tests/krb5: Factor out a method to fetch the CA certificate and private key

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/tests/krb5/pkinit_tests.py b/python/samba/tests/krb5/pkinit_tests.py
index 4a4d81fd8778b04dbcfd96b93b28ab4b24d9dfd8..2481d1df4a8bff319d4552853a89cd1f9b04fef0 100755 (executable)
--- a/python/samba/tests/krb5/pkinit_tests.py
+++ b/python/samba/tests/krb5/pkinit_tests.py
@@ -663,12 +663,7 @@ class PkInitTests(KDCBaseTest):
 
         return kdc_exchange_dict
 
-    def create_certificate(self, creds, certificate_signature=None):
-        if certificate_signature is None:
-            certificate_signature = hashes.SHA1
-
-        user_name = creds.get_username()
-
+    def get_ca_cert_and_private_key(self):
         # The password with which to try to encrypt the certificate or private
         # key specified on the command line.
         ca_pass = samba.tests.env_get_var_value('CA_PASS', allow_missing=True)
@@ -702,6 +697,16 @@ class PkInitTests(KDCBaseTest):
                 ca_private_key = serialization.load_pem_private_key(
                     f.read(), password=ca_pass, backend=default_backend())
 
+        return ca_cert, ca_private_key
+
+    def create_certificate(self, creds, certificate_signature=None):
+        if certificate_signature is None:
+            certificate_signature = hashes.SHA1
+
+        user_name = creds.get_username()
+
+        ca_cert, ca_private_key = self.get_ca_cert_and_private_key()
+
         builder = x509.CertificateBuilder()
 
         # Add the subject name.