def setup_class(cls):
        super(CertManipCmdTestBase, cls).setup_class()

        cls.delete_entity()

        cls.add_entity()
        cls.add_caacl()

        cls.disable_profile_store()

        # list of certificates to add to entry
        cls.certs = [get_testcert(DN(("CN", cls.entity_subject)), cls.entity_principal) for _i in range(3)]

        # list of certificates for testing of removal of non-existent certs
        cls.nonexistent_certs = [get_testcert(DN(("CN", cls.entity_subject)), cls.entity_principal) for _j in range(2)]

        # cert subset to remove from entry
        cls.certs_subset = cls.certs[:2]

        # remaining subset
        cls.certs_remainder = cls.certs[2:]

        # mixture of certs which exist and do not exists in the entry
        cls.mixed_certs = cls.certs[:2] + cls.nonexistent_certs[:1]

        # invalid base64 encoding
        cls.invalid_b64 = [u"few4w24gvrae54y6463234f"]

        # malformed certificate
        cls.malformed_cert = [base64.b64encode(b"malformed cert")]

        # store entity info for the final test
        cls.entity_attrs = api.Command["%s_show" % cls.entity_class](cls.entity_pkey)
Example #2
0
 def test_update_simple(self, host):
     host.update(dict(description=u'Updated host 1',
                      usercertificate=get_testcert()),
                 expected_updates=dict(
                     description=[u'Updated host 1'],
                     usercertificate=[base64.b64decode(get_testcert())],
                     issuer=fuzzy_issuer,
                     md5_fingerprint=fuzzy_hash,
                     serial_number=fuzzy_digits,
                     serial_number_hex=fuzzy_hex,
                     sha1_fingerprint=fuzzy_hash,
                     subject=DN(('CN', api.env.host), x509.subject_base()),
                     valid_not_before=fuzzy_date,
                     valid_not_after=fuzzy_date,
                 ))
     host.retrieve()
Example #3
0
 def test_update_simple(self, host):
     host.update(dict(
                     description=u'Updated host 1',
                     usercertificate=get_testcert()),
                 expected_updates=dict(
                     description=[u'Updated host 1'],
                     usercertificate=[base64.b64decode(get_testcert())],
                     issuer=fuzzy_issuer,
                     md5_fingerprint=fuzzy_hash,
                     serial_number=fuzzy_digits,
                     serial_number_hex=fuzzy_hex,
                     sha1_fingerprint=fuzzy_hash,
                     subject=DN(('CN', api.env.host), x509.subject_base()),
                     valid_not_before=fuzzy_date,
                     valid_not_after=fuzzy_date,
                 ))
     host.retrieve()
Example #4
0
    def setup_class(cls):
        super(CertManipCmdTestBase, cls).setup_class()

        cls.delete_entity()

        cls.add_entity()
        cls.add_caacl()

        cls.disable_profile_store()

        # list of certificates to add to entry
        cls.certs = [
            get_testcert(DN(('CN', cls.entity_subject)), cls.entity_principal)
            for _i in range(3)
        ]

        # list of certificates for testing of removal of non-existent certs
        cls.nonexistent_certs = [
            get_testcert(DN(('CN', cls.entity_subject)), cls.entity_principal)
            for _j in range(2)
            ]

        # cert subset to remove from entry
        cls.certs_subset = cls.certs[:2]

        # remaining subset
        cls.certs_remainder = cls.certs[2:]

        # mixture of certs which exist and do not exists in the entry
        cls.mixed_certs = cls.certs[:2] + cls.nonexistent_certs[:1]

        # invalid base64 encoding
        cls.invalid_b64 = [u'few4w24gvrae54y6463234f']

        # malformed certificate
        cls.malformed_cert = [base64.b64encode(b'malformed cert')]

        # store entity info for the final test
        cls.entity_attrs = api.Command['%s_show' % cls.entity_class](
            cls.entity_pkey)
Example #5
0
ipv6_fromip_ptr_dn = DN(('idnsname', ipv6_fromip_ptr), revipv6zone_dn)

sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test'
sshpubkeyfp = u'SHA256:cStA9o5TRSARbeketEOooMUMSWRSsArIAXloBZ4vNsE public key test (ssh-rsa)'

user1 = u'tuser1'
user2 = u'tuser2'
group1 = u'group1'
group1_dn = get_group_dn(group1)
group2 = u'group2'
group2_dn = get_group_dn(group2)
hostgroup1 = u'testhostgroup1'
hostgroup1_dn = DN(('cn', hostgroup1), ('cn', 'hostgroups'),
                   ('cn', 'accounts'), api.env.basedn)

host_cert = get_testcert(DN(('CN', api.env.host), subject_base()),
                         'host/%s@%s' % (api.env.host, api.env.realm))

missingrevzone = u'22.30.16.172.in-addr.arpa.'
ipv4_in_missingrevzone_ip = u'172.16.30.22'


