Combine PKINIT test scripts

3 files changed, 23 insertions, 44 deletions

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 204941bdc..5828a9021 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -89,9 +89,8 @@ check-pytests:: gcred hist kdbtest plugorder responder t_init_creds t_localauth
 	$(RUNPYTEST) $(srcdir)/t_dump.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS)
-	$(RUNPYTEST) $(srcdir)/t_anonpkinit.py $(PYTESTFLAGS)
-	$(RUNPYTEST) $(srcdir)/t_authpkinit.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_policy.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_pkinit.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_otp.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_localauth.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_kadm5_hook.py $(PYTESTFLAGS)
diff --git a/src/tests/t_anonpkinit.py b/src/tests/t_anonpkinit.py
deleted file mode 100644
index 03b2fdd68..000000000
--- a/src/tests/t_anonpkinit.py
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/python
-from k5test import *
-
-# Skip this test if pkinit wasn't built.
-if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')):
-    success('Warning: not testing pkinit because it is not built')
-    exit(0)
-
-# Construct a krb5.conf fragment configuring pkinit.
-certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs')
-ca_pem = os.path.join(certs, 'ca.pem')
-kdc_pem = os.path.join(certs, 'kdc.pem')
-privkey_pem = os.path.join(certs, 'privkey.pem')
-pkinit_krb5_conf = {
-    'libdefaults': {
-        'pkinit_anchors': 'FILE:' + ca_pem},
-    'realms': {'$realm': {
-            'pkinit_anchors': 'FILE:%s' % ca_pem,
-            'pkinit_identity': 'FILE:%s,%s' % (kdc_pem, privkey_pem)}}}
-
-restrictive_kdc_conf = {
-    'realms': {'$realm' : {
-            'restrict_anonymous_to_tgt': 'true' }}}
-
-# In the basic test, anonymous is not restricted, so kvno should succeed.
-realm = K5Realm(krb5_conf=pkinit_krb5_conf, create_user=False)
-realm.addprinc('WELLKNOWN/ANONYMOUS')
-realm.kinit('@%s' % realm.realm, flags=['-n'])
-realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS')
-realm.run([kvno, realm.host_princ])
-realm.stop()
-
-# Now try again with anonymous restricted; kvno should fail.
-realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=restrictive_kdc_conf,
-                create_user=False)
-realm.addprinc('WELLKNOWN/ANONYMOUS')
-realm.kinit('@%s' % realm.realm, flags=['-n'])
-# now try FAST
-realm.kinit('@%s' % realm.realm, flags=['-n', '-T', realm.ccache])
-realm.run([kvno, realm.host_princ], expected_code=1)
-
-success('Anonymous PKINIT')
diff --git a/src/tests/t_authpkinit.py b/src/tests/t_pkinit.py
index ec7be5004..e9915ebd4 100644
--- a/src/tests/t_authpkinit.py
+++ b/src/tests/t_pkinit.py
@@ -73,6 +73,28 @@ realm.klist('user@%s' % realm.realm)
 realm.run([kvno, realm.host_princ])
 realm.stop()
 
+restrictive_kdc_conf = {
+    'realms': {'$realm' : {
+            'restrict_anonymous_to_tgt': 'true' }}}
+
+# Test anonymous PKINIT.
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, create_user=False)
+realm.addprinc('WELLKNOWN/ANONYMOUS')
+realm.kinit('@%s' % realm.realm, flags=['-n'])
+realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS')
+realm.run([kvno, realm.host_princ])
+realm.stop()
+
+# Now try again with anonymous restricted; kvno should fail.
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=restrictive_kdc_conf,
+                create_user=False)
+realm.addprinc('WELLKNOWN/ANONYMOUS')
+realm.kinit('@%s' % realm.realm, flags=['-n'])
+# now try FAST
+realm.kinit('@%s' % realm.realm, flags=['-n', '-T', realm.ccache])
+realm.run([kvno, realm.host_princ], expected_code=1)
+realm.stop()
+
 # Run the basic test - PKINIT with FILE: identity, with no password on the key.
 realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf,
                 get_creds=False)