URL: https://github.com/freeipa/freeipa/pull/2422 Author: mrizwan93 Title: #2422: Test KRA installtion after ca agent cert renewal Action: opened
PR body: """ KRA installtion was failing after ca-agent cert gets renewed. This test check if the syptoms no longer exists. related ticket: https://pagure.io/freeipa/issue/7288 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2422/head:pr2422 git checkout pr2422
From 7ad41ce88f6356ead3afe1538fecbce59ecb57b1 Mon Sep 17 00:00:00 2001 From: Mohammad Rizwan Yusuf <myu...@redhat.com> Date: Wed, 3 Oct 2018 20:20:11 +0530 Subject: [PATCH] Test KRA installtion after ca agent cert renewal KRA installtion was failing after ca-agent cert gets renewed. This test check if the syptoms no longer exists. related ticket: https://pagure.io/freeipa/issue/7288 Signed-off-by: Mohammad Rizwan Yusuf <myu...@redhat.com> --- .../test_integration/test_installation.py | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/ipatests/test_integration/test_installation.py b/ipatests/test_integration/test_installation.py index a256767d22..39bf2726b0 100644 --- a/ipatests/test_integration/test_installation.py +++ b/ipatests/test_integration/test_installation.py @@ -10,6 +10,8 @@ from __future__ import absolute_import import os +from OpenSSL import crypto +from datetime import datetime, timedelta import pytest from ipalib.constants import DOMAIN_LEVEL_0 from ipaplatform.constants import constants @@ -479,3 +481,51 @@ def test_reserved_ip_as_forwarder(self): exp_str = ("Invalid IP Address 0.0.0.0: cannot use IANA reserved " "IP address 0.0.0.0") assert exp_str in cmd.stdout_text + + +class TestKRAinstallAfterCertRenew(IntegrationTest): + """ Test KRA installtion after ca agent cert renewal + + KRA installtion was failing after ca-agent cert gets renewed. + This test check if the syptoms no longer exists. + + related ticket: https://pagure.io/freeipa/issue/7288 + """ + + def test_KRA_install_after_cert_renew(self): + + tasks.install_master(self.master) + + # get ca-agent cert contents + p12_content = self.master.get_file_contents(paths.DOGTAG_ADMIN_P12) + admin_pass = self.master.config.admin_password + + # convert cert to pem format + p12 = crypto.load_pkcs12(p12_content, admin_pass) + cert = crypto.dump_certificate(crypto.FILETYPE_PEM, + p12.get_certificate()) + + # get expiry date of agent cert + x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert) + cert_expiry = x509.get_notAfter() + + # remove the 'Z' from the date string + cert_expiry = cert_expiry[:-1].decode('utf-8') + py_date_obj = datetime.strptime(cert_expiry, "%Y%m%d%H%M%S") + + # move date to grace period so that certs get renewed + grace_date = py_date_obj - timedelta(days=20) + grace_date = datetime.strftime(grace_date, "%Y-%m-%d %H:%M:%S") + self.master.run_command(['date', '-s', grace_date]) + + # check if all certs renewed + count = 0 + while (count != 9): + cmd = self.master.run_command(['getcert', 'list']) + count = cmd.stdout_text.count('status: MONITORING') + + cert_expiry = datetime.strftime(py_date_obj, "%Y-%m-%d %H:%M:%S") + self.master.run_command(['date', '-s', cert_expiry]) + + dm_pass = self.master.config.dirman_password + cmd = self.master.run_command(['ipa-kra-install', '-p', dm_pass])
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
