alternative testcase #7897
alternative testcase #7897
Conversation
There was a problem hiding this comment.
I didn't really look at the test_authenticate.py test or the test_generate_ca_cert() yet. I focused on getting framework changes working enough to be able to see smart card authentication working. I'll come back to the others a little later but, for now here's a start.
| """ | ||
| Test initialization of the smart card. | ||
| """ | ||
| client.setup_smart_card(label="TestToken", so_pin="123456", user_pin="1234") |
There was a problem hiding this comment.
When I was reviewing framework changes for this, I suggest simplifying the code to just reference the smart_card utils methods directly like client.smart_card.init(). Also, with the changes suggested to the framework PR, I was able to do a full test like this:
(key, cert) = client.smart_card.generate_self_signed_cert()
client.smart_card.init()
client.smart_card.add_key(key)
client.smart_card.add_cert(cert)
client.smart_card.reset_service()
client.sssd.sssd["domains"] = "local"
client.sssd.common.local()
client.sssd.dom("local")["local_auth_policy"] = "only"
client.sssd.section("certmap/local/localuser1")["matchrule"] = "<SUBJECT>.*CN=Test Self Signed Cert*"
client.sssd.pam["pam_cert_auth"] = "True"
client.host.conn.run(f"cat {cert} >> /etc/sssd/pki/sssd_auth_ca_db.pem")
client.sssd.start()
result = client.host.conn.run("su - localuser1 -c 'su - localuser1 -c whoami'", input="123456")
assert "PIN" in result.stderr
assert "localuser1" in result.stdout
You need the client.sssd stuff in the middle to setup an SSSD domain config that is appropriate for local user smart card testing with the certificate created by the util. The su at the end is something we'll need to implement in the framework eventually but for a start where we can test, this will work for now.
No description provided.