Some PKCS#12 errors are reported with full path names

This is related to change in certutil which does a cwd to the location of the NSS database. certutil is used as part of loading a PKCS#12 file to do validation. https://pagure.io/freeipa/issue/7489 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexey Slaykovsky <alexey@slaykovsky.com>
2025-02-25 18:55:28 -06:00 · 2018-04-15 21:03:42 -04:00 · 2018-04-15 21:03:42 -04:00 · 3384147ca1
commit 3384147ca1
parent 138ae4abe7
1 changed files with 50 additions and 32 deletions
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@ -424,8 +424,8 @@ class TestServerInstall(CALessBase):

        result = self.install_server(root_ca_file='does_not_exist')
        assert_error(result,
-                     'Failed to open does_not_exist: No such file '
-                     'or directory')
+                     'Failed to open %s/does_not_exist: No such file '
+                     'or directory' % self.master.config.test_dir)

    @server_install_teardown
    def test_unknown_ca(self):
@ -436,7 +436,8 @@ class TestServerInstall(CALessBase):

        result = self.install_server()
        assert_error(result,
-                     'The full certificate chain is not present in server.p12')
+                     'The full certificate chain is not present in '
+                     '%s/server.p12' % self.master.config.test_dir)

    @server_install_teardown
    def test_ca_server_cert(self):
@ -447,7 +448,8 @@ class TestServerInstall(CALessBase):

        result = self.install_server()
        assert_error(result,
-                     'The full certificate chain is not present in server.p12')
+                     'The full certificate chain is not present in '
+                     '%s/server.p12' % self.master.config.test_dir)

    @pytest.mark.xfail(reason='Ticket N 6289')
    @server_install_teardown
@ -473,7 +475,8 @@ class TestServerInstall(CALessBase):

        result = self.install_server(http_pkcs12='does_not_exist',
                                     http_pkcs12_exists=False)
-        assert_error(result, 'Failed to open does_not_exist')
+        assert_error(result, 'Failed to open %s/does_not_exist' %
+                     self.master.config.test_dir)

    @server_install_teardown
    def test_nonexistent_ds_pkcs12_file(self):
@ -484,7 +487,8 @@ class TestServerInstall(CALessBase):

        result = self.install_server(dirsrv_pkcs12='does_not_exist',
                                     dirsrv_pkcs12_exists=False)
-        assert_error(result, 'Failed to open does_not_exist')
+        assert_error(result, 'Failed to open %s/does_not_exist' %
+                     self.master.config.test_dir)

    @server_install_teardown
    def test_missing_http_password(self):
@ -543,8 +547,9 @@ class TestServerInstall(CALessBase):
        result = self.install_server(http_pkcs12='http.p12',
                                     dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in http.p12 is not valid: '
-                     'invalid for server %s' % self.master.hostname)
+                     'The server certificate in %s/http.p12 is not valid: '
+                     'invalid for server %s' %
+                     (self.master.config.test_dir, self.master.hostname))

    @server_install_teardown
    def test_invalid_ds_cn(self):
@ -557,8 +562,9 @@ class TestServerInstall(CALessBase):
        result = self.install_server(http_pkcs12='http.p12',
                                     dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in dirsrv.p12 is not valid: '
-                     'invalid for server %s' % self.master.hostname)
+                     'The server certificate in %s/dirsrv.p12 is not valid: '
+                     'invalid for server %s' %
+                     (self.master.config.test_dir, self.master.hostname))

    @server_install_teardown
    def test_expired_http(self):
@ -571,8 +577,9 @@ class TestServerInstall(CALessBase):
        result = self.install_server(http_pkcs12='http.p12',
                                     dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in http.p12 is not valid: {err}'
-                     .format(err=CERT_EXPIRED_MSG))
+                     'The server certificate in {dir}/http.p12 is not valid: '
+                     '{err}'.format(dir=self.master.config.test_dir,
+                                    err=CERT_EXPIRED_MSG))

    @server_install_teardown
    def test_expired_ds(self):
@ -585,8 +592,9 @@ class TestServerInstall(CALessBase):
        result = self.install_server(http_pkcs12='http.p12',
                                     dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in dirsrv.p12 is not valid: {err}'
-                     .format(err=CERT_EXPIRED_MSG))
+                     'The server certificate in {dir}/dirsrv.p12 is not '
+                     'valid: {err}'.format(dir=self.master.config.test_dir,
+                                           err=CERT_EXPIRED_MSG))

    @server_install_teardown
    def test_http_bad_usage(self):
@ -599,8 +607,9 @@ class TestServerInstall(CALessBase):
        result = self.install_server(http_pkcs12='http.p12',
                                     dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in http.p12 is not valid: {err}'
-                     .format(err=BAD_USAGE_MSG))
+                     'The server certificate in {dir}/http.p12 is not '
+                     'valid: {err}'.format(dir=self.master.config.test_dir,
+                                           err=BAD_USAGE_MSG))

