c34819c add test for external CA key size sanity check

3 files Authored by ftweedal 4 years ago, Committed by frenaud 4 years ago,
    add test for external CA key size sanity check
    
    We recently added validation of externally-signed CA certificate to
    ensure certificates signed by external CAs with too-small keys
    (according to system crypto policy) are rejected.
    
    Add an integration test that attempts to renew with a 1024-bit
    external CA, and asserts failure.
    
    (Manual backport to ipa-4-6 branch; cherry pick of
    f9b22283dd2160ec073e93df9b52ef6b47d6c335).
    
    Part of: https://pagure.io/freeipa/issue/7761
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>