summaryrefslogtreecommitdiffstats
path: root/ipatests/test_xmlrpc/tracker
diff options
context:
space:
mode:
authorFraser Tweedale <ftweedal@redhat.com>2016-08-08 14:27:20 +1000
committerJan Cholasta <jcholast@redhat.com>2016-12-12 13:03:15 +0100
commit32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d (patch)
tree484f57785d6f872f22e118aed13df38d74a2591e /ipatests/test_xmlrpc/tracker
parentcc5b88e5d4ac1171374be9ae8e6e60730243dd3d (diff)
downloadfreeipa-32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d.tar.gz
freeipa-32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d.tar.xz
freeipa-32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d.zip
Add options to write lightweight CA cert or chain to file
Administrators need a way to retrieve the certificate or certificate chain of an IPA-managed lightweight CA. Add params to the `ca' object for carrying the CA certificate and chain (as multiple DER values). Add the `--chain' flag for including the chain in the result (chain is also included with `--all'). Add the `--certificate-out' option for writing the certificate to a file (or the chain, if `--chain' was given). Fixes: https://fedorahosted.org/freeipa/ticket/6178 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'ipatests/test_xmlrpc/tracker')
-rw-r--r--ipatests/test_xmlrpc/tracker/ca_plugin.py31
1 files changed, 24 insertions, 7 deletions
diff --git a/ipatests/test_xmlrpc/tracker/ca_plugin.py b/ipatests/test_xmlrpc/tracker/ca_plugin.py
index ec58c28ab..e18b1c178 100644
--- a/ipatests/test_xmlrpc/tracker/ca_plugin.py
+++ b/ipatests/test_xmlrpc/tracker/ca_plugin.py
@@ -8,7 +8,13 @@ import six
from ipapython.dn import DN
from ipatests.test_xmlrpc.tracker.base import Tracker
from ipatests.util import assert_deepequal
-from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_issuer, fuzzy_caid
+from ipatests.test_xmlrpc.xmlrpc_test import (
+ fuzzy_issuer,
+ fuzzy_caid,
+ fuzzy_base64,
+ fuzzy_sequence_of,
+ fuzzy_bytes,
+)
from ipatests.test_xmlrpc import objectclasses
@@ -19,12 +25,21 @@ if six.PY3:
class CATracker(Tracker):
"""Implementation of a Tracker class for CA plugin."""
- retrieve_keys = {
+ ldap_keys = {
'dn', 'cn', 'ipacaid', 'ipacasubjectdn', 'ipacaissuerdn', 'description'
}
- retrieve_all_keys = {'objectclass'} | retrieve_keys
- create_keys = retrieve_all_keys
- update_keys = retrieve_keys - {'dn'}
+ cert_keys = {
+ 'certificate',
+ }
+ cert_all_keys = {
+ 'certificate_chain',
+ }
+ find_keys = ldap_keys
+ find_all_keys = {'objectclass'} | ldap_keys
+ retrieve_keys = ldap_keys | cert_keys
+ retrieve_all_keys = {'objectclass'} | retrieve_keys | cert_all_keys
+ create_keys = {'objectclass'} | retrieve_keys
+ update_keys = ldap_keys - {'dn'}
def __init__(self, name, subject, desc=u"Test generated CA",
default_version=None):
@@ -59,6 +74,8 @@ class CATracker(Tracker):
ipacasubjectdn=[self.ipasubjectdn],
ipacaissuerdn=[fuzzy_issuer],
ipacaid=[fuzzy_caid],
+ certificate=fuzzy_base64,
+ certificate_chain=fuzzy_sequence_of(fuzzy_bytes),
objectclass=objectclasses.ca
)
self.exists = True
@@ -102,9 +119,9 @@ class CATracker(Tracker):
def check_find(self, result, all=False, raw=False):
"""Check the plugin's `find` command result"""
if all:
- expected = self.filter_attrs(self.retrieve_all_keys)
+ expected = self.filter_attrs(self.find_all_keys)
else:
- expected = self.filter_attrs(self.retrieve_keys)
+ expected = self.filter_attrs(self.find_keys)
assert_deepequal(dict(
count=1,
generated by cgit (git 2.34.1) at 2026-01-06 13:36:49 +0000