IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

x509: remove subject_base() function

Browse Source 
The x509.subject_base() function is only used in tests. During
the recent certificate refactoring, we had to get rid of the
ipalib.x509 import from the module scope so that there were no
circular dependecies and add it exactly to this funcion which
is not used in the production code.

Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Stanislav Laznicka 2017-09-25 09:58:07 +02:00
parent c9265a7b05
commit 4cc9451271
5 changed files with 30 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ipalib/x509.py
View File

@ -51,7 +51,6 @@ from pyasn1_modules import rfc2315, rfc2459
import six
from ipalib import errors
from ipapython.dn import DN
from ipapython.dnsutil import DNSName
if six.PY3:
@ -76,18 +75,6 @@ EKU_PLACEHOLDER = '1.3.6.1.4.1.3319.6.10.16'
SAN_UPN = '1.3.6.1.4.1.311.20.2.3'
SAN_KRB5PRINCIPALNAME = '1.3.6.1.5.2.2'
_subject_base = None
def subject_base():
from ipalib import api
global _subject_base
if _subject_base is None:
config = api.Command['config_show']()['result']
_subject_base = DN(config['ipacertificatesubjectbase'][0])
return _subject_base
@crypto_utils.register_interface(crypto_x509.Certificate)
class IPACertificate(object):

4
ipatests/test_xmlrpc/test_cert_plugin.py
View File

@ -30,11 +30,11 @@ import six
import tempfile
from ipalib import api
from ipalib import errors
from ipalib import x509
from ipaplatform.paths import paths
from ipapython import ipautil
from ipapython.dn import DN
from ipapython.ipautil import run
from ipatests.test_xmlrpc.testcert import subject_base
from ipatests.test_xmlrpc.xmlrpc_test import XMLRPC_test
from nose.tools import raises, assert_raises
@ -109,7 +109,7 @@ class BaseCert(XMLRPC_test):
# Create our temporary NSS database
self.run_certutil(["-N", "-f", self.pwname])
self.subject = DN(('CN', self.host_fqdn), x509.subject_base())
self.subject = DN(('CN', self.host_fqdn), subject_base())
def teardown(self):
shutil.rmtree(self.reqdir, ignore_errors=True)

8
ipatests/test_xmlrpc/test_host_plugin.py
View File

@ -31,7 +31,7 @@ import base64
import pytest
from ipapython import ipautil
from ipalib import api, errors, x509
from ipalib import api, errors
from ipapython.dn import DN
from ipapython.dnsutil import DNSName
from ipatests.test_util import yield_fixture
@ -41,7 +41,7 @@ from ipatests.test_xmlrpc.xmlrpc_test import (XMLRPC_test,
from ipatests.test_xmlrpc.test_user_plugin import get_group_dn
from ipatests.test_xmlrpc import objectclasses
from ipatests.test_xmlrpc.tracker.host_plugin import HostTracker
from ipatests.test_xmlrpc.testcert import get_testcert
from ipatests.test_xmlrpc.testcert import get_testcert, subject_base
from ipatests.util import assert_deepequal
from ipaplatform.paths import paths
@ -97,7 +97,7 @@ hostgroup1 = u'testhostgroup1'
hostgroup1_dn = DN(('cn',hostgroup1),('cn','hostgroups'),('cn','accounts'),
api.env.basedn)
host_cert = get_testcert(DN(('CN', api.env.host), x509.subject_base()),
host_cert = get_testcert(DN(('CN', api.env.host), subject_base()),
'host/%s@%s' % (api.env.host, api.env.realm))
@ -237,7 +237,7 @@ class TestCRUD(XMLRPC_test):
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
sha256_fingerprint=fuzzy_hash,
subject=DN(('CN', api.env.host), x509.subject_base()),
subject=DN(('CN', api.env.host), subject_base()),
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
))

20
ipatests/test_xmlrpc/test_service_plugin.py
View File

@ -21,12 +21,12 @@
Test the `ipaserver/plugins/service.py` module.
"""
from ipalib import api, errors, x509
from ipalib import api, errors
from ipatests.test_xmlrpc.xmlrpc_test import Declarative, fuzzy_uuid, fuzzy_hash
from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_digits, fuzzy_date, fuzzy_issuer
from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_hex, XMLRPC_test
from ipatests.test_xmlrpc import objectclasses
from ipatests.test_xmlrpc.testcert import get_testcert
from ipatests.test_xmlrpc.testcert import get_testcert, subject_base
from ipatests.test_xmlrpc.test_user_plugin import get_user_result, get_group_dn
from ipatests.test_xmlrpc.tracker.service_plugin import ServiceTracker
@ -50,8 +50,8 @@ host3dn = DN(('fqdn',fqdn3),('cn','computers'),('cn','accounts'),api.env.basedn)
role1 = u'Test Role'
role1_dn = DN(('cn', role1), api.env.container_rolegroup, api.env.basedn)
servercert= get_testcert(DN(('CN', api.env.host), x509.subject_base()),
'unittest/%s@%s' % (api.env.host, api.env.realm))
servercert = get_testcert(DN(('CN', api.env.host), subject_base()),
'unittest/%s@%s' % (api.env.host, api.env.realm))
randomissuercert = (
"MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3Q"
"gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1"
@ -485,7 +485,7 @@ class test_service(Declarative):
managedby_host=[fqdn1],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN',api.env.host),x509.subject_base()),
subject=DN(('CN', api.env.host), subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
@ -522,7 +522,7 @@ class test_service(Declarative):
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN',api.env.host),x509.subject_base()),
subject=DN(('CN', api.env.host), subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
@ -551,7 +551,7 @@ class test_service(Declarative):
# test case.
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN',api.env.host),x509.subject_base()),
subject=DN(('CN', api.env.host), subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
@ -576,7 +576,7 @@ class test_service(Declarative):
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN',api.env.host),x509.subject_base()),
subject=DN(('CN', api.env.host), subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
@ -604,7 +604,7 @@ class test_service(Declarative):
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN',api.env.host),x509.subject_base()),
subject=DN(('CN', api.env.host), subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,
@ -630,7 +630,7 @@ class test_service(Declarative):
ipakrbauthzdata=[u'MS-PAC'],
valid_not_before=fuzzy_date,
valid_not_after=fuzzy_date,
subject=DN(('CN',api.env.host),x509.subject_base()),
subject=DN(('CN', api.env.host), subject_base()),
serial_number=fuzzy_digits,
serial_number_hex=fuzzy_hex,
sha1_fingerprint=fuzzy_hash,

14
ipatests/test_xmlrpc/testcert.py
View File

@ -35,12 +35,26 @@ import re
from ipalib import api, x509
from ipaserver.plugins import rabase
from ipapython import ipautil
from ipapython.dn import DN
from ipaplatform.paths import paths
if six.PY3:
unicode = str
_subject_base = None
def subject_base():
global _subject_base
if _subject_base is None:
config = api.Command['config_show']()['result']
_subject_base = DN(config['ipacertificatesubjectbase'][0])
return _subject_base
def strip_cert_header(pem):
"""
Remove the header and footer from a certificate.