From f848bc7037208651f7c2cc54bc64b032c5377a33 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Fri, 25 Oct 2024 16:38:34 -0300
Subject: [PATCH] ipacert: Fix ipacert tests

It seems that in recent versions, a minimum of 2048 bits for RSA keys
are required to request a certificate. This seems to be enforced by
crypto policies.

By adjusting the key size all ipacert tests pass.
---
 tests/cert/test_cert_host.yml    | 2 +-
 tests/cert/test_cert_service.yml | 2 +-
 tests/cert/test_cert_user.yml    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/cert/test_cert_host.yml b/tests/cert/test_cert_host.yml
index c57c6e13e1..1ac04efa55 100644
--- a/tests/cert/test_cert_host.yml
+++ b/tests/cert/test_cert_host.yml
@@ -40,7 +40,7 @@
 
   - name: Create CSR
     ansible.builtin.shell:
-      cmd: "openssl req -newkey rsa:1024 -keyout /dev/null -nodes -subj /CN=certhost.{{ ipa_domain }}"
+      cmd: "openssl req -newkey rsa:2048 -keyout /dev/null -nodes -subj /CN=certhost.{{ ipa_domain }}"
     register: host_req
 
   - name: Create CSR file
diff --git a/tests/cert/test_cert_service.yml b/tests/cert/test_cert_service.yml
index 6e42ff4fa9..b931c07cb0 100644
--- a/tests/cert/test_cert_service.yml
+++ b/tests/cert/test_cert_service.yml
@@ -51,7 +51,7 @@
 
   - name: Create signing request for certificate
     ansible.builtin.shell:
-      cmd: "openssl req -newkey rsa:1024 -keyout /dev/null -nodes -subj /CN=certservice.{{ ipa_domain }}"
+      cmd: "openssl req -newkey rsa:2048 -keyout /dev/null -nodes -subj /CN=certservice.{{ ipa_domain }}"
     register: service_req
 
   - name: Create CSR file
diff --git a/tests/cert/test_cert_user.yml b/tests/cert/test_cert_user.yml
index 41c97bb3f2..cba90deb0f 100644
--- a/tests/cert/test_cert_user.yml
+++ b/tests/cert/test_cert_user.yml
@@ -36,7 +36,7 @@
   - name: Crete CSR
     ansible.builtin.shell:
       cmd:
-        'openssl req -newkey rsa:1024 -keyout /dev/null -nodes -subj /CN=certuser -reqexts IECUserRoles
+        'openssl req -newkey rsa:2048 -keyout /dev/null -nodes -subj /CN=certuser -reqexts IECUserRoles
           -config <(cat /etc/pki/tls/openssl.cnf; printf "[IECUserRoles]\n1.2.840.10070.8.1=ASN1:UTF8String:hello world")'
       executable: /bin/bash
     register: user_req