Hi, OTP token tests do not properly reinitialize the NSS db, thus making subsequent xmlrpc tests fail on SSL cert validation.
Make sure NSS db is re-initalized in the teardown method. https://fedorahosted.org/freeipa/ticket/4748 Note for reviewers: Requires Petr^3's pytest patchset, which I am pushing right now. -- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org
>From 07c02e33035d79c273f6d65a598a59114ba5b23d Mon Sep 17 00:00:00 2001 From: Tomas Babej <tba...@redhat.com> Date: Thu, 20 Nov 2014 18:37:57 +0100 Subject: [PATCH] Re-initialize NSS database after otptoken plugin tests OTP token tests do not properly reinitialize the NSS db, thus making subsequent xmlrpc tests fail on SSL cert validation. Make sure NSS db is re-initalized in the teardown method. https://fedorahosted.org/freeipa/ticket/4748 --- ipalib/x509.py | 31 ++++++++++++++++--------- ipatests/test_ipaserver/test_otptoken_import.py | 5 ++++ 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/ipalib/x509.py b/ipalib/x509.py index 88ea415bf2b27760ac478d5d415356d30f6852f8..a87dbf4130c60b1b1daf8bbb2ffb81c208f2529c 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -89,19 +89,12 @@ def strip_header(pem): return pem -def load_certificate(data, datatype=PEM, dbdir=None): +def initialize_nss_database(dbdir=None): """ - Given a base64-encoded certificate, with or without the - header/footer, return a request object. - - Returns a nss.Certificate type + Initializes NSS database, if not initialized yet. Uses a proper database + directory (.ipa/alias or HTTPD_ALIAS_DIR), depending on the value of + api.env.in_tree. """ - if type(data) in (tuple, list): - data = data[0] - - if (datatype == PEM): - data = strip_header(data) - data = base64.b64decode(data) if not nss.nss_is_initialized(): if dbdir is None: @@ -116,6 +109,22 @@ def load_certificate(data, datatype=PEM, dbdir=None): else: nss.nss_init(dbdir) +def load_certificate(data, datatype=PEM, dbdir=None): + """ + Given a base64-encoded certificate, with or without the + header/footer, return a request object. + + Returns a nss.Certificate type + """ + if type(data) in (tuple, list): + data = data[0] + + if (datatype == PEM): + data = strip_header(data) + data = base64.b64decode(data) + + initialize_nss_database(dbdir=dbdir) + return nss.Certificate(buffer(data)) def load_certificate_from_file(filename, dbdir=None): diff --git a/ipatests/test_ipaserver/test_otptoken_import.py b/ipatests/test_ipaserver/test_otptoken_import.py index 7ee0754da567087eec2e494ce076fff32c6ae14c..84df0e2a6e5858275a279f4dc10557495e635459 100644 --- a/ipatests/test_ipaserver/test_otptoken_import.py +++ b/ipatests/test_ipaserver/test_otptoken_import.py @@ -21,12 +21,17 @@ import os import sys import nose from nss import nss +from ipalib.x509 import initialize_nss_database from ipaserver.install.ipa_otptoken_import import PSKCDocument, ValidationError basename = os.path.join(os.path.dirname(__file__), "data") class test_otptoken_import(object): + + def teardown(self): + initialize_nss_database() + def test_figure3(self): doc = PSKCDocument(os.path.join(basename, "pskc-figure3.xml")) assert doc.keyname is None -- 1.9.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
