19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit BoseSimple CA for SSSD tests
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit BoseTo avoid issues with certificate lifetimes during tests certificates can be
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Bosegenerated with a simple OpenSSL based CA.
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit BoseTo create a new certificate add a suitable and valid OpenSSL config file with a
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Bose[req] section for a certificate signing request (CSR) which must use the name
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Bosepattern SSSD_test_cert_*.config. Additionally a matching key file
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit BoseSSSD_test_cert_key_%.pem should be added e.g. with
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Bose openssl genpkey -algorithm RSA -out SSSD_test_cert_key_XYZ.pem -pkeyopt rsa_keygen_bits:2048
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit BoseIt would be possible to generate the keys automatically as well but
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Bosepre-created keys will safe some resources on the hosts running the tests,
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Boseallow more flexibility with algorithms and key lengths and make the tests
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Bosemore reproducible.
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit BoseThe Makefile will pick up the config and the keys and generate a X.509
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Bosecertificate. For usage in C-code it will generate a header file
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit BoseSSSD_test_cert_x509_*.h where the base64 encoded binary certificate is made
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Boseavailable in a macro called SSSD_TEST_CERT_*. To run test with derived ssh-keys
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Bosethe ssh key is available in SSSD_test_cert_pubsshkey_*.h as
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit BoseSSSD_TEST_CERT_SSH_KEY_*.
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit BoseOther targets for other types of tests can be added to the Makefile and should
19f5dd0b8dc4eff3373a0ac9ea17c2440628fd4cSumit Bosebe documented here.