diff --git a/README.md b/README.md index b41daaa..7adba3b 100644 --- a/README.md +++ b/README.md @@ -463,6 +463,10 @@ SSL certificates and keys must be deployed on the host prior to running the role If set to `True`, NetworkManager will use the system's trusted ca certificates to verify the EAP server. + * `domain_suffix_match` + + If set, NetworkManager will ensure the domain name of the EAP server certificate matches this string. + Examples of Options ------------------- @@ -672,6 +676,7 @@ network_connections: private_key_password: "p@55w0rD" client_cert: /etc/pki/tls/client.pem ca_cert: /etc/pki/tls/cacert.pem + domain_suffix_match: example.com ``` ### Invalid and Wrong Configuration diff --git a/examples/eth_with_802_1x.yml b/examples/eth_with_802_1x.yml index 05258a7..92a93a9 100644 --- a/examples/eth_with_802_1x.yml +++ b/examples/eth_with_802_1x.yml @@ -14,6 +14,7 @@ private_key_password: "p@55w0rD" client_cert: /etc/pki/tls/client.pem ca_cert: /etc/pki/tls/cacert.pem + domain_suffix_match: example.com # certs have to be deployed first pre_tasks: diff --git a/library/network_connections.py b/library/network_connections.py index 15f4274..a72f346 100644 --- a/library/network_connections.py +++ b/library/network_connections.py @@ -1021,6 +1021,12 @@ class NMUtil: connection["ieee802_1x"]["system_ca_certs"], ) + if connection["ieee802_1x"]["domain_suffix_match"]: + s_8021x.set_property( + NM.SETTING_802_1X_DOMAIN_SUFFIX_MATCH, + connection["ieee802_1x"]["domain_suffix_match"], + ) + try: con.normalize() except Exception as e: diff --git a/module_utils/network_lsr/argument_validator.py b/module_utils/network_lsr/argument_validator.py index 8096901..06dc58d 100644 --- a/module_utils/network_lsr/argument_validator.py +++ b/module_utils/network_lsr/argument_validator.py @@ -747,6 +747,7 @@ class ArgValidator_Dict802_1X(ArgValidatorDict): ArgValidatorPath("client_cert", required=True), ArgValidatorPath("ca_cert"), ArgValidatorBool("system_ca_certs", default_value=False), + ArgValidatorStr("domain_suffix_match", required=False), ], default_value=None, ) diff --git a/tests/files/cacert.key b/tests/files/cacert.key new file mode 100644 index 0000000..ee6710d --- /dev/null +++ b/tests/files/cacert.