summaryrefslogtreecommitdiffstats
path: root/ipatests/test_integration
diff options
context:
space:
mode:
authorPetr Viktorin <pviktori@redhat.com>2013-10-02 14:05:18 +0200
committerPetr Viktorin <pviktori@redhat.com>2013-10-04 10:27:23 +0200
commit3a4a7458c72bb70673520a546ba463ec7fc94bcf (patch)
tree038020974078c3e5d225544119de5c6f6e973ad0 /ipatests/test_integration
parent194556beb04241d965561cc6bb4d050b5be8879f (diff)
downloadfreeipa-3a4a7458c72bb70673520a546ba463ec7fc94bcf.tar.gz
freeipa-3a4a7458c72bb70673520a546ba463ec7fc94bcf.tar.xz
freeipa-3a4a7458c72bb70673520a546ba463ec7fc94bcf.zip
Add tests for installing with empty PKCS#12 password
Diffstat (limited to 'ipatests/test_integration')
-rw-r--r--ipatests/test_integration/test_caless.py101
1 files changed, 87 insertions, 14 deletions
diff --git a/ipatests/test_integration/test_caless.py b/ipatests/test_integration/test_caless.py
index a326e1eba..158c2efdb 100644
--- a/ipatests/test_integration/test_caless.py
+++ b/ipatests/test_integration/test_caless.py
@@ -163,9 +163,9 @@ class CALessBase(IntegrationTest):
'--forwarder', host.config.dns_forwarder,
]
- if http_pin:
+ if http_pin is not None:
args.extend(['--http_pin', http_pin])
- if dirsrv_pin:
+ if dirsrv_pin is not None:
args.extend(['--dirsrv_pin', dirsrv_pin])
if unattended:
args.extend(['-U'])
@@ -231,9 +231,9 @@ class CALessBase(IntegrationTest):
args.extend(['--http_pkcs12', http_pkcs12])
if dirsrv_pkcs12:
args.extend(['--dirsrv_pkcs12', dirsrv_pkcs12])
- if http_pin:
+ if http_pin is not None:
args.extend(['--http_pin', http_pin])
- if dirsrv_pin:
+ if dirsrv_pin is not None:
args.extend(['--dirsrv_pin', dirsrv_pin])
args.extend([replica.hostname])
@@ -277,14 +277,16 @@ class CALessBase(IntegrationTest):
return replica.run_command(args)
@classmethod
- def export_pkcs12(cls, nickname, filename='server.p12'):
+ def export_pkcs12(cls, nickname, filename='server.p12', password=None):
"""Export a cert as PKCS#12 to the given file"""
+ if password is None:
+ password = cls.cert_password
ipautil.run(['pk12util',
'-o', filename,
'-n', nickname,
'-d', 'nssdb',
'-K', cls.cert_password,
- '-W', cls.cert_password], cwd=cls.cert_dir)
+ '-W', password], cwd=cls.cert_dir)
@classmethod
def get_pem(cls, nickname):
@@ -422,7 +424,7 @@ class TestServerInstall(CALessBase):
with open(self.pem_filename, 'w') as f:
f.write(self.get_pem('ca1'))
- result = self.install_server(http_pin=False)
+ result = self.install_server(http_pin=None)
assert_error(result,
'ipa-server-install: error: You must specify --http_pin '
'with --http_pkcs12')
@@ -434,7 +436,7 @@ class TestServerInstall(CALessBase):
with open(self.pem_filename, 'w') as f:
f.write(self.get_pem('ca1'))
- result = self.install_server(dirsrv_pin=False)
+ result = self.install_server(dirsrv_pin=None)
assert_error(result,
'ipa-server-install: error: You must specify '
'--dirsrv_pin with --dirsrv_pkcs12')
@@ -679,7 +681,7 @@ class TestServerInstall(CALessBase):
stdin_text = get_install_stdin(cert_passwords=[self.cert_password])
- result = self.install_server(http_pin=False, unattended=False,
+ result = self.install_server(http_pin=None, unattended=False,
stdin_text=stdin_text)
assert result.returncode == 0
self.verify_installation()
@@ -695,13 +697,41 @@ class TestServerInstall(CALessBase):
stdin_text = get_install_stdin(cert_passwords=[self.cert_password])
- result = self.install_server(dirsrv_pin=False, unattended=False,
+ result = self.install_server(dirsrv_pin=None, unattended=False,
stdin_text=stdin_text)
assert result.returncode == 0
self.verify_installation()
assert ('Enter server.p12 unlock password:'
