Update tests for CA with non-default algorithms

The tests for CA with non-default algorithms (i.e. RSA, RSA/PSS,
ECC) have been modified to check the default signing algorithm
params in CS.cfg.

.github/workflows/ca-ecc-test.yml

@@ -102,6 +102,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withEC"
+          echo "SHA512withEC" > expected
+          docker exec pki pki-server ca-config-show ca.signing.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check CA OCSP signing cert
         run: |
           # inspect cert with certutil
@@ -121,6 +126,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withEC"
+          echo "SHA512withEC" > expected
+          docker exec pki pki-server ca-config-show ca.ocsp_signing.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check CA audit signing cert
         run: |
           # inspect cert with certutil
@@ -140,6 +150,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withEC"
+          echo "SHA512withEC" > expected
+          docker exec pki pki-server ca-config-show ca.audit_signing.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check subsystem cert
         run: |
           # inspect cert with certutil
@@ -159,6 +174,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withEC"
+          echo "SHA512withEC" > expected
+          docker exec pki pki-server ca-config-show ca.subsystem.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check SSL server cert
         run: |
           # inspect cert with certutil
@@ -178,6 +198,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withEC"
+          echo "SHA512withEC" > expected
+          docker exec pki pki-server ca-config-show ca.sslserver.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Run PKI healthcheck
         run: docker exec pki pki-healthcheck --failures-only
 

.github/workflows/ca-rsa-pss-test.yml

@@ -113,6 +113,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withRSA/PSS"
+          echo "SHA512withRSA/PSS" > expected
+          docker exec pki pki-server ca-config-show ca.signing.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check CA OCSP signing cert
         run: |
           # inspect cert with certutil
@@ -132,6 +137,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withRSA/PSS"
+          echo "SHA512withRSA/PSS" > expected
+          docker exec pki pki-server ca-config-show ca.ocsp_signing.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check CA audit signing cert
         run: |
           # inspect cert with certutil
@@ -151,6 +161,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withRSA/PSS"
+          echo "SHA512withRSA/PSS" > expected
+          docker exec pki pki-server ca-config-show ca.audit_signing.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check subsystem cert
         run: |
           # inspect cert with certutil
@@ -170,6 +185,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withRSA/PSS"
+          echo "SHA512withRSA/PSS" > expected
+          docker exec pki pki-server ca-config-show ca.subsystem.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check SSL server cert
         run: |
           # inspect cert with certutil
@@ -189,6 +209,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA512withRSA/PSS"
+          echo "SHA512withRSA/PSS" > expected
+          docker exec pki pki-server ca-config-show ca.sslserver.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Run PKI healthcheck
         run: docker exec pki pki-healthcheck --failures-only
 

.github/workflows/ca-rsa-test.yml

@@ -112,6 +112,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA384withRSA"
+          echo "SHA384withRSA" > expected
+          docker exec pki pki-server ca-config-show ca.signing.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check CA OCSP signing cert
         run: |
           # inspect cert with certutil
@@ -131,6 +136,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA384withRSA"
+          echo "SHA384withRSA" > expected
+          docker exec pki pki-server ca-config-show ca.ocsp_signing.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check CA audit signing cert
         run: |
           # inspect cert with certutil
@@ -150,6 +160,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA384withRSA"
+          echo "SHA384withRSA" > expected
+          docker exec pki pki-server ca-config-show ca.audit_signing.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check subsystem cert
         run: |
           # inspect cert with certutil
@@ -169,6 +184,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA384withRSA"
+          echo "SHA384withRSA" > expected
+          docker exec pki pki-server ca-config-show ca.subsystem.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Check SSL server cert
         run: |
           # inspect cert with certutil
@@ -188,6 +208,11 @@ jobs:
           sed -n -e "s/\s*$//" -e "s/^\s*Signature Algorithm:\s*\(.*\)$/\1/p" output | uniq > actual
           diff expected actual
 
+          # default signing algorithm should be "SHA384withRSA"
+          echo "SHA384withRSA" > expected
+          docker exec pki pki-server ca-config-show ca.sslserver.defaultSigningAlgorithm | tee actual
+          diff expected actual
+
       - name: Run PKI healthcheck
         run: docker exec pki pki-healthcheck --failures-only