mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
ipatests: Test that a user can be issued multiple certificates
Prevent regressions in the LDAP cache layer that caused newly issued certificates to overwrite existing ones. https://pagure.io/freeipa/issue/8986 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
parent
ba526c5cb0
commit
540b01bc6e
@ -16,6 +16,7 @@ import string
|
||||
import time
|
||||
|
||||
from ipaplatform.paths import paths
|
||||
from ipapython.dn import DN
|
||||
from cryptography import x509
|
||||
from cryptography.x509.oid import ExtensionOID
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
@ -183,6 +184,34 @@ class TestInstallMasterClient(IntegrationTest):
|
||||
)
|
||||
assert "profile: caServerCert" in result.stdout_text
|
||||
|
||||
def test_multiple_user_certificates(self):
|
||||
"""Test that a user may be issued multiple certificates"""
|
||||
ldap = self.master.ldap_connect()
|
||||
|
||||
user = 'user1'
|
||||
|
||||
tasks.kinit_admin(self.master)
|
||||
tasks.user_add(self.master, user)
|
||||
|
||||
for id in (0,1):
|
||||
csr_file = f'{id}.csr'
|
||||
key_file = f'{id}.key'
|
||||
cert_file = f'{id}.crt'
|
||||
openssl_cmd = [
|
||||
'openssl', 'req', '-newkey', 'rsa:2048', '-keyout', key_file,
|
||||
'-nodes', '-out', csr_file, '-subj', '/CN=' + user]
|
||||
self.master.run_command(openssl_cmd)
|
||||
|
||||
cmd_args = ['ipa', 'cert-request', '--principal', user,
|
||||
'--certificate-out', cert_file, csr_file]
|
||||
self.master.run_command(cmd_args)
|
||||
|
||||
# easier to count by pulling the LDAP entry
|
||||
entry = ldap.get_entry(DN(('uid', user), ('cn', 'users'),
|
||||
('cn', 'accounts'), self.master.domain.basedn))
|
||||
|
||||
assert len(entry.get('usercertificate')) == 2
|
||||
|
||||
@pytest.fixture
|
||||
def test_subca_certs(self):
|
||||
"""
|
||||
|
Loading…
Reference in New Issue
Block a user