Import Upstream version 4.12.4

2025-08-12 22:28:56 +02:00
parent 03a8170b15
commit 9181ee2487
1629 changed files with 874094 additions and 554378 deletions
--- a/ipatests/test_xmlrpc/test_cert_plugin.py
+++ b/ipatests/test_xmlrpc/test_cert_plugin.py
@@ -254,6 +254,16 @@ class test_cert(BaseCert):
        result = _emails_are_valid(email_addrs, [])
        assert not result

+    def test_00012_cert_find_all(self):
+        """
+        Test that cert-find --all returns successfully.
+
+        We don't know how many we'll get but there should be at least 10
+        by default.
+        """
+        res = api.Command['cert_find'](all=True)
+        assert 'count' in res and res['count'] >= 10
+
    def test_99999_cleanup(self):
        """
        Clean up cert test data
@@ -281,9 +291,9 @@ class test_cert_find(XMLRPC_test):

        is_db_configured()

-    short = api.env.host.split('.')[0]
+    short = api.env.host.split('.', maxsplit=1)[0]

-    def test_0001_find_all(self):
+    def test_0001_find_all_certs(self):
        """
        Search for all certificates.

@@ -463,14 +473,23 @@ class test_cert_revocation(BaseCert):
                                          add=True, all=True)['result']
        serial_number = res['serial_number']

+        # REMOVE_FROM_CRL (8) needs to be on hold to revoke per RFC 5280
+        if reason == 8:
+            assert 'result' in api.Command['cert_revoke'](
+                serial_number, revocation_reason=6)
+
        # revoke created certificate
        assert 'result' in api.Command['cert_revoke'](
            serial_number, revocation_reason=reason)

        # verify that certificate is revoked with correct reason
        res2 = api.Command['cert_show'](serial_number, all=True)['result']
-        assert res2['revoked']
-        assert res2['revocation_reason'] == reason
+
+        if reason == 8:
+            assert res2['revoked'] is False
+        else:
+            assert res2['revoked']
+            assert res2['revocation_reason'] == reason

        # remove host
        assert 'result' in api.Command['host_del'](self.host_fqdn)
@@ -504,3 +523,41 @@ class test_cert_revocation(BaseCert):

    def test_revoke_with_reason_10(self):
        self.revoke_cert(10)
+
+
+@pytest.mark.tier1
+class test_cert_remove_hold(BaseCert):
+
+    # create CSR, request cert, revoke cert, remove hold
+    def test_revoke_and_remove_hold(self):
+        # add host
+        assert 'result' in api.Command['host_add'](self.host_fqdn, force=True)
+
+        # generate CSR, request certificate, obtain serial number
+        self.csr = self.generateCSR(str(self.subject))
+        res = api.Command['cert_request'](self.csr,
+                                          principal=self.service_princ,
+                                          add=True, all=True)['result']
+        serial_number = res['serial_number']
+
+        # revoke created certificate
+        assert 'result' in api.Command['cert_revoke'](
+            serial_number, revocation_reason=6)
+
+        # verify that certificate is revoked with correct reason
+        res2 = api.Command['cert_show'](serial_number, all=True)['result']
+        assert res2['revoked']
+        assert res2['revocation_reason'] == 6
+
+        # remove hold
+        res3 = api.Command['cert_remove_hold'](serial_number)['result']
+        assert res3['unrevoked']
+
+        # remove host
+        assert 'result' in api.Command['host_del'](self.host_fqdn)
+
+    def test_remove_hold_nonexistent_cert(self):
+        # remove hold must print 'Certificate ID xx not found'
+        with pytest.raises(errors.NotFound,
+                           match=r'Certificate ID 0x.* not found'):
+            api.Command['cert_remove_hold'](9999)