@pytest.fixture(scope='class')
def host(request):
    tracker = HostTracker(name=u'testhost1')
    return tracker.make_fixture(request)


@pytest.fixture(scope='class')
def host2(request):
    tracker = HostTracker(name=u'testhost2')
    return tracker.make_fixture(request)
Example #6
0
fqdn1 = u'testhost1.%s' % api.env.domain
fqdn2 = u'testhost2.%s' % api.env.domain
fqdn3 = u'TestHost3.%s' % api.env.domain
service1_no_realm = u'HTTP/%s' % fqdn1
service1 = u'%s@%s' % (service1_no_realm, api.env.realm)
hostprincipal1 = u'host/%s@%s'  % (fqdn1, api.env.realm)
service1dn = DN(('krbprincipalname',service1),('cn','services'),('cn','accounts'),api.env.basedn)
host1dn = DN(('fqdn',fqdn1),('cn','computers'),('cn','accounts'),api.env.basedn)
host2dn = DN(('fqdn',fqdn2),('cn','computers'),('cn','accounts'),api.env.basedn)
host3dn = DN(('fqdn',fqdn3),('cn','computers'),('cn','accounts'),api.env.basedn)

role1 = u'Test Role'
role1_dn = DN(('cn', role1), api.env.container_rolegroup, api.env.basedn)

servercert= get_testcert(DN(('CN', api.env.host), x509.subject_base()),
                         'unittest/%s@%s' % (api.env.host, api.env.realm))
badservercert = 'MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXDuqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHYd+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pekiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgUgMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0WyDGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv'

user1 = u'tuser1'
user2 = u'tuser2'
group1 = u'group1'
group1_dn = get_group_dn(group1)
group2 = u'group2'
group2_dn = get_group_dn(group2)
hostgroup1 = u'testhostgroup1'
hostgroup1_dn = DN(('cn',hostgroup1),('cn','hostgroups'),('cn','accounts'),
                    api.env.basedn)


@pytest.mark.tier1
class test_service(Declarative):
Example #7
0
def cert2(request):
    return get_testcert(DN(('CN', u'testuser')), u'testuser')
def cert2(request, xmlrpc_setup):
    return get_testcert(DN(('CN', u'testuser')), u'testuser')
Example #9
0
ipv6_fromip_ptr_dn = DN(('idnsname', ipv6_fromip_ptr), revipv6zone_dn)

sshpubkey = u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGAX3xAeLeaJggwTqMjxNwa6XHBUAikXPGMzEpVrlLDCZtv00djsFTBi38PkgxBJVkgRWMrcBsr/35lq7P6w8KGIwA8GI48Z0qBS2NBMJ2u9WQ2hjLN6GdMlo77O0uJY3251p12pCVIS/bHRSq8kHO2No8g7KA9fGGcagPfQH+ee3t7HUkpbQkFTmbPPN++r3V8oVUk5LxbryB3UIIVzNmcSIn3JrXynlvui4MixvrtX6zx+O/bBo68o8/eZD26QrahVbA09fivrn/4h3TM019Eu/c2jOdckfU3cHUV/3Tno5d6JicibyaoDDK7S/yjdn5jhaz8MSEayQvFkZkiF0L public key test'
sshpubkeyfp = u'SHA256:cStA9o5TRSARbeketEOooMUMSWRSsArIAXloBZ4vNsE public key test (ssh-rsa)'

user1 = u'tuser1'
user2 = u'tuser2'
group1 = u'group1'
group1_dn = get_group_dn(group1)
group2 = u'group2'
group2_dn = get_group_dn(group2)
hostgroup1 = u'testhostgroup1'
hostgroup1_dn = DN(('cn',hostgroup1),('cn','hostgroups'),('cn','accounts'),
                    api.env.basedn)

host_cert = get_testcert(DN(('CN', api.env.host), subject_base()),
                         'host/%s@%s' % (api.env.host, api.env.realm))

missingrevzone = u'22.30.16.172.in-addr.arpa.'
ipv4_in_missingrevzone_ip = u'172.16.30.22'