in result.stdout_text), result.stdout_text
+ def test_no_http_password(self):
+ "IPA server install with empty HTTP password"
+
+ self.export_pkcs12('ca1/server', filename='http.p12', password='')
+ self.export_pkcs12('ca1/server', filename='dirsrv.p12')
+ with open(self.pem_filename, 'w') as f:
+ f.write(self.get_pem('ca1'))
+
+ result = self.install_server(http_pkcs12='http.p12',
+ dirsrv_pkcs12='dirsrv.p12',
+ http_pin='')
+ assert result.returncode == 0
+ self.verify_installation()
+
+ def test_no_ds_password(self):
+ "IPA server install with empty DS password"
+
+ self.export_pkcs12('ca1/server', filename='http.p12')
+ self.export_pkcs12('ca1/server', filename='dirsrv.p12', password='')
+ with open(self.pem_filename, 'w') as f:
+ f.write(self.get_pem('ca1'))
+
+ result = self.install_server(http_pkcs12='http.p12',
+ dirsrv_pkcs12='dirsrv.p12',
+ dirsrv_pin='')
+ assert result.returncode == 0
+ self.verify_installation()
+
class TestReplicaInstall(CALessBase):
num_replicas = 1
@@ -1006,7 +1036,7 @@ class TestReplicaInstall(CALessBase):
stdin_text = get_replica_prepare_stdin(
cert_passwords=[self.cert_password])
- result = self.prepare_replica(http_pin=False, unattended=False,
+ result = self.prepare_replica(http_pin=None, unattended=False,
stdin_text=stdin_text)
assert result.returncode == 0
@@ -1023,7 +1053,7 @@ class TestReplicaInstall(CALessBase):
stdin_text = get_replica_prepare_stdin(
cert_passwords=[self.cert_password])
- result = self.prepare_replica(dirsrv_pin=False, unattended=False,
+ result = self.prepare_replica(dirsrv_pin=None, unattended=False,
stdin_text=stdin_text)
assert result.returncode == 0
@@ -1032,6 +1062,36 @@ class TestReplicaInstall(CALessBase):
self.verify_installation()
+ def test_no_http_password(self):
+ "IPA replica install with empty HTTP password"
+
+ self.export_pkcs12('ca1/replica', filename='http.p12', password='')
+ self.export_pkcs12('ca1/replica', filename='dirsrv.p12')
+
+ result = self.prepare_replica(http_pkcs12='http.p12',
+ dirsrv_pkcs12='dirsrv.p12',
+ http_pin='')
+ assert result.returncode == 0
+
+ result = self.install_replica()
+ assert result.returncode == 0
+
+ self.verify_installation()
+
+ def test_no_ds_password(self):
+ "IPA replica install with empty DS password"
+
+ self.export_pkcs12('ca1/replica', filename='http.p12')
+ self.export_pkcs12('ca1/replica', filename='dirsrv.p12', password='')
+
+ result = self.prepare_replica(http_pkcs12='http.p12',
+ dirsrv_pkcs12='dirsrv.p12',
+ dirsrv_pin='')
+ assert result.returncode == 0
+
+ result = self.install_replica()
+ assert result.returncode == 0
+
class TestClientInstall(CALessBase):
num_clients = 1
@@ -1174,9 +1234,10 @@ class TestCertinstall(CALessBase):
tasks.kinit_admin(cls.master)
def certinstall(self, mode, cert_nick=None, cert_exists=True,
- filename='server.p12', pin=_DEFAULT, stdin_text=None):
+ filename='server.p12', pin=_DEFAULT, stdin_text=None,
+ p12_pin=None):
if cert_nick:
- self.export_pkcs12(cert_nick)
+ self.export_pkcs12(cert_nick, password=p12_pin)
if pin is _DEFAULT:
pin = self.cert_password
if cert_exists:
@@ -1364,3 +1425,15 @@ class TestCertinstall(CALessBase):
pin=None,
stdin_text=self.cert_password + '\n')
assert result.returncode == 0
+
+ def test_no_http_password(self):
+ "Install new HTTP certificate with no PKCS#12 password"
+
+ result = self.certinstall('w', 'ca1/server', pin='', p12_pin='')
+ assert result.returncode == 0
+
+ def test_no_ds_password(self):
+ "Install new DS certificate with no PKCS#12 password"
+
+ result = self.certinstall('w', 'ca1/server', pin='', p12_pin='')
+ assert result.returncode == 0