websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Debian patch 4.7.2-3

Browse Source
This commit is contained in:
Timo Aaltonen
2019-05-06 08:43:34 +03:00
committed by Mario Fetka
parent 27edeba051
commit 8bc559c5a1
917 changed files with 1068993 additions and 1184676 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ipatests/test_ipalib/test_backend.py
View File

@@ -22,6 +22,10 @@ Test the `ipalib.backend` module.
"""
from __future__ import print_function
# FIXME: Pylint errors
# pylint: disable=no-member
# pylint: disable=maybe-no-member
import threading
from ipatests.util import ClassChecker, raises, create_test_api
from ipatests.data import unicode_str
@@ -45,7 +49,7 @@ class test_Backend(ClassChecker):
assert self.cls.__bases__ == (plugable.Plugin,)
class Disconnect:
class Disconnect(object):
called = False
def __init__(self, id=None):

10
ipatests/test_ipalib/test_base.py
View File

@@ -108,7 +108,7 @@ def test_lock():
assert str(e) == 'already locked: %r' % o
# Test with another class implemented locking protocol:
class Lockable:
class Lockable(object):
__locked = False
def __lock__(self):
self.__locked = True
@@ -122,7 +122,7 @@ def test_lock():
assert str(e) == 'already locked: %r' % o
# Test with a class incorrectly implementing the locking protocol:
class Broken:
class Broken(object):
def __lock__(self):
pass
def __islocked__(self):
@@ -145,7 +145,7 @@ def test_islocked():
assert f(o) is True
# Test with another class implemented locking protocol:
class Lockable:
class Lockable(object):
__locked = False
def __lock__(self):
self.__locked = True
@@ -157,7 +157,7 @@ def test_islocked():
assert f(o) is True
# Test with a class incorrectly implementing the locking protocol:
class Broken:
class Broken(object):
__lock__ = False
def __islocked__(self):
return False
@@ -207,7 +207,7 @@ def membername(i):
return 'member%03d' % i
class DummyMember:
class DummyMember(object):
def __init__(self, i):
self.i = i
self.name = self.__name__ = membername(i)

4
ipatests/test_ipalib/test_cli.py
View File

@@ -76,7 +76,7 @@ def get_cmd_name(i):
return 'cmd_%d' % i
class DummyCommand:
class DummyCommand(object):
def __init__(self, name):
self.__name = name
@@ -85,7 +85,7 @@ class DummyCommand:
name = property(__get_name)
class DummyAPI:
class DummyAPI(object):
def __init__(self, cnt):
self.__cmd = plugable.APINameSpace(self.__cmd_iter(cnt), DummyCommand)

30
ipatests/test_ipalib/test_config.py
View File

@@ -23,9 +23,7 @@ Test the `ipalib.config` module.
"""
from os import path
import site
import sys
from ipatests.util import raises, delitem, ClassChecker
from ipatests.util import getitem
from ipatests.util import TempDir, TempHome
@@ -449,39 +447,23 @@ class test_Env(ClassChecker):
assert o.bin == path.dirname(path.abspath(sys.argv[0]))
assert o.home == home.path
assert o.dot_ipa == home.join('.ipa')
assert o.in_tree is False
assert o.context == 'default'
if (
# venv site module doesn't have getsitepackages()
not hasattr(site, "getsitepackages")
or o.site_packages in site.getsitepackages()
):
assert o.in_tree is False
assert o.confdir == '/etc/ipa'
assert o.conf == '/etc/ipa/default.conf'
assert o.conf_default == o.conf
else:
assert o.in_tree is True
assert o.confdir == o.dot_ipa
assert o.conf == home.join('.ipa/default.conf')
assert o.conf_default == o.conf
assert o.confdir == '/etc/ipa'
assert o.conf == '/etc/ipa/default.conf'
assert o.conf_default == o.conf
# Test overriding values created by _bootstrap()
(o, home) = self.bootstrap(in_tree='True', context='server')
assert o.in_tree is True
assert o.context == 'server'
assert o.conf == home.join('.ipa', 'server.conf')
o, home = self.bootstrap(
conf='/my/wacky/whatever.conf', in_tree=False
)
(o, home) = self.bootstrap(conf='/my/wacky/whatever.conf')
assert o.in_tree is False
assert o.context == 'default'
assert o.conf == '/my/wacky/whatever.conf'
assert o.conf_default == '/etc/ipa/default.conf'
o, home = self.bootstrap(
conf_default='/my/wacky/default.conf', in_tree=False
)
(o, home) = self.bootstrap(conf_default='/my/wacky/default.conf')
assert o.in_tree is False
assert o.context == 'default'
assert o.conf == '/etc/ipa/default.conf'