@pytest.fixture(scope='class')
def host(request):
    tracker = HostTracker(name=u'testhost1')
    return tracker.make_fixture(request)


@pytest.fixture(scope='class')
def host2(request):
    tracker = HostTracker(name=u'testhost2')
    return tracker.make_fixture(request)
Example #10
0
class test_service(Declarative):

    cleanup_commands = [
        ('host_del', [fqdn1], {}),
        ('host_del', [fqdn2], {}),
        ('host_del', [fqdn3], {}),
        ('service_del', [service1], {}),
    ]

    tests = [
        dict(
            desc='Try to retrieve non-existent %r' % service1,
            command=('service_show', [service1], {}),
            expected=errors.NotFound(reason=u'%s: service not found' %
                                     service1),
        ),
        dict(
            desc='Try to update non-existent %r' % service1,
            command=('service_mod', [service1],
                     dict(usercertificate=get_testcert())),
            expected=errors.NotFound(reason=u'%s: service not found' %
                                     service1),
        ),
        dict(
            desc='Try to delete non-existent %r' % service1,
            command=('service_del', [service1], {}),
            expected=errors.NotFound(reason=u'%s: service not found' %
                                     service1),
        ),
        dict(
            desc='Create %r' % fqdn1,
            command=(
                'host_add',
                [fqdn1],
                dict(
                    description=u'Test host 1',
                    l=u'Undisclosed location 1',
                    force=True,
                ),
            ),
            expected=dict(
                value=fqdn1,
                summary=u'Added host "%s"' % fqdn1,
                result=dict(
                    dn=host1dn,
                    fqdn=[fqdn1],
                    description=[u'Test host 1'],
                    l=[u'Undisclosed location 1'],
                    krbprincipalname=[u'host/%s@%s' % (fqdn1, api.env.realm)],
                    objectclass=objectclasses.host,
                    ipauniqueid=[fuzzy_uuid],
                    managedby_host=[u'%s' % fqdn1],
                    has_keytab=False,
                    has_password=False,
                ),
            ),
        ),
        dict(
            desc='Create %r' % fqdn2,
            command=(
                'host_add',
                [fqdn2],
                dict(
                    description=u'Test host 2',
                    l=u'Undisclosed location 2',
                    force=True,
                ),
            ),
            expected=dict(
                value=fqdn2,
                summary=u'Added host "%s"' % fqdn2,
                result=dict(
                    dn=host2dn,
                    fqdn=[fqdn2],
                    description=[u'Test host 2'],
                    l=[u'Undisclosed location 2'],
                    krbprincipalname=[u'host/%s@%s' % (fqdn2, api.env.realm)],
                    objectclass=objectclasses.host,
                    ipauniqueid=[fuzzy_uuid],
                    managedby_host=[u'%s' % fqdn2],
                    has_keytab=False,
                    has_password=False,
                ),
            ),
        ),
        dict(
            desc='Create %r' % fqdn3,
            command=(
                'host_add',
                [fqdn3],
                dict(
                    description=u'Test host 3',
                    l=u'Undisclosed location 3',
                    force=True,
                ),
            ),
            expected=dict(
                value=fqdn3.lower(),
                summary=u'Added host "%s"' % fqdn3.lower(),
                result=dict(
                    dn=host3dn,
                    fqdn=[fqdn3.lower()],
                    description=[u'Test host 3'],
                    l=[u'Undisclosed location 3'],
                    krbprincipalname=[
                        u'host/%s@%s' % (fqdn3.lower(), api.env.realm)
                    ],
                    objectclass=objectclasses.host,
                    ipauniqueid=[fuzzy_uuid],
                    managedby_host=[u'%s' % fqdn3.lower()],
                    has_keytab=False,
                    has_password=False,
                ),
            ),
        ),
        dict(
            desc='Create %r' % service1,
            command=(
                'service_add',
                [service1],
                dict(force=True, ),
            ),
            expected=dict(
                value=service1,
                summary=u'Added service "%s"' % service1,
                result=dict(
                    dn=service1dn,
                    krbprincipalname=[service1],
                    objectclass=objectclasses.service,
                    ipauniqueid=[fuzzy_uuid],
                    managedby_host=[fqdn1],
                ),
            ),
        ),
        dict(
            desc='Try to create duplicate %r' % service1,
            command=(
                'service_add',
                [service1],
                dict(force=True, ),
            ),
            expected=errors.DuplicateEntry(
                message=u'service with name "%s" already exists' % service1),
        ),
        dict(
            desc='Retrieve %r' % service1,
            command=('service_show', [service1], {}),
            expected=dict(
                value=service1,
                summary=None,
                result=dict(
                    dn=service1dn,
                    krbprincipalname=[service1],
                    has_keytab=False,
                    managedby_host=[fqdn1],
                ),
            ),
        ),
        dict(
            desc='Retrieve %r with all=True' % service1,
            command=('service_show', [service1], dict(all=True)),
            expected=dict(
                value=service1,
                summary=None,
                result=dict(
                    dn=service1dn,
                    krbprincipalname=[service1],
                    ipakrbprincipalalias=[service1],
                    objectclass=objectclasses.service,
                    ipauniqueid=[fuzzy_uuid],
                    managedby_host=[fqdn1],
                    has_keytab=False,
                    ipakrbrequirespreauth=True,
                    ipakrbokasdelegate=False,
