From 57bc35df8084a1bad6c43eb51ec9114187f548f8 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Fri, 25 Oct 2024 16:38:34 -0300
Subject: [PATCH] ipacert: Fix ipacert tests

It seems that in recent versions, a minimum of 2048 bits for RSA keys
are required to request a certificate. This seems to be enforced by
crypto policies.

By adjusting the key size all ipacert tests pass.
---
 tests/cert/test_cert_host.yml    | 2 +-
 tests/cert/test_cert_service.yml | 2 +-
 tests/cert/test_cert_user.yml    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/cert/test_cert_host.yml b/tests/cert/test_cert_host.yml
index c57c6e13..1ac04efa 100644
--- a/tests/cert/test_cert_host.yml
+++ b/tests/cert/test_cert_host.yml
@@ -40,7 +40,7 @@
 
   - name: Create CSR
     ansible.builtin.shell:
-      cmd: "openssl req -newkey rsa:1024 -keyout /dev/null -nodes -subj /CN=certhost.{{ ipa_domain }}"
+      cmd: "openssl req -newkey rsa:2048 -keyout /dev/null -nodes -subj /CN=certhost.{{ ipa_domain }}"
     register: host_req
 
   - name: Create CSR file
diff --git a/tests/cert/test_cert_service.yml b/tests/cert/test_cert_service.yml
index 6e42ff4f..b931c07c 100644
--- a/tests/cert/test_cert_service.yml
+++ b/tests/cert/test_cert_service.yml
@@ -51,7 +51,7 @@
 
   - name: Create signing request for certificate
     ansible.builtin.shell:
-      cmd: "openssl req -newkey rsa:1024 -keyout /dev/null -nodes -subj /CN=certservice.{{ ipa_domain }}"
+      cmd: "openssl req -newkey rsa:2048 -keyout /dev/null -nodes -subj /CN=certservice.{{ ipa_domain }}"
     register: service_req
 
   - name: Create CSR file
diff --git a/tests/cert/test_cert_user.yml b/tests/cert/test_cert_user.yml
index 41c97bb3..cba90deb 100644
--- a/tests/cert/test_cert_user.yml
+++ b/tests/cert/test_cert_user.yml
@@ -36,7 +36,7 @@
   - name: Crete CSR
     ansible.builtin.shell:
       cmd:
-        'openssl req -newkey rsa:1024 -keyout /dev/null -nodes -subj /CN=certuser -reqexts IECUserRoles
+        'openssl req -newkey rsa:2048 -keyout /dev/null -nodes -subj /CN=certuser -reqexts IECUserRoles
           -config <(cat /etc/pki/tls/openssl.cnf; printf "[IECUserRoles]\n1.2.840.10070.8.1=ASN1:UTF8String:hello world")'
       executable: /bin/bash
     register: user_req
-- 
GitLab