#51230 Issue 50952 - SSCA lacks basicConstraint:CA
Closed 2 years ago by spichugi. Opened 2 years ago by bsmejkal.
bsmejkal/389-ds-base authority_category  into  master

@@ -76,6 +76,55 @@ 

          assert not os.path.exists(cert_path + item)

  

  

+ @pytest.mark.ds50952

+ @pytest.mark.bz1809279

+ @pytest.mark.xfail(ds_is_older("1.4.3"), reason="Might fail because of bz1809279")

+ @pytest.mark.skipif(ds_is_older("1.4.0"), reason="Not implemented")

+ def test_cert_category_authority(topology_st):

+     """Test that certificate generated by instance has category: authority

+ 

+     :id: b7e816e9-2786-4d76-9c5b-bb111b0870f2

+     :setup: Standalone instance

+     :steps:

+          1. Create DS instance

+          2. Enable TLS

+          3. Check if Self-Signed-CA.pem is present

+          4. Trust the certificate

+          5. Search if the certificate has category: authority

+     :expectedresults:

+          1. Success

+          2. Success

+          3. Success

+          4. Success

+          5. Success

+     """

+ 

+     PEM_FILE = 'Self-Signed-CA.pem'

+ 

+     standalone = topology_st.standalone

+ 

+     log.info('Enable TLS')

+     standalone.enable_tls()

+ 

+     log.info('Get certificate path')

+     if ds_is_older('1.4.3'):

+         cert_path = glob('/etc/dirsrv/slapd-{}/'.format(standalone.serverid))

+     else:

+         cert_path = glob('/tmp/systemd-private-*-dirsrv@{}.service-*/tmp/slapd-{}/'.format(standalone.serverid,

+                                                                                            standalone.serverid))

+     log.info('Check that {} is present'.format(PEM_FILE))

+     signed_cert = cert_path[0] + PEM_FILE

It fails for me here:
IndexError: list index out of range

+     assert os.path.exists(signed_cert)

+ 

+     log.info('Trust the certificate')

+     subprocess.check_output(['trust', 'anchor', signed_cert])

+ 

+     log.info('Search if our certificate has category: authority')

+     result = subprocess.check_output(['trust', 'list'])

+     assert re.search(r'^(.*)label: ssca[.]389ds[.]example[.]com\n(.*).*\n.*category: authority$', ensure_str(result),

+                      re.MULTILINE)

+ 

+ 

  if __name__ == '__main__':

      # Run isolated

      # -s for DEBUG mode

Description:
Created a test that checks if the certificate generated by instance
has 'category: authority' tag in trust.

Relates: https://pagure.io/389-ds-base/issue/50952

Reviewed by: ???

It fails for me here:
IndexError: list index out of range

I test on 389-ds-base-1.4.4.4-20200804gitb1e4f5f2b.fc32.x86_64

I've retested on a clean machine and it is good now. I'm not sure what was wrong...
So please, discard my previous comment.

And the rest looks good! Feel free to rebase and merge. Ack :)

rebased onto d268928

2 years ago

Pull-Request has been merged by bsmejkal

2 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/4283

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi

2 years ago
Metadata