    @server_install_teardown
    def test_ds_bad_usage(self):
@ -613,8 +622,9 @@ class TestServerInstall(CALessBase):
        result = self.install_server(http_pkcs12='http.p12',
                                     dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in dirsrv.p12 is not valid: {err}'
-                     .format(err=BAD_USAGE_MSG))
+                     'The server certificate in {dir}/dirsrv.p12 is not '
+                     'valid: {err}'.format(dir=self.master.config.test_dir,
+                                           err=BAD_USAGE_MSG))

    @server_install_teardown
    def test_revoked_http(self):
@ -844,7 +854,8 @@ class TestReplicaInstall(CALessBase):

        result = self.prepare_replica(dirsrv_pkcs12='does_not_exist',
                                      http_pkcs12='http.p12')
-        assert_error(result, 'Failed to open does_not_exist')
+        assert_error(result, 'Failed to open %s/does_not_exist' %
+                     self.master.config.test_dir)

    @replica_install_teardown
    def test_nonexistent_ds_pkcs12_file(self):
@ -854,7 +865,8 @@ class TestReplicaInstall(CALessBase):

        result = self.prepare_replica(http_pkcs12='does_not_exist',
                                      dirsrv_pkcs12='dirsrv.p12')
-        assert_error(result, 'Failed to open does_not_exist')
+        assert_error(result, 'Failed to open %s/does_not_exist' %
+                     self.master.config.test_dir)

    @pytest.mark.xfail(reason='freeipa ticket 5378')
    @replica_install_teardown
@ -913,8 +925,9 @@ class TestReplicaInstall(CALessBase):
        result = self.prepare_replica(http_pkcs12='http.p12',
                                      dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in http.p12 is not valid: '
-                     'invalid for server %s' % self.replicas[0].hostname)
+                     'The server certificate in %s/http.p12 is not valid: '
+                     'invalid for server %s' %
+                     (self.master.config.test_dir, self.replicas[0].hostname))

    @replica_install_teardown
    def test_invalid_ds_cn(self):
@ -926,8 +939,9 @@ class TestReplicaInstall(CALessBase):
        result = self.prepare_replica(http_pkcs12='http.p12',
                                      dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in dirsrv.p12 is not valid: '
-                     'invalid for server %s' % self.replicas[0].hostname)
+                     'The server certificate in %s/dirsrv.p12 is not valid: '
+                     'invalid for server %s' %
+                     (self.master.config.test_dir, self.replicas[0].hostname))

    @replica_install_teardown
    def test_expired_http(self):
@ -939,8 +953,9 @@ class TestReplicaInstall(CALessBase):
        result = self.prepare_replica(http_pkcs12='http.p12',
                                      dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in http.p12 is not valid: {err}'
-                     .format(err=CERT_EXPIRED_MSG))
+                     'The server certificate in {dir}/http.p12 is not '
+                     'valid: {err}'.format(dir=self.master.config.test_dir,
+                                           err=CERT_EXPIRED_MSG))

    @replica_install_teardown
    def test_expired_ds(self):
@ -952,8 +967,9 @@ class TestReplicaInstall(CALessBase):
        result = self.prepare_replica(http_pkcs12='http.p12',
                                      dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in http.p12 is not valid: {err}'
-                     .format(err=CERT_EXPIRED_MSG))
+                     'The server certificate in {dir}/http.p12 is not '
+                     'valid: {err}'.format(dir=self.master.config.test_dir,
+                                           err=CERT_EXPIRED_MSG))

    @replica_install_teardown
    def test_http_bad_usage(self):
@ -965,8 +981,9 @@ class TestReplicaInstall(CALessBase):
        result = self.prepare_replica(http_pkcs12='http.p12',
                                      dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in http.p12 is not valid: {err}'
-                     .format(err=BAD_USAGE_MSG))
+                     'The server certificate in {dir}/http.p12 is not '
+                     'valid: {err}'.format(dir=self.master.config.test_dir,
+                                           err=BAD_USAGE_MSG))

    @replica_install_teardown
    def test_ds_bad_usage(self):
@ -978,8 +995,9 @@ class TestReplicaInstall(CALessBase):
        result = self.prepare_replica(http_pkcs12='http.p12',
                                      dirsrv_pkcs12='dirsrv.p12')
        assert_error(result,
-                     'The server certificate in dirsrv.p12 is not valid: {err}'
-                     .format(err=BAD_USAGE_MSG))
+                     'The server certificate in {dir}/dirsrv.p12 is not '
+                     'valid: {err}'.format(dir=self.master.config.test_dir,
+                                           err=BAD_USAGE_MSG))

    @replica_install_teardown
    def test_revoked_http(self):