                ),
            ),
        ),
        dict(
            desc='Search for %r' % service1,
            command=('service_find', [service1], {}),
            expected=dict(
                count=1,
                truncated=False,
                summary=u'1 service matched',
                result=[
                    dict(
                        dn=service1dn,
                        krbprincipalname=[service1],
                        managedby_host=[fqdn1],
                        has_keytab=False,
                    ),
                ],
            ),
        ),
        dict(
            desc='Search for %r with all=True' % service1,
            command=('service_find', [service1], dict(all=True)),
            expected=dict(
                count=1,
                truncated=False,
                summary=u'1 service matched',
                result=[
                    dict(
                        dn=service1dn,
                        krbprincipalname=[service1],
                        ipakrbprincipalalias=[service1],
                        objectclass=objectclasses.service,
                        ipauniqueid=[fuzzy_uuid],
                        has_keytab=False,
                        managedby_host=[fqdn1],
                        ipakrbrequirespreauth=True,
                        ipakrbokasdelegate=False,
                    ),
                ],
            ),
        ),
        dict(
            desc='Add non-existent host to %r' % service1,
            command=('service_add_host', [service1], dict(host=u'notfound')),
            expected=dict(
                failed=dict(managedby=dict(host=[(u'notfound',
                                                  u'no such entry')])),
                completed=0,
                result=dict(
                    dn=service1dn,
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                ),
            ),
        ),
        dict(
            desc='Remove non-existent host from %r' % service1,
            command=('service_remove_host', [service1],
                     dict(host=u'notfound')),
            expected=dict(
                failed=dict(managedby=dict(
                    host=[(u'notfound', u'This entry is not a member')])),
                completed=0,
                result=dict(
                    dn=service1dn,
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                ),
            ),
        ),
        dict(
            desc='Add host to %r' % service1,
            command=('service_add_host', [service1], dict(host=fqdn2)),
            expected=dict(
                failed=dict(managedby=dict(host=[])),
                completed=1,
                result=dict(
                    dn=service1dn,
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1, fqdn2],
                ),
            ),
        ),
        dict(
            desc='Remove host from %r' % service1,
            command=('service_remove_host', [service1], dict(host=fqdn2)),
            expected=dict(
                failed=dict(managedby=dict(host=[])),
                completed=1,
                result=dict(
                    dn=service1dn,
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                ),
            ),
        ),
        dict(
            desc='Add mixed-case host to %r' % service1,
            command=('service_add_host', [service1], dict(host=fqdn3)),
            expected=dict(
                failed=dict(managedby=dict(host=[])),
                completed=1,
                result=dict(
                    dn=service1dn,
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1, fqdn3.lower()],
                ),
            ),
        ),
        dict(
            desc='Remove mixed-case host from %r' % service1,
            command=('service_remove_host', [service1], dict(host=fqdn3)),
            expected=dict(
                failed=dict(managedby=dict(host=[])),
                completed=1,
                result=dict(
                    dn=service1dn,
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                ),
            ),
        ),
        dict(
            desc='Update %r with a bad certificate' % service1,
            command=('service_mod', [service1],
                     dict(usercertificate=badservercert)),
            expected=errors.CertificateOperationError(
                error=u'Issuer "CN=IPA Test Certificate Authority" does not ' +
                u'match the expected issuer'),
        ),
        dict(
            desc='Update %r' % service1,
            command=('service_mod', [service1],
                     dict(usercertificate=get_testcert())),
            expected=dict(
                value=service1,
                summary=u'Modified service "%s"' % service1,
                result=dict(
                    usercertificate=[base64.b64decode(get_testcert())],
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                    valid_not_before=fuzzy_date,
                    valid_not_after=fuzzy_date,
                    subject=DN(('CN', api.env.host), x509.subject_base()),
                    serial_number=fuzzy_digits,
                    serial_number_hex=fuzzy_hex,
                    md5_fingerprint=fuzzy_hash,
                    sha1_fingerprint=fuzzy_hash,
                    issuer=fuzzy_issuer,
                ),
            ),
        ),
        dict(desc='Try to update %r with invalid ipakrbauthz data '
             'combination' % service1,
             command=('service_mod', [service1],
                      dict(ipakrbauthzdata=[u'MS-PAC', u'NONE'])),
             expected=errors.ValidationError(
                 name='ipakrbauthzdata',
                 error=u'NONE value cannot be combined with other PAC types')),
        dict(
            desc='Update %r with valid ipakrbauthz data '
            'combination' % service1,
            command=('service_mod', [service1],
                     dict(ipakrbauthzdata=[u'MS-PAC'])),
            expected=dict(
                value=service1,
                summary=u'Modified service "%s"' % service1,
                result=dict(
                    usercertificate=[base64.b64decode(get_testcert())],
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                    ipakrbauthzdata=[u'MS-PAC'],
                    valid_not_before=fuzzy_date,
