Test trust anchor bootstrap
kresd has its specific way of trust anchor bootstrapping which cannot be covered by a generic Deckard test. This is request to cover trust anchor bootstrap mechanism by kresd-specific test.
Requirements:
- have own signed root zone
- have own CA
- have own HTTPS server
- have custom trust-anchors.xml
What to test (not ordered by priority, just random list):
- timestamps are respected
- all the valid keys show up in TA list in kresd
- invalid transport certificate or XML file is properly detected and refused