URL: https://github.com/freeipa/freeipa/pull/2064 Author: mrizwan93 Title: #2064: [Backport][ipa-4-5] Check if issuer DN is updated after self-signed > external-ca Action: opened
PR body: """ This test checks if issuer DN is updated properly after CA is renewed from self-signed to external-ca related ticket: https://pagure.io/freeipa/issue/7316 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Replaced hardcoded issuer CN for external ca with constant Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Reviewed-By: Christian Heimes <chei...@redhat.com> Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2064/head:pr2064 git checkout pr2064
From 047826ee60ce93bf3ba9e1c94cfa7c45e16441c1 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf <myu...@redhat.com> Date: Tue, 19 Jun 2018 23:12:02 +0530 Subject: [PATCH] Check if issuer DN is updated after self-signed > external-ca This test checks if issuer DN is updated properly after CA is renewed from self-signed to external-ca related ticket: https://pagure.io/freeipa/issue/7316 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Replaced hardcoded issuer CN for external ca with constant Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> Reviewed-By: Christian Heimes <chei...@redhat.com> Reviewed-By: Florence Blanc-Renaud <fren...@redhat.com> --- ipatests/pytest_plugins/integration/create_external_ca.py | 7 ++++++- ipatests/test_integration/test_external_ca.py | 12 +++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/ipatests/pytest_plugins/integration/create_external_ca.py b/ipatests/pytest_plugins/integration/create_external_ca.py index dc4ef048cc..e26376303d 100644 --- a/ipatests/pytest_plugins/integration/create_external_ca.py +++ b/ipatests/pytest_plugins/integration/create_external_ca.py @@ -25,12 +25,17 @@ import datetime import six +ISSUER_CN = 'example.test' class ExternalCA(object): """ Provide external CA for testing """ - def create_ca(self, cn='example.test'): + def __init__(self, days=365): + self.now = datetime.datetime.utcnow() + self.delta = datetime.timedelta(days=days) + + def create_ca(self, cn=ISSUER_CN): """Create root CA. :returns: bytes -- Root CA in PEM format. diff --git a/ipatests/test_integration/test_external_ca.py b/ipatests/test_integration/test_external_ca.py index a7254ca655..3fecaebb12 100644 --- a/ipatests/test_integration/test_external_ca.py +++ b/ipatests/test_integration/test_external_ca.py @@ -23,6 +23,7 @@ from ipaplatform.paths import paths from itertools import chain, repeat +from ipatests.create_external_ca import ExternalCA, ISSUER_CN IPA_CA = 'ipa_ca.crt' ROOT_CA = 'root_ca.crt' @@ -32,7 +33,7 @@ def check_CA_flag(host, nssdb=paths.PKI_TOMCAT_ALIAS_DIR, - cn='example.test'): + cn=ISSUER_CN): """ Check if external CA (by default 'example.test' in our test env) has CA flag in nssdb. @@ -161,6 +162,15 @@ def test_switch_to_external_ca(self): result = check_CA_flag(self.master) assert bool(result), ('External CA does not have "C" flag') + def test_issuerDN_after_renew_to_external(self): + """ Check if issuer DN is updated after self-signed > external-ca + + This test checks if issuer DN is updated properly after CA is + renewed from self-signed to external-ca + """ + result = self.master.run_command(['ipa', 'ca-show', 'ipa']) + assert "Issuer DN: CN={}".format(ISSUER_CN) in result.stdout_text + def test_switch_back_to_self_signed(self): # for journalctl --since
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/J3TRWOLE4K36ITED7PXJVHZI2IVKCVZ3/
