summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-07-22 16:08:17 -0400
committerRob Crittenden <rcritten@redhat.com>2010-08-06 13:12:21 -0400
commitefa11d3746c8649f5cb42be9e4787a85413b0f6c (patch)
treeb82464f970a02582074c6f326d7a9482d60e6153 /tests
parent4ea34d5910f304c50a1a432f43318239b1db8be6 (diff)
downloadfreeipa-efa11d3746c8649f5cb42be9e4787a85413b0f6c.tar.gz
freeipa-efa11d3746c8649f5cb42be9e4787a85413b0f6c.tar.xz
freeipa-efa11d3746c8649f5cb42be9e4787a85413b0f6c.zip
Fix replacing a certificate in a service.
When a service has a certificate and the CA backend doesn't support revocation (like selfsign) then we simply drop the old certificate in preparation for adding a new one. We weren't setting the usercertificate attribute to None so there was nothing to do in ldap_update(). Added a test case for this situation to ensure that re-issuing a certificate works. ticket #88
Diffstat (limited to 'tests')
-rw-r--r--tests/test_xmlrpc/test_cert.py31
1 files changed, 28 insertions, 3 deletions
diff --git a/tests/test_xmlrpc/test_cert.py b/tests/test_xmlrpc/test_cert.py
index a99848152..5d594891e 100644
--- a/tests/test_xmlrpc/test_cert.py
+++ b/tests/test_xmlrpc/test_cert.py
@@ -33,6 +33,7 @@ import base64
# So we can save the cert from issuance and compare it later
cert = None
+newcert = None
# Test setup
#
@@ -124,7 +125,7 @@ class test_cert(XMLRPC_test):
def test_3_service_show(self):
"""
- Verify that service-show has the right certificate.
+ Verify that service-show has the right certificate using service-show.
"""
global cert
@@ -133,7 +134,7 @@ class test_cert(XMLRPC_test):
def test_4_service_find(self):
"""
- Verify that service-find has the right certificate.
+ Verify that service-find has the right certificate using service-find.
"""
global cert
@@ -141,7 +142,31 @@ class test_cert(XMLRPC_test):
res = api.Command['service_find'](self.service_princ)['result']
assert base64.b64encode(res[0]['usercertificate'][0]) == cert
- def test_5_cleanup(self):
+ def test_5_cert_renew(self):
+ """
+ Issue a new certificate for a service
+ """
+ global newcert
+
+ csr = unicode(self.generateCSR(self.subject))
+ res = api.Command['cert_request'](csr, principal=self.service_princ)['result']
+ assert res['subject'] == self.subject
+ # save the cert for the service_show/find tests
+ newcert = res['certificate']
+
+ def test_6_service_show(self):
+ """
+ Verify the new certificate with service-show.
+ """
+ global cert, newcert
+
+ res = api.Command['service_show'](self.service_princ)['result']
+ # It should no longer match our old cert
+ assert base64.b64encode(res['usercertificate'][0]) != cert
+ # And it should match the new one
+ assert base64.b64encode(res['usercertificate'][0]) == newcert
+
+ def test_7_cleanup(self):
"""
Clean up cert test data
"""