mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
bdc3e3c58c
Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Michal Reznik <mreznik@redhat.com>
530 lines
18 KiB
Python
530 lines
18 KiB
Python
# Authors:
|
|
# Petr Vobornik <pvoborni@redhat.com>
|
|
#
|
|
# Copyright (C) 2013 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
"""
|
|
Cert tests
|
|
"""
|
|
|
|
from ipatests.test_webui.ui_driver import UI_driver
|
|
from ipatests.test_webui.ui_driver import screenshot
|
|
from datetime import date, timedelta
|
|
import pytest
|
|
|
|
ENTITY = 'cert'
|
|
|
|
CERT_CSR = ("""-----BEGIN NEW CERTIFICATE REQUEST-----
|
|
MIICcjCCAVoCAQAwLTERMA8GA1UEChMISVBBLlRFU1QxGDAWBgNVBAMTD21hc3Rl
|
|
ci5pcGEudGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9xZ/OT
|
|
PC9vlwP78ACCYTOGy8C+Ho4OUF4p4PYPkns4Zdov6N/f0MlUcxY7cpAlKlAZT53b
|
|
OphSKamc7nlNgUAzV1S6JTm1YXiTzG6mAOWWK/i3O25rNfiz0D+srlqS0ADsGPwG
|
|
4vxuWJYwUEKcV4YgCYCJj78dD+yxoz5anVrNosN4tVGg6jfaPI9uu1T+FhsNM/AC
|
|
EN7pa50bgeV7iBZs/pdZEXEsk18NO4W55yPAKQp5JFCL6eeBJcHTU/IuEb/YPCSr
|
|
e873Iwzw4ZqW8dHbE10Za3VzdKPDUbtJp93rvU6imRavvifIAa3GgBuLYbpEXXcG
|
|
B6MLHdWOApwPBoMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQClXDGZoGUSetZP
|
|
lwx//vSN6P6y30dpiHDQiY4hCLYplpoB7V6wXXVMyuKpJjRMQ2mSdyuFge14Lvwr
|
|
y1pE8Vg0+D99PW09tGTp54egPCKeyXptJ/1xi/Quo70OfSSI01vSczMDGTa4OfAB
|
|
VPzE2xey1qL0a0UHqwBaSqnt6D0Xmid79YP0XkVEqZeHZvprtXzeA4dNc1GrZrjb
|
|
7bazcPXbd7PXQaEFvmhqbDMFvu3xMBm5HJd4WkYKvBFDw4NHfT6jw/yRZXkWwJ/F
|
|
EI0h2e9yxrSKgOEpWmeCdETZhMCljx5C2rLNqLAWJIJQ293UuVRCg4Rn6fdIefhF
|
|
yKHlBerZ
|
|
-----END NEW CERTIFICATE REQUEST-----""")
|
|
|
|
ERR_SPACE = "invalid '{}': Leading and trailing spaces are not allowed"
|
|
ERR_MUST_INTEGER = "invalid '{}': must be an integer"
|
|
LEAST_SERIAL = "invalid '{}': must be at least 0"
|
|
INV_DATE = ("invalid '{}': does not match any of accepted formats: "
|
|
"%Y%m%d%H%M%SZ, %Y-%m-%dT%H:%M:%SZ, %Y-%m-%dT%H:%MZ, "
|
|
"%Y-%m-%dZ, %Y-%m-%d %H:%M:%SZ, %Y-%m-%d %H:%MZ")
|
|
|
|
|
|
def search_pkey(self, pkey):
|
|
search_field_s = '.search-filter input[name=filter]'
|
|
self.fill_text(search_field_s, pkey)
|
|
self.action_button_click('find', parent=None)
|
|
self.wait_for_request(n=2)
|
|
|
|
|
|
def add_cert(self, principal, csr):
|
|
self.facet_button_click('request_cert')
|
|
self.fill_textbox('principal', principal)
|
|
self.check_option('add', 'checked')
|
|
self.fill_textarea('csr', csr)
|
|
self.dialog_button_click('issue')
|
|
self.assert_notification(assert_text='Certificate requested')
|
|
self.navigate_to_entity(ENTITY)
|
|
rows = self.get_rows()
|
|
return rows[-1]
|
|
|
|
|
|
def revoke_cert(self, record, reason):
|
|
self.navigate_to_entity(ENTITY)
|
|
self.navigate_to_row_record(record)
|
|
self.action_list_action('revoke_cert', False)
|
|
self.select('select[name=revocation_reason]', reason)
|
|
self.dialog_button_click('ok')
|
|
|
|
|
|
def check_option_negative(self, date, option):
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', option)
|
|
search_pkey(self, date)
|
|
self.assert_last_error_dialog(INV_DATE.format(option))
|
|
self.close_all_dialogs()
|
|
|
|
|
|
def check_space_error(self, string, option):
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', option)
|
|
search_pkey(self, string)
|
|
self.assert_last_error_dialog(ERR_SPACE.format(option))
|
|
self.close_all_dialogs()
|
|
|
|
|
|
def check_integer(self, string, option):
|
|
"""
|
|
Method to check if provided value is integer.