8
ipatests/test_ipalib/test_errors.py
View File

@@ -41,7 +41,7 @@ if six.PY3:
pytestmark = pytest.mark.tier0
class PrivateExceptionTester:
class PrivateExceptionTester(object):
_klass = None
__klass = None
@@ -193,7 +193,7 @@ class test_PluginMissingOverrideError(PrivateExceptionTester):
##############################################################################
# Unit tests for public errors:
class PublicExceptionTester:
class PublicExceptionTester(object):
_klass = None
__klass = None
@@ -338,7 +338,7 @@ class test_PublicError(PublicExceptionTester):
assert_equal(list(inst_match),list(instructions))
class BaseMessagesTest:
class BaseMessagesTest(object):
"""Generic test for all of a module's errors or messages
"""
def test_public_messages(self):
@@ -367,7 +367,7 @@ class BaseMessagesTest:
pass
class test_PublicErrors:
class test_PublicErrors(object):
message_list = errors.public_errors
errno_range = list(range(900, 5999))
required_classes = (Exception, errors.PublicError)

39
ipatests/test_ipalib/test_frontend.py
View File

@@ -21,6 +21,8 @@
Test the `ipalib.frontend` module.
"""
# FIXME: Pylint errors
# pylint: disable=no-member
import pytest
import six
@@ -69,7 +71,7 @@ def test_is_rule():
is_rule = frontend.is_rule
flag = frontend.RULE_FLAG
class no_call:
class no_call(object):
def __init__(self, value):
if value is not None:
assert value in (True, False)
@@ -197,7 +199,7 @@ class test_Command(ClassChecker):
"""
Return a standard subclass of `ipalib.frontend.Command`.
"""
class Rule:
class Rule(object):
def __init__(self, name):
self.name = name
@@ -230,7 +232,7 @@ class test_Command(ClassChecker):
"""
Helper method used to test args and options.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -276,7 +278,7 @@ class test_Command(ClassChecker):
"""
Test the ``ipalib.frontend.Command.args`` instance attribute.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -333,7 +335,7 @@ class test_Command(ClassChecker):
"""
Test the ``ipalib.frontend.Command.options`` instance attribute.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -357,7 +359,7 @@ class test_Command(ClassChecker):
"""
Test the ``ipalib.frontend.Command.output`` instance attribute.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -405,7 +407,7 @@ class test_Command(ClassChecker):
"""
Test the `ipalib.frontend.Command.convert` method.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -422,7 +424,7 @@ class test_Command(ClassChecker):
"""
Test the `ipalib.frontend.Command.normalize` method.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -470,7 +472,7 @@ class test_Command(ClassChecker):
"""
Test the `ipalib.frontend.Command.validate` method.
"""
class api:
class api(object):
env = config.Env(context='cli')
@staticmethod
def is_production_mode():
@@ -689,7 +691,7 @@ class test_Command(ClassChecker):
"""
Test the `ipalib.frontend.Command.validate_output` method.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -731,7 +733,7 @@ class test_Command(ClassChecker):
"""
Test `ipalib.frontend.Command.validate_output` per-type validation.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -760,7 +762,7 @@ class test_Command(ClassChecker):
"""
Test `ipalib.frontend.Command.validate_output` nested validation.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -795,7 +797,7 @@ class test_Command(ClassChecker):
"""
Test the `ipalib.frontend.Command.get_output_params` method.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -831,7 +833,7 @@ class test_LocalOrRemote(ClassChecker):
"""
Test the `ipalib.frontend.LocalOrRemote.__init__` method.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -914,7 +916,7 @@ class test_Object(ClassChecker):
Test the `ipalib.frontend.Object.__init__` method.
"""
# Setup for test:
class DummyAttribute:
class DummyAttribute(object):
def __init__(self, obj_name, attr_name, name=None):
self.obj_name = obj_name
self.attr_name = attr_name
@@ -942,7 +944,7 @@ class test_Object(ClassChecker):
cnt = 10
methods_format = 'method_%d'
class FakeAPI:
class FakeAPI(object):
def __init__(self):
self._API__plugins = get_attributes(cnt, methods_format)
self._API__default_map = {}
@@ -1111,16 +1113,13 @@ class test_Attribute(ClassChecker):
Test the `ipalib.frontend.Attribute.__init__` method.
"""
user_obj = 'The user frontend.Object instance'
class api:
class api(object):
Object = {("user", "1"): user_obj}
@staticmethod
def is_production_mode():
return False
class user_add(self.cls):
pass
o = user_add(api)
assert read_only(o, 'api') is api
assert read_only(o, 'obj') is user_obj