                    valid_not_after=fuzzy_date,
                    subject=DN(('CN', api.env.host), x509.subject_base()),
                    serial_number=fuzzy_digits,
                    serial_number_hex=fuzzy_hex,
                    md5_fingerprint=fuzzy_hash,
                    sha1_fingerprint=fuzzy_hash,
                    issuer=fuzzy_issuer,
                ),
            ),
        ),
        dict(
            desc='Retrieve %r to verify update' % service1,
            command=('service_show', [service1], {}),
            expected=dict(
                value=service1,
                summary=None,
                result=dict(
                    dn=service1dn,
                    usercertificate=[base64.b64decode(get_testcert())],
                    krbprincipalname=[service1],
                    has_keytab=False,
                    managedby_host=[fqdn1],
                    ipakrbauthzdata=[u'MS-PAC'],
                    # These values come from the servercert that is in this
                    # test case.
                    valid_not_before=fuzzy_date,
                    valid_not_after=fuzzy_date,
                    subject=DN(('CN', api.env.host), x509.subject_base()),
                    serial_number=fuzzy_digits,
                    serial_number_hex=fuzzy_hex,
                    md5_fingerprint=fuzzy_hash,
                    sha1_fingerprint=fuzzy_hash,
                    issuer=fuzzy_issuer,
                ),
            ),
        ),
        dict(
            desc='Enable %r OK_AS_DELEGATE Kerberos ticket flag' % service1,
            command=('service_mod', [service1], dict(ipakrbokasdelegate=True)),
            expected=dict(
                value=service1,
                summary=u'Modified service "%s"' % service1,
                result=dict(
                    usercertificate=[base64.b64decode(get_testcert())],
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                    ipakrbauthzdata=[u'MS-PAC'],
                    valid_not_before=fuzzy_date,
                    valid_not_after=fuzzy_date,
                    subject=DN(('CN', api.env.host), x509.subject_base()),
                    serial_number=fuzzy_digits,
                    serial_number_hex=fuzzy_hex,
                    md5_fingerprint=fuzzy_hash,
                    sha1_fingerprint=fuzzy_hash,
                    issuer=fuzzy_issuer,
                    krbticketflags=[u'1048704'],
                    ipakrbokasdelegate=True,
                ),
            ),
        ),
        dict(
            desc='Update %r Kerberos ticket flags with setattr' % service1,
            command=('service_mod', [service1],
                     dict(setattr=[u'krbTicketFlags=1048577'])),
            expected=dict(
                value=service1,
                summary=u'Modified service "%s"' % service1,
                result=dict(
                    usercertificate=[base64.b64decode(get_testcert())],
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                    ipakrbauthzdata=[u'MS-PAC'],
                    valid_not_before=fuzzy_date,
                    valid_not_after=fuzzy_date,
                    subject=DN(('CN', api.env.host), x509.subject_base()),
                    serial_number=fuzzy_digits,
                    serial_number_hex=fuzzy_hex,
                    md5_fingerprint=fuzzy_hash,
                    sha1_fingerprint=fuzzy_hash,
                    issuer=fuzzy_issuer,
                    krbticketflags=[u'1048577'],
                ),
            ),
        ),
        dict(
            desc='Disable %r OK_AS_DELEGATE Kerberos ticket flag' % service1,
            command=('service_mod', [service1],
                     dict(ipakrbokasdelegate=False)),
            expected=dict(
                value=service1,
                summary=u'Modified service "%s"' % service1,
                result=dict(
                    usercertificate=[base64.b64decode(get_testcert())],
                    krbprincipalname=[service1],
                    managedby_host=[fqdn1],
                    ipakrbauthzdata=[u'MS-PAC'],
                    valid_not_before=fuzzy_date,
                    valid_not_after=fuzzy_date,
                    subject=DN(('CN', api.env.host), x509.subject_base()),
                    serial_number=fuzzy_digits,
                    serial_number_hex=fuzzy_hex,
                    md5_fingerprint=fuzzy_hash,
                    sha1_fingerprint=fuzzy_hash,
                    issuer=fuzzy_issuer,
                    krbticketflags=[u'1'],
                    ipakrbokasdelegate=False,
                ),
            ),
        ),
        dict(
            desc='Delete %r' % service1,
            command=('service_del', [service1], {}),
            expected=dict(
                value=[service1],
                summary=u'Deleted service "%s"' % service1,
                result=dict(failed=[]),
            ),
        ),
        dict(
            desc='Try to retrieve non-existent %r' % service1,
            command=('service_show', [service1], {}),
            expected=errors.NotFound(reason=u'%s: service not found' %
                                     service1),
        ),
        dict(
            desc='Try to update non-existent %r' % service1,
            command=('service_mod', [service1],
                     dict(usercertificate=get_testcert())),
            expected=errors.NotFound(reason=u'%s: service not found' %
                                     service1),
        ),
        dict(
            desc='Try to delete non-existent %r' % service1,
            command=('service_del', [service1], {}),
            expected=errors.NotFound(reason=u'%s: service not found' %
                                     service1),
        ),
        dict(desc='Create service with malformed principal "foo"',
             command=('service_add', [u'foo'], {}),
             expected=errors.MalformedServicePrincipal(
                 reason='missing service')),
        dict(
            desc='Create service with bad realm "HTTP/[email protected]"',
            command=('service_add', [u'HTTP/[email protected]'], {}),
            expected=errors.RealmMismatch(),
        ),
        dict(desc='Create a host service %r' % hostprincipal1,
             command=('service_add', [hostprincipal1], {}),
             expected=errors.HostService()),