|
|
If not check for error dialog
|
|
"""
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', option)
|
|
search_pkey(self, string)
|
|
self.assert_last_error_dialog(ERR_MUST_INTEGER.format(option))
|
|
self.close_all_dialogs()
|
|
|
|
|
|
def check_minimum_serial(self, serial, option):
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', option)
|
|
search_pkey(self, serial)
|
|
self.assert_last_error_dialog(LEAST_SERIAL.format(option))
|
|
self.close_all_dialogs()
|
|
|
|
|
|
@pytest.mark.tier1
|
|
class test_cert(UI_driver):
|
|
|
|
def setup(self, *args, **kwargs):
|
|
super(test_cert, self).setup(*args, **kwargs)
|
|
|
|
if not self.has_ca():
|
|
self.skip('CA not configured')
|
|
|
|
@screenshot
|
|
def test_read(self):
|
|
"""
|
|
Basic read: cert
|
|
|
|
Certs don't have standard mod, add and delete methods.
|
|
"""
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
rows = self.get_rows()
|
|
self.navigate_to_row_record(rows[0])
|
|
self.navigate_by_breadcrumb("Certificates")
|
|
|
|
@screenshot
|
|
def test_search_subject(self):
|
|
"""
|
|
Try to search certificate by subject
|
|
"""
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'subject')
|
|
search_pkey(self, 'Certificate Authority')
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try to search non-existent subject
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'subject')
|
|
search_pkey(self, 'nonexistent')
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search subject with speacial char
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'subject')
|
|
search_pkey(self, '<,>.?/')
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search subject with leading space
|
|
check_space_error(self, ' Certificate Authority', 'subject')
|
|
|
|
# try to search subject with trailing space
|
|
check_space_error(self, 'Certificate Authority ', 'subject')
|
|
|
|
@screenshot
|
|
def test_search_revocation_reason(self):
|
|
"""
|
|
Try to search certificates by revocation reason
|
|
"""
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
|
|
# add a new cert
|
|
hostname = self.config.get('ipa_server')
|
|
record = add_cert(self, 'HTTP/{}'.format(hostname), CERT_CSR)
|
|
|
|
# revoke added cert
|
|
revoke_cert(self, record, '1')
|
|
|
|
# search cert by revocation reason
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'revocation_reason')
|
|
search_pkey(self, '1')
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# search cert by string.
|
|
check_integer(self, 'nonexistent', 'revocation_reason')
|
|
|
|
# search cert by special char
|
|
check_integer(self, '<,>.?/', 'revocation_reason')