15
ipatests/test_ipalib/test_parameters.py
View File

@@ -31,11 +31,12 @@ import re
import sys
from decimal import Decimal
from inspect import isclass
from xmlrpc.client import MAXINT, MININT
import pytest
import six
# pylint: disable=import-error
from six.moves.xmlrpc_client import MAXINT, MININT
# pylint: enable=import-error
from cryptography import x509 as crypto_x509
from cryptography.hazmat.backends import default_backend
@@ -172,7 +173,7 @@ def test_parse_param_spec():
assert str(e) == TYPE_ERROR % ('spec', str, bad_value, type(bad_value))
class DummyRule:
class DummyRule(object):
def __init__(self, error=None):
assert error is None or type(error) is unicode
self.error = error
@@ -580,7 +581,7 @@ class test_Param(ClassChecker):
"""
Test the `ipalib.parameters.Param.get_default` method.
"""
class PassThrough:
class PassThrough(object):
value = None
def __call__(self, value):
@@ -680,7 +681,7 @@ class test_Data(ClassChecker):
Test the `ipalib.parameters.Data.__init__` method.
"""
o = self.cls('my_data')
assert o.type is type(None) # noqa
assert o.type is type(None)
assert o.password is False
assert o.rules == tuple()
assert o.class_rules == tuple()
@@ -1221,7 +1222,7 @@ class test_Number(ClassChecker):
Test the `ipalib.parameters.Number.__init__` method.
"""
o = self.cls('my_number')
assert o.type is type(None) # noqa
assert o.type is type(None)
assert o.password is False
assert o.rules == tuple()
assert o.class_rules == tuple()
@@ -1242,7 +1243,7 @@ class test_Int(ClassChecker):
# Test with no kwargs:
o = self.cls('my_number')
assert o.type == int
assert o.allowed_types == (int,)
assert o.allowed_types == six.integer_types
assert isinstance(o, parameters.Int)
assert o.minvalue == int(MININT)
assert o.maxvalue == int(MAXINT)

60
ipatests/test_ipalib/test_plugable.py
View File

@@ -25,7 +25,6 @@ Test the `ipalib.plugable` module.
# pylint: disable=no-member
import os
import sys
import textwrap
from ipalib import plugable, errors, create_api
@@ -36,7 +35,6 @@ import pytest
pytestmark = pytest.mark.tier0
class test_Plugin(ClassChecker):
"""
Test the `ipalib.plugable.Plugin` class.
@@ -78,11 +76,19 @@ class test_Plugin(ClassChecker):
assert o.summary == u'<%s.%s>' % (another_subclass.__module__,
another_subclass.__name__)
# Test that Plugin makes sure the subclass hasn't defined attributes
# whose names conflict with the logger methods set in Plugin.__init__():
class check(self.cls):
info = 'whatever'
e = raises(Exception, check, api)
assert str(e) == \
"info is already bound to ipatests.test_ipalib.test_plugable.check()"
def test_finalize(self):
"""
Test the `ipalib.plugable.Plugin.finalize` method.
"""
class api:
class api(object):
@staticmethod
def is_production_mode():
return False
@@ -96,15 +102,14 @@ def test_Registry():
"""
Test the `ipalib.plugable.Registry` class
"""
class Base1:
class Base1(object):
pass
class Base2(object):
pass
class Base2:
pass
class plugin1(Base1):
pass
class plugin2(Base2):
pass
@@ -302,44 +307,3 @@ class test_API(ClassChecker):
os.environ['IPA_CONFDIR'] = ipa_confdir
else:
os.environ.pop('IPA_CONFDIR')
class test_cli(ClassChecker):
"""
Test the `ipalib.plugable` global bootstrap.
"""
def test_no_args(self):
sys.argv = ['/usr/bin/ipa']
api = create_api(mode='unit_test')
(_options, argv) = api.bootstrap_with_global_options(
context='unit_test')
assert len(argv) == 0
assert _options.env is None
assert _options.conf is None
assert _options.debug is None
assert _options.delegate is None
assert _options.verbose is None
def test_one_arg(self):
sys.argv = ['/usr/bin/ipa', 'user-show']
api = create_api(mode='unit_test')
(_options, argv) = api.bootstrap_with_global_options(
context='unit_test')
assert argv == ['user-show']
assert _options.verbose is None
def test_args_valid_option(self):
sys.argv = ['/usr/bin/ipa', '-v', 'user-show']
api = create_api(mode='unit_test')
(_options, argv) = api.bootstrap_with_global_options(
context='unit_test')
assert argv == ['user-show']
assert _options.verbose == 1
def test_args_invalid_option(self):
sys.argv = ['/usr/bin/ipa', '-verbose', 'user-show']
api = create_api(mode='unit_test')
try:
api.bootstrap_with_global_options(context='unit_test')
except errors.OptionError as e:
assert e.msg == 'Unable to parse option rbose'