        # These tests will only succeed when running against lite-server.py
        # on same box as IPA install.
        dict(
            desc=
            'Delete the current host (master?) %s HTTP service, should be caught'
            % api.env.host,
            command=('service_del', ['HTTP/%s' % api.env.host], {}),
            expected=errors.ValidationError(
                name='principal',
                error='This principal is required by the IPA master'),
        ),
        dict(
            desc=
            'Delete the current host (master?) %s ldap service, should be caught'
            % api.env.host,
            command=('service_del', ['ldap/%s' % api.env.host], {}),
            expected=errors.ValidationError(
                name='principal',
                error='This principal is required by the IPA master'),
        ),
        dict(
            desc=
            'Disable the current host (master?) %s HTTP service, should be caught'
            % api.env.host,
            command=('service_disable', ['HTTP/%s' % api.env.host], {}),
            expected=errors.ValidationError(
                name='principal',
                error='This principal is required by the IPA master'),
        ),
        dict(
            desc=
            'Disable the current host (master?) %s ldap service, should be caught'
            % api.env.host,
            command=('service_disable', ['ldap/%s' % api.env.host], {}),
            expected=errors.ValidationError(
                name='principal',
                error='This principal is required by the IPA master'),
        ),
    ]
Example #11
0
service1_no_realm = u'HTTP/%s' % fqdn1
service1 = u'%s@%s' % (service1_no_realm, api.env.realm)
hostprincipal1 = u'host/%s@%s' % (fqdn1, api.env.realm)
service1dn = DN(('krbprincipalname', service1), ('cn', 'services'),
                ('cn', 'accounts'), api.env.basedn)
host1dn = DN(('fqdn', fqdn1), ('cn', 'computers'), ('cn', 'accounts'),
             api.env.basedn)
host2dn = DN(('fqdn', fqdn2), ('cn', 'computers'), ('cn', 'accounts'),
             api.env.basedn)
host3dn = DN(('fqdn', fqdn3), ('cn', 'computers'), ('cn', 'accounts'),
             api.env.basedn)

