diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-03-05 16:46:21 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-06 10:33:21 +0100 |
commit | 68f4af3122bfd9f83f4f09a7b6254da1bf0e533a (patch) | |
tree | d631bb292ab2951471dc658a9e15fc256b1823f7 /ipatests/test_xmlrpc/testcert.py | |
parent | 5ae737e160ccdd2c4b545b3cf2c6737d126dba61 (diff) | |
download | freeipa-68f4af3122bfd9f83f4f09a7b6254da1bf0e533a.tar.gz freeipa-68f4af3122bfd9f83f4f09a7b6254da1bf0e533a.tar.xz freeipa-68f4af3122bfd9f83f4f09a7b6254da1bf0e533a.zip |
tests: Create the testing service certificate on demand
Replace the make-testcert command with a module that creates
the certificate when it is first needed.
As a result the tests are more self-contained, and can be run from
a read-only location (such as installed from a system package).
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipatests/test_xmlrpc/testcert.py')
-rw-r--r-- | ipatests/test_xmlrpc/testcert.py | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/testcert.py b/ipatests/test_xmlrpc/testcert.py new file mode 100644 index 000000000..ead6ee7f5 --- /dev/null +++ b/ipatests/test_xmlrpc/testcert.py @@ -0,0 +1,103 @@ +# +# Authors: +# Rob Crittenden <rcritten@redhat.com> +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +""" +Provide a custom certificate used in the service tests. + +The certificate in cached in a global variable so it only has to be created +once per test run. +""" + +import os +import tempfile +import shutil +from ipalib import api, x509 +from ipaserver.plugins import rabase +from ipapython import ipautil +from ipapython.dn import DN + +_testcert = None + + +def get_testcert(): + """Get the certificate, creating it if it doesn't exist""" + global _testcert + if _testcert is None: + reqdir = tempfile.mkdtemp(prefix="tmp-") + try: + _testcert = makecert(reqdir) + finally: + shutil.rmtree(reqdir) + return x509.strip_header(_testcert) + + +def run_certutil(reqdir, args, stdin=None): + """ + Run an NSS certutil command + """ + new_args = ["/usr/bin/certutil", "-d", reqdir] + new_args = new_args + args + return ipautil.run(new_args, stdin) + + +def generate_csr(reqdir, pwname, subject): + """ + Create a CSR for the given subject. + """ + req_path = os.path.join(reqdir, 'req') + run_certutil(reqdir, ["-R", "-s", subject, + "-o", req_path, + "-z", "/etc/group", + "-f", pwname, + "-a"]) + with open(req_path, "r") as fp: + return fp.read() + + +def makecert(reqdir): + """ + Generate a service certificate that can be used during unit testing. + """ + + ra = rabase.rabase() + if (not os.path.exists(ra.sec_dir) and + api.env.xmlrpc_uri == 'http://localhost:8888/ipa/xml'): + raise AssertionError('The self-signed CA is not configured, ' + 'see ipatests/test_xmlrpc/test_cert.py') + + pwname = os.path.join(reqdir, "pwd") + + # Create an empty password file + with open(pwname, "w") as fp: + fp.write("\n") + + # Generate NSS cert database to store the private key for our CSR + run_certutil(reqdir, ["-N", "-f", pwname]) + + res = api.Command['config_show']() + subject_base = res['result']['ipacertificatesubjectbase'][0] + + cert = None + subject = DN(('CN', api.env.host), subject_base) + princ = 'unittest/%s@%s' % (api.env.host, api.env.realm) + csr = unicode(generate_csr(reqdir, pwname, str(subject))) + + res = api.Command['cert_request'](csr, principal=princ, add=True) + return x509.make_pem(res['result']['certificate']) |