Re: [Freeipa-devel] [PATCH 0287] Re-initialize NSS database after otptoken plugin tests
On 11/27/2014 12:56 PM, Tomas Babej wrote: On 11/26/2014 01:10 PM, Petr Viktorin wrote: On 11/21/2014 11:47 AM, Tomas Babej wrote: Hi, OTP token tests do not properly reinitialize the NSS db, thus making subsequent xmlrpc tests fail on SSL cert validation. Make sure NSS db is re-initalized in the teardown method. https://fedorahosted.org/freeipa/ticket/4748 Note for reviewers: Requires Petr^3's pytest patchset, which I am pushing right now. Thank you! ACK, pushed to master: 792ff0c0c40ddd1583c6789c8f34382c050d3e92 Also sending rebased version for 4-1 branch. ACK Pushed to ipa-4-1: 7215f7e2215b485daac7dc5d54478752b682181b -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0287] Re-initialize NSS database after otptoken plugin tests
On 11/26/2014 01:10 PM, Petr Viktorin wrote: > On 11/21/2014 11:47 AM, Tomas Babej wrote: >> Hi, >> >> OTP token tests do not properly reinitialize the NSS db, thus >> making subsequent xmlrpc tests fail on SSL cert validation. >> >> Make sure NSS db is re-initalized in the teardown method. >> >> https://fedorahosted.org/freeipa/ticket/4748 >> >> Note for reviewers: Requires Petr^3's pytest patchset, which I am >> pushing right now. >> > > Thank you! > ACK, pushed to master: 792ff0c0c40ddd1583c6789c8f34382c050d3e92 > > Also sending rebased version for 4-1 branch. -- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org >From 48c79d08668712a33f1803d9a23065e16b179d82 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 20 Nov 2014 18:37:57 +0100 Subject: [PATCH] Re-initialize NSS database after otptoken plugin tests OTP token tests do not properly reinitialize the NSS db, thus making subsequent xmlrpc tests fail on SSL cert validation. Make sure NSS db is re-initalized in the teardown method. https://fedorahosted.org/freeipa/ticket/4748 --- ipalib/x509.py | 31 - ipatests/test_ipaserver/test_otptoken_import.py | 5 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/ipalib/x509.py b/ipalib/x509.py index 88ea415bf2b27760ac478d5d415356d30f6852f8..a87dbf4130c60b1b1daf8bbb2ffb81c208f2529c 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -89,19 +89,12 @@ def strip_header(pem): return pem -def load_certificate(data, datatype=PEM, dbdir=None): +def initialize_nss_database(dbdir=None): """ -Given a base64-encoded certificate, with or without the -header/footer, return a request object. - -Returns a nss.Certificate type +Initializes NSS database, if not initialized yet. Uses a proper database +directory (.ipa/alias or HTTPD_ALIAS_DIR), depending on the value of +api.env.in_tree. """ -if type(data) in (tuple, list): -data = data[0] - -if (datatype == PEM): -data = strip_header(data) -data = base64.b64decode(data) if not nss.nss_is_initialized(): if dbdir is None: @@ -116,6 +109,22 @@ def load_certificate(data, datatype=PEM, dbdir=None): else: nss.nss_init(dbdir) +def load_certificate(data, datatype=PEM, dbdir=None): +""" +Given a base64-encoded certificate, with or without the +header/footer, return a request object. + +Returns a nss.Certificate type +""" +if type(data) in (tuple, list): +data = data[0] + +if (datatype == PEM): +data = strip_header(data) +data = base64.b64decode(data) + +initialize_nss_database(dbdir=dbdir) + return nss.Certificate(buffer(data)) def load_certificate_from_file(filename, dbdir=None): diff --git a/ipatests/test_ipaserver/test_otptoken_import.py b/ipatests/test_ipaserver/test_otptoken_import.py index 7ee0754da567087eec2e494ce076fff32c6ae14c..9e463466cd133fc2174d1f713b044c99f49a30bb 100644 --- a/ipatests/test_ipaserver/test_otptoken_import.py +++ b/ipatests/test_ipaserver/test_otptoken_import.py @@ -21,12 +21,17 @@ import os import sys import nose from nss import nss +from ipalib.x509 import initialize_nss_database from ipaserver.install.ipa_otptoken_import import PSKCDocument, ValidationError basename = os.path.join(os.path.dirname(__file__), "data") class test_otptoken_import(object): + +def tearDown(self): +initialize_nss_database() + def test_figure3(self): doc = PSKCDocument(os.path.join(basename, "pskc-figure3.xml")) assert doc.keyname is None -- 1.9.3 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0287] Re-initialize NSS database after otptoken plugin tests
