ipatests: Test IPACertNSSTrust check when trust attributes is modified for specific cert

This test modifies the trust attribute of Server-Cert and checks that healthcheck tool reports correct status Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-07-24 18:44:31 +05:30 · 2020-07-24 18:44:31 +05:30 · bb2dfbbf0b
commit bb2dfbbf0b
parent 8f6502db03
1 changed files with 50 additions and 1 deletions
--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
@ -723,7 +723,7 @@ class TestIpaHealthCheck(IntegrationTest):
        errors = re.findall("ERROR: .*: not running", output)
        assert len(errors) == len(output.split('\n'))

-    @pytest.fixture()
+    @pytest.fixture
    def move_ipa_ca_crt(self):
        """
        Fixture to move ipa_ca_crt and revert
@ -760,6 +760,55 @@ class TestIpaHealthCheck(IntegrationTest):
            assert check["kw"]["error"] == error_text
            assert check["kw"]["msg"] == msg_text

+    @pytest.fixture
+    def modify_cert_trust_attr(self):
+        """
+        Fixture to modify trust attribute for Server-cert and
+        revert the change.
+        """
+        self.master.run_command(
+            [
+                "certutil",
+                "-M",
+                "-d", paths.PKI_TOMCAT_ALIAS_DIR,
+                "-n", "Server-Cert cert-pki-ca",
+                "-t", "CTu,u,u",
+                "-f", paths.PKI_TOMCAT_ALIAS_PWDFILE_TXT,
+            ]
+        )
+        yield
+        self.master.run_command(
+            [
+                "certutil",
+                "-M",
+                "-d", paths.PKI_TOMCAT_ALIAS_DIR,
+                "-n", "Server-Cert cert-pki-ca",
+                "-t", "u,u,u",
+                "-f", paths.PKI_TOMCAT_ALIAS_PWDFILE_TXT,
+            ]
+        )
+
+    def test_ipacertnsstrust_check(self, modify_cert_trust_attr):
+        """
+        Test for IPACertNSSTrust when trust attribute is modified
+        for Server-Cert
+        """
+        error_msg = (
+            "Incorrect NSS trust for {nickname} in {dbdir}. "
+            "Got {got} expected {expected}."
+        )
+        returncode, data = run_healthcheck(
+            self.master, "ipahealthcheck.ipa.certs", "IPACertNSSTrust",
+        )
+        assert returncode == 1
+        for check in data:
+            if check["kw"]["key"] == "Server-Cert cert-pki-ca":
+                assert check["result"] == "ERROR"
+                assert check["kw"]["expected"] == "u,u,u"
+                assert check["kw"]["got"] == "CTu,u,u"
+                assert check["kw"]["dbdir"] == paths.PKI_TOMCAT_ALIAS_DIR
+                assert check["kw"]["msg"] == error_msg
+
    def test_ipa_healthcheck_remove(self):
        """
        This testcase checks the removal of of healthcheck tool