|
|
|
|
# search revocation reason negative Number.
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'revocation_reason')
|
|
search_pkey(self, '-1')
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# valid revocation reason can be value from 0 to 10
|
|
# try revocation reason as other than valid value
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'revocation_reason')
|
|
search_pkey(self, '11')
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
@screenshot
|
|
def test_search_minimum_serial(self):
|
|
"""
|
|
Try to search cert using minimum serial number option
|
|
"""
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'min_serial_number')
|
|
search_pkey(self, '1')
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try search using string
|
|
check_integer(self, 'nonexistent', 'min_serial_number')
|
|
|
|
# try searching using -1
|
|
check_minimum_serial(self, '-1', 'min_serial_number')
|
|
|
|
# try using higher value than no. of certs present
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'min_serial_number')
|
|
search_pkey(self, '99')
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
@screenshot
|
|
def test_search_maximum_serial(self):
|
|
"""
|
|
Try to search cert using maximum serial number option
|
|
"""
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'max_serial_number')
|
|
search_pkey(self, '2')
|
|
rows = self.get_rows()
|
|
assert len(rows) == 2
|
|
|
|
# try to search using string
|
|
check_integer(self, 'nonexisting', 'max_serial_number')
|
|
|
|
# try to search using -1
|
|
check_minimum_serial(self, '-1', 'max_serial_number')
|
|
|
|
@screenshot
|
|
def test_search_valid_not_after_from(self):
|
|
"""
|
|
Try to search cert using valid not after from option
|
|
"""
|
|
today = date.today()
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'validnotafter_from')
|
|
search_pkey(self, str(today))
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try to search with string
|
|
check_option_negative(self, 'nonexistent', 'validnotafter_from')
|
|
|
|
# try to search using invalid date
|
|
check_option_negative(self, '2018-02-30', 'validnotafter_from')
|
|
|
|
# try to search using date beyond
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'validnotafter_from')
|
|
search_pkey(self, str(today + timedelta(weeks=52 * 30)))
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search using leading space
|
|
check_option_negative(self,
|
|
' {}'.format(str(today)),
|
|
'validnotafter_from')
|
|
|
|
# try to search trailing space
|
|
check_option_negative(self,
|
|
'{} '.format(str(today)),
|
|
'validnotafter_from')
|
|
|
|
@screenshot
|
|
def test_search_valid_not_after_to(self):
|
|
"""
|
|
Try to search cert using valid not after to option
|
|
"""
|
|
today = date.today()
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'validnotafter_to')
|
|
search_pkey(self, str(today + timedelta(weeks=52 * 30)))
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try to search with string
|
|
check_option_negative(self, 'nonexistent', 'validnotafter_to')
|
|
|
|
# try to search using invalid date
|
|
check_option_negative(self, '2018-02-30', 'validnotafter_to')
|
|
|
|
# try to search using date ago
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'validnotafter_to')
|
|
search_pkey(self, str(today - timedelta(weeks=52 * 10)))
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search with leading space
|
|
check_option_negative(self,
|
|
' {}'.format(str(today)),
|
|
'validnotafter_to')
|
|
|
|
# try to search with trailing space
|
|
check_option_negative(self,
|
|
'{} '.format(str(today)),
|
|
'validnotafter_to')
|
|
|
|
@screenshot
|
|
def test_search_valid_not_before_from(self):
|
|
"""
|
|
Try to search cert using valid not before from option
|
|
"""
|
|
today = date.today()
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'validnotbefore_from')
|
|
search_pkey(self, str(today))
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try to search with string
|
|
check_option_negative(self, 'nonexistent', 'validnotafter_from')
|
|
|
|
# try to search using invalid date
|
|
check_option_negative(self, '2018-02-30', 'validnotafter_from')
|
|
|
|
# try to search using current beyond
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'validnotbefore_from')
|
|
search_pkey(self, str(today + timedelta(weeks=52 * 30)))
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search with leading space
|
|
check_option_negative(self,
|
|
' {}'.format(str(today)),
|
|
'validnotafter_from')
|
|
|
|
# try to search with trailing space
|
|
check_option_negative(self,
|
|
'{} '.format(str(today)),
|
|
'validnotafter_from')
|
|
|
|
@screenshot
|
|
def test_search_valid_not_before_to(self):
|
|
"""
|
|
Try to search cert using valid not before to option
