# --- BEGIN COPYRIGHT BLOCK ---
# Copyright (C) 2016 Red Hat, Inc.
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# --- END COPYRIGHT BLOCK ---
#
import pytest
from lib389.tasks import *
from lib389.utils import *
from lib389.topologies import topology_st
from lib389._constants import DEFAULT_SUFFIX, HOST_STANDALONE, DN_DM, SECUREPORT_STANDALONE1, PASSWORD

# Make a tottaly super secure new password ;)
NEW_PASSWORD = '%s1' % PASSWORD

logging.getLogger(__name__).setLevel(logging.INFO)
log = logging.getLogger(__name__)

def test_rootdn_pwdexop(topology_st):
    """
    Assert that the rootdn can change password by the passwd extended operation.
    """
    # For passwd extop we need TLS connection
    standalone = topology_st.standalone

    # SETUP TLS
    standalone.stop()
    assert(standalone.nss_ssl.reinit() is True)
    assert(standalone.nss_ssl.create_rsa_ca() is True)
    assert(standalone.nss_ssl.create_rsa_key_and_cert() is True)

    standalone.start()
    standalone.rsa.create()
    # Set the secure port and nsslapd-security
    standalone.config.set('nsslapd-secureport', '%s' % SECUREPORT_STANDALONE1 )
    standalone.config.set('nsslapd-security', 'on')
    standalone.sslport = SECUREPORT_STANDALONE1
    # With sslport set, this will bind with tls.
    standalone.restart()
    # Do an extended pw_op on the root account.
    standalone.passwd_s(DN_DM, PASSWORD, NEW_PASSWORD)


if __name__ == '__main__':
    # Run isolated
    # -s for DEBUG mode
    CURRENT_FILE = os.path.realpath(__file__)
    pytest.main("-s %s" % CURRENT_FILE)