On 11/21/2014 11:47 AM, Tomas Babej wrote: Hi, OTP token tests do not properly reinitialize the NSS db, thus making subsequent xmlrpc tests fail on SSL cert validation. Make sure NSS db is re-initalized in the teardown method. https://fedorahosted.org/freeipa/ticket/4748 Note for reviewers: Requires Petr^3's pytest patchset, which I am pushing right now. Thank you! ACK, pushed to master: 792ff0c0c40ddd1583c6789c8f34382c050d3e92 -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0287] Re-initialize NSS database after otptoken plugin tests
Hi, OTP token tests do not properly reinitialize the NSS db, thus making subsequent xmlrpc tests fail on SSL cert validation. Make sure NSS db is re-initalized in the teardown method. https://fedorahosted.org/freeipa/ticket/4748 Note for reviewers: Requires Petr^3's pytest patchset, which I am pushing right now. -- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org >From 07c02e33035d79c273f6d65a598a59114ba5b23d Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 20 Nov 2014 18:37:57 +0100 Subject: [PATCH] Re-initialize NSS database after otptoken plugin tests OTP token tests do not properly reinitialize the NSS db, thus making subsequent xmlrpc tests fail on SSL cert validation. Make sure NSS db is re-initalized in the teardown method. https://fedorahosted.org/freeipa/ticket/4748 --- ipalib/x509.py | 31 - ipatests/test_ipaserver/test_otptoken_import.py | 5 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/ipalib/x509.py b/ipalib/x509.py index 88ea415bf2b27760ac478d5d415356d30f6852f8..a87dbf4130c60b1b1daf8bbb2ffb81c208f2529c 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -89,19 +89,12 @@ def strip_header(pem): return pem -def load_certificate(data, datatype=PEM, dbdir=None): +def initialize_nss_database(dbdir=None): """ -Given a base64-encoded certificate, with or without the -header/footer, return a request object. - -Returns a nss.Certificate type +Initializes NSS database, if not initialized yet. Uses a proper database +directory (.ipa/alias or HTTPD_ALIAS_DIR), depending on the value of +api.env.in_tree. """ -if type(data) in (tuple, list): -data = data[0] - -if (datatype == PEM): -data = strip_header(data) -data = base64.b64decode(data) if not nss.nss_is_initialized(): if dbdir is None: @@ -116,6 +109,22 @@ def load_certificate(data, datatype=PEM, dbdir=None): else: nss.nss_init(dbdir) +def load_certificate(data, datatype=PEM, dbdir=None): +""" +Given a base64-encoded certificate, with or without the +header/footer, return a request object. + +Returns a nss.Certificate type +""" +if type(data) in (tuple, list): +data = data[0] + +if (datatype == PEM): +data = strip_header(data) +data = base64.b64decode(data) + +initialize_nss_database(dbdir=dbdir) + return nss.Certificate(buffer(data)) def load_certificate_from_file(filename, dbdir=None): diff --git a/ipatests/test_ipaserver/test_otptoken_import.py b/ipatests/test_ipaserver/test_otptoken_import.py index 7ee0754da567087eec2e494ce076fff32c6ae14c..84df0e2a6e5858275a279f4dc10557495e635459 100644 --- a/ipatests/test_ipaserver/test_otptoken_import.py +++ b/ipatests/test_ipaserver/test_otptoken_import.py @@ -21,12 +21,17 @@ import os import sys import nose from nss import nss +from ipalib.x509 import initialize_nss_database from ipaserver.install.ipa_otptoken_import import PSKCDocument, ValidationError basename = os.path.join(os.path.dirname(__file__), "data") class test_otptoken_import(object): + +def teardown(self): +initialize_nss_database() + def test_figure3(self): doc = PSKCDocument(os.path.join(basename, "pskc-figure3.xml")) assert doc.keyname is None -- 1.9.3 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