41
ipatests/test_ipalib/test_rpc.py
View File

@@ -22,18 +22,21 @@ Test the `ipalib.rpc` module.
"""
from __future__ import print_function
from xmlrpc.client import Binary, Fault, dumps, loads
import urllib
import unittest
import pytest
import six
# pylint: disable=import-error
from six.moves.xmlrpc_client import Binary, Fault, dumps, loads
# pylint: enable=import-error
from six.moves import urllib
from ipatests.util import raises, assert_equal, PluginTester, DummyClass
from ipatests.util import Fuzzy
from ipatests.data import binary_bytes, utf8_bytes, unicode_str
from ipalib.frontend import Command
from ipalib.request import context, Connection
from ipalib import rpc, errors, api, request as ipa_request
from ipalib import rpc, errors, api, request
from ipapython.version import API_VERSION
if six.PY3:
@@ -73,6 +76,7 @@ def test_round_trip():
if six.PY2:
assert_equal(dump_n_load(utf8_bytes), unicode_str)
assert_equal(dump_n_load(unicode_str), unicode_str)
# "Binary" is not "str". pylint: disable=no-member
assert_equal(dump_n_load(Binary(binary_bytes)).data, binary_bytes)
assert isinstance(dump_n_load(Binary(binary_bytes)), Binary)
assert type(dump_n_load(b'hello')) is output_binary_type
@@ -109,6 +113,7 @@ def test_xml_wrap():
assert f({}, API_VERSION) == dict()
b = f(b'hello', API_VERSION)
assert isinstance(b, Binary)
# "Binary" is not "dict" or "tuple". pylint: disable=no-member
assert b.data == b'hello'
u = f(u'hello', API_VERSION)
assert type(u) is unicode
@@ -257,18 +262,18 @@ class test_xmlclient(PluginTester):
@pytest.mark.skip_ipaclient_unittest
@pytest.mark.needs_ipaapi
class test_xml_introspection:
@pytest.fixture(autouse=True, scope="class")
def xml_introsp_setup(self, request):
class test_xml_introspection(object):
@classmethod
def setup_class(cls):
try:
api.Backend.xmlclient.connect()
except (errors.NetworkError, IOError):
pytest.skip('%r: Server not available: %r' %
(__name__, api.env.xmlrpc_uri))
raise unittest.SkipTest('%r: Server not available: %r' %
(__name__, api.env.xmlrpc_uri))
def fin():
ipa_request.destroy_context()
request.addfinalizer(fin)
@classmethod
def teardown_class(cls):
request.destroy_context()
def test_list_methods(self):
result = api.Backend.xmlclient.conn.system.listMethods()
@@ -348,18 +353,16 @@ class test_rpcclient_context(PluginTester):
"""
Test the context in `ipalib.rpc.rpcclient` plugin.
"""
@pytest.fixture(autouse=True)
def rpcclient_context_fsetup(self, request):
def setup(self):
try:
api.Backend.rpcclient.connect(ca_certfile='foo')
except (errors.NetworkError, IOError):
pytest.skip('%r: Server not available: %r' %
(__name__, api.env.xmlrpc_uri))
raise unittest.SkipTest('%r: Server not available: %r' %
(__name__, api.env.xmlrpc_uri))
def fin():
if api.Backend.rpcclient.isconnected():
api.Backend.rpcclient.disconnect()
request.addfinalizer(fin)
def teardown(self):
if api.Backend.rpcclient.isconnected():
api.Backend.rpcclient.disconnect()
def test_context_cafile(self):
"""

