From a3c99367bfe1071073cd93237660d783459b25e2 Mon Sep 17 00:00:00 2001 From: Michal Reznik Date: Fri, 28 Jul 2017 08:54:54 +0200 Subject: [PATCH] test_caless: add SAN dNSName extensions for wildcard tests It may happen that FQDN does not match with the domain mapped to the host. In this case we add wildcard for both domains. https://pagure.io/freeipa/issue/7100 Reviewed-By: Fraser Tweedale --- ipatests/test_integration/create_caless_pki.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/ipatests/test_integration/create_caless_pki.py b/ipatests/test_integration/create_caless_pki.py index ddad3f96b..9a2e8e26b 100644 --- a/ipatests/test_integration/create_caless_pki.py +++ b/ipatests/test_integration/create_caless_pki.py @@ -162,7 +162,7 @@ def profile_ca(builder, ca_nick, ca): def profile_server(builder, ca_nick, ca, warp=datetime.timedelta(days=0), dns_name=None, - badusage=False): + badusage=False, wildcard=False): now = datetime.datetime.utcnow() + warp builder = builder.not_valid_before(now) @@ -204,6 +204,16 @@ def profile_server(builder, ca_nick, ca, critical=False ) + if wildcard: + names = [x509.DNSName(u'*.' + domain)] + server_split = server1.split('.', 1) + if len(server_split) == 2 and domain != server_split[1]: + names.append(x509.DNSName(u'*.' + server_split[1])) + builder = builder.add_extension( + x509.SubjectAlternativeName(names), + critical=False, + ) + return builder @@ -488,7 +498,7 @@ def gen_subtree(nick_base, org, ca=None): x509.NameAttribute(NameOID.ORGANIZATION_NAME, org), x509.NameAttribute(NameOID.COMMON_NAME, u'*.' + domain) ]), - subca + subca, wildcard=True ) gen_server_certs(u'server', server1, org, subca) gen_server_certs(u'replica', server2, org, subca)