diff --git a/ipatests/test_integration/test_acme.py b/ipatests/test_integration/test_acme.py index 4032d266a8d..709d9071582 100644 --- a/ipatests/test_integration/test_acme.py +++ b/ipatests/test_integration/test_acme.py @@ -17,6 +17,7 @@ ) from ipaplatform.osinfo import osinfo from ipaplatform.paths import paths +from ipapython.dn import DN from ipatests.test_integration.test_external_ca import ( install_server_external_ca_step1, install_server_external_ca_step2, @@ -144,6 +145,15 @@ def certbot_standalone_cert(host, acme_server, no_of_cert=1): ) +def get_389ds_backend(host): + """ Return the backend type used by 389ds (either 'bdb' or 'lmdb')""" + conn = host.ldap_connect() + entry = conn.get_entry( + DN('cn=config,cn=ldbm database,cn=plugins,cn=config')) + backend = entry.single_value.get('nsslapd-backend-implement') + return backend + + class TestACME(CALessBase): """ Test the FreeIPA ACME service by using ACME clients on a FreeIPA client. @@ -397,21 +407,22 @@ def test_centralize_acme_disable(self): assert status == 'disabled' def test_acme_pruning_no_random_serial(self): - """This ACME install is configured without random serial + """BDB install is configured without random serial numbers. Verify that we can't enable pruning on it. - - This test is located here because by default installs - don't enable RSNv3. """ if (tasks.get_pki_version(self.master) < tasks.parse_version('11.3.0')): raise pytest.skip("Certificate pruning is not available") self.master.run_command(['ipa-acme-manage', 'enable']) - result = self.master.run_command( - ['ipa-acme-manage', 'pruning', '--enable'], - raiseonerr=False) - assert result.returncode == 1 - assert "requires random serial numbers" in result.stderr_text + + # This test is only relevant with BDB backend + # as with LMDB, the installer now enable RSNv3 and cert pruning + if get_389ds_backend(self.master) == 'bdb': + result = self.master.run_command( + ['ipa-acme-manage', 'pruning', '--enable'], + raiseonerr=False) + assert result.returncode == 1 + assert "requires random serial numbers" in result.stderr_text @server_install_teardown def test_third_party_certs(self): @@ -707,10 +718,12 @@ def test_enable_pruning(self): if (tasks.get_pki_version(self.master) < tasks.parse_version('11.3.0')): raise pytest.skip("Certificate pruning is not available") - cs_cfg = self.master.get_file_contents(paths.CA_CS_CFG_PATH) - assert "jobsScheduler.job.pruning.enabled=false".encode() in cs_cfg - self.master.run_command(['ipa-acme-manage', 'pruning', '--enable']) + # Pruning is enabled by default when the host supports lmdb + if get_389ds_backend(self.master) == 'bdb': + cs_cfg = self.master.get_file_contents(paths.CA_CS_CFG_PATH) + assert "jobsScheduler.job.pruning.enabled=false".encode() in cs_cfg + self.master.run_command(['ipa-acme-manage', 'pruning', '--enable']) cs_cfg = self.master.get_file_contents(paths.CA_CS_CFG_PATH) assert "jobsScheduler.enabled=true".encode() in cs_cfg diff --git a/ipatests/test_webui/test_cert.py b/ipatests/test_webui/test_cert.py index 7a8ffde917c..0dc276555b2 100644 --- a/ipatests/test_webui/test_cert.py +++ b/ipatests/test_webui/test_cert.py @@ -93,6 +93,14 @@ def _add_and_revoke_cert(self, reason='1'): csr = generate_csr(hostname) self.navigate_to_entity(ENTITY) + + # Save the existing cert serials before the new one is added + # the test will compare before/after in order to find the serial + # of the newly generated certificate + result = self.execute_api_from_ui('cert_find', [], {}) + certs = result['result']['result'] + before = [cert["serial_number"] for cert in certs] + self.facet_button_click('request_cert') self.fill_textbox('principal', 'HTTP/{}'.format(hostname)) self.check_option('add', 'checked') @@ -100,8 +108,17 @@ def _add_and_revoke_cert(self, reason='1'): self.dialog_button_click('issue') self.assert_notification(assert_text='Certificate requested') self.navigate_to_entity(ENTITY) + + # Save the existing cert serials after the new one is added + result = self.execute_api_from_ui('cert_find', [], {}) + certs = result['result']['result'] + after = [cert["serial_number"] for cert in certs] + new_serial = [serial for serial in after if serial not in before] + # Find the cert that was jsut generated + index = after.index(new_serial[0]) + rows = self.get_rows() - cert = rows[-1] + cert = rows[index] self.navigate_to_row_record(cert) self.action_list_action('revoke_cert', False) @@ -212,10 +229,18 @@ def test_search_minimum_serial(self): # try searching using -1 check_minimum_serial(self, '-1', 'min_serial_number') + # Find the highest serial number and add 1 to be sure there is no + # cert with a higher serial number + result = self.execute_api_from_ui('cert_find', [], {}) + certs = result['result']['result'] + serials = [int(cert["serial_number_hex"], 0) for cert in certs] + serials.sort() + highest_serial = str(serials[-1] + 1) + # try using higher value than no. of certs present self.navigate_to_entity(ENTITY) self.select('select[name=search_option]', 'min_serial_number') - search_pkey(self, '99') + search_pkey(self, highest_serial) rows = self.get_rows() assert len(rows) == 0 @@ -226,8 +251,16 @@ def test_search_maximum_serial(self): """ self.init_app() self.navigate_to_entity(ENTITY) + + # Find the second lowest serial number + result = self.execute_api_from_ui('cert_find', [], {}) + certs = result['result']['result'] + serials = [int(cert["serial_number_hex"], 0) for cert in certs] + serials.sort() + second_serial = str(serials[1]) + self.select('select[name=search_option]', 'max_serial_number') - search_pkey(self, '2') + search_pkey(self, second_serial) rows = self.get_rows() assert len(rows) == 2