a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community.crypto/tests/integration/targets/openssl_csr/tasks/impl.yml

998 lines
35 KiB
YAML
Raw Normal View History

Initial commit
2020-03-09 13:11:34 +00:00
---
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate privatekey"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
Speed up tests (#153) * Improve openssh_* tests. * Use 2048 instead of 4096 bit keys in many places. ci_complete * Parameterize default RSA key length for tests. * Reduce default RSA key size to 1024. ci_complete * Fix error. ci_complete * Use variable more often. * Use 2048 bits for RSA keys for certificates on RHEL8 and CentOS8. ci_complete * Fix missing constant. ci_complete * Print default key sizes.
2020-12-04 13:08:14 +00:00
size: '{{ default_rsa_key_size }}'
Initial commit
2020-03-09 13:11:34 +00:00
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
check_mode: yes
register: generate_csr_check
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
register: generate_csr
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
register: generate_csr_idempotent
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent, check mode)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
check_mode: yes
register: generate_csr_idempotent_check
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR without SAN (check mode)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr-nosan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
register: generate_csr_nosan_check
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR without SAN"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr-nosan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr-nosan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_nosan_check_idempotent
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR without SAN (idempotent, check mode)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr-nosan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
useCommonNameForSAN: no
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
register: generate_csr_nosan_check_idempotent_check
# keyUsage longname and shortname should be able to be used
# interchangeably. Hence the long name is specified here
# but the short name is used to test idempotency for ipsecuser
# and vice-versa for biometricInfo
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
CN: www.ansible.com
keyUsage:
- digitalSignature
- keyAgreement
extendedKeyUsage:
- qcStatements
- DVCS
- IPSec User
- biometricInfo
select_crypto_backend: '{{ select_crypto_backend }}'
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test idempotency)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: 'www.ansible.com'
keyUsage:
- Key Agreement
- digitalSignature
extendedKeyUsage:
- ipsecUser
- qcStatements
- DVCS
- Biometric Info
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_ku_xku
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test XKU change)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: 'www.ansible.com'
keyUsage:
- digitalSignature
- keyAgreement
extendedKeyUsage:
- ipsecUser
- qcStatements
- Biometric Info
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_ku_xku_change
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (test KU change)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: 'www.ansible.com'
keyUsage:
- digitalSignature
extendedKeyUsage:
- ipsecUser
- qcStatements
- Biometric Info
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_ku_xku_change_2
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with old API"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_oldapi.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (1/2)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csrinvsan.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject_alt_name: invalid-san.example.com
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_invalid_san
ignore_errors: yes
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with invalid SAN (2/2)"
openssl_csr: catch errors on bad SANs (#106) * Catch errors on bad SANs. * Add changelog fragment. * Adjust cryptography version and error message.
2020-09-08 04:24:30 +00:00
openssl_csr:
path: '{{ output_dir }}/csrinvsan2.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject_alt_name: "DNS:system:kube-controller-manager"
select_crypto_backend: '{{ select_crypto_backend }}'
register: generate_csr_invalid_san_2
ignore_errors: yes
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ocsp.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject_alt_name: "DNS:www.ansible.com"
ocsp_must_staple: true
select_crypto_backend: '{{ select_crypto_backend }}'
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with OCSP Must Staple (test idempotency)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ocsp.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject_alt_name: "DNS:www.ansible.com"
ocsp_must_staple: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_ocsp_idempotency
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate ECC privatekey"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_privatekey:
path: '{{ output_dir }}/privatekey2.pem'
type: ECC
curve: secp384r1
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with ECC privatekey"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr2.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with text common name"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr3.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
subject:
commonName: This is for Ansible
useCommonNameForSAN: no
select_crypto_backend: '{{ select_crypto_backend }}'
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with country name"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
country_name: de
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_idempotent_1
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
country_name: de
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_idempotent_2
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with country name (idempotent 2)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
subject:
C: de
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_idempotent_3
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with country name (bad country name)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
subject:
C: dex
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_fail_4
ignore_errors: yes
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate privatekey with password"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography
Speed up tests (#153) * Improve openssh_* tests. * Use 2048 instead of 4096 bit keys in many places. ci_complete * Parameterize default RSA key length for tests. * Reduce default RSA key size to 1024. ci_complete * Fix error. ci_complete * Use variable more often. * Use 2048 bits for RSA keys for certificates on RHEL8 and CentOS8. ci_complete * Fix missing constant. ci_complete * Print default key sizes.
