diff options
| author | Ben Lipton <blipton@redhat.com> | 2016-09-08 18:29:46 -0400 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2017-01-31 10:20:28 +0100 |
| commit | a26cf0d7910dd4c0a4da08682b4be8d3d94ba520 (patch) | |
| tree | 7a77884bd6a7a03a4630a3b819945ac2433063b7 /ipatests/test_ipaclient/data | |
| parent | afd7c05d11432304bfdf183832a21d419f363689 (diff) | |
| download | freeipa-a26cf0d7910dd4c0a4da08682b4be8d3d94ba520.tar.gz freeipa-a26cf0d7910dd4c0a4da08682b4be8d3d94ba520.tar.xz freeipa-a26cf0d7910dd4c0a4da08682b4be8d3d94ba520.zip | |
tests: Add tests for CSR autogeneration
This patch also contains some code changes to make the code easier to
test and to make the tests pass.
https://fedorahosted.org/freeipa/ticket/4899
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipatests/test_ipaclient/data')
8 files changed, 127 insertions, 0 deletions
diff --git a/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json b/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json new file mode 100644 index 000000000..676f91bef --- /dev/null +++ b/ipatests/test_ipaclient/data/test_csrgen/profiles/profile.json @@ -0,0 +1,8 @@ +[ + { + "syntax": "basic", + "data": [ + "options" + ] + } +] diff --git a/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json b/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json new file mode 100644 index 000000000..feba3e91e --- /dev/null +++ b/ipatests/test_ipaclient/data/test_csrgen/rules/basic.json @@ -0,0 +1,12 @@ +{ + "rules": [ + { + "helper": "openssl", + "template": "openssl_rule" + }, + { + "helper": "certutil", + "template": "certutil_rule" + } + ] +} diff --git a/ipatests/test_ipaclient/data/test_csrgen/rules/options.json b/ipatests/test_ipaclient/data/test_csrgen/rules/options.json new file mode 100644 index 000000000..111a6d80c --- /dev/null +++ b/ipatests/test_ipaclient/data/test_csrgen/rules/options.json @@ -0,0 +1,18 @@ +{ + "rules": [ + { + "helper": "openssl", + "template": "openssl_rule", + "options": { + "helper_option": true + } + }, + { + "helper": "certutil", + "template": "certutil_rule" + } + ], + "options": { + "global_option": true + } +} diff --git a/ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_certutil.sh b/ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_certutil.sh new file mode 100644 index 000000000..74a704c2d --- /dev/null +++ b/ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_certutil.sh @@ -0,0 +1,11 @@ +#!/bin/bash -e + +if [[ $# -lt 1 ]]; then +echo "Usage: $0 <outfile> [<any> <certutil> <args>]" +echo "Called as: $0 $@" +exit 1 +fi + +CSR="$1" +shift +certutil -R -a -z <(head -c 4096 /dev/urandom) -o "$CSR" -s CN=machine.example.com,O=DOMAIN.EXAMPLE.COM --extSAN dns:machine.example.com "$@" diff --git a/ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_openssl.sh b/ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_openssl.sh new file mode 100644 index 000000000..c621a69bc --- /dev/null +++ b/ipatests/test_ipaclient/data/test_csrgen/scripts/caIPAserviceCert_openssl.sh @@ -0,0 +1,33 @@ +#!/bin/bash -e + +if [[ $# -ne 2 ]]; then +echo "Usage: $0 <outfile> <keyfile>" +echo "Called as: $0 $@" +exit 1 +fi + +CONFIG="$(mktemp)" +CSR="$1" +shift + +echo \ +'[ req ] +prompt = no +encrypt_key = no + +distinguished_name = sec0 +req_extensions = sec2 + +[ sec0 ] +O=DOMAIN.EXAMPLE.COM +CN=machine.example.com + +[ sec1 ] +DNS = machine.example.com + +[ sec2 ] +subjectAltName = @sec1 +' > "$CONFIG" + +openssl req -new -config "$CONFIG" -out "$CSR" -key $1 +rm "$CONFIG" diff --git a/ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_certutil.sh b/ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_certutil.sh new file mode 100644 index 000000000..4aaeda07a --- /dev/null +++ b/ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_certutil.sh @@ -0,0 +1,11 @@ +#!/bin/bash -e + +if [[ $# -lt 1 ]]; then +echo "Usage: $0 <outfile> [<any> <certutil> <args>]" +echo "Called as: $0 $@" +exit 1 +fi + +CSR="$1" +shift +certutil -R -a -z <(head -c 4096 /dev/urandom) -o "$CSR" -s CN=testuser,O=DOMAIN.EXAMPLE.COM --extSAN email:testuser@example.com "$@" diff --git a/ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_openssl.sh b/ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_openssl.sh new file mode 100644 index 000000000..cdbe8a1fa --- /dev/null +++ b/ipatests/test_ipaclient/data/test_csrgen/scripts/userCert_openssl.sh @@ -0,0 +1,33 @@ +#!/bin/bash -e + +if [[ $# -ne 2 ]]; then +echo "Usage: $0 <outfile> <keyfile>" +echo "Called as: $0 $@" +exit 1 +fi + +CONFIG="$(mktemp)" +CSR="$1" +shift + +echo \ +'[ req ] +prompt = no +encrypt_key = no + +distinguished_name = sec0 +req_extensions = sec2 + +[ sec0 ] +O=DOMAIN.EXAMPLE.COM +CN=testuser + +[ sec1 ] +email = testuser@example.com + +[ sec2 ] +subjectAltName = @sec1 +' > "$CONFIG" + +openssl req -new -config "$CONFIG" -out "$CSR" -key $1 +rm "$CONFIG" diff --git a/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl b/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl new file mode 100644 index 000000000..79111ab68 --- /dev/null +++ b/ipatests/test_ipaclient/data/test_csrgen/templates/identity_base.tmpl @@ -0,0 +1 @@ +{{ options|join(";") }} |