Files
@ 46fe0a9e838f
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/molecule/default/tests/test_default_buster.py - annotation
46fe0a9e838f
1.7 KiB
text/x-python
MAR-181: Set-up the mail aliases correctly for running mail delivery tests.
8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 8d272d91d3d2 | import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*-buster64')
def test_ldap_server_uses_correct_dh_parameters(host):
"""
Tests if the LDAP server uses the generated Diffie-Hellman
parameter.
"""
# Technically we should be testing here against deployed DH
# parameters file, however... When linked against GnuTLS, slapd
# seems to only take into account the size of pointed-to DH
# parameters, and then picks one of the parameters from the
# RFC-7919 (https://www.ietf.org/rfc/rfc7919.txt)
# instead. Therefore we list here the 2048-bit DH parameter from
# the RFC instead.
expected_dhparam = """-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----"""
connection = host.run("gnutls-cli --no-ca-verification --starttls-proto=ldap --port 389 "
"--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose localhost")
output = connection.stdout
begin_marker = "-----BEGIN DH PARAMETERS-----"
end_marker = "-----END DH PARAMETERS-----"
used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]
assert used_dhparam == expected_dhparam
|