40
ipatests/test_ipalib/test_text.py
View File

@@ -25,6 +25,7 @@ from __future__ import print_function
import os
import shutil
import tempfile
import unittest
import six
import pytest
@@ -49,7 +50,7 @@ def test_create_translation():
assert context.__dict__[key] is t
class test_TestLang:
class test_TestLang(object):
lang_env_vars = {'LC_ALL', 'LC_MESSAGES', 'LANGUAGE', 'LANG'}
def setup_lang(self):
@@ -76,8 +77,7 @@ class test_TestLang:
os.environ.update(self.saved_locale)
@pytest.fixture(autouse=True)
def testlang_setup(self, request):
def setup(self):
self.tmp_dir = None
self.setup_lang()
@@ -102,27 +102,26 @@ class test_TestLang:
result = create_po(self.pot_file, self.po_file, self.mo_file)
if result:
pytest.skip(
raise unittest.SkipTest(
'Unable to create po file "%s" & mo file "%s" from pot '
'file "%s"' % (self.po_file, self.mo_file, self.pot_file)
)
if not os.path.isfile(self.po_file):
pytest.skip(
raise unittest.SkipTest(
'Test po file unavailable: {}'.format(self.po_file))
if not os.path.isfile(self.mo_file):
pytest.skip(
raise unittest.SkipTest(
'Test mo file unavailable: {}'.format(self.mo_file))
self.po_file_iterate = po_file_iterate
def fin():
self.teardown_lang()
def teardown(self):
self.teardown_lang()
if self.tmp_dir is not None:
shutil.rmtree(self.tmp_dir)
request.addfinalizer(fin)
if self.tmp_dir is not None:
shutil.rmtree(self.tmp_dir)
def test_test_lang(self):
print("test_test_lang")
@@ -149,8 +148,7 @@ class test_TestLang:
result = self.po_file_iterate(self.po_file, get_msgstr, get_msgstr_plural)
assert result == 0
class test_LazyText:
class test_LazyText(object):
klass = text.LazyText
@@ -161,7 +159,7 @@ class test_LazyText:
assert inst.key == ('foo', 'bar')
class test_FixMe:
class test_FixMe(object):
klass = text.FixMe
def test_init(self):
@@ -180,7 +178,7 @@ class test_FixMe:
assert type(unicode(inst)) is unicode
class test_Gettext:
class test_Gettext(object):
klass = text.Gettext
@@ -188,7 +186,7 @@ class test_Gettext:
inst = self.klass('what up?', 'foo', 'bar')
assert inst.domain == 'foo'
assert inst.localedir == 'bar'
assert inst.msg == 'what up?'
assert inst.msg is 'what up?'
assert inst.args == ('what up?', 'foo', 'bar')
def test_repr(self):
@@ -243,7 +241,7 @@ class test_Gettext:
assert (inst4 != inst1) is True
class test_NGettext:
class test_NGettext(object):
klass = text.NGettext
@@ -322,7 +320,7 @@ class test_NGettext:
assert (inst4 != inst1) is True
class test_GettextFactory:
class test_GettextFactory(object):
klass = text.GettextFactory
@@ -350,12 +348,12 @@ class test_GettextFactory:
inst = self.klass('foo', 'bar')
g = inst('what up?')
assert type(g) is text.Gettext
assert g.msg == 'what up?'
assert g.msg is 'what up?'
assert g.domain == 'foo'
assert g.localedir == 'bar'
class test_NGettextFactory:
class test_NGettextFactory(object):
klass = text.NGettextFactory
@@ -389,7 +387,7 @@ class test_NGettextFactory:
assert ng.localedir == 'bar'
class test_ConcatenatedText:
class test_ConcatenatedText(object):
klass = text.ConcatenatedLazyText

