tests/krb5: Have the caller of create_certificate() fetch the CA certificate and...

These are useful to keep around for other purposes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/pkinit_tests.py b/python/samba/tests/krb5/pkinit_tests.py
index 2481d1df4a8bff319d4552853a89cd1f9b04fef0..822aec7bda085e46da9e3b2d193b2bc9fe8af8c2 100755 (executable)
--- a/python/samba/tests/krb5/pkinit_tests.py
+++ b/python/samba/tests/krb5/pkinit_tests.py
@@ -699,14 +699,16 @@ class PkInitTests(KDCBaseTest):
 
         return ca_cert, ca_private_key
 
-    def create_certificate(self, creds, certificate_signature=None):
+    def create_certificate(self,
+                           creds,
+                           ca_cert,
+                           ca_private_key,
+                           certificate_signature=None):
         if certificate_signature is None:
             certificate_signature = hashes.SHA1
 
         user_name = creds.get_username()
 
-        ca_cert, ca_private_key = self.get_ca_cert_and_private_key()
-
         builder = x509.CertificateBuilder()
 
         # Add the subject name.
@@ -873,8 +875,13 @@ class PkInitTests(KDCBaseTest):
         signature_algorithm_id = self.AlgorithmIdentifier_create(
             signature_algorithm)
 
+        ca_cert, ca_private_key = self.get_ca_cert_and_private_key()
+
         # Create a certificate for the client signed by the CA.
-        certificate = self.create_certificate(creds, certificate_signature)
+        certificate = self.create_certificate(creds,
+                                              ca_cert,
+                                              ca_private_key,
+                                              certificate_signature)
 
         private_key = creds.get_private_key()