2020-12-04 13:08:14 +00:00
size: '{{ default_rsa_key_size }}'
Initial commit
2020-03-09 13:11:34 +00:00
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_pw.csr'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
privatekey_passphrase: hunter2
select_crypto_backend: '{{ select_crypto_backend }}'
register: passphrase_1
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 1)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_pw1.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
privatekey_passphrase: hunter2
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
register: passphrase_error_1
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 2)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_pw2.csr'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
register: passphrase_error_2
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (failed passphrase 3)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_pw3.csr'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
register: passphrase_error_3
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Create broken CSR"
Initial commit
2020-03-09 13:11:34 +00:00
copy:
dest: "{{ output_dir }}/csrbroken.csr"
content: "broken"
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Regenerate broken CSR"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csrbroken.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
subject:
commonName: This is for Ansible
useCommonNameForSAN: no
select_crypto_backend: '{{ select_crypto_backend }}'
register: output_broken
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_1
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_2
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (change)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: ansible.com
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_3
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (remove)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
state: absent
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
return_content: yes
register: csr_backup_4
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (remove, idempotent)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_backup.csr'
state: absent
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: csr_backup_5
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
subject_key_identifier: "00:11:22:33"
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_1
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (idempotency)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
subject_key_identifier: "00:11:22:33"
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_2
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (change)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
subject_key_identifier: "44:55:66:77:88"
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_3
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
create_subject_key_identifier: yes
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_4
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (auto-create idempotency)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
create_subject_key_identifier: yes
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_5
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with subject key identifier (remove)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_ski.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: subject_key_identifier_6
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_aki.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
authority_key_identifier: "00:11:22:33"
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: authority_key_identifier_1
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (idempotency)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_aki.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
authority_key_identifier: "00:11:22:33"
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: authority_key_identifier_2
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (change)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_aki.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
authority_key_identifier: "44:55:66:77:88"
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: authority_key_identifier_3
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with authority key identifier (remove)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_aki.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: authority_key_identifier_4
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
authority_cert_issuer:
- "DNS:ca.example.org"
- "IP:1.2.3.4"
authority_cert_serial_number: 12345
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_1
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (idempotency)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
authority_cert_issuer:
- "DNS:ca.example.org"
- "IP:1.2.3.4"
authority_cert_serial_number: 12345
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_2
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change issuer)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
authority_cert_issuer:
- "IP:1.2.3.4"
- "DNS:ca.example.org"
authority_cert_serial_number: 12345
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_3
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (change serial number)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
authority_cert_issuer:
- "IP:1.2.3.4"
- "DNS:ca.example.org"
authority_cert_serial_number: 54321
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_4
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with authority cert issuer / serial number (remove)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_acisn.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
when: select_crypto_backend != 'pyopenssl'
register: authority_cert_issuer_sn_5
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with everything"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_everything.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.example.com
C: de
L: Somewhere
ST: Zurich
streetAddress: Welcome Street
O: Ansible
organizationalUnitName: Crypto Department
serialNumber: "1234"
SN: Last Name
GN: First Name
title: Chief
pseudonym: test
UID: asdf
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
key_usage:
- digitalSignature
- keyAgreement
- Non Repudiation
- Key Encipherment
- dataEncipherment
- Certificate Sign
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
Support arbitrary dotted notation for OIDs in cryptography backend (#91) * Support arbitrary dotted notation for OIDs in cryptography backend. * Add test. * Fix typos. * Fix order.
2020-07-21 13:33:05 +00:00
extended_key_usage: '{{ value_for_extended_key_usage if select_crypto_backend != "pyopenssl" else value_for_extended_key_usage_pyopenssl }}'
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
subject_alt_name: '{{ value_for_san if select_crypto_backend != "pyopenssl" else value_for_san_pyopenssl }}'
Initial commit
2020-03-09 13:11:34 +00:00
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
openssl_csr: add support for name constraints extension (#92) * Add support for name constraints extension to openssl_csr. * Linting. * Add tests. * Fix IP address general name handling.
