mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Tests: Random issuer certificate can be added to a service
Changing negative test case that verified that a certificate with different than expected issuer cannot be added to a service to a positive one that verifies that this operation now proceeds successfully. Corresponds to changes made in scope of https://fedorahosted.org/freeipa/ticket/4559 implementation. https://fedorahosted.org/freeipa/ticket/6258 Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
This commit is contained in:
Lenka Doudova
Martin Basti
parent
b942b00ac7
commit
36979ad0b6
@ -52,7 +52,20 @@ role1_dn = DN(('cn', role1), api.env.container_rolegroup, api.env.basedn)
|
|||||||
|
|
||||||
servercert= get_testcert(DN(('CN', api.env.host), x509.subject_base()),
|
servercert= get_testcert(DN(('CN', api.env.host), x509.subject_base()),
|
||||||
'unittest/%s@%s' % (api.env.host, api.env.realm))
|
'unittest/%s@%s' % (api.env.host, api.env.realm))
|
||||||
badservercert = 'MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXDuqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHYd+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pekiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0WyDGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv'
|
randomissuercert = (
|
||||||
|
"MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3Q"
|
||||||
|
"gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1"
|
||||||
|
"owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqh"
|
||||||
|
"kiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXD"
|
||||||
|
"uqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHY"
|
||||||
|
"d+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f"
|
||||||
|
"0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61"
|
||||||
|
"lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pe"
|
||||||
|
"kiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgU"
|
||||||
|
"gMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd"
|
||||||
|
"9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0Wy"
|
||||||
|
"DGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv")
|
||||||
|
randomissuer = DN(('CN', 'puma.greyoak.com'), 'O=IPA')
|
||||||
|
|
||||||
user1 = u'tuser1'
|
user1 = u'tuser1'
|
||||||
user2 = u'tuser2'
|
user2 = u'tuser2'
|
||||||
@ -424,18 +437,31 @@ class test_service(Declarative):
|
|||||||
|
|
||||||
|
|
||||||
dict(
|
dict(
|
||||||
desc='Update %r with a bad certificate' % service1,
|
desc='Update %r with a random issuer certificate' % service1,
|
||||||
command=(
|
command=(
|
||||||
'service_mod',
|
'service_mod',
|
||||||
[service1],
|
[service1],
|
||||||
dict(usercertificate=base64.b64decode(badservercert))
|
dict(usercertificate=base64.b64decode(randomissuercert))),
|
||||||
|
expected=dict(
|
||||||
|
value=service1,
|
||||||
|
summary=u'Modified service "%s"' % service1,
|
||||||
|
result=dict(
|
||||||
|
usercertificate=[base64.b64decode(randomissuercert)],
|
||||||
|
krbprincipalname=[service1],
|
||||||
|
krbcanonicalname=[service1],
|
||||||
|
managedby_host=[fqdn1],
|
||||||
|
valid_not_before=fuzzy_date,
|
||||||
|
valid_not_after=fuzzy_date,
|
||||||
|
subject=randomissuer,
|
||||||
|
serial_number=fuzzy_digits,
|
||||||
|
serial_number_hex=fuzzy_hex,
|
||||||
|
md5_fingerprint=fuzzy_hash,
|
||||||
|
sha1_fingerprint=fuzzy_hash,
|
||||||
|
issuer=fuzzy_issuer,
|
||||||
),
|
),
|
||||||
expected=errors.CertificateOperationError(
|
),
|
||||||
error=u'Issuer "CN=IPA Test Certificate Authority" does not ' +
|
|
||||||
u'match the expected issuer'),
|
|
||||||
),
|
),
|
||||||
|
|
||||||
|
|
||||||
dict(
|
dict(
|
||||||
desc='Update %r' % service1,
|
desc='Update %r' % service1,
|
||||||
command=('service_mod', [service1], dict(usercertificate=servercert)),
|
command=('service_mod', [service1], dict(usercertificate=servercert)),
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user