summaryrefslogtreecommitdiffstats
path: root/ipatests
diff options
context:
space:
mode:
Diffstat (limited to 'ipatests')
-rw-r--r--ipatests/test_ipalib/test_x509.py66
-rw-r--r--ipatests/test_ipaserver/test_ldap.py8
-rw-r--r--ipatests/test_ipaserver/test_otptoken_import.py4
3 files changed, 26 insertions, 52 deletions
diff --git a/ipatests/test_ipalib/test_x509.py b/ipatests/test_ipalib/test_x509.py
index f765bc964..750e086e4 100644
--- a/ipatests/test_ipalib/test_x509.py
+++ b/ipatests/test_ipalib/test_x509.py
@@ -22,9 +22,9 @@ Test the `ipalib.x509` module.
"""
import base64
+import datetime
import pytest
-from nss.error import NSPRError
from ipalib import x509
from ipapython.dn import DN
@@ -57,17 +57,25 @@ class test_x509(object):
# Load a good cert
x509.load_certificate(goodcert)
+ # Should handle list/tuple
+ x509.load_certificate((goodcert,))
+ x509.load_certificate([goodcert])
+
# Load a good cert with headers
newcert = '-----BEGIN CERTIFICATE-----' + goodcert + '-----END CERTIFICATE-----'
x509.load_certificate(newcert)
+ # Should handle list/tuple
+ x509.load_certificate((newcert,))
+ x509.load_certificate([newcert])
+
# Load a good cert with bad headers
newcert = '-----BEGIN CERTIFICATE-----' + goodcert
with pytest.raises((TypeError, ValueError)):
x509.load_certificate(newcert)
# Load a bad cert
- with pytest.raises(NSPRError):
+ with pytest.raises(ValueError):
x509.load_certificate(badcert)
def test_1_load_der_cert(self):
@@ -80,53 +88,23 @@ class test_x509(object):
# Load a good cert
x509.load_certificate(der, x509.DER)
- def test_2_get_subject(self):
- """
- Test retrieving the subject
- """
- subject = x509.get_subject(goodcert)
- assert DN(str(subject)) == DN(('CN','ipa.example.com'),('O','IPA'))
-
- der = base64.b64decode(goodcert)
- subject = x509.get_subject(der, x509.DER)
- assert DN(str(subject)) == DN(('CN','ipa.example.com'),('O','IPA'))
-
- # We should be able to pass in a tuple/list of certs too
- subject = x509.get_subject((goodcert))
- assert DN(str(subject)) == DN(('CN','ipa.example.com'),('O','IPA'))
-
- subject = x509.get_subject([goodcert])
- assert DN(str(subject)) == DN(('CN','ipa.example.com'),('O','IPA'))
-
- def test_2_get_serial_number(self):
- """
- Test retrieving the serial number
- """
- serial = x509.get_serial_number(goodcert)
- assert serial == 1093
-
- der = base64.b64decode(goodcert)
- serial = x509.get_serial_number(der, x509.DER)
- assert serial == 1093
-
- # We should be able to pass in a tuple/list of certs too
- serial = x509.get_serial_number((goodcert))
- assert serial == 1093
-
- serial = x509.get_serial_number([goodcert])
- assert serial == 1093
+ # Should handle list/tuple
+ x509.load_certificate((der,), x509.DER)
+ x509.load_certificate([der], x509.DER)
def test_3_cert_contents(self):
"""
Test the contents of a certificate
"""
- # Verify certificate contents. This exercises python-nss more than
- # anything but confirms our usage of it.
+ # Verify certificate contents. This exercises python-cryptography
+ # more than anything but confirms our usage of it.
+ not_before = datetime.datetime(2010, 6, 25, 13, 0, 42)
+ not_after = datetime.datetime(2015, 6, 25, 13, 0, 42)
cert = x509.load_certificate(goodcert)
- assert DN(str(cert.subject)) == DN(('CN','ipa.example.com'),('O','IPA'))
- assert DN(str(cert.issuer)) == DN(('CN','IPA Test Certificate Authority'))
- assert cert.serial_number == 1093
- assert cert.valid_not_before_str == 'Fri Jun 25 13:00:42 2010 UTC'
- assert cert.valid_not_after_str == 'Thu Jun 25 13:00:42 2015 UTC'
+ assert DN(cert.subject) == DN(('CN', 'ipa.example.com'), ('O', 'IPA'))
+ assert DN(cert.issuer) == DN(('CN', 'IPA Test Certificate Authority'))
+ assert cert.serial == 1093
+ assert cert.not_valid_before == not_before
+ assert cert.not_valid_after == not_after
diff --git a/ipatests/test_ipaserver/test_ldap.py b/ipatests/test_ipaserver/test_ldap.py
index 904c8415c..1ea995999 100644
--- a/ipatests/test_ipaserver/test_ldap.py
+++ b/ipatests/test_ipaserver/test_ldap.py
@@ -80,7 +80,7 @@ class test_ldap(object):
entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
cert = entry_attrs.get('usercertificate')
cert = cert[0]
- serial = unicode(x509.get_serial_number(cert, x509.DER))
+ serial = x509.load_certificate(cert, x509.DER).serial
assert serial is not None
def test_simple(self):
@@ -99,7 +99,7 @@ class test_ldap(object):
entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
cert = entry_attrs.get('usercertificate')
cert = cert[0]
- serial = unicode(x509.get_serial_number(cert, x509.DER))
+ serial = x509.load_certificate(cert, x509.DER).serial
assert serial is not None
def test_Backend(self):
@@ -127,7 +127,7 @@ class test_ldap(object):
entry_attrs = result['result']
cert = entry_attrs.get('usercertificate')
cert = cert[0]
- serial = unicode(x509.get_serial_number(cert, x509.DER))
+ serial = x509.load_certificate(cert, x509.DER).serial
assert serial is not None
def test_autobind(self):
@@ -143,7 +143,7 @@ class test_ldap(object):
entry_attrs = self.conn.get_entry(self.dn, ['usercertificate'])
cert = entry_attrs.get('usercertificate')
cert = cert[0]
- serial = unicode(x509.get_serial_number(cert, x509.DER))
+ serial = x509.load_certificate(cert, x509.DER).serial
assert serial is not None
diff --git a/ipatests/test_ipaserver/test_otptoken_import.py b/ipatests/test_ipaserver/test_otptoken_import.py
index f1b4331df..b885cefe0 100644
--- a/ipatests/test_ipaserver/test_otptoken_import.py
+++ b/ipatests/test_ipaserver/test_otptoken_import.py
@@ -20,7 +20,6 @@
import os
import pytest
from nss import nss
-from ipalib.x509 import initialize_nss_database
from ipaserver.install.ipa_otptoken_import import PSKCDocument, ValidationError
@@ -30,9 +29,6 @@ basename = os.path.join(os.path.dirname(__file__), "data")
@pytest.mark.tier1
class test_otptoken_import(object):
- def teardown(self):
- initialize_nss_database()
-
def test_figure3(self):
doc = PSKCDocument(os.path.join(basename, "pskc-figure3.xml"))
assert doc.keyname is None
generated by cgit (git 2.34.1) at 2026-03-15 07:50:07 +0000