Add test case for pki config override

Install CA with 4096bit RSA key and SHA-384 signature. Fixes: https://pagure.io/freeipa/issue/5608 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-04-01 14:50:24 +02:00
parent dba89712c6
commit 42efdc7bb1
4 changed files with 73 additions and 0 deletions
--- a/ipatests/prci_definitions/nightly_f28.yaml
+++ b/ipatests/prci_definitions/nightly_f28.yaml
@@ -1193,6 +1193,18 @@ jobs:
        timeout: 3600
        topology: *master_1repl

+  fedora-28/test_pki_config_override:
+    requires: [fedora-28/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-28/build_url}'
+        test_suite: test_integration/test_pki_config_override.py
+        template: *ci-master-f28
+        timeout: 3600
+        topology: *master_1repl
+
  fedora-28/mask:
    requires: [fedora-28/build]
    priority: 50
--- a/ipatests/prci_definitions/nightly_master.yaml
+++ b/ipatests/prci_definitions/nightly_master.yaml
@@ -1193,6 +1193,18 @@ jobs:
        timeout: 3600
        topology: *master_1repl

+  fedora-29/test_pki_config_override:
+    requires: [fedora-29/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-29/build_url}'
+        test_suite: test_integration/test_pki_config_override.py
+        template: *ci-master-f29
+        timeout: 3600
+        topology: *master_1repl
+
  fedora-29/test_automount_locations:
    requires: [fedora-29/build]
    priority: 50
--- a/ipatests/prci_definitions/nightly_rawhide.yaml
+++ b/ipatests/prci_definitions/nightly_rawhide.yaml
@@ -1193,6 +1193,18 @@ jobs:
        timeout: 3600
        topology: *master_1repl

+  fedora-rawhide/test_pki_config_override:
+    requires: [fedora-rawhide/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-rawhide/build_url}'
+        test_suite: test_integration/test_pki_config_override.py
+        template: *ci-master-frawhide
+        timeout: 3600
+        topology: *master_1repl
+
  fedora-rawhide/mask:
    requires: [fedora-rawhide/build]
    priority: 50
--- a/ipatests/test_integration/test_pki_config_override.py
+++ b/ipatests/test_integration/test_pki_config_override.py
@@ -0,0 +1,37 @@
+#
+# Copyright (C) 2019  FreeIPA Contributors see COPYING for license
+#
+"""Test cases for PKI config overrides
+"""
+from __future__ import absolute_import
+
+from ipalib.x509 import load_pem_x509_certificate
+from ipaplatform.paths import paths
+from ipatests.test_integration.base import IntegrationTest
+from ipatests.pytest_ipa.integration import tasks
+
+
+KEY_OVERRIDE = """
+[DEFAULT]
+ipa_key_size=4096
+"""
+
+
+class TestPKIConfigOverride(IntegrationTest):
+    @classmethod
+    def install(cls, mh):
+        pki_ini = tasks.upload_temp_contents(cls.master, KEY_OVERRIDE)
+        extra_args = [
+            '--pki-config-override', pki_ini,
+        ]
+        tasks.install_master(
+            cls.master, setup_dns=False, extra_args=extra_args
+        )
+        cls.master.run_command(['rm', '-f', pki_ini])
+
+    def test_cert_rsa4096(self):
+        ca_pem = self.master.get_file_contents(
+            paths.IPA_CA_CRT, encoding=None
+        )
+        cert = load_pem_x509_certificate(ca_pem)
+        assert cert.public_key().key_size == 4096