429 else: |
429 else: |
430 pobj.remove_repository(name=r.name) |
430 pobj.remove_repository(name=r.name) |
431 self.assertRaises(api_errors.UnknownRepository, |
431 self.assertRaises(api_errors.UnknownRepository, |
432 pobj.get_repository, name=r.name) |
432 pobj.get_repository, name=r.name) |
433 |
433 |
|
434 # Verify that adding, removing, and unsetting ca certs works |
|
435 # as expected. |
|
436 pobj.create_meta_root() |
|
437 self.pub_cas_dir = os.path.join(self.ro_data_root, |
|
438 "signing_certs", "produced", "publisher_cas") |
|
439 ca_path = os.path.join(self.pub_cas_dir, "pubCA1_ta3_cert.pem") |
|
440 with open(ca_path, "rb") as fh: |
|
441 ca_data = fh.read() |
|
442 hsh = self.calc_file_hash(ca_path) |
|
443 # Test revoking a ca cert. |
|
444 pobj.revoke_ca_cert(hsh) |
|
445 self.assert_(hsh in pobj.revoked_ca_certs) |
|
446 # Test moving from revoked to approved |
|
447 pobj.approve_ca_cert(ca_data, manual=True) |
|
448 self.assert_(hsh not in pobj.revoked_ca_certs) |
|
449 self.assert_(hsh in pobj.approved_ca_certs) |
|
450 self.assert_(hsh in pobj.signing_ca_certs) |
|
451 # Test unsetting from approved |
|
452 pobj.unset_ca_cert(hsh) |
|
453 self.assert_(hsh not in pobj.revoked_ca_certs) |
|
454 self.assert_(hsh not in pobj.approved_ca_certs) |
|
455 # Test approving a ca cert |
|
456 pobj.approve_ca_cert(ca_data, manual=True) |
|
457 self.assert_(hsh in pobj.approved_ca_certs) |
|
458 # Test moving from approved to revoked |
|
459 pobj.revoke_ca_cert(hsh) |
|
460 self.assert_(hsh in pobj.revoked_ca_certs) |
|
461 self.assert_(hsh not in pobj.approved_ca_certs) |
|
462 # Test moving from revoked to unset |
|
463 pobj.unset_ca_cert(hsh) |
|
464 self.assert_(hsh not in pobj.revoked_ca_certs) |
|
465 self.assert_(hsh not in pobj.approved_ca_certs) |
|
466 |
434 |
467 |
435 if __name__ == "__main__": |
468 if __name__ == "__main__": |
436 unittest.main() |
469 unittest.main() |
437 |
470 |