mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Tests: Random issuer certificate can be added to a service
Changing negative test case that verified that a certificate with different than expected issuer cannot be added to a service to a positive one that verifies that this operation now proceeds successfully. Corresponds to changes made in scope of https://fedorahosted.org/freeipa/ticket/4559 implementation. https://fedorahosted.org/freeipa/ticket/6258 Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
This commit is contained in:
Lenka Doudova
Martin Basti
parent
b942b00ac7
commit
36979ad0b6
@ -52,7 +52,20 @@ role1_dn = DN(('cn', role1), api.env.container_rolegroup, api.env.basedn)
|
||||
|
||||
servercert= get_testcert(DN(('CN', api.env.host), x509.subject_base()),
|
||||
'unittest/%s@%s' % (api.env.host, api.env.realm))
|
||||
badservercert = 'MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXDuqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHYd+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pekiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0WyDGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv'
|
||||
randomissuercert = (
|
||||
"MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3Q"
|
||||
"gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1"
|
||||
"owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqh"
|
||||
"kiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXD"
|
||||
"uqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHY"
|
||||
"d+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f"
|
||||
"0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61"
|
||||
"lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pe"
|
||||
"kiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgU"
|
||||
"gMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd"
|
||||
"9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0Wy"
|
||||
"DGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv")
|
||||
randomissuer = DN(('CN', 'puma.greyoak.com'), 'O=IPA')
|
||||
|
||||
user1 = u'tuser1'
|
||||
user2 = u'tuser2'
|
||||
@ -424,18 +437,31 @@ class test_service(Declarative):
|
||||
|
||||
|
||||
dict(
|
||||
desc='Update %r with a bad certificate' % service1,
|
||||
desc='Update %r with a random issuer certificate' % service1,
|
||||
command=(
|
||||
'service_mod',
|
||||
[service1],
|
||||
dict(usercertificate=base64.b64decode(badservercert))
|
||||
dict(usercertificate=base64.b64decode(randomissuercert))),
|
||||
expected=dict(
|
||||
value=service1,
|
||||
summary=u'Modified service "%s"' % service1,
|
||||
result=dict(
|
||||
usercertificate=[base64.b64decode(randomissuercert)],
|
||||
krbprincipalname=[service1],
|
||||
krbcanonicalname=[service1],
|
||||
managedby_host=[fqdn1],
|
||||
valid_not_before=fuzzy_date,
|
||||
valid_not_after=fuzzy_date,
|
||||
subject=randomissuer,
|
||||
serial_number=fuzzy_digits,
|
||||
serial_number_hex=fuzzy_hex,
|
||||
md5_fingerprint=fuzzy_hash,
|
||||
sha1_fingerprint=fuzzy_hash,
|
||||
issuer=fuzzy_issuer,
|
||||
),
|
||||
expected=errors.CertificateOperationError(
|
||||
error=u'Issuer "CN=IPA Test Certificate Authority" does not ' +
|
||||
u'match the expected issuer'),
|
||||
),
|
||||
),
|
||||
|
||||
|
||||
dict(
|
||||
desc='Update %r' % service1,
|
||||
command=('service_mod', [service1], dict(usercertificate=servercert)),
|
||||
|
||||
Loading…
Reference in New Issue
Block a user