def test_tls_import_chain(topology_st): """Test that TLS import will correct report errors when there are multiple files in a chain. :id: b7ba71bd-112a-44a1-8a7e-8968249da419 :steps: 1. Attempt to import a ca chain :expectedresults: 1. The chain is rejected """ topology_st.standalone.stop() tls = NssSsl(dirsrv=topology_st.standalone) tls.reinit() with pytest.raises(ValueError): tls.add_cert(nickname='CA_CHAIN_1', input_file=CA_CHAIN_FILE) with pytest.raises(ValueError): tls.add_server_key_and_cert(KEY_FILE, CRT_CHAIN_FILE) with pytest.raises(ValueError): tls.add_server_key_and_cert(KEY_CHAIN_FILE, CRT_CHAIN_FILE) with pytest.raises(ValueError): tls.add_server_key_and_cert(KEY_FILE, KEY_CHAIN_FILE) with pytest.raises(ValueError): tls.import_rsa_crt(crt=CRT_CHAIN_FILE) with pytest.raises(ValueError): tls.import_rsa_crt(ca=CA_CHAIN_FILE)
def import_ca(inst, log, args): tls = NssSsl(dirsrv=inst) cert_path = args.cert_path nickname = args.nickname if nickname.lower() == CERT_NAME.lower() or nickname.lower( ) == CA_NAME.lower(): log.error("You may not import a CA with the nickname %s or %s" % (CERT_NAME, CA_NAME)) return tls.add_cert(nickname=nickname, input_file=cert_path) tls.edit_cert_trust(nickname, "C,,")
def cacert_add(inst, basedn, log, args): """Add CA certificate """ # Verify file and certificate name os.path.isfile(args.file) tlsdb = NssSsl(dirsrv=inst) if not tlsdb._db_exists(even_partial=True): # we want to be very careful log.info('Security database does not exist. Creating a new one in {}.'. format(inst.get_cert_dir())) tlsdb.reinit() try: tlsdb.get_cert_details(args.name) raise ValueError("Certificate already exists with the same name") except ValueError: pass # Add the cert tlsdb.add_cert(args.name, args.file, ca=True)
def cert_add(inst, basedn, log, args): """Add server certificate """ # Verify file and certificate name os.path.isfile(args.file) tlsdb = NssSsl(dirsrv=inst) if not tlsdb._db_exists(even_partial=True): # we want to be very careful log.info('Security database does not exist. Creating a new one in {}.'. format(inst.get_cert_dir())) tlsdb.reinit() try: tlsdb.get_cert_details(args.name) raise ValueError("Certificate already exists with the same name") except ValueError: pass if args.primary_cert: # This is the server's primary certificate, update RSA entry RSA(inst).set('nsSSLPersonalitySSL', args.name) # Add the cert tlsdb.add_cert(args.name, args.file)