2020-08-18 10:23:37 +00:00
name_constraints_permitted: '{{ value_for_name_constraints_permitted if select_crypto_backend != "pyopenssl" else value_for_name_constraints_permitted_pyopenssl }}'
name_constraints_excluded:
- "DNS:.example.com"
- "DNS:.org"
name_constraints_critical: yes
Initial commit
2020-03-09 13:11:34 +00:00
ocsp_must_staple: yes
subject_key_identifier: '{{ "00:11:22:33" if select_crypto_backend != "pyopenssl" else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if select_crypto_backend != "pyopenssl" else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if select_crypto_backend != "pyopenssl" else omit }}'
authority_cert_serial_number: '{{ 12345 if select_crypto_backend != "pyopenssl" else omit }}'
select_crypto_backend: '{{ select_crypto_backend }}'
vars:
Support arbitrary dotted notation for OIDs in cryptography backend (#91) * Support arbitrary dotted notation for OIDs in cryptography backend. * Add test. * Fix typos. * Fix order.
2020-07-21 13:33:05 +00:00
value_for_extended_key_usage_pyopenssl:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
- TLS Web Client Authentication
- Code Signing
- E-mail Protection
- timeStamping
- OCSPSigning
- Any Extended Key Usage
- qcStatements
- DVCS
- IPSec User
- biometricInfo
value_for_extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
- TLS Web Client Authentication
- Code Signing
- E-mail Protection
- timeStamping
- OCSPSigning
- Any Extended Key Usage
- qcStatements
- DVCS
- IPSec User
- biometricInfo
- 1.2.3.4.5.6
Initial commit
2020-03-09 13:11:34 +00:00
value_for_authority_cert_issuer:
- "DNS:ca.example.org"
- "IP:1.2.3.4"
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
value_for_san_pyopenssl:
- "DNS:www.ansible.com"
- "IP:1.2.3.4"
- "IP:::1"
- "email:test@example.org"
- "URI:https://example.org/test/index.html"
- "RID:1.2.3.4"
value_for_san:
- "DNS:www.ansible.com"
- "IP:1.2.3.4"
- "IP:::1"
- "email:test@example.org"
- "URI:https://example.org/test/index.html"
- "RID:1.2.3.4"
- "otherName:1.2.3.4;0c:07:63:65:72:74:72:65:71"
Support otherName in subAltName in CSR for UTF8 strings (#53) * Support otherName in subAltName in CSR for UTF8 strings * Remove uneeded docs and added changelog fragment * Missed a merge conflict * Fix up sanity issues and added test expectation * Rename function
2020-06-23 20:38:42 +00:00
- "otherName:1.3.6.1.4.1.311.20.2.3;UTF8:bob@localhost"
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
- "dirName:O = Example Net, CN = example.net"
- "dirName:/O=Example Com/CN=example.com"
openssl_csr: add support for name constraints extension (#92) * Add support for name constraints extension to openssl_csr. * Linting. * Add tests. * Fix IP address general name handling.
2020-08-18 10:23:37 +00:00
value_for_name_constraints_permitted:
- "DNS:www.example.com"
- "IP:1.2.3.0/24"
- "IP:::1:0:0/112"
value_for_name_constraints_permitted_pyopenssl:
- "DNS:www.example.com"
- "IP:1.2.3.0/255.255.255.0"
Initial commit
2020-03-09 13:11:34 +00:00
register: everything_1
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent, check mode)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_everything.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.example.com
C: de
L: Somewhere
ST: Zurich
streetAddress: Welcome Street
O: Ansible
organizationalUnitName: Crypto Department
serialNumber: "1234"
SN: Last Name
GN: First Name
title: Chief
pseudonym: test
UID: asdf
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
key_usage:
- digitalSignature
- keyAgreement
- Non Repudiation
- Key Encipherment
- dataEncipherment
- Certificate Sign
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
Support arbitrary dotted notation for OIDs in cryptography backend (#91) * Support arbitrary dotted notation for OIDs in cryptography backend. * Add test. * Fix typos. * Fix order.
