mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
0071744929
Prepare CertDB and NSSDatabase to support sqlite DB format. NSSDatabase will automatically detect and use either old DBM or new SQL format. Old databases are not migrated yet. https://pagure.io/freeipa/issue/7049 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
134 lines
4.0 KiB
Python
134 lines
4.0 KiB
Python
import os
|
|
|
|
from ipapython.certdb import NSSDatabase, TRUSTED_PEER_TRUST_FLAGS
|
|
|
|
CERTNICK = 'testcert'
|
|
|
|
|
|
def create_selfsigned(nssdb):
|
|
# create self-signed cert + key
|
|
noisefile = os.path.join(nssdb.secdir, 'noise')
|
|
with open(noisefile, 'wb') as f:
|
|
f.write(os.urandom(64))
|
|
try:
|
|
nssdb.run_certutil([
|
|
'-S', '-x',
|
|
'-z', noisefile,
|
|
'-k', 'rsa', '-g', '2048', '-Z', 'SHA256',
|
|
'-t', 'CTu,Cu,Cu',
|
|
'-s', 'CN=testcert',
|
|
'-n', CERTNICK,
|
|
'-m', '365',
|
|
])
|
|
finally:
|
|
os.unlink(noisefile)
|
|
|
|
|
|
def test_dbm_tmp():
|
|
with NSSDatabase(dbtype='dbm') as nssdb:
|
|
assert nssdb.dbtype == 'dbm'
|
|
|
|
for filename in nssdb.filenames:
|
|
assert not os.path.isfile(filename)
|
|
|
|
nssdb.create_db()
|
|
for filename in nssdb.filenames:
|
|
assert os.path.isfile(filename)
|
|
assert os.path.dirname(filename) == nssdb.secdir
|
|
|
|
assert os.path.basename(nssdb.certdb) == 'cert8.db'
|
|
assert nssdb.certdb in nssdb.filenames
|
|
assert os.path.basename(nssdb.keydb) == 'key3.db'
|
|
assert os.path.basename(nssdb.secmod) == 'secmod.db'
|
|
|
|
|
|
def test_sql_tmp():
|
|
with NSSDatabase(dbtype='sql') as nssdb:
|
|
assert nssdb.dbtype == 'sql'
|
|
|
|
for filename in nssdb.filenames:
|
|
assert not os.path.isfile(filename)
|
|
|
|
nssdb.create_db()
|
|
for filename in nssdb.filenames:
|
|
assert os.path.isfile(filename)
|
|
assert os.path.dirname(filename) == nssdb.secdir
|
|
|
|
assert os.path.basename(nssdb.certdb) == 'cert9.db'
|
|
assert nssdb.certdb in nssdb.filenames
|
|
assert os.path.basename(nssdb.keydb) == 'key4.db'
|
|
assert os.path.basename(nssdb.secmod) == 'pkcs11.txt'
|
|
|
|
|
|
def test_convert_db():
|
|
with NSSDatabase(dbtype='dbm') as nssdb:
|
|
assert nssdb.dbtype == 'dbm'
|
|
|
|
nssdb.create_db()
|
|
|
|
create_selfsigned(nssdb)
|
|
|
|
oldcerts = nssdb.list_certs()
|
|
assert len(oldcerts) == 1
|
|
oldkeys = nssdb.list_keys()
|
|
assert len(oldkeys) == 1
|
|
|
|
nssdb.convert_db()
|
|
|
|
assert nssdb.dbtype == 'sql'
|
|
newcerts = nssdb.list_certs()
|
|
assert len(newcerts) == 1
|
|
assert newcerts == oldcerts
|
|
newkeys = nssdb.list_keys()
|
|
assert len(newkeys) == 1
|
|
assert newkeys == oldkeys
|
|
|
|
for filename in nssdb.filenames:
|
|
assert os.path.isfile(filename)
|
|
assert os.path.dirname(filename) == nssdb.secdir
|
|
|
|
assert os.path.basename(nssdb.certdb) == 'cert9.db'
|
|
assert nssdb.certdb in nssdb.filenames
|
|
assert os.path.basename(nssdb.keydb) == 'key4.db'
|
|
assert os.path.basename(nssdb.secmod) == 'pkcs11.txt'
|
|
|
|
|
|
def test_convert_db_nokey():
|
|
with NSSDatabase(dbtype='dbm') as nssdb:
|
|
assert nssdb.dbtype == 'dbm'
|
|
nssdb.create_db()
|
|
|
|
create_selfsigned(nssdb)
|
|
|
|
assert len(nssdb.list_certs()) == 1
|
|
assert len(nssdb.list_keys()) == 1
|
|
# remove key, readd cert
|
|
cert = nssdb.get_cert(CERTNICK)
|
|
nssdb.run_certutil(['-F', '-n', CERTNICK])
|
|
nssdb.add_cert(cert, CERTNICK, TRUSTED_PEER_TRUST_FLAGS)
|
|
assert len(nssdb.list_keys()) == 0
|
|
oldcerts = nssdb.list_certs()
|
|
assert len(oldcerts) == 1
|
|
|
|
nssdb.convert_db()
|
|
assert nssdb.dbtype == 'sql'
|
|
newcerts = nssdb.list_certs()
|
|
assert len(newcerts) == 1
|
|
assert newcerts == oldcerts
|
|
assert nssdb.get_cert(CERTNICK) == cert
|
|
newkeys = nssdb.list_keys()
|
|
assert newkeys == ()
|
|
|
|
for filename in nssdb.filenames:
|
|
assert os.path.isfile(filename)
|
|
assert os.path.dirname(filename) == nssdb.secdir
|
|
|
|
old = os.path.join(nssdb.secdir, 'cert8.db')
|
|
assert not os.path.isfile(old)
|
|
assert os.path.isfile(old + '.migrated')
|
|
|
|
assert os.path.basename(nssdb.certdb) == 'cert9.db'
|
|
assert nssdb.certdb in nssdb.filenames
|
|
assert os.path.basename(nssdb.keydb) == 'key4.db'
|
|
assert os.path.basename(nssdb.secmod) == 'pkcs11.txt'
|