|
|
"""
|
|
today = date.today()
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'validnotbefore_to')
|
|
search_pkey(self, str(today + timedelta(weeks=52 * 30)))
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try to search with string
|
|
check_option_negative(self, 'nonexistent', 'validnotafter_from')
|
|
|
|
# try to search using invalid date
|
|
check_option_negative(self, '2018-02-30', 'validnotafter_from')
|
|
|
|
# try to search using date ago
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'validnotbefore_to')
|
|
search_pkey(self, str(today - timedelta(weeks=52 * 10)))
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search with leading space
|
|
check_option_negative(self,
|
|
' {}'.format(str(today)),
|
|
'validnotafter_from')
|
|
|
|
# try to search with trailing space
|
|
check_option_negative(self,
|
|
'{} '.format(str(today)),
|
|
'validnotafter_from')
|
|
|
|
@screenshot
|
|
def test_search_issued_on_from(self):
|
|
"""
|
|
Try to search cert using issued on from option
|
|
"""
|
|
today = date.today()
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'issuedon_from')
|
|
search_pkey(self, str(today))
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try to search with string
|
|
check_option_negative(self, 'nonexistent', 'issuedon_from')
|
|
|
|
# try to search using invalid date
|
|
check_option_negative(self, '2018-02-30', 'issuedon_from')
|
|
|
|
# try to search using date beyond
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'issuedon_from')
|
|
search_pkey(self, str(today + timedelta(weeks=52 * 30)))
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search with leading space
|
|
check_option_negative(self, ' {}'.format(str(today)), 'issuedon_from')
|
|
|
|
# try to search with trailing space
|
|
check_option_negative(self, '{} '.format(str(today)), 'issuedon_from')
|
|
|
|
@screenshot
|
|
def test_search_issued_on_to(self):
|
|
"""
|
|
Try to search cert using issued on to option
|
|
"""
|
|
today = date.today()
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'issuedon_to')
|
|
search_pkey(self, str(today))
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try to search with string
|
|
check_option_negative(self, 'nonexistent', 'issuedon_to')
|
|
|
|
# try to search using invalid date
|
|
check_option_negative(self, '2018-02-30', 'issuedon_to')
|
|
|
|
# try to search using date ago
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'issuedon_to')
|
|
search_pkey(self, str(today - timedelta(weeks=52 * 10)))
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search with leading space
|
|
check_option_negative(self, ' {}'.format(str(today)), 'issuedon_to')
|
|
|
|
# try to search with trailing space
|
|
check_option_negative(self, '{} '.format(str(today)), 'issuedon_to')
|
|
|
|
@screenshot
|
|
def test_search_revoked_on_from(self):
|
|
"""
|
|
Try to search cert using revoked on from option
|
|
"""
|
|
today = date.today()
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'revokedon_from')
|
|
search_pkey(self, str(today))
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try to search with string
|
|
check_option_negative(self, 'nonexistent', 'revokedon_from')
|
|
|
|
# try to search using invalid date
|
|
check_option_negative(self, '2018-02-30', 'revokedon_from')
|
|
|
|
# try to search using date beyond
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'revokedon_from')
|
|
search_pkey(self, str(today + timedelta(weeks=52 * 30)))
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search with leading space
|
|
check_option_negative(self, ' {}'.format(str(today)), 'revokedon_from')
|
|
|
|
# try to search with trailing space
|
|
check_option_negative(self, '{} '.format(str(today)), 'revokedon_from')
|
|
|
|
@screenshot
|
|
def test_search_revoked_on_to(self):
|
|
"""
|
|
Try to search cert using revoked on to option
|
|
"""
|
|
today = date.today()
|
|
self.init_app()
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'revokedon_to')
|
|
search_pkey(self, str(today))
|
|
rows = self.get_rows()
|
|
assert len(rows) != 0
|
|
|
|
# try to search with string
|
|
check_option_negative(self, 'nonexistent', 'revokedon_to')
|
|
|
|
# try to search using invalid date
|
|
check_option_negative(self, '2018-02-30', 'revokedon_to')
|
|
|
|
# try to search using date ago
|
|
self.navigate_to_entity(ENTITY)
|
|
self.select('select[name=search_option]', 'revokedon_to')
|
|
search_pkey(self, str(today - timedelta(weeks=52 * 10)))
|
|
rows = self.get_rows()
|
|
assert len(rows) == 0
|
|
|
|
# try to search with leading space
|
|
check_option_negative(self, ' {}'.format(str(today)), 'revokedon_to')
|
|
|
|
# try to search with trailing space
|
|
check_option_negative(self, '{} '.format(str(today)), 'revokedon_to')
|