2020-07-21 13:33:05 +00:00
extended_key_usage: '{{ value_for_extended_key_usage if select_crypto_backend != "pyopenssl" else value_for_extended_key_usage_pyopenssl }}'
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
subject_alt_name: '{{ value_for_san if select_crypto_backend != "pyopenssl" else value_for_san_pyopenssl }}'
Initial commit
2020-03-09 13:11:34 +00:00
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
openssl_csr: add support for name constraints extension (#92) * Add support for name constraints extension to openssl_csr. * Linting. * Add tests. * Fix IP address general name handling.
2020-08-18 10:23:37 +00:00
name_constraints_permitted: '{{ value_for_name_constraints_permitted if select_crypto_backend != "pyopenssl" else value_for_name_constraints_permitted_pyopenssl }}'
name_constraints_excluded:
- "DNS:.org"
- "DNS:.example.com"
name_constraints_critical: yes
Initial commit
2020-03-09 13:11:34 +00:00
ocsp_must_staple: yes
subject_key_identifier: '{{ "00:11:22:33" if select_crypto_backend != "pyopenssl" else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if select_crypto_backend != "pyopenssl" else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if select_crypto_backend != "pyopenssl" else omit }}'
authority_cert_serial_number: '{{ 12345 if select_crypto_backend != "pyopenssl" else omit }}'
select_crypto_backend: '{{ select_crypto_backend }}'
vars:
Support arbitrary dotted notation for OIDs in cryptography backend (#91) * Support arbitrary dotted notation for OIDs in cryptography backend. * Add test. * Fix typos. * Fix order.
2020-07-21 13:33:05 +00:00
value_for_extended_key_usage_pyopenssl:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
- TLS Web Client Authentication
- Code Signing
- E-mail Protection
- timeStamping
- OCSPSigning
- Any Extended Key Usage
- qcStatements
- DVCS
- IPSec User
- biometricInfo
value_for_extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
- TLS Web Client Authentication
- Code Signing
- E-mail Protection
- timeStamping
- OCSPSigning
- Any Extended Key Usage
- qcStatements
- DVCS
- IPSec User
- biometricInfo
- 1.2.3.4.5.6
Initial commit
2020-03-09 13:11:34 +00:00
value_for_authority_cert_issuer:
- "DNS:ca.example.org"
- "IP:1.2.3.4"
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
value_for_san_pyopenssl:
- "DNS:www.ansible.com"
- "IP:1.2.3.4"
- "IP:::1"
- "email:test@example.org"
- "URI:https://example.org/test/index.html"
- "RID:1.2.3.4"
value_for_san:
- "DNS:www.ansible.com"
- "IP:1.2.3.4"
- "IP:::1"
- "email:test@example.org"
- "URI:https://example.org/test/index.html"
- "RID:1.2.3.4"
- "otherName:1.2.3.4;0c:07:63:65:72:74:72:65:71"
Support otherName in subAltName in CSR for UTF8 strings (#53) * Support otherName in subAltName in CSR for UTF8 strings * Remove uneeded docs and added changelog fragment * Missed a merge conflict * Fix up sanity issues and added test expectation * Rename function
2020-06-23 20:38:42 +00:00
- "otherName:1.3.6.1.4.1.311.20.2.3;UTF8:bob@localhost"
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
- "dirName:O=Example Net,CN=example.net"
- "dirName:/O = Example Com/CN = example.com"
openssl_csr: add support for name constraints extension (#92) * Add support for name constraints extension to openssl_csr. * Linting. * Add tests. * Fix IP address general name handling.
2020-08-18 10:23:37 +00:00
value_for_name_constraints_permitted:
- "DNS:www.example.com"
- "IP:1.2.3.0/255.255.255.0"
- "IP:0::0:1:0:0/112"
value_for_name_constraints_permitted_pyopenssl:
- "DNS:www.example.com"
- "IP:1.2.3.0/255.255.255.0"
Initial commit
2020-03-09 13:11:34 +00:00
check_mode: yes
register: everything_2
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR with everything (idempotent)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_everything.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.example.com
C: de
L: Somewhere
ST: Zurich
streetAddress: Welcome Street
O: Ansible
organizationalUnitName: Crypto Department
serialNumber: "1234"
SN: Last Name
GN: First Name
title: Chief
pseudonym: test
UID: asdf
emailAddress: test@example.com
postalAddress: 1234 Somewhere
postalCode: "1234"
useCommonNameForSAN: no
key_usage:
- digitalSignature
- keyAgreement
- Non Repudiation
- Key Encipherment
- dataEncipherment
- Certificate Sign
- cRLSign
- Encipher Only
- decipherOnly
key_usage_critical: yes
Support arbitrary dotted notation for OIDs in cryptography backend (#91) * Support arbitrary dotted notation for OIDs in cryptography backend. * Add test. * Fix typos. * Fix order.
