diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-07-22 16:08:17 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-08-06 13:12:21 -0400 |
| commit | efa11d3746c8649f5cb42be9e4787a85413b0f6c (patch) | |
| tree | b82464f970a02582074c6f326d7a9482d60e6153 /tests/test_xmlrpc | |
| parent | 4ea34d5910f304c50a1a432f43318239b1db8be6 (diff) | |
| download | freeipa-efa11d3746c8649f5cb42be9e4787a85413b0f6c.tar.gz freeipa-efa11d3746c8649f5cb42be9e4787a85413b0f6c.tar.xz freeipa-efa11d3746c8649f5cb42be9e4787a85413b0f6c.zip | |
Fix replacing a certificate in a service.
When a service has a certificate and the CA backend doesn't support
revocation (like selfsign) then we simply drop the old certificate in
preparation for adding a new one. We weren't setting the usercertificate
attribute to None so there was nothing to do in ldap_update().
Added a test case for this situation to ensure that re-issuing a certificate
works.
ticket #88
Diffstat (limited to 'tests/test_xmlrpc')
| -rw-r--r-- | tests/test_xmlrpc/test_cert.py | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/tests/test_xmlrpc/test_cert.py b/tests/test_xmlrpc/test_cert.py index a99848152..5d594891e 100644 --- a/tests/test_xmlrpc/test_cert.py +++ b/tests/test_xmlrpc/test_cert.py @@ -33,6 +33,7 @@ import base64 # So we can save the cert from issuance and compare it later cert = None +newcert = None # Test setup # @@ -124,7 +125,7 @@ class test_cert(XMLRPC_test): def test_3_service_show(self): """ - Verify that service-show has the right certificate. + Verify that service-show has the right certificate using service-show. """ global cert @@ -133,7 +134,7 @@ class test_cert(XMLRPC_test): def test_4_service_find(self): """ - Verify that service-find has the right certificate. + Verify that service-find has the right certificate using service-find. """ global cert @@ -141,7 +142,31 @@ class test_cert(XMLRPC_test): res = api.Command['service_find'](self.service_princ)['result'] assert base64.b64encode(res[0]['usercertificate'][0]) == cert - def test_5_cleanup(self): + def test_5_cert_renew(self): + """ + Issue a new certificate for a service + """ + global newcert + + csr = unicode(self.generateCSR(self.subject)) + res = api.Command['cert_request'](csr, principal=self.service_princ)['result'] + assert res['subject'] == self.subject + # save the cert for the service_show/find tests + newcert = res['certificate'] + + def test_6_service_show(self): + """ + Verify the new certificate with service-show. + """ + global cert, newcert + + res = api.Command['service_show'](self.service_princ)['result'] + # It should no longer match our old cert + assert base64.b64encode(res['usercertificate'][0]) != cert + # And it should match the new one + assert base64.b64encode(res['usercertificate'][0]) == newcert + + def test_7_cleanup(self): """ Clean up cert test data """ |