+ @pytest.mark.ds50952

+ @pytest.mark.bz1809279

+ @pytest.mark.xfail(ds_is_older("1.4.3"), reason="Might fail because of bz1809279")

+ @pytest.mark.skipif(ds_is_older("1.4.0"), reason="Not implemented")

+ def test_cert_category_authority(topology_st):

+     """Test that certificate generated by instance has category: authority

+ 

+     :id: b7e816e9-2786-4d76-9c5b-bb111b0870f2

+     :setup: Standalone instance

+     :steps:

+          1. Create DS instance

+          2. Enable TLS

+          3. Check if Self-Signed-CA.pem is present

+          4. Trust the certificate

+          5. Search if the certificate has category: authority

+     :expectedresults:

+          1. Success

+          2. Success

+          3. Success

+          4. Success

+          5. Success

+     """

+ 

+     PEM_FILE = 'Self-Signed-CA.pem'

+ 

+     standalone = topology_st.standalone

+ 

+     log.info('Enable TLS')

+     standalone.enable_tls()

+ 

+     log.info('Get certificate path')

+     if ds_is_older('1.4.3'):

+         cert_path = glob('/etc/dirsrv/slapd-{}/'.format(standalone.serverid))

+     else:

+         cert_path = glob('/tmp/systemd-private-*-dirsrv@{}.service-*/tmp/slapd-{}/'.format(standalone.serverid,

+                                                                                            standalone.serverid))

+     log.info('Check that {} is present'.format(PEM_FILE))

+     signed_cert = cert_path[0] + PEM_FILE

+     assert os.path.exists(signed_cert)

+ 

+     log.info('Trust the certificate')

+     subprocess.check_output(['trust', 'anchor', signed_cert])

+ 

+     log.info('Search if our certificate has category: authority')

+     result = subprocess.check_output(['trust', 'list'])

+     assert re.search(r'^(.*)label: ssca[.]389ds[.]example[.]com\n(.*).*\n.*category: authority$', ensure_str(result),

+                      re.MULTILINE)

+ 

+