diff options
Diffstat (limited to 'checks/check-ra.py')
-rwxr-xr-x | checks/check-ra.py | 133 |
1 files changed, 72 insertions, 61 deletions
diff --git a/checks/check-ra.py b/checks/check-ra.py index c98314618..6b5e76083 100755 --- a/checks/check-ra.py +++ b/checks/check-ra.py @@ -14,87 +14,98 @@ server. I don't exactly remember the steps, so ping him for help. from os import path import sys parent = path.dirname(path.dirname(path.abspath(__file__))) -sys.path.append(parent) +sys.path.insert(0, parent) +verbose = True from base64 import b64encode, b64decode from ipalib import api -# certificate with serial number 17 -cert = b64decode(""" -MIIC3zCCAcegAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MRkwFwYDVQQKExBTamNSZWRoYXQgRG9tYW -luMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkwMTIyMjMzODA2WhcNMDkwNzIx -MjMzODA2WjAUMRIwEAYKCZImiZPyLGQBARMCbGwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM -id6i9ri9ldyAXaH4MJSPdUDjdc9+E10hwxw7crFE1K0uvr8YT2e1YotNqv7Q+Bk7KVRrLH6Y5UPlWY -uSAP8G9t8yjn5Uo3iXU5AqsrRek+pxerD/WocwedF6yjJ/zlQyYyg93h0njJr1lStyVLTyp+VVqtk3 -FSDIwLCWQHOTejAgMBAAGjgZgwgZUwHwYDVR0jBBgwFoAUlz9JZxqVabh4QQOEkxyWt80pIQkwQwYI -KwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vYS1mOC5zamMucmVkaGF0LmNvbTo5MTgwL2 -NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkq -hkiG9w0BAQUFAAOCAQEAhU+oqPh+rlYFPm0D8HAJ0RIWw9gkNctHUfVGi+NeYTaUAEGWUOpXjLSQgP -gq1fNBHd+IRLhycwp4uUsFCPE1n3eStmn/D6o9u1eNnTFPj74MLZVQQTXPE8+LBYeHgTUwFuKp2WyW -9J/BDZ3pDWKYWWMawhD7ext7UhZkpIJODFEaDxiXCfB8GsAEbmfoYFk21znuGQQu3Wu1s6licyunLh -/W3sxCFGIT9DHxS0GZKimm7M02IPGxK/0TZr0kVcLQx6XGKqiK1464rvl4u60mQjwJwfhawshs84YT -xFnXZKkvsT3GjfIe/k687TMG3paTFtKkis+u7z0v6355uJzLpQ== -""") - -csr = 'MIIBlDCB/gIBADBVMR0wGwYDVQQKExRVc2Vyc3lzUmVkaGF0LURvbWFpbjEQMA4GA1UECxMHcGtpLWlwYTEiMCAGA1UEAxMZSVBBLVN1YnN5c3RlbS1DZXJ0aWZpY2F0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3Qmpr81WxbnISmyyhc2ShiPzUvWIrCg5FgJ1QrBl7CRe62Wl/YYiV/DbuMoex1ec7zKfgfSFVFU9/2iwj7Du0sZdXYJNQPdj9yLdPk2tyxdgJuHLdxI0SNgaEFyvmIMP/X9vQN9H5w0/PyrJQscOxc6tbTcYL0ZSSylLQ+diaQECAwEAA' +subject = u'CN=vm-070.idm.lab.bos.redhat.com' +csr = '\ +MIIBZzCB0QIBADAoMSYwJAYDVQQDEx12bS0wNzAuaWRtLmxhYi5ib3MucmVkaGF0\n\ +LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAriTSlAG+/xkvtxliWMeO\n\ +Qu+vFQTz+/fgy7xWIg6WR2At6j/9eJ7LUYhqguqevOAQpuePxY4/FEfpmQ6PTgs/\n\ +LXKa0vhIkXzkmMjKynUIWHYeaZekcXxye1dV/PdNB6H801xs60YjbScOJj3Hexvm\n\ +hOKsdmwO1ukqTTEKDXrr3c8CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAG4pTLrE\n\ +cvrkQXVdMOjgAVJ6KZYl/caIOYhIlcJ3jhf95Bv/Zs3lpfHjXnM8jj4EWfyd0lZx\n\ +2EUytXXubKJUpjUCeBp4oaQ2Ahvdxo++oUcbXkKxtCOUB6Mw8XEIVYaldZlcHDHM\n\ +dysLdrZ3K9HOzoeSq2e0m+trQaWnBQG47O7F\n\ +' + +reference_decode = { + 'certificate' : b64decode +} + +trial_decode = { + 'certificate' : b64decode +} api.bootstrap( in_server=True, enable_ra=True, - ca_host='a-f8.sjc.redhat.com', + ra_plugin='dogtag', + ca_host='vm-070.idm.lab.bos.redhat.com', debug=True, in_tree=True, ) api.finalize() ra = api.Backend.ra -def assert_equal(*vals): - val0 = vals[0] - for val in vals[1:]: - assert val == val0, '%r != %r' % (val, val0) +def assert_equal(trial, reference): + keys = reference.keys() + keys.sort() + for key in keys: + reference_val = reference[key] + trial_val = trial[key] + if reference_decode.has_key(key): + reference_val = reference_decode[key](reference_val) -api.log.info('******** Testing ra.check_request_status() ********') -assert_equal( - ra.check_request_status('35'), - dict( - status='0', - serial_number='17', - request_status='complete', - request_id='35', - ) -) + if trial_decode.has_key(key): + trial_val = trial_decode[key](trial_val) + + assert reference_val == trial_val, \ + '%s: not equal\n\nreference_val:\n%r\ntrial_val:\n%r' % \ + (key, reference[key], trial[key]) -api.log.info('******** Testing ra.get_certificate() ********') -assert_equal( - ra.get_certificate('17'), - dict( - status='0', - certificate=b64encode(cert), - ) -) api.log.info('******** Testing ra.request_certificate() ********') -assert_equal( - ra.request_certificate(csr), - dict( - status='1', - ) -) +request_result = ra.request_certificate(csr) +if verbose: print "request_result=\n%s" % request_result +assert_equal(request_result, + {'subject' : subject, + }) + +api.log.info('******** Testing ra.check_request_status() ********') +status_result = ra.check_request_status(request_result['request_id']) +if verbose: print "status_result=\n%s" % status_result +assert_equal(status_result, + {'serial_number' : request_result['serial_number'], + 'request_id' : request_result['request_id'], + 'cert_request_status' : u'complete', + }) + +api.log.info('******** Testing ra.get_certificate() ********') +get_result = ra.get_certificate(request_result['serial_number']) +if verbose: print "get_result=\n%s" % get_result +assert_equal(get_result, + {'serial_number' : request_result['serial_number'], + 'certificate' : request_result['certificate'], + }) api.log.info('******** Testing ra.revoke_certificate() ********') -assert_equal( - ra.revoke_certificate('17', revocation_reason=6), # Put on hold - dict( - status='0', - revoked=True, - ) -) +revoke_result = ra.revoke_certificate(request_result['serial_number'], + revocation_reason=6) # Put on hold +if verbose: print "revoke_result=\n%s" % revoke_result +assert_equal(revoke_result, + {'revoked' : True + }) + api.log.info('******** Testing ra.take_certificate_off_hold() ********') -assert_equal( - ra.take_certificate_off_hold('17'), - dict( - taken_off_hold=True, - ) -) +unrevoke_result = ra.take_certificate_off_hold(request_result['serial_number']) +if verbose: print "unrevoke_result=\n%s" % unrevoke_result +assert_equal(unrevoke_result, + {'unrevoked' : True + }) + |