ipatests: CA ACL - added config templates

https://fedorahosted.org/freeipa/ticket/57

Reviewed-By: Martin Basti <mbasti@redhat.com>

3 files changed, 148 insertions, 0 deletions

diff --git a/ipatests/test_xmlrpc/data/smime.cfg.tmpl b/ipatests/test_xmlrpc/data/smime.cfg.tmpl
new file mode 100644
index 000000000..3baf03f0b
--- /dev/null
+++ b/ipatests/test_xmlrpc/data/smime.cfg.tmpl
@@ -0,0 +1,108 @@
+auth.instance_id=raCertAuth
+classId=caEnrollImpl
+desc=Certificate for S-MIME extension
+enable=true
+enableBy=ipara
+input.i1.class_id=certReqInputImpl
+input.i2.class_id=submitterInfoInputImpl
+input.list=i1,i2
+name=SMIME certificate profile
+output.list=o1
+output.o1.class_id=certOutputImpl
+policyset.list=serverCertSet
+policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl
+policyset.serverCertSet.1.constraint.name=Subject Name Constraint
+policyset.serverCertSet.1.constraint.params.accept=true
+policyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+
+policyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl
+policyset.serverCertSet.1.default.name=Subject Name Default
+policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O={iparealm}
+policyset.serverCertSet.10.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.10.constraint.name=No Constraint
+policyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl
+policyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default
+policyset.serverCertSet.10.default.params.critical=false
+policyset.serverCertSet.11.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.11.constraint.name=No Constraint
+policyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl
+policyset.serverCertSet.11.default.name=User Supplied Extension Default
+policyset.serverCertSet.11.default.params.userExtOID=2.5.29.17
+policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl
+policyset.serverCertSet.2.constraint.name=Validity Constraint
+policyset.serverCertSet.2.constraint.params.notAfterCheck=false
+policyset.serverCertSet.2.constraint.params.notBeforeCheck=false
+policyset.serverCertSet.2.constraint.params.range=740
+policyset.serverCertSet.2.default.class_id=validityDefaultImpl
+policyset.serverCertSet.2.default.name=Validity Default
+policyset.serverCertSet.2.default.params.range=731
+policyset.serverCertSet.2.default.params.startTime=0
+policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
+policyset.serverCertSet.3.constraint.name=Key Constraint
+policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.serverCertSet.3.constraint.params.keyType=RSA
+policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
+policyset.serverCertSet.3.default.name=Key Default
+policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.4.constraint.name=No Constraint
+policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
+policyset.serverCertSet.4.default.name=Authority Key Identifier Default
+policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.5.constraint.name=No Constraint
+policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
+policyset.serverCertSet.5.default.name=AIA Extension Default
+policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
+policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
+policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.{ipadomain}/ca/ocsp
+policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
+policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
+policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1
+policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
+policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint
+policyset.serverCertSet.6.constraint.params.keyUsageCritical=true
+policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false
+policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true
+policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false
+policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true
+policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false
+policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false
+policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false
+policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true
+policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true
+policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl
+policyset.serverCertSet.6.default.name=Key Usage Default
+policyset.serverCertSet.6.default.params.keyUsageCritical=true
