From a3c99367bfe1071073cd93237660d783459b25e2 Mon Sep 17 00:00:00 2001 From: Michal Reznik Date: Aug 11 2017 11:53:44 +0000 Subject: test_caless: add SAN dNSName extensions for wildcard tests It may happen that FQDN does not match with the domain mapped to the host. In this case we add wildcard for both domains. https://pagure.io/freeipa/issue/7100 Reviewed-By: Fraser Tweedale --- diff --git a/ipatests/test_integration/create_caless_pki.py b/ipatests/test_integration/create_caless_pki.py index ddad3f9..9a2e8e2 100644 --- a/ipatests/test_integration/create_caless_pki.py +++ b/ipatests/test_integration/create_caless_pki.py @@ -162,7 +162,7 @@ def profile_ca(builder, ca_nick, ca): def profile_server(builder, ca_nick, ca, warp=datetime.timedelta(days=0), dns_name=None, - badusage=False): + badusage=False, wildcard=False): now = datetime.datetime.utcnow() + warp builder = builder.not_valid_before(now) @@ -204,6 +204,16 @@ def profile_server(builder, ca_nick, ca, critical=False ) + if wildcard: + names = [x509.DNSName(u'*.' + domain)] + server_split = server1.split('.', 1) + if len(server_split) == 2 and domain != server_split[1]: + names.append(x509.DNSName(u'*.' + server_split[1])) + builder = builder.add_extension( + x509.SubjectAlternativeName(names), + critical=False, + ) + return builder @@ -488,7 +498,7 @@ def gen_subtree(nick_base, org, ca=None): x509.NameAttribute(NameOID.ORGANIZATION_NAME, org), x509.NameAttribute(NameOID.COMMON_NAME, u'*.' + domain) ]), - subca + subca, wildcard=True ) gen_server_certs(u'server', server1, org, subca) gen_server_certs(u'replica', server2, org, subca)