mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Add tests for installing with empty PKCS#12 password
This commit is contained in:
parent
194556beb0
commit
3a4a7458c7
@ -163,9 +163,9 @@ class CALessBase(IntegrationTest):
|
||||
'--forwarder', host.config.dns_forwarder,
|
||||
]
|
||||
|
||||
if http_pin:
|
||||
if http_pin is not None:
|
||||
args.extend(['--http_pin', http_pin])
|
||||
if dirsrv_pin:
|
||||
if dirsrv_pin is not None:
|
||||
args.extend(['--dirsrv_pin', dirsrv_pin])
|
||||
if unattended:
|
||||
args.extend(['-U'])
|
||||
@ -231,9 +231,9 @@ class CALessBase(IntegrationTest):
|
||||
args.extend(['--http_pkcs12', http_pkcs12])
|
||||
if dirsrv_pkcs12:
|
||||
args.extend(['--dirsrv_pkcs12', dirsrv_pkcs12])
|
||||
if http_pin:
|
||||
if http_pin is not None:
|
||||
args.extend(['--http_pin', http_pin])
|
||||
if dirsrv_pin:
|
||||
if dirsrv_pin is not None:
|
||||
args.extend(['--dirsrv_pin', dirsrv_pin])
|
||||
|
||||
args.extend([replica.hostname])
|
||||
@ -277,14 +277,16 @@ class CALessBase(IntegrationTest):
|
||||
return replica.run_command(args)
|
||||
|
||||
@classmethod
|
||||
def export_pkcs12(cls, nickname, filename='server.p12'):
|
||||
def export_pkcs12(cls, nickname, filename='server.p12', password=None):
|
||||
"""Export a cert as PKCS#12 to the given file"""
|
||||
if password is None:
|
||||
password = cls.cert_password
|
||||
ipautil.run(['pk12util',
|
||||
'-o', filename,
|
||||
'-n', nickname,
|
||||
'-d', 'nssdb',
|
||||
'-K', cls.cert_password,
|
||||
'-W', cls.cert_password], cwd=cls.cert_dir)
|
||||
'-W', password], cwd=cls.cert_dir)
|
||||
|
||||
@classmethod
|
||||
def get_pem(cls, nickname):
|
||||
@ -422,7 +424,7 @@ class TestServerInstall(CALessBase):
|
||||
with open(self.pem_filename, 'w') as f:
|
||||
f.write(self.get_pem('ca1'))
|
||||
|
||||
result = self.install_server(http_pin=False)
|
||||
result = self.install_server(http_pin=None)
|
||||
assert_error(result,
|
||||
'ipa-server-install: error: You must specify --http_pin '
|
||||
'with --http_pkcs12')
|
||||
@ -434,7 +436,7 @@ class TestServerInstall(CALessBase):
|
||||
with open(self.pem_filename, 'w') as f:
|
||||
f.write(self.get_pem('ca1'))
|
||||
|
||||
result = self.install_server(dirsrv_pin=False)
|
||||
result = self.install_server(dirsrv_pin=None)
|
||||
assert_error(result,
|
||||
'ipa-server-install: error: You must specify '
|
||||
'--dirsrv_pin with --dirsrv_pkcs12')
|
||||
@ -679,7 +681,7 @@ class TestServerInstall(CALessBase):
|
||||
|
||||
stdin_text = get_install_stdin(cert_passwords=[self.cert_password])
|
||||
|
||||
result = self.install_server(http_pin=False, unattended=False,
|
||||
result = self.install_server(http_pin=None, unattended=False,
|
||||
stdin_text=stdin_text)
|
||||
assert result.returncode == 0
|
||||
self.verify_installation()
|
||||
@ -695,13 +697,41 @@ class TestServerInstall(CALessBase):
|
||||
|
||||
stdin_text = get_install_stdin(cert_passwords=[self.cert_password])
|
||||
|
||||
result = self.install_server(dirsrv_pin=False, unattended=False,
|
||||
result = self.install_server(dirsrv_pin=None, unattended=False,
|
||||
stdin_text=stdin_text)
|
||||
assert result.returncode == 0
|
||||
self.verify_installation()
|
||||
assert ('Enter server.p12 unlock password:'
|
||||
in result.stdout_text), result.stdout_text
|
||||
|
||||
def test_no_http_password(self):
|
||||
"IPA server install with empty HTTP password"
|
||||
|
||||
self.export_pkcs12('ca1/server', filename='http.p12', password='')
|
||||
self.export_pkcs12('ca1/server', filename='dirsrv.p12')
|
||||
with open(self.pem_filename, 'w') as f:
|
||||
f.write(self.get_pem('ca1'))
|
||||
|
||||
result = self.install_server(http_pkcs12='http.p12',
|
||||
dirsrv_pkcs12='dirsrv.p12',
|
||||
http_pin='')
|
||||
assert result.returncode == 0
