.format(err=BAD_USAGE_MSG))
|
'valid: {err}'.format(dir=self.master.config.test_dir,
|
||||||
|
err=BAD_USAGE_MSG))
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_ds_bad_usage(self):
|
def test_ds_bad_usage(self):
|
||||||
@ -613,8 +622,9 @@ class TestServerInstall(CALessBase):
|
|||||||
result = self.install_server(http_pkcs12='http.p12',
|
result = self.install_server(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in dirsrv.p12 is not valid: {err}'
|
'The server certificate in {dir}/dirsrv.p12 is not '
|
||||||
.format(err=BAD_USAGE_MSG))
|
'valid: {err}'.format(dir=self.master.config.test_dir,
|
||||||
|
err=BAD_USAGE_MSG))
|
||||||
|
|
||||||
@server_install_teardown
|
@server_install_teardown
|
||||||
def test_revoked_http(self):
|
def test_revoked_http(self):
|
||||||
@ -844,7 +854,8 @@ class TestReplicaInstall(CALessBase):
|
|||||||
|
|
||||||
result = self.prepare_replica(dirsrv_pkcs12='does_not_exist',
|
result = self.prepare_replica(dirsrv_pkcs12='does_not_exist',
|
||||||
http_pkcs12='http.p12')
|
http_pkcs12='http.p12')
|
||||||
assert_error(result, 'Failed to open does_not_exist')
|
assert_error(result, 'Failed to open %s/does_not_exist' %
|
||||||
|
self.master.config.test_dir)
|
||||||
|
|
||||||
@replica_install_teardown
|
@replica_install_teardown
|
||||||
def test_nonexistent_ds_pkcs12_file(self):
|
def test_nonexistent_ds_pkcs12_file(self):
|
||||||
@ -854,7 +865,8 @@ class TestReplicaInstall(CALessBase):
|
|||||||
|
|
||||||
result = self.prepare_replica(http_pkcs12='does_not_exist',
|
result = self.prepare_replica(http_pkcs12='does_not_exist',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result, 'Failed to open does_not_exist')
|
assert_error(result, 'Failed to open %s/does_not_exist' %
|
||||||
|
self.master.config.test_dir)
|
||||||
|
|
||||||
@pytest.mark.xfail(reason='freeipa ticket 5378')
|
@pytest.mark.xfail(reason='freeipa ticket 5378')
|
||||||
@replica_install_teardown
|
@replica_install_teardown
|
||||||
@ -913,8 +925,9 @@ class TestReplicaInstall(CALessBase):
|
|||||||
result = self.prepare_replica(http_pkcs12='http.p12',
|
result = self.prepare_replica(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in http.p12 is not valid: '
|
'The server certificate in %s/http.p12 is not valid: '
|
||||||
'invalid for server %s' % self.replicas[0].hostname)
|
'invalid for server %s' %
|
||||||
|
(self.master.config.test_dir, self.replicas[0].hostname))
|
||||||
|
|
||||||
@replica_install_teardown
|
@replica_install_teardown
|
||||||
def test_invalid_ds_cn(self):
|
def test_invalid_ds_cn(self):
|
||||||
@ -926,8 +939,9 @@ class TestReplicaInstall(CALessBase):
|
|||||||
result = self.prepare_replica(http_pkcs12='http.p12',
|
result = self.prepare_replica(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in dirsrv.p12 is not valid: '
|
'The server certificate in %s/dirsrv.p12 is not valid: '
|
||||||
'invalid for server %s' % self.replicas[0].hostname)
|
'invalid for server %s' %
|
||||||
|
(self.master.config.test_dir, self.replicas[0].hostname))
|
||||||
|
|
||||||
@replica_install_teardown
|
@replica_install_teardown
|
||||||
def test_expired_http(self):
|
def test_expired_http(self):
|
||||||
@ -939,8 +953,9 @@ class TestReplicaInstall(CALessBase):
|
|||||||
result = self.prepare_replica(http_pkcs12='http.p12',
|
result = self.prepare_replica(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in http.p12 is not valid: {err}'
|
'The server certificate in {dir}/http.p12 is not '
|
||||||
.format(err=CERT_EXPIRED_MSG))
|
'valid: {err}'.format(dir=self.master.config.test_dir,
|
||||||
|
err=CERT_EXPIRED_MSG))
|
||||||
|
|
||||||
@replica_install_teardown
|
@replica_install_teardown
|
||||||
def test_expired_ds(self):
|
def test_expired_ds(self):
|
||||||
@ -952,8 +967,9 @@ class TestReplicaInstall(CALessBase):
|
|||||||
result = self.prepare_replica(http_pkcs12='http.p12',
|
result = self.prepare_replica(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in http.p12 is not valid: {err}'
|
'The server certificate in {dir}/http.p12 is not '
|
||||||
.format(err=CERT_EXPIRED_MSG))
|
'valid: {err}'.format(dir=self.master.config.test_dir,
|
||||||
|
err=CERT_EXPIRED_MSG))
|
||||||
|
|
||||||
@replica_install_teardown
|
@replica_install_teardown
|
||||||
def test_http_bad_usage(self):
|
def test_http_bad_usage(self):
|
||||||
@ -965,8 +981,9 @@ class TestReplicaInstall(CALessBase):
|
|||||||
result = self.prepare_replica(http_pkcs12='http.p12',
|
result = self.prepare_replica(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in http.p12 is not valid: {err}'
|
'The server certificate in {dir}/http.p12 is not '
|
||||||
.format(err=BAD_USAGE_MSG))
|
'valid: {err}'.format(dir=self.master.config.test_dir,
|
||||||
|
err=BAD_USAGE_MSG))
|
||||||
|
|
||||||
@replica_install_teardown
|
@replica_install_teardown
|
||||||
def test_ds_bad_usage(self):
|
def test_ds_bad_usage(self):
|
||||||
@ -978,8 +995,9 @@ class TestReplicaInstall(CALessBase):
|
|||||||
result = self.prepare_replica(http_pkcs12='http.p12',
|
result = self.prepare_replica(http_pkcs12='http.p12',
|
||||||
dirsrv_pkcs12='dirsrv.p12')
|
dirsrv_pkcs12='dirsrv.p12')
|
||||||
assert_error(result,
|
assert_error(result,
|
||||||
'The server certificate in dirsrv.p12 is not valid: {err}'
|
'The server certificate in {dir}/dirsrv.p12 is not '
|
||||||
.format(err=BAD_USAGE_MSG))
|
'valid: {err}'.format(dir=self.master.config.test_dir,
|
||||||
|
err=BAD_USAGE_MSG))
|
||||||
|
|
||||||
@replica_install_teardown
|
@replica_install_teardown
|
||||||
def test_revoked_http(self):
|
def test_revoked_http(self):
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user