Check that CADogtagCertsConfigCheck can handle cert renewal

Renewal causes two certs to have the same nickname. Dogtag is patched to allow for N certs with the same nickname, and this test is to verify that CADogtagCertsConfigCheck still passes. Related: https://github.com/dogtagpki/pki/pull/4285 Signed-off-by: Chris Kelley <ckelley@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-01-26 16:16:31 -06:00 · 2023-01-13 19:44:22 +00:00 · 2023-01-13 19:44:22 +00:00 · 614d3bd9c0
commit 614d3bd9c0
parent a2667b249e
1 changed files with 17 additions and 0 deletions
--- a/ipatests/test_integration/test_ipahealthcheck.py
+++ b/ipatests/test_integration/test_ipahealthcheck.py
@ -1406,6 +1406,23 @@ class TestIpaHealthCheck(IntegrationTest):
            expected_permissions="0600"
        )

+    def test_ipa_healthcheck_renew_internal_cert(self):
+        """
+        This testcase checks that CADogtagCertsConfigCheck can handle
+        cert renewal, when there can be two certs with the same nickname
+        """
+        if (tasks.get_pki_version(self.master) < tasks.parse_version('11.4.0')):
+            raise pytest.skip("PKI known issue #2022561")
+        self.master.run_command(['ipa-cacert-manage', 'renew', '--self-signed'])
+        returncode, data = run_healthcheck(
+            self.master,
+            "pki.server.healthcheck.meta.csconfig",
+            "CADogtagCertsConfigCheck",
+        )
+        assert returncode == 0
+        for check in data:
+            assert check["result"] == "SUCCESS"
+
    @pytest.fixture
    def remove_healthcheck(self):
        """