77
ipatests/test_ipalib/test_util.py
View File

@@ -1,77 +0,0 @@
#
# Copyright (C) 2018 FreeIPA Contributors see COPYING for license
#
"""Tests for ipalib.util module
"""
import os
import ssl
from unittest import mock
import pytest
from ipalib.util import (
get_pager, create_https_connection, get_proper_tls_version_span
)
from ipaplatform.constants import constants
@pytest.mark.parametrize('pager,expected_result', [
# Valid values
('cat', '/bin/cat'),
('/bin/cat', '/bin/cat'),
# Invalid values (wrong command, package is not installed, etc)
('cat_', None),
('', None)
])
def test_get_pager(pager, expected_result):
with mock.patch.dict(os.environ, {'PAGER': pager}):
pager = get_pager()
assert(pager == expected_result or pager.endswith(expected_result))
BASE_CTX = ssl.SSLContext(ssl.PROTOCOL_TLS)
if constants.TLS_HIGH_CIPHERS is not None:
BASE_CTX.set_ciphers(constants.TLS_HIGH_CIPHERS)
else:
BASE_CTX.set_ciphers("PROFILE=SYSTEM")
# options: IPA still supports Python 3.6 without min/max version setters
BASE_OPT = BASE_CTX.options
BASE_OPT |= (
ssl.OP_ALL | ssl.OP_NO_COMPRESSION | ssl.OP_SINGLE_DH_USE |
ssl.OP_SINGLE_ECDH_USE
)
TLS_OPT = (
ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 |
ssl.OP_NO_TLSv1_1
)
OP_NO_TLSv1_3 = getattr(ssl, "OP_NO_TLSv1_3", 0) # make pylint happy
@pytest.mark.skip_if_platform(
"debian", reason="Crypto policy is not supported on Debian"
)
@pytest.mark.parametrize('minver,maxver,opt,expected', [
(None, None, BASE_OPT, None),
(None, "tls1.3", BASE_OPT | TLS_OPT, ["tls1.2", "tls1.3"]),
("tls1.2", "tls1.3", BASE_OPT | TLS_OPT, ["tls1.2", "tls1.3"]),
("tls1.2", None, BASE_OPT | TLS_OPT, ["tls1.2", "tls1.3"]),
("tls1.2", "tls1.2", BASE_OPT | TLS_OPT | OP_NO_TLSv1_3, ["tls1.2"]),
(None, "tls1.2", BASE_OPT | TLS_OPT | OP_NO_TLSv1_3, ["tls1.2"]),
("tls1.3", "tls1.3", BASE_OPT | TLS_OPT | ssl.OP_NO_TLSv1_2, ["tls1.3"]),
("tls1.3", None, BASE_OPT | TLS_OPT | ssl.OP_NO_TLSv1_2, ["tls1.3"]),
])
def test_tls_version_span(minver, maxver, opt, expected):
assert get_proper_tls_version_span(minver, maxver) == expected
# file must exist and contain certs
cafile = ssl.get_default_verify_paths().cafile
conn = create_https_connection(
"invalid.test",
cafile=cafile,
tls_version_min=minver,
tls_version_max=maxver
)
ctx = getattr(conn, "_context")
assert ctx.options == BASE_OPT | opt
assert ctx.get_ciphers() == BASE_CTX.get_ciphers()

