f9b2228 add test for external CA key size sanity check

3 files Authored by ftweedal 11 months ago , Committed by abbra 11 months ago ,
    add test for external CA key size sanity check
    
    We recently added validation of externally-signed CA certificate to
    ensure certificates signed by external CAs with too-small keys
    (according to system crypto policy) are rejected.
    
    Add an integration test that attempts to renew with a 1024-bit
    external CA, and asserts failure.
    
    Part of: https://pagure.io/freeipa/issue/7761
    
    Reviewed-By: Christian Heimes <cheimes@redhat.com>