Tests: Random issuer certificate can be added to a service

Changing negative test case that verified that a certificate with different than expected issuer cannot be added to a service to a positive one that verifies that this operation now proceeds successfully. Corresponds to changes made in scope of https://fedorahosted.org/freeipa/ticket/4559 implementation. https://fedorahosted.org/freeipa/ticket/6258 Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
author: Lenka Doudova <ldoudova@redhat.com> 2016-08-25 07:22:16 +0200
committer: Martin Basti <mbasti@redhat.com> 2016-08-31 14:29:00 +0200
commit: 36979ad0b6c021e6f8ec83606e9c9adcd6bb8053 (patch)
tree: 982c4200a930a4d0cdf7e2560f0a567ca1548a40 /ipatests/test_xmlrpc
parent: b942b00ac7bca7e2864c7dc513d25983556916ff (diff)
download: freeipa-36979ad0b6c021e6f8ec83606e9c9adcd6bb8053.tar.gz
freeipa-36979ad0b6c021e6f8ec83606e9c9adcd6bb8053.tar.xz
freeipa-36979ad0b6c021e6f8ec83606e9c9adcd6bb8053.zip
1 files changed, 33 insertions, 7 deletions
diff --git a/ipatests/test_xmlrpc/test_service_plugin.py b/ipatests/test_xmlrpc/test_service_plugin.py
index 0e8c8ea30..fb2c4e77f 100644
--- a/ipatests/test_xmlrpc/test_service_plugin.py
+++ b/ipatests/test_xmlrpc/test_service_plugin.py
@@ -52,7 +52,20 @@ role1_dn = DN(('cn', role1), api.env.container_rolegroup, api.env.basedn)
 
 servercert= get_testcert(DN(('CN', api.env.host), x509.subject_base()),
                          'unittest/%s@%s' % (api.env.host, api.env.realm))
-badservercert = 'MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXDuqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHYd+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pekiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0WyDGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv'
+randomissuercert = (
+    "MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3Q"
+    "gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1"
+    "owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqh"
+    "kiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXD"
+    "uqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHY"
+    "d+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f"
+    "0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61"
+    "lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pe"
+    "kiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgU"
+    "gMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd"
+    "9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0Wy"
+    "DGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv")
+randomissuer = DN(('CN', 'puma.greyoak.com'), 'O=IPA')
 
 user1 = u'tuser1'
 user2 = u'tuser2'
@@ -424,18 +437,31 @@ class test_service(Declarative):
 
 
         dict(
-            desc='Update %r with a bad certificate' % service1,
+            desc='Update %r with a random issuer certificate' % service1,
             command=(
                 'service_mod',
                 [service1],
-                dict(usercertificate=base64.b64decode(badservercert))
+                dict(usercertificate=base64.b64decode(randomissuercert))),
+            expected=dict(
+                value=service1,
+                summary=u'Modified service "%s"' % service1,
+                result=dict(
+                    usercertificate=[base64.b64decode(randomissuercert)],
+                    krbprincipalname=[service1],
+                    krbcanonicalname=[service1],
+                    managedby_host=[fqdn1],
+                    valid_not_before=fuzzy_date,
+                    valid_not_after=fuzzy_date,
+                    subject=randomissuer,
+                    serial_number=fuzzy_digits,
+                    serial_number_hex=fuzzy_hex,
+                    md5_fingerprint=fuzzy_hash,
+                    sha1_fingerprint=fuzzy_hash,
+                    issuer=fuzzy_issuer,
                 ),
-            expected=errors.CertificateOperationError(
-                error=u'Issuer "CN=IPA Test Certificate Authority" does not ' +
-                    u'match the expected issuer'),
+            ),
         ),
 
-
         dict(
             desc='Update %r' % service1,
             command=('service_mod', [service1], dict(usercertificate=servercert)),
author	Lenka Doudova <ldoudova@redhat.com>	2016-08-25 07:22:16 +0200
committer	Martin Basti <mbasti@redhat.com>	2016-08-31 14:29:00 +0200
commit	36979ad0b6c021e6f8ec83606e9c9adcd6bb8053 (patch)
tree	982c4200a930a4d0cdf7e2560f0a567ca1548a40 /ipatests/test_xmlrpc
parent	b942b00ac7bca7e2864c7dc513d25983556916ff (diff)
download	freeipa-36979ad0b6c021e6f8ec83606e9c9adcd6bb8053.tar.gz freeipa-36979ad0b6c021e6f8ec83606e9c9adcd6bb8053.tar.xz freeipa-36979ad0b6c021e6f8ec83606e9c9adcd6bb8053.zip