diff options
| author | Simo Sorce <simo@redhat.com> | 2015-05-08 13:39:29 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-10-01 16:20:48 -0400 |
| commit | 4265c7e8759482b82ce60642e51a9d0c45867848 (patch) | |
| tree | 1c44443b10b77857b99140c624071e957cad52bb /ipatests | |
| parent | e3cb6305cc39caf8323ed0d1b729369910c97505 (diff) | |
| download | freeipa-4265c7e8759482b82ce60642e51a9d0c45867848.tar.gz freeipa-4265c7e8759482b82ce60642e51a9d0c45867848.tar.xz freeipa-4265c7e8759482b82ce60642e51a9d0c45867848.zip | |
Add ipa-custodia service
Add a customized Custodia daemon and enable it after installation.
Generates server keys and loads them in LDAP autonomously on install
or update.
Provides client code classes too.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipatests')
| -rw-r--r-- | ipatests/test_ipapython/test_secrets.py | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/ipatests/test_ipapython/test_secrets.py b/ipatests/test_ipapython/test_secrets.py new file mode 100644 index 000000000..d88659e6f --- /dev/null +++ b/ipatests/test_ipapython/test_secrets.py @@ -0,0 +1,55 @@ +# Copyright (C) 2015 FreeIPA Project Contributors - see LICENSE file + +from __future__ import print_function +from ipapython.secrets.store import iSecStore, NAME_DB_MAP, NSSCertDB +import os +import shutil +import subprocess +import unittest + + +def _test_password_callback(): + with open('test-ipa-sec-store/pwfile') as f: + password = f.read() + return password + + +class TestiSecStore(unittest.TestCase): + @classmethod + def setUpClass(cls): + try: + shutil.rmtree('test-ipa-sec-store') + except Exception: # pylint: disable=broad-except + pass + testdir = 'test-ipa-sec-store' + pwfile = os.path.join(testdir, 'pwfile') + os.mkdir(testdir) + with open(pwfile, 'w') as f: + f.write('testpw') + cls.certdb = os.path.join(testdir, 'certdb') + os.mkdir(cls.certdb) + cls.cert2db = os.path.join(testdir, 'cert2db') + os.mkdir(cls.cert2db) + seedfile = os.path.join(testdir, 'seedfile') + with open(seedfile, 'w') as f: + seed = os.urandom(1024) + f.write(seed) + subprocess.call(['certutil', '-d', cls.certdb, '-N', '-f', pwfile]) + subprocess.call(['certutil', '-d', cls.cert2db, '-N', '-f', pwfile]) + subprocess.call(['certutil', '-d', cls.certdb, '-S', '-f', pwfile, + '-s', 'CN=testCA', '-n', 'testCACert', '-x', + '-t', 'CT,C,C', '-m', '1', '-z', seedfile]) + + def test_iSecStore(self): + iss = iSecStore({}) + + NAME_DB_MAP['test'] = { + 'type': 'NSSDB', + 'path': self.certdb, + 'handler': NSSCertDB, + 'pwcallback': _test_password_callback, + } + value = iss.get('keys/test/testCACert') + + NAME_DB_MAP['test']['path'] = self.cert2db + iss.set('keys/test/testCACert', value) |