Add test for external CA installation

https://fedorahosted.org/freeipa/ticket/3819
author: Ana Krivokapic <akrivoka@redhat.com> 2013-10-22 20:00:18 +0200
committer: Martin Kosek <mkosek@redhat.com> 2013-10-29 08:27:25 +0100
commit: 5854c476854dcddd467fead029b18285e944520a (patch)
tree: 6e4327025012e85435378450f9c8c873cc507322 /ipatests
parent: 88154b5709a898b94aa0338f16af67b37c9a95ff (diff)
download: freeipa-5854c476854dcddd467fead029b18285e944520a.tar.gz
freeipa-5854c476854dcddd467fead029b18285e944520a.tar.xz
freeipa-5854c476854dcddd467fead029b18285e944520a.zip
1 files changed, 107 insertions, 0 deletions
diff --git a/ipatests/test_integration/test_external_ca.py b/ipatests/test_integration/test_external_ca.py
new file mode 100644
index 00000000..747990cf
--- /dev/null
+++ b/ipatests/test_integration/test_external_ca.py
@@ -0,0 +1,107 @@
+# Authors:
+#   Ana Krivokapic <akrivoka@redhat.com>
+#
+# Copyright (C) 2013  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import os
+
+from ipatests.test_integration import tasks
+from ipatests.test_integration.base import IntegrationTest
+
+
+class TestExternalCA(IntegrationTest):
+    """
+    Test of FreeIPA server installation with exernal CA
+    """
+    def test_external_ca(self):
+        # Step 1 of ipa-server-install
+        self.master.run_command([
+            'ipa-server-install', '-U',
+            '-a', self.master.config.admin_password,
+            '-p', self.master.config.dirman_password,
+            '--setup-dns', '--no-forwarders',
+            '-r', self.master.domain.name,
+            '--external-ca'
+        ])
+
+        nss_db = os.path.join(self.master.config.test_dir, 'testdb')
+        external_cert_file = os.path.join(nss_db, 'ipa.crt')
+        external_ca_file = os.path.join(nss_db, 'ca.crt')
+        noisefile = os.path.join(self.master.config.test_dir, 'noise.txt')
+        pwdfile = os.path.join(self.master.config.test_dir, 'pwdfile.txt')
+
+        # Create noise and password files for NSS database
+        self.master.run_command('date | sha256sum > %s' % noisefile)
+        self.master.run_command('echo %s > %s' %
+                                (self.master.config.admin_password, pwdfile))
+
+        # Create NSS database
+        self.master.run_command(['mkdir', nss_db])
+        self.master.run_command([
+            'certutil', '-N',
+            '-d', nss_db,
+            '-f', pwdfile
+        ])
+
+        # Create external CA
+        self.master.run_command([
+            'certutil', '-S',
+            '-d', nss_db,
+            '-f', pwdfile,
+            '-n', 'external',
+            '-s', 'CN=External CA, O=%s' % self.master.domain.name,
+            '-x',
+            '-t', 'CTu,CTu,CTu',
+            '-g', '2048',
+            '-m', '0',
+            '-v', '60',
+            '-z', noisefile,
+            '-2', '-1', '-5'
+        ], stdin_text='5\n9\nn\ny\n10\ny\n5\n6\n7\n9\nn\n')
+
+        # Sign IPA cert request using the external CA
+        self.master.run_command([
+            'certutil', '-C',
+            '-d', nss_db,
+            '-f', pwdfile,
+            '-c', 'external',
+            '-m', '1',
+            '-v', '60',
+            '-2', '-1', '-5',
+            '-i', '/root/ipa.csr',
+            '-o', external_cert_file,
+            '-a'
+        ], stdin_text='0\n1\n5\n9\ny\ny\n\ny\n5\n6\n7\n9\nn\n')
+
+        # Export external CA file
+        self.master.run_command(
+            'certutil -L -d %s -n "external" -a > %s' %
+            (nss_db, external_ca_file)
+        )
+
+        # Step 2 of ipa-server-install
+        self.master.run_command([
+            'ipa-server-install',
+            '-a', self.master.config.admin_password,
+            '-p', self.master.config.dirman_password,
+            '--external_cert_file', external_cert_file,
+            '--external_ca_file', external_ca_file
+        ])
+
+        # Make sure IPA server is working properly
+        tasks.kinit_admin(self.master)
+        result = self.master.run_command(['ipa', 'user-show', 'admin'])
+        assert 'User login: admin' in result.stdout_text
author	Ana Krivokapic <akrivoka@redhat.com>	2013-10-22 20:00:18 +0200
committer	Martin Kosek <mkosek@redhat.com>	2013-10-29 08:27:25 +0100
commit	5854c476854dcddd467fead029b18285e944520a (patch)
tree	6e4327025012e85435378450f9c8c873cc507322 /ipatests
parent	88154b5709a898b94aa0338f16af67b37c9a95ff (diff)
download	freeipa-5854c476854dcddd467fead029b18285e944520a.tar.gz freeipa-5854c476854dcddd467fead029b18285e944520a.tar.xz freeipa-5854c476854dcddd467fead029b18285e944520a.zip