role1 = u'Test Role'
role1_dn = DN(('cn', role1), api.env.container_rolegroup, api.env.basedn)

servercert = get_testcert(DN(('CN', api.env.host), x509.subject_base()),
                          'unittest/%s@%s' % (api.env.host, api.env.realm))
randomissuercert = (
    "MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3Q"
    "gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1"
    "owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqh"
    "kiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXD"
    "uqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHY"
    "d+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f"
    "0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61"
    "lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pe"
    "kiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgU"
    "gMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd"
    "9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0Wy"
    "DGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv")
randomissuer = DN(('CN', 'puma.greyoak.com'), 'O=IPA')
Example #12
0
fqdn1 = u"testhost1.%s" % api.env.domain
fqdn2 = u"testhost2.%s" % api.env.domain
fqdn3 = u"TestHost3.%s" % api.env.domain
service1_no_realm = u"HTTP/%s" % fqdn1
service1 = u"%s@%s" % (service1_no_realm, api.env.realm)
hostprincipal1 = u"host/%s@%s" % (fqdn1, api.env.realm)
service1dn = DN(("krbprincipalname", service1), ("cn", "services"), ("cn", "accounts"), api.env.basedn)
host1dn = DN(("fqdn", fqdn1), ("cn", "computers"), ("cn", "accounts"), api.env.basedn)
host2dn = DN(("fqdn", fqdn2), ("cn", "computers"), ("cn", "accounts"), api.env.basedn)
host3dn = DN(("fqdn", fqdn3), ("cn", "computers"), ("cn", "accounts"), api.env.basedn)

role1 = u"Test Role"
role1_dn = DN(("cn", role1), api.env.container_rolegroup, api.env.basedn)

servercert = get_testcert(
    DN(("CN", api.env.host), x509.subject_base()), "unittest/%s@%s" % (api.env.host, api.env.realm)
)
randomissuercert = (
    "MIICbzCCAdigAwIBAgICA/4wDQYJKoZIhvcNAQEFBQAwKTEnMCUGA1UEAxMeSVBBIFRlc3Q"
    "gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEwMDgwOTE1MDIyN1oXDTIwMDgwOTE1MDIyN1"
    "owKTEMMAoGA1UEChMDSVBBMRkwFwYDVQQDExBwdW1hLmdyZXlvYWsuY29tMIIBIjANBgkqh"
    "kiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYbfEOQPgGenPn9vt1JFKvWm/Je3y2tawGWA3LXD"
    "uqfFJyYtZ8ib3TcBUOnLk9WK5g2qCwHaNlei7bj8ggIfr5hegAVe10cun+wYErjnYo7hsHY"
    "d+57VZezeipWrXu+7NoNd4+c4A5lk4A/xJay9j3bYx2oOM8BEox4xWYoWge1ljPrc5JK46f"
    "0X7AGW4F2VhnKPnf8rwSuzI1U8VGjutyM9TWNy3m9KMWeScjyG/ggIpOjUDMV7HkJL0Di61"
    "lznR9jXubpiEC7gWGbTp84eGl/Nn9bgK1AwHfJ2lHwfoY4uiL7ge1gyP6EvuUlHoBzdb7pe"
    "kiX28iePjW3iEG9IawIDAQABoyIwIDARBglghkgBhvhCAQEEBAMCBkAwCwYDVR0PBAQDAgU"
    "gMA0GCSqGSIb3DQEBBQUAA4GBACRESLemRV9BPxfEgbALuxH5oE8jQm8WZ3pm2pALbpDlAd"
    "9wQc3yVf6RtkfVthyDnM18bg7IhxKpd77/p3H8eCnS8w5MLVRda6ktUC6tGhFTS4QKAf0Wy"
    "DGTcIgkXbeDw0OPAoNHivoXbIXIIRxlw/XgaSaMzJQDBG8iROsN4kCv"
)
def cert2(request):
    return get_testcert(DN(("CN", u"testuser")), u"testuser")
def cert2(request):
    return get_testcert(DN(('CN', u'testuser')), u'testuser')