diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-08-08 14:27:20 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-12-12 13:03:15 +0100 |
commit | 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d (patch) | |
tree | 484f57785d6f872f22e118aed13df38d74a2591e /ipatests | |
parent | cc5b88e5d4ac1171374be9ae8e6e60730243dd3d (diff) | |
download | freeipa-32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d.tar.gz freeipa-32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d.tar.xz freeipa-32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d.zip |
Add options to write lightweight CA cert or chain to file
Administrators need a way to retrieve the certificate or certificate
chain of an IPA-managed lightweight CA. Add params to the `ca'
object for carrying the CA certificate and chain (as multiple DER
values). Add the `--chain' flag for including the chain in the
result (chain is also included with `--all'). Add the
`--certificate-out' option for writing the certificate to a file (or
the chain, if `--chain' was given).
Fixes: https://fedorahosted.org/freeipa/ticket/6178
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'ipatests')
-rw-r--r-- | ipatests/test_xmlrpc/tracker/ca_plugin.py | 31 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/xmlrpc_test.py | 17 |
2 files changed, 41 insertions, 7 deletions
diff --git a/ipatests/test_xmlrpc/tracker/ca_plugin.py b/ipatests/test_xmlrpc/tracker/ca_plugin.py index ec58c28ab..e18b1c178 100644 --- a/ipatests/test_xmlrpc/tracker/ca_plugin.py +++ b/ipatests/test_xmlrpc/tracker/ca_plugin.py @@ -8,7 +8,13 @@ import six from ipapython.dn import DN from ipatests.test_xmlrpc.tracker.base import Tracker from ipatests.util import assert_deepequal -from ipatests.test_xmlrpc.xmlrpc_test import fuzzy_issuer, fuzzy_caid +from ipatests.test_xmlrpc.xmlrpc_test import ( + fuzzy_issuer, + fuzzy_caid, + fuzzy_base64, + fuzzy_sequence_of, + fuzzy_bytes, +) from ipatests.test_xmlrpc import objectclasses @@ -19,12 +25,21 @@ if six.PY3: class CATracker(Tracker): """Implementation of a Tracker class for CA plugin.""" - retrieve_keys = { + ldap_keys = { 'dn', 'cn', 'ipacaid', 'ipacasubjectdn', 'ipacaissuerdn', 'description' } - retrieve_all_keys = {'objectclass'} | retrieve_keys - create_keys = retrieve_all_keys - update_keys = retrieve_keys - {'dn'} + cert_keys = { + 'certificate', + } + cert_all_keys = { + 'certificate_chain', + } + find_keys = ldap_keys + find_all_keys = {'objectclass'} | ldap_keys + retrieve_keys = ldap_keys | cert_keys + retrieve_all_keys = {'objectclass'} | retrieve_keys | cert_all_keys + create_keys = {'objectclass'} | retrieve_keys + update_keys = ldap_keys - {'dn'} def __init__(self, name, subject, desc=u"Test generated CA", default_version=None): @@ -59,6 +74,8 @@ class CATracker(Tracker): ipacasubjectdn=[self.ipasubjectdn], ipacaissuerdn=[fuzzy_issuer], ipacaid=[fuzzy_caid], + certificate=fuzzy_base64, + certificate_chain=fuzzy_sequence_of(fuzzy_bytes), objectclass=objectclasses.ca ) self.exists = True @@ -102,9 +119,9 @@ class CATracker(Tracker): def check_find(self, result, all=False, raw=False): """Check the plugin's `find` command result""" if all: - expected = self.filter_attrs(self.retrieve_all_keys) + expected = self.filter_attrs(self.find_all_keys) else: - expected = self.filter_attrs(self.retrieve_keys) + expected = self.filter_attrs(self.find_keys) assert_deepequal(dict( count=1, diff --git a/ipatests/test_xmlrpc/xmlrpc_test.py b/ipatests/test_xmlrpc/xmlrpc_test.py index 0ce1245f4..67565b0d4 100644 --- a/ipatests/test_xmlrpc/xmlrpc_test.py +++ b/ipatests/test_xmlrpc/xmlrpc_test.py @@ -22,6 +22,7 @@ Base class for all XML-RPC tests """ from __future__ import print_function +import collections import datetime import inspect @@ -49,6 +50,20 @@ fuzzy_automember_dn = Fuzzy( '^cn=%s,cn=automember rebuild membership,cn=tasks,cn=config$' % uuid_re ) +# base64-encoded value +fuzzy_base64 = Fuzzy('^[0-9A-Za-z/+]+={0,2}$') + + +def fuzzy_sequence_of(fuzzy): + """Construct a Fuzzy for a Sequence of values matching the given Fuzzy.""" + def test(xs): + if not isinstance(xs, collections.Sequence): + return False + else: + return all(fuzzy == x for x in xs) + + return Fuzzy(test=test) + # Matches an automember task finish message fuzzy_automember_message = Fuzzy( '^Automember rebuild task finished\. Processed \(\d+\) entries\.$' @@ -109,6 +124,8 @@ fuzzy_dergeneralizedtime = Fuzzy(type=datetime.datetime) # match any string fuzzy_string = Fuzzy(type=six.string_types) +fuzzy_bytes = Fuzzy(type=bytes) + # case insensitive match of sets def fuzzy_set_ci(s): return Fuzzy(test=lambda other: set(x.lower() for x in other) == set(y.lower() for y in s)) |