[Freeipa-devel] [freeipa PR#5001][opened] ipatests: Test certmonger rekey command works fine

Thu, 06 Aug 2020 05:50:05 -0700 

   URL: https://github.com/freeipa/freeipa/pull/5001
Author: mrizwan93
 Title: #5001: ipatests: Test certmonger rekey command works fine
Action: opened

PR body:
"""
Certmonger's rekey command was throwing an error as
unrecognized command. Test is to check if it is working fine.
    
related: https://bugzilla.redhat.com/show_bug.cgi?id=1249165
    
Signed-off-by: Mohammad Rizwan <myu...@redhat.com>

"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5001/head:pr5001
git checkout pr5001

From 3aea605e4bc500c59770183e64e6faee317605d9 Mon Sep 17 00:00:00 2001
From: Sergey Orlov <sor...@redhat.com>
Date: Wed, 5 Aug 2020 16:37:05 +0200
Subject: [PATCH 1/2] Fix password file permission

Invalid permission makes file unreadable by owner if he is not root.

Reviewed-By: Alexander Bokovoy <aboko...@redhat.com>
---
 ipatests/test_integration/test_cert.py | 40 ++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/ipatests/test_integration/test_cert.py b/ipatests/test_integration/test_cert.py
index 865578941c..0bdec34c46 100644
--- a/ipatests/test_integration/test_cert.py
+++ b/ipatests/test_integration/test_cert.py
@@ -9,6 +9,7 @@
 import ipaddress
 import pytest
 import re
+import time
 
 from ipaplatform.paths import paths
 from cryptography import x509
@@ -216,6 +217,45 @@ def test_getcert_list_profile_using_subca(self, test_subca_certs):
             raise AssertionError("certmonger request is "
                                  "in state {}". format(status))
 
+    def test_certmonger_rekey_option(self):
+        """Test certmonger rekey command works fine
+
+        Certmonger's rekey command was throwing an error as
+        unrecognized command. Test is to check if it is working fine.
+
+        related: https://bugzilla.redhat.com/show_bug.cgi?id=1249165
+        """
+        result = self.master.run_command([
+            'ipa-getcert', 'request',
+            '-f', '/etc/pki/tls/certs/test_rekey.pem',
+            '-k', '/etc/pki/tls/private/test.key',
+            '-K', 'test/{}'.format(self.master.hostname)])
+        request_id = re.findall(r'\d+', result.stdout_text)
+        certdata = self.master.get_file_contents(
+            '/etc/pki/tls/certs/test_rekey.pem'
+        )
+        cert = x509.load_pem_x509_certificate(
+            certdata, default_backend()
+        )
+        assert cert.public_key().key_size == 2048
+
+        # rekey with key size 3072
+        self.master.run_command(['getcert', 'rekey',
+                                 '-i', request_id[0],
+                                 '-g', '3072'])
+        time.sleep(60)
+        certdata = self.master.get_file_contents(
+            '/etc/pki/tls/certs/test_rekey.pem'
+        )
+        cert = x509.load_pem_x509_certificate(
+            certdata, default_backend()
+        )
+        # check if rekey command updated the key size
+        assert cert.public_key().key_size == 3072
+
+        self.master.run_command(['getcert', 'stop-tracking'
+                                 '-i', request_id[0]])
+
 
 class TestCertmongerInterruption(IntegrationTest):
     num_replicas = 1

From 72d24dac1f72334f6d8534b68378725dc3426990 Mon Sep 17 00:00:00 2001
From: Mohammad Rizwan <myu...@redhat.com>
Date: Thu, 6 Aug 2020 16:56:45 +0530
Subject: [PATCH 2/2] ipatests: Test certmonger rekey command works fine

Certmonger's rekey command was throwing an error as
unrecognized command. Test is to check if it is working fine.

related: https://bugzilla.redhat.com/show_bug.cgi?id=1249165

Signed-off-by: Mohammad Rizwan <myu...@redhat.com>
---
 ipatests/test_integration/test_cert.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ipatests/test_integration/test_cert.py b/ipatests/test_integration/test_cert.py
index 0bdec34c46..fd478116ab 100644
--- a/ipatests/test_integration/test_cert.py
+++ b/ipatests/test_integration/test_cert.py
@@ -9,7 +9,6 @@
 import ipaddress
 import pytest
 import re
-import time
 
 from ipaplatform.paths import paths
 from cryptography import x509
@@ -231,6 +230,10 @@ def test_certmonger_rekey_option(self):
             '-k', '/etc/pki/tls/private/test.key',
             '-K', 'test/{}'.format(self.master.hostname)])
         request_id = re.findall(r'\d+', result.stdout_text)
+
+        status = tasks.wait_for_request(self.master, request_id[0], 50)
+        assert status == "MONITORING"
+
         certdata = self.master.get_file_contents(
             '/etc/pki/tls/certs/test_rekey.pem'
         )
@@ -243,7 +246,10 @@ def test_certmonger_rekey_option(self):
         self.master.run_command(['getcert', 'rekey',
                                  '-i', request_id[0],
                                  '-g', '3072'])
-        time.sleep(60)
+
+        status = tasks.wait_for_request(self.master, request_id[0], 50)
+        assert status == "MONITORING"
+
         certdata = self.master.get_file_contents(
             '/etc/pki/tls/certs/test_rekey.pem'
         )

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org

Reply via email to