+policyset.serverCertSet.6.default.params.keyUsageCrlSign=false
+policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true
+policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false
+policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true
+policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false
+policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false
+policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false
+policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true
+policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true
+policyset.serverCertSet.7.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.7.constraint.name=No Constraint
+policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
+policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default
+policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
+policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.4
+policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
+policyset.serverCertSet.8.constraint.name=No Constraint
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
+policyset.serverCertSet.8.default.name=Signing Alg
+policyset.serverCertSet.8.default.params.signingAlg=-
+policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.9.constraint.name=No Constraint
+policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
+policyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default
+policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
+policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
+policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca
+policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName
+policyset.serverCertSet.9.default.params.crlDistPointsNum=1
+policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.{ipadomain}/ipa/crl/MasterCRL.bin
+policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
+policyset.serverCertSet.9.default.params.crlDistPointsReasons_0=
+policyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11
+visible=false
diff --git a/ipatests/test_xmlrpc/data/usercert-priv-key.pem b/ipatests/test_xmlrpc/data/usercert-priv-key.pem
new file mode 100644
index 000000000..af5ea0b18
--- /dev/null
+++ b/ipatests/test_xmlrpc/data/usercert-priv-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsYQl2pLroHyuZWe6vSd6GsxPRxhGlAT0K87S1vMRr5cfU0Eu
+SZx0jsS4jXfAKqW/BhsVHsGA75iVFhbUY7CRGOZ9b9z1kUyajkd0TiJWxLvSDUma
+muwi/gsRDvCr+ro0zk/v38sddXXrhMKhJBj67P3PesEqobQK59GjFk+tAYn+DROP
+bo9w6bkJuhNqEaWmmYmTQz8EdBLIwGb/9FAD8iDuEFd70Mvdnn8DZ9zi5fJnpTUG
+fT6B/mTgTY/37i7scaH8/3+/dHFk5bTjQHIsj0On9z8/ehs8llgSMawMlIuOB1q6
+i7LuVkoD/zz3d7k8ytiYqOd8wfBIEEIdfULQaQIDAQABAoIBACrnpb6OhCTl/cDE
+sX3GbNzNRNwKIgTkrZ9o/cy2MzAddpTIzEc+aW2YXoLSzr+AEAuJwDEO0/sVBfOw
+0OTHaEp8axT+ctwLh8+btaCs7Avg2YQcpiGLsWl1g0n5IZgYKWs0JuYQUa5yMdqE
+sC3pW7ysG9mvln4+5ePh52kdGNOl/4MNaEbQ+OR0V8mmb3wPPPeUIHFKKzLJj7po
+n2nxdhebX8W/BGUkcV7zx89Bpufnypc8e0nn9cznbGsq/U1LUTCVJ2SzCJ2qDwUG
++0ZM1dprfp3/J3yFxKEBlZRMS//VQ5/DIFCcxFPzFizRonkgrzSF1kapNSsQvuzE
+Wax+rYECgYEA3SZthkGW2lvHjI1mMLQY94+7IB9ixdUB4lUvYmwuoUf7k/fJZ4Nq
+t4BycD9Ttj/Q19akZdXfuJgnVtDV1OgExTuJqV4gZ1jz5ewvP1ILfjcjeMLFfoez
+u0JkkeCqrBVWeCc0Ax5lWtm8JsVGV4Nd5gVLI/nmLaMh9InbClQRGC8CgYEAzX10
+NEqPFvvjEaKe2q7EIkHm4sL6TB30ajvC1Zp50jonj1i0L6Un5WqB3RCX0HAbkuz2
+umi9bxMFRfRVJsTcmhb2UrIDEolYkmIm/ji+JS0tvk7jKwl2fAv2waTBwpBA7K3g
+YUHoY6L2r7eCh/2dZvp7LiVyHrIatMsiL9msYucCgYB5MHfQnNzYKHeAFHStt+P+
+tisrfUeZdhMkPt5Kp1IeW94Hxj/+k8vFZ4RO8sUjGHGP9jX9AGkrNWZJcwPbOpJy
+qx/TSpujRuHRW87AemuF7R1pLgMgRak+szF9p4qf5smN6p3cH6oXUT6EWJMlnf20
+8a2tt2JmHAGdinYYgN0lTQKBgQCZJXWUfzjTTVj2zLcNjhCY43q658t5LR36ip1z
+apR+DF9tYxOvKqxoO4+bfQFYFCVIxBhB50u/W3KjpyxLH461vIVKLmdBymDbgBFF
+iG6V8GzWF58QdRX770KxISRS6AWrHw9KDL+wekTVwrOivG4x0F47jybVH7HtqjLJ
+bLYgYwKBgQCmLVTDie+GB2nUVe+IUOBsLfyQXfbQT1ksgX5l7M+W1tOKq1h5R/SS
+YDhasCpNIuK/yMTIXxKP1B7+Kd0I4Ib7w7Ri4kHdai+Wlf+sCjTytXt8YXUQo5mx
+fEadGM6UR/95ug9S4VbeqZdrPcjnOa4RcdzDUsxrqYRMUIlwWNCy8Q==
+-----END RSA PRIVATE KEY-----
diff --git a/ipatests/test_xmlrpc/data/usercert.conf.tmpl b/ipatests/test_xmlrpc/data/usercert.conf.tmpl
new file mode 100644
index 000000000..22804be85
--- /dev/null
+++ b/ipatests/test_xmlrpc/data/usercert.conf.tmpl
@@ -0,0 +1,13 @@
+[ req ]
+prompt = no
+encrypt_key = no
+
+distinguished_name = dn
+req_extensions = exts
+
+[ dn ]
+commonName = "{username}"
+{ipacertbase}
+
+[ exts ]
+subjectAltName=email:{username}@{ipadomain}