|
||||
self.verify_installation()
|
||||
|
||||
def test_no_ds_password(self):
|
||||
"IPA server install with empty DS password"
|
||||
|
||||
self.export_pkcs12('ca1/server', filename='http.p12')
|
||||
self.export_pkcs12('ca1/server', filename='dirsrv.p12', password='')
|
||||
with open(self.pem_filename, 'w') as f:
|
||||
f.write(self.get_pem('ca1'))
|
||||
|
||||
result = self.install_server(http_pkcs12='http.p12',
|
||||
dirsrv_pkcs12='dirsrv.p12',
|
||||
dirsrv_pin='')
|
||||
assert result.returncode == 0
|
||||
self.verify_installation()
|
||||
|
||||
|
||||
class TestReplicaInstall(CALessBase):
|
||||
num_replicas = 1
|
||||
@ -1006,7 +1036,7 @@ class TestReplicaInstall(CALessBase):
|
||||
stdin_text = get_replica_prepare_stdin(
|
||||
cert_passwords=[self.cert_password])
|
||||
|
||||
result = self.prepare_replica(http_pin=False, unattended=False,
|
||||
result = self.prepare_replica(http_pin=None, unattended=False,
|
||||
stdin_text=stdin_text)
|
||||
assert result.returncode == 0
|
||||
|
||||
@ -1023,7 +1053,7 @@ class TestReplicaInstall(CALessBase):
|
||||
stdin_text = get_replica_prepare_stdin(
|
||||
cert_passwords=[self.cert_password])
|
||||
|
||||
result = self.prepare_replica(dirsrv_pin=False, unattended=False,
|
||||
result = self.prepare_replica(dirsrv_pin=None, unattended=False,
|
||||
stdin_text=stdin_text)
|
||||
assert result.returncode == 0
|
||||
|
||||
@ -1032,6 +1062,36 @@ class TestReplicaInstall(CALessBase):
|
||||
|
||||
self.verify_installation()
|
||||
|
||||
def test_no_http_password(self):
|
||||
"IPA replica install with empty HTTP password"
|
||||
|
||||
self.export_pkcs12('ca1/replica', filename='http.p12', password='')
|
||||
self.export_pkcs12('ca1/replica', filename='dirsrv.p12')
|
||||
|
||||
result = self.prepare_replica(http_pkcs12='http.p12',
|
||||
dirsrv_pkcs12='dirsrv.p12',
|
||||
http_pin='')
|
||||
assert result.returncode == 0
|
||||
|
||||
result = self.install_replica()
|
||||
assert result.returncode == 0
|
||||
|
||||
self.verify_installation()
|
||||
|
||||
def test_no_ds_password(self):
|
||||
"IPA replica install with empty DS password"
|
||||
|
||||
self.export_pkcs12('ca1/replica', filename='http.p12')
|
||||
self.export_pkcs12('ca1/replica', filename='dirsrv.p12', password='')
|
||||
|
||||
result = self.prepare_replica(http_pkcs12='http.p12',
|
||||
dirsrv_pkcs12='dirsrv.p12',
|
||||
dirsrv_pin='')
|
||||
assert result.returncode == 0
|
||||
|
||||
result = self.install_replica()
|
||||
assert result.returncode == 0
|
||||
|
||||
|
||||
class TestClientInstall(CALessBase):
|
||||
num_clients = 1
|
||||
@ -1174,9 +1234,10 @@ class TestCertinstall(CALessBase):
|
||||
tasks.kinit_admin(cls.master)
|
||||
|
||||
def certinstall(self, mode, cert_nick=None, cert_exists=True,
|
||||
filename='server.p12', pin=_DEFAULT, stdin_text=None):
|
||||
filename='server.p12', pin=_DEFAULT, stdin_text=None,
|
||||
p12_pin=None):
|
||||
if cert_nick:
|
||||
self.export_pkcs12(cert_nick)
|
||||
self.export_pkcs12(cert_nick, password=p12_pin)
|
||||
if pin is _DEFAULT:
|
||||
pin = self.cert_password
|
||||
if cert_exists:
|
||||
@ -1364,3 +1425,15 @@ class TestCertinstall(CALessBase):
|
||||
pin=None,
|
||||
stdin_text=self.cert_password + '\n')
|
||||
assert result.returncode == 0
|
||||
|
||||
def test_no_http_password(self):
|
||||
"Install new HTTP certificate with no PKCS#12 password"
|
||||
|
||||
result = self.certinstall('w', 'ca1/server', pin='', p12_pin='')
|
||||
assert result.returncode == 0
|
||||
|
||||
def test_no_ds_password(self):
|
||||
"Install new DS certificate with no PKCS#12 password"
|
||||
|
||||
result = self.certinstall('w', 'ca1/server', pin='', p12_pin='')
|
||||
assert result.returncode == 0
|
||||
|
Loading…
Reference in New Issue
Block a user