Commit Graph

7 Commits

Author SHA1 Message Date
Mohammad Rizwan
b3d7a70ee0 ipatests: Add PTR record for IP SAN
If PTR record is missing for an IP address then cert request
with SAN option throws an error. This fix is to add the PTR
record so that cert request doesn't throw an error.

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
2020-08-24 10:00:05 +03:00
Mohammad Rizwan
abd0cbfcfd ipatests: Test certmonger rekey command works fine
Certmonger's rekey command was throwing an error as
unrecognized command. Test is to check if it is working fine.

related: https://bugzilla.redhat.com/show_bug.cgi?id=1249165

Signed-off-by: Mohammad Rizwan <myusuf@redhat.com>
Reviewed-By: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-08-19 14:04:43 -04:00
sumenon
04d25dd286 ipatests: Increase timeout value in test_getcert_list_profile_using_subca
test_getcert_list_profile_using_subca test had a timeout value of 50
waiting for the cert to be in MONITORING state, this has now been
replaced with 300, since the certmonger request was in state SUBMITTING
instead of MONITORING causing the test to fail.

Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2020-07-17 16:46:01 +02:00
sumenon
8e05a8a8da ipatests: Tests to check profile is displayed for getcert request.
test_getcert_list_profile
This test checks that the cert request generated using
getcert utility which is placed in /var/lib/certmonger/requests
directory displays profile name and issuer fields

test_getcert_list_profile_using_subca
This test checks that the cert request generated with -X as
subca and -T <profilename> displays correct profilename

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
2020-07-15 10:23:45 +02:00
Sumedh Sidhaye
58ad7b74eb Test to check if Certmonger tracks certs in between reboots/interruptions and while in "CA_WORKING" state
When a resubmit request is submitted an "invalid cookie"
error message is no longer shown

Earlier an "invlaid cookie" error message was shown when getcert list was called.

The fix allows an empty cookie in dogtag-ipa-ca-renew-agent-submit

Pagure Issue: https://pagure.io/freeipa/issue/8164

Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>

Fixup for test to verify that POLL will not error out on cookie

Author:    Rob Crittenden <rcritten@redhat.com>
Date:      Tue Mar 24 15:30:38 2020 -0400

Fixed review comments

Signed-off-by: Sumedh Sidhaye <ssidhaye@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-03-30 15:07:48 -04:00
Christian Heimes
7a9ac1f586 Allow hosts to read DNS records for IP SAN
For SAN IPAddress extension the cert plugin verifies that the IP address
matches the host entry. Certmonger uses the host principal to
authenticate and retrieve certificates. But the host principal did not
have permission to read DNS entries from LDAP.

Allow all hosts to read some entries from active DNS records.

Fixes: https://pagure.io/freeipa/issue/8098
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-03-16 13:04:17 +01:00
Mohammad Rizwan Yusuf
9bcc57d9e0 Test if getcert creates cacert file with -F option
It took longer to create the cacert file in older version.
restarting the certmonger service creates the file at the location
specified by -F option. This fix is to check that cacert file
creates immediately after certificate goes into MONITORING state.

related: https://pagure.io/freeipa/issue/8105

Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-03-11 15:48:42 -04:00