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,B773C37C13C791B1B2F735A7D6D22F1D + +KcpCACKK2i/zLDkH/e2bM/3hzyuC7UkSJ32Vn2xvH6ukKzOpt71PJjtzucY3TgB7 +T8fYDJ0OGFfW/97M9OSjY10+wo/Vn+aTTCJWe2Y0+JeoV+bFJq33fuP0SlJI1PIU +CrxnWhFUM3iaDHjuJ32GaUCkLozKTRdb5KT0BttSdSudnT+9d6zHejCwvYEaGek0 +C3fifoN2xC47P+63UF40KWMP0+j83ZRtHXUUgQ9E0Eqmbag6jTBh2TvV/PiaWlRv +YCVMapOBs0ktSPPJACygRJcR63MocS9of7aRaPMCDP7HpzrjzKnHqJ+bPteuaE4k +UmVOlrBsJb4g/zpfT4Ee2waT/mKEiRtNhf8a7DNkc34I50iMqhOojM1zRPtQugO6 +5BGhFeciHCe7RzHvltWJRmLrl+H7Z8wvusxbSQRM5ZT18+wgBkgTb8dA3bmZS0Ws +JYcd9BN8zbsxETo/IFZ2gFOaVvOymVE5mscRR21RsiBi1vfqjl+pAt4ZrlGwVpxL +3z3yvT3lAx8Cgeg8dCxrDNb14Xwk+hkBblExLMXsUGCsRXJglk9QVPE0XjKD9XNa +mZnBHOpAsdPun58PRiaPpC+VgaFBhzPHTyBczCG1sjpkOiTJpGLpgveAq4wOXQGH +PMcux4ZDARYbJfGXANNqloIO3PHDPuhVmSAJZSMixDd4SLKjT6tALdqIv1BvOLl7 +Ay0y3Vie4oGc4EWjHqQA+r+6CATHHXtIOvWLJQ4/KQa/R+pTp0qDtXdOeHaAZzhv +BpqvQUouKUyxXlGFZrGUq9l+sFtjLlcKP33Yb2WHg4ct0gAVDIA6SK4rNH6+h/NS +rFQNOvArTeZgLCaG6htJh68WLF8p6687s4bKNM8niZ5VcsFTvMYPbfF5WdE0l53s +fZpZBf1v03ZRJYg2V9a0sNPEysaIaTJzs5lFeya78iTF/Epo4GtTHv8sWebVwh/H +FYINLIcPzzxAvw7a+7ymIsYZphomuEoCCoX85DPPbXfZOb2Bdysfdr7uyRsB480E +or6+gQxZJWxcO5tMR7+G8EuUgnPMelVNczw3UJHM+sl4Kjh9q3hF4ppWFTIOaPQ/ +BL3qPE/ZxSFC8UcG+QJEbNmPPQLXnpWPUZ3GmyH/+pPUZCkcWanpn0W3chGlJCsW +spkDMt/dpPtje1q7rfrWCVAYo4AeYzigSuxoyfpBfqcpD6wAssPQmWj4fFr91RW7 +p/iLlACpevyecALrJpU65yGWDvGWlx+dEqvdz7FRUSTkVrted/W3pmro8eDAInWx +17VM0hHfNE00hwpGaga2CY8q3EC+3kApSE6d8dbBtSzBp4YZsGq+p+Xkj7mTc/rn +mXJazUSPjNhWooI+0pN2VxB3HRBloNjsQOLaWVcSiv6l3wKl70ZbBjPkikO05k+v +QXayu3i9RjXvhT974atOqoqCSigc8ROsCYGxgHjwVMU9Spc9i8y6PrgX9ID6yk9f +9YcJjmtEi6MYh0uXNkx2m6utMjgcuAqP8yfPqeBRK2SOoLuBM9JKP8tjwq4ZBawj +SuWe82zTRjR2oXMgNy6gBBDGky+W7kNaNw/KksZUxdiNhzeDRbDG8hMJI1HcY4xQ +-----END RSA PRIVATE KEY----- diff --git a/tests/files/cacert.pem b/tests/files/cacert.pem index 3b43a67..5f0181e 100644 --- a/tests/files/cacert.pem +++ b/tests/files/cacert.pem @@ -1,32 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIFiTCCA3GgAwIBAgIUK0vXQP5fEgyCtfY4pt2yU9bDMlAwDQYJKoZIhvcNAQEL +MIIDizCCAnOgAwIBAgIUG1DftQ2xyrN+HE+KHLFmKHZnIkcwDQYJKoZIhvcNAQEL BQAwVDELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE -CgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yMDAy -MjgwODUxMzdaFw00MDAyMjMwODUxMzdaMFQxCzAJBgNVBAYTAlhYMRUwEwYDVQQH -DAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAO -BgNVBAMMB1Rlc3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDa -kLkNqQmEWCs/o39iPSlHrnuXvvqQUziGO635w16OeGgix4QY+H7My0uY801/WN2F -8dzHbpKkFJ3pvFhnbq/vcoUvY/Folb9YoMyjwEJoUiSyZ2n9YiV4HkpC+Y+aFG2P -IlBcGnRxBV4M35ZNpbvOwSWqgwIgN5Z7ET4nP0P1v5BzQa3FJYdd1nh2YEljGRE+ -aTchVhdIYN4+4YXx1rvzQs4I0Tqr3tGM4zCWTQp34LYnyQMAysXQOnwJsX8/G4Lw -AtH8cFexdoHft8uL8YHbxV8gDVBpvZSl9kmkX204hozJzsRQzSbuVw6wb2ggaYei -HdOwORYJfoC6eKOiYJEHczHkkchmbj8qFP1IKUQOPE39W8swO/2j56Qvfv9vBIUw -4QklSU3CLYpr1jjeHuKuOkSTlFSOyvN6HOxLla/YqdshGwdo8duKz3gr85lJbzHT -9IfI2r7g8fTwcVcH0DfS7Ku4OXTIqyJw/ZO77hMpF0x6U6GCHxi8I9sGjN0JVCeE -43/ad3tr9KOlGQuiDR9rz5XkCbdPgaiJ+P3nfO2fMFCUaFOr0lFj4meCKC49+sdw -CDDpW0Cqkm142co1/J64YNw/z2A3ESJrckP9NCOb6zkCZS6j+T2Nir0fI6Ix1uOX -SHKinD4KT0WgOrJLxlZdLxsCnHp57G9PQqK8RXU5VwIDAQABo1MwUTAdBgNVHQ4E -FgQUOJF6JV8Q3HPuOp1UZo+KyYcddgwwHwYDVR0jBBgwFoAUOJF6JV8Q3HPuOp1U -Zo+KyYcddgwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAUQ3f -e6EiWU/TBewakD/yrNzMxuqOS6ptDq6OPYolpdrkCogtUvL6wga7PVgEb8v+kBD1 -A0C4eA6Q+M/xOiFKSiErckQzEJggxN+C3N4rRS7F2fnMUjWjwApMxW/zPyTIGKDP -rxRNIJyfjuvxv8XnugDNjdg496beYlhOzvCVDO6hxt/V83NZBbcXY2GBUKnuldmd -21x7g/coajPuocWgK2s4OWU251ujCCggru5hRsxm3Ag68ZWCIqYu/rRN0z1V31OI -xc5OQsrkdrDez/iZMrw6N/rK8Xez0zqXU7v32gou7FoZxqx1yOZtkBMBsSXf/Fue -28maCNsE4S/HRcQQv91F/e/QtpfLmRBa6FIslBh334YzBKyuD6QLjMraDO3X8DjD -3i434Fgf5v7jttfEOrRKN7Yvb+IXZ25UhVGWUY1CsGQ57ZdUwwuD/bdeZLLAhl9X -r8PhHQ5YJV6NcGXMsvuvARlPILXLpAsP3IpXQq5l0GeHuRV2hwqiIV//qcgIz5qb -B7voqbr+2k652OOsG/tRIOvZlJBmdPkq+Beeutvx0j1VKNflBnxDMMO6zyhLVdO2 -RB8Lx2IEM8KA4p1IhnEi7g3mtQsu6IlY4Qfuje8rE0xMY28rxr977sBvvdsfkeUd -O/Ut71oKxQ/z0H/Iy1BiBoUzuK0XL079lou4ft0= +CgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UEAwwHVGVzdCBDQTAgFw0yMDA1 +MDMwNTI2MTFaGA8yMjk0MDIxNTA1MjYxMVowVDELMAkGA1UEBhMCWFgxFTATBgNV +BAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQ +MA4GA1UEAwwHVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMGAmO9ugnI/jaw4qNTyh/O65BNEvzOIwLU0mo3wTOSiakoOuC0gqO4S+0FOmC6v +ceoArS+GllowzrgnnmM4EH9hqmiLeFKa4Z2graIm2W86ayN5k3psiMolONOZ8y0r +nAMj84FifDYIOHoYbKUeN5BDsotrHbrZ/PZhlZgN1ou3gapXqM12TkXdzaj//vRd +CORjwO1ubpzb17PFUNOLWaDf3ohfoMCG08UkGwIGK0mouJ1yflda27MCcLzmDxV8 +4dfI//R/6WtN1hzWSW9ae99VwSjlACH2go/0fDD+K9jvKkEVRZAqBEnM3voQCOah +P9NMJ30R9Sh8B/D2KXGyIU0CAwEAAaNTMFEwHQYDVR0OBBYEFDUKdAwDiWpUpayU +mjiWEcMcXjQdMB8GA1UdIwQYMBaAFDUKdAwDiWpUpayUmjiWEcMcXjQdMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKEyNiDawDJeaauDUmHgdNlG +WuBlvn4Lph/+J27njmAoIbKv3aDw+kndxI02ryCZTJOm8a1NqHfkNct4ny+Cj4cz +rNoZIyMucVoKGgCMYb5zwYtW3W7RshUZoBdQDBLiIuktNsWTyqss3yVPPq8Q1JJY +89dtjCNydL6dunFSrGjVJ2K5HaTyidti2IN9g2Sbxmxgoz71ZP09xmBxaY+O738M +z5nRdrb2DX0flmv5pcqSzn7063t9FGKOp2bF9NTpcEWkultsCOvsVcsO4X/18L4J +3W8FVltyCvunv4GQecWqlNHTRT+QI2h48EVEzHQnOGEe9q1C8WVGeQ3cZXMei8k= -----END CERTIFICATE----- diff --git a/tests/files/client.pem b/tests/files/client.pem index ce96d9c..a2f4517 100644 --- a/tests/files/client.pem +++ b/tests/files/client.pem @@ -1,27 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIEqDCCApCgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCWFgx +MIIDrDCCApSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCWFgx FTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55 -IEx0ZDEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yMDAyMjgwOTQ0MjlaFw00NzA3MTUw -OTQ0MjlaMF0xCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa -BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxGTAXBgNVBAMMEFRlc3QgQ2xpZW50 -IENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5CKlKT37St3+o -EwNGIXNXy8OSxq55WmF6MYSCJCGq1QOCNz+i3+jszx8VULrBq7aLFOcQwe5leCgE -4oBPFfzTkWCASwssv3w6c3sDJNMo60dV8iaArd8nVj2X3n7ae4laGZpqfS+vdgyn -rPeVJr6GWGFNjH+Yi9NmGj8rf4wRODwMR+VBRKSECWsVIRqGvY+7/IROvxz7y8pM -OdkMu9wXLK4O0DP5yURBRWd1YlClClJV9H3jEq7NqPXSZQD1S2/hGRs0nvz8qB1N -toYg5UtSdgIlSDx3f9hXto0KqtocEBn1qg9Lh2XjopcLeqloQEV8poX5Fw9JVS1z -h4JDviQrAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T -U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBShQJXhPekXBpAdhKUK -vwip1379NzAfBgNVHSMEGDAWgBQ4kXolXxDcc+46nVRmj4rJhx12DDANBgkqhkiG -9w0BAQsFAAOCAgEAzY1ifNUYYVvWt0vR+gq37rLG5QZvlt5/pkVDYHgolChZCDmD -NWTH5MR/T+L+akFzbuIeOfQzTQMW/8fm9lHf6/e2coDtzLDKkukVCKIGZgrkyF9N -wT1xnvqCAERw0WfGFJn7auhIrExqgsrJbAorUMnVZAdrBosDWGMULNquyZMfVvAE -VXDDqjQIXe3AMA2yOgMEWoBVQMFl33BTz/NlGaE15wR8OsYRAs8/8nJewCLg4f6a -n2wz1/JIZI0ztTCO1cMrmI8i7TYIUlHQMK1QhF0aEFV1yFj+QDEc0iiIZu+i6O45 -K1TjElXIr4MrEzdI3A5ZIN+VZ7mtzq/2CIZTTir94XLcQ3BvwYJssMWxAPQb6lRA -4k+7xifr3V7u7glMxpilIxV5CpZZ4anqRMzFbJa2MOmyAXZxk7SpcD2/MugHfJiL -TWfwFcClRogqXx/loEgzXExV1MrYKQBrqMlHB5eZ77M+PFpMhVh7yY5jjWT0giOM -MXFFKL8sI3VZdT9VcKZLgKpl4KWDh+cldyJdNNCDA29gtCRO+N+d4CAl6dK6nRrI -lL81UTEexmaCL9YjLBs70/HBKCkUDOmtAR7gJ01S4Kogv4gIepCAcGmVItzF+6fw -YsbkynxXIHQcODaB2d7FFzP0QJkc6pSMIi7ioO7a+aYx8NpIDYIxxLzF39Q= +IEx0ZDEQMA4GA1UEAwwHVGVzdCBDQTAgFw0yMDA1MDMwODUxMTdaGA8yMjk0MDIx +NTA4NTExN1owXzELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEc +MBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEbMBkGA1UEAwwSY2xpZW50LmV4 +YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQipSk9+ +0rd/qBMDRiFzV8vDksaueVphejGEgiQhqtUDgjc/ot/o7M8fFVC6wau2ixTnEMHu +ZXgoBOKATxX805FggEsLLL98OnN7AyTTKOtHVfImgK3fJ1Y9l95+2nuJWhmaan0v +r3YMp6z3lSa+hlhhTYx/mIvTZho/K3+METg8DEflQUSkhAlrFSEahr2Pu/yETr8c ++8vKTDnZDLvcFyyuDtAz+clEQUVndWJQpQpSVfR94xKuzaj10mUA9Utv4RkbNJ78 +/KgdTbaGIOVLUnYCJUg8d3/YV7aNCqraHBAZ9aoPS4dl46KXC3qpaEBFfKaF+RcP +SVUtc4eCQ74kKwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUoUCV4T3pFwaQ +HYSlCr8Iqdd+/TcwHwYDVR0jBBgwFoAUNQp0DAOJalSlrJSaOJYRwxxeNB0wDQYJ +KoZIhvcNAQELBQADggEBALXhDSFirybmhZXcHuSqXn0tLp6mZintW+91B81bDUtO +FuCrWqXwV0iensm94mOeykGIR/r0Y0Y4uqOHpIznY+q5NIek0qIdirbdr5mCXK5y +fxXVIMM14GMTyIR9A4+IZaRkFbcrVnBhOdUpTQjp88jlzDr5jdyjTEnOZyOJH9kL +Qpd417iB4X5TxuQ2xe5EgHOCb8OfxO0a2BzlwtfUQAkz2v+h0RlVBwQFcE2NCJ3z +hvF3AWGl+5pkfWpY6d+1EPI3+82C6uRf8be/WKHPKu3i0irrVtZdMsKNkRiD5UUK +S4Y0WnoVu/DWSR8h9iPGSFKMkUcjFI8hgc4YQ6G4Odc= -----END CERTIFICATE----- diff --git a/tests/files/server.pem b/tests/files/server.pem index 4e389c5..461b3ac 100644 --- a/tests/files/server.pem +++ b/tests/files/server.pem @@ -1,27 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIEqDCCApCgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCWFgx +MIIDrDCCApSgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCWFgx FTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55 -IEx0ZDEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yMDAyMjgwOTA2MTlaFw00NzA3MTUw -OTA2MTlaMF0xCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa -BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxGTAXBgNVBAMMEFRlc3QgU2VydmVy -IENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFwLjgCZ0pAEPB -HrtoxM+qY27od+Np1mqwPbFmPlcxV2fiRquqxVghsow6r5JHOCblpn+TNAgKlckx -d+PXpwgPoELE15x8lU5+8/IjSQJRsx/VhmJEbYWYHZWwbwBUMZaafhrtKZfJoIDR -pzx2SKmeUIXad10uFwFqT8uz6GNFg3tVIsu/E7wpPjaK+G4/1iAZjUrli1p73Qfg -cGIrFueTA5TGL3ChsRFJdIuBvh765fxZGurEghiYcX4bO/mSKVEWs/AoGajeJ1U+ -uqOxyFl7Sjyb+ds2jdLNYYj191efT4qBmhB0bdmLFfq46GsKoneImaceSnhpcovl -jsmZf8UVAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T -U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTHtNcLFSKihvvmv/WQ -zKkJjL0yPTAfBgNVHSMEGDAWgBQ4kXolXxDcc+46nVRmj4rJhx12DDANBgkqhkiG -9w0BAQsFAAOCAgEALDrMv9TBWjVMeBUaRiaF+CDVD+Ng1Frzp37tSLbBmfcViaPl -2vQ23wDTc0SU+bamfyrIF0IRDDNM6cUkuC306+18AtXcz1taPFu6mWhtz+j4Hncm -EpMSUxvmTvr9dSUuEdX74v7tA4YqThzolEbsedAr8oe6RBjntAKugG9035z/mWuO -WNw8P3QI6eSX/APzFON/9dt9fkKU2piKgDQYvNEtCPqp1Tr2MkdRzfvyL/ZGR5yn -kuSRZLSFJyBHnnjCjrK40nt0ooVFXTpqDb8gEFn3DOLXHWLy6tWAQi6fKBQWai7v -8Mz7OyQHEwEsdM3bLWVJwe4tzJA2Ct22HsHWixuEEtQFwnuGm/tEOJ3HwVPjn5QP -2ut8yH5Ij45XeBTxkMiKie/Eb43ob8o30jCUtGuM48azyZ+byaIqVYZ/DX8NQAdC -EGRA1nWHmr9nFvcpa98kjiKcQtb7Nb/Ewq5ys/mYAwAs3yD9FNt+ujb1/y9PLN5Q -+NkcFrPuCmIj5c3jOi0AwPD+WuTHBwJ3D7+2gUByVYf6GravI6N6uXEjOD2/Wcl0 -TtjlhiWvMK9bXu2F4FBLc+GXrawiG4aTNmi278bTSF6qIxrN5+A5JRU7eUtbCnpY -piA3Y/2Pu8YoM3coGWqtVfFddJr1raQ5LHjxIfDUd0kKPbfpjlaaa3aJQdg= +IEx0ZDEQMA4GA1UEAwwHVGVzdCBDQTAgFw0yMDA1MDMwODUxMzBaGA8yMjk0MDIx +NTA4NTEzMFowXzELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEc +MBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEbMBkGA1UEAwwSc2VydmVyLmV4 +YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcC44Amd +KQBDwR67aMTPqmNu6HfjadZqsD2xZj5XMVdn4karqsVYIbKMOq+SRzgm5aZ/kzQI +CpXJMXfj16cID6BCxNecfJVOfvPyI0kCUbMf1YZiRG2FmB2VsG8AVDGWmn4a7SmX +yaCA0ac8dkipnlCF2nddLhcBak/Ls+hjRYN7VSLLvxO8KT42ivhuP9YgGY1K5Yta +e90H4HBiKxbnkwOUxi9wobERSXSLgb4e+uX8WRrqxIIYmHF+Gzv5kilRFrPwKBmo +3idVPrqjschZe0o8m/nbNo3SzWGI9fdXn0+KgZoQdG3ZixX6uOhrCqJ3iJmnHkp4 +aXKL5Y7JmX/FFQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUx7TXCxUioob7 +5r/1kMypCYy9Mj0wHwYDVR0jBBgwFoAUNQp0DAOJalSlrJSaOJYRwxxeNB0wDQYJ +KoZIhvcNAQELBQADggEBAKtTPl4WJuxfMeut+aEw7vVRU+z5A7D35nlZPQI5nBTt +ybgqMNIjdcYT/JwT2GhbzcObc3STNEo582clVN9gTpK7mYKzBBf69nTsWeZzPuNt +JQbVbK4RHwFvyosJcw6NfzxE9OxeXhTcKQDQSGKP338sAWoapEZlXNrYOIJac6HX +Xo3dQqx/8BdO9hSv1u0/zClnL5lbk1RBylS24wIe8wLoiy4ftLjL4aOYOlonj7HU +hknTY6L30oOpG5VtH8SEv3xveH/5GNKwfoGltTzemCgVfb9IhyVTLB3tIv8OW6k1 +y3+YEzVniVB4gtJ5UniLN1V4lBf6t7MGn0ybAEbOxPI= -----END CERTIFICATE----- diff --git a/tests/playbooks/tests_802_1x.yml b/tests/playbooks/tests_802_1x.yml index 1ee5f49..8151294 100644 --- a/tests/playbooks/tests_802_1x.yml +++ b/tests/playbooks/tests_802_1x.yml @@ -54,8 +54,8 @@ persistent_state: absent state: absent - name: >- - TEST: 802.1x profile with unencrypted private key and - system ca certs + TEST: 802.1x profile with unencrypted private key, + domain suffix match, and system ca certs debug: msg: "##################################################" - name: Copy cacert to system truststore @@ -86,6 +86,7 @@ private_key_password_flags: - not-required system_ca_certs: True + domain_suffix_match: example.com - name: "TEST: I can ping the EAP server" shell: ping -c1 203.0.113.1 always: diff --git a/tests/unit/test_network_connections.py b/tests/unit/test_network_connections.py index 9786cbd..b735ad1 100755 --- a/tests/unit/test_network_connections.py +++ b/tests/unit/test_network_connections.py @@ -1956,6 +1956,7 @@ class TestValidator(unittest.TestCase): "client_cert": "/etc/pki/tls/client.pem", "ca_cert": "/etc/pki/tls/cacert.pem", "system_ca_certs": False, + "domain_suffix_match": None, }, "mtu": None, "name": "eth0", @@ -1987,7 +1988,8 @@ class TestValidator(unittest.TestCase): def test_802_1x_2(self): """ - Test private key without password and system_ca_certs + Test 802.1x profile with unencrypted private key, + domain suffix match, and system ca certs """ self.maxDiff = None self.do_connections_validate( @@ -2027,6 +2029,7 @@ class TestValidator(unittest.TestCase): "client_cert": "/etc/pki/tls/client.pem", "ca_cert": None, "system_ca_certs": True, + "domain_suffix_match": "example.com", }, "mtu": None, "name": "eth0", @@ -2051,6 +2054,7 @@ class TestValidator(unittest.TestCase): "client_cert": "/etc/pki/tls/client.pem", "private_key_password_flags": ["not-required"], "system_ca_certs": True, + "domain_suffix_match": "example.com", }, } ],