120
ipatests/test_ipalib/test_x509.py
View File

@@ -22,11 +22,7 @@ Test the `ipalib.x509` module.
"""
import base64
from binascii import hexlify
from configparser import RawConfigParser
import datetime
from io import StringIO
import pickle
import pytest
@@ -164,8 +160,7 @@ QUs1Hx1wL7mL4U8fKCFDKA+ds2B2xWgoZg==
-----END CERTIFICATE-----
'''
class test_x509:
class test_x509(object):
"""
Test `ipalib.x509`
@@ -263,7 +258,7 @@ class test_x509:
not_after = datetime.datetime(2018, 10, 23, 5, 36, 59)
assert cert.not_valid_before == not_before
assert cert.not_valid_after == not_after
assert cert.san_general_names == [DNSName('ipa.demo1.freeipa.org')]
assert cert.san_general_names == [DNSName(u'ipa.demo1.freeipa.org')]
assert cert.san_a_label_dns_names == ['ipa.demo1.freeipa.org']
assert cert.extended_key_usage == {
'1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2'
@@ -272,114 +267,3 @@ class test_x509:
b'0 \x06\x03U\x1d%\x01\x01\xff\x04\x160\x14\x06\x08+\x06\x01'
b'\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x02'
)
class test_ExternalCAProfile:
def test_MSCSTemplateV1_good(self):
o = x509.MSCSTemplateV1("MySubCA")
assert hexlify(o.get_ext_data()) == b'1e0e004d007900530075006200430041'
def test_MSCSTemplateV1_bad(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV1("MySubCA:1")
def test_MSCSTemplateV1_pickle_roundtrip(self):
o = x509.MSCSTemplateV1("MySubCA")
s = pickle.dumps(o)
assert o.get_ext_data() == pickle.loads(s).get_ext_data()
def test_MSCSTemplateV2_too_few_parts(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV2("1.2.3.4")
def test_MSCSTemplateV2_too_many_parts(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV2("1.2.3.4:100:200:300")
def test_MSCSTemplateV2_bad_oid(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV2("not_an_oid:1")
def test_MSCSTemplateV2_non_numeric_major_version(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV2("1.2.3.4:major:200")
def test_MSCSTemplateV2_non_numeric_minor_version(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV2("1.2.3.4:100:minor")
def test_MSCSTemplateV2_major_version_lt_zero(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV2("1.2.3.4:-1:200")
def test_MSCSTemplateV2_minor_version_lt_zero(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV2("1.2.3.4:100:-1")
def test_MSCSTemplateV2_major_version_gt_max(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV2("1.2.3.4:4294967296:200")
def test_MSCSTemplateV2_minor_version_gt_max(self):
with pytest.raises(ValueError):
x509.MSCSTemplateV2("1.2.3.4:100:4294967296")
def test_MSCSTemplateV2_good_major(self):
o = x509.MSCSTemplateV2("1.2.3.4:4294967295")
assert hexlify(o.get_ext_data()) == b'300c06032a0304020500ffffffff'
def test_MSCSTemplateV2_good_major_minor(self):
o = x509.MSCSTemplateV2("1.2.3.4:4294967295:0")
assert hexlify(o.get_ext_data()) \
== b'300f06032a0304020500ffffffff020100'
def test_MSCSTemplateV2_pickle_roundtrip(self):
o = x509.MSCSTemplateV2("1.2.3.4:4294967295:0")
s = pickle.dumps(o)
assert o.get_ext_data() == pickle.loads(s).get_ext_data()
def test_ExternalCAProfile_dispatch(self):
"""
Test that constructing ExternalCAProfile actually returns an
instance of the appropriate subclass.
"""
assert isinstance(
x509.ExternalCAProfile("MySubCA"),
x509.MSCSTemplateV1)
assert isinstance(
x509.ExternalCAProfile("1.2.3.4:100"),
x509.MSCSTemplateV2)
def test_write_pkispawn_config_file_MSCSTemplateV1(self):
template = x509.MSCSTemplateV1(u"SubCA")
expected = (
'[CA]\n'
'pki_req_ext_oid = 1.3.6.1.4.1.311.20.2\n'
'pki_req_ext_data = 1e0a00530075006200430041\n\n'
)
self._test_write_pkispawn_config_file(template, expected)
def test_write_pkispawn_config_file_MSCSTemplateV2(self):
template = x509.MSCSTemplateV2(u"1.2.3.4:4294967295")
expected = (
'[CA]\n'
'pki_req_ext_oid = 1.3.6.1.4.1.311.21.7\n'
'pki_req_ext_data = 300c06032a0304020500ffffffff\n\n'
)
self._test_write_pkispawn_config_file(template, expected)
def _test_write_pkispawn_config_file(self, template, expected):
"""
Test that the values we read from an ExternalCAProfile
object can be used to produce a reasonable-looking pkispawn
configuration.
"""
config = RawConfigParser()
config.optionxform = str
config.add_section("CA")
config.set("CA", "pki_req_ext_oid", template.ext_oid)
config.set("CA", "pki_req_ext_data",
hexlify(template.get_ext_data()).decode('ascii'))
out = StringIO()
config.write(out)
assert out.getvalue() == expected