2020-07-21 13:33:05 +00:00
extended_key_usage: '{{ value_for_extended_key_usage if select_crypto_backend != "pyopenssl" else value_for_extended_key_usage_pyopenssl }}'
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
subject_alt_name: '{{ value_for_san if select_crypto_backend != "pyopenssl" else value_for_san_pyopenssl }}'
Initial commit
2020-03-09 13:11:34 +00:00
basic_constraints:
- "CA:TRUE"
- "pathlen:23"
basic_constraints_critical: yes
openssl_csr: add support for name constraints extension (#92) * Add support for name constraints extension to openssl_csr. * Linting. * Add tests. * Fix IP address general name handling.
2020-08-18 10:23:37 +00:00
name_constraints_permitted: '{{ value_for_name_constraints_permitted if select_crypto_backend != "pyopenssl" else value_for_name_constraints_permitted_pyopenssl }}'
name_constraints_excluded:
- "DNS:.org"
- "DNS:.example.com"
name_constraints_critical: yes
Initial commit
2020-03-09 13:11:34 +00:00
ocsp_must_staple: yes
subject_key_identifier: '{{ "00:11:22:33" if select_crypto_backend != "pyopenssl" else omit }}'
authority_key_identifier: '{{ "44:55:66:77" if select_crypto_backend != "pyopenssl" else omit }}'
authority_cert_issuer: '{{ value_for_authority_cert_issuer if select_crypto_backend != "pyopenssl" else omit }}'
authority_cert_serial_number: '{{ 12345 if select_crypto_backend != "pyopenssl" else omit }}'
select_crypto_backend: '{{ select_crypto_backend }}'
vars:
Support arbitrary dotted notation for OIDs in cryptography backend (#91) * Support arbitrary dotted notation for OIDs in cryptography backend. * Add test. * Fix typos. * Fix order.
2020-07-21 13:33:05 +00:00
value_for_extended_key_usage_pyopenssl:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
- TLS Web Client Authentication
- Code Signing
- E-mail Protection
- timeStamping
- OCSPSigning
- Any Extended Key Usage
- qcStatements
- DVCS
- IPSec User
- biometricInfo
value_for_extended_key_usage:
- serverAuth # the same as "TLS Web Server Authentication"
- TLS Web Server Authentication
- TLS Web Client Authentication
- Code Signing
- E-mail Protection
- timeStamping
- OCSPSigning
- Any Extended Key Usage
- qcStatements
- DVCS
- IPSec User
- biometricInfo
- 1.2.3.4.5.6
Initial commit
2020-03-09 13:11:34 +00:00
value_for_authority_cert_issuer:
- "DNS:ca.example.org"
- "IP:1.2.3.4"
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
value_for_san_pyopenssl:
- "DNS:www.ansible.com"
- "IP:1.2.3.4"
- "IP:::1"
- "email:test@example.org"
- "URI:https://example.org/test/index.html"
- "RID:1.2.3.4"
value_for_san:
- "DNS:www.ansible.com"
- "IP:1.2.3.4"
- "IP:::1"
- "email:test@example.org"
- "URI:https://example.org/test/index.html"
- "RID:1.2.3.4"
- "otherName:1.2.3.4;0c:07:63:65:72:74:72:65:71"
Support otherName in subAltName in CSR for UTF8 strings (#53) * Support otherName in subAltName in CSR for UTF8 strings * Remove uneeded docs and added changelog fragment * Missed a merge conflict * Fix up sanity issues and added test expectation * Rename function
2020-06-23 20:38:42 +00:00
- "otherName:1.3.6.1.4.1.311.20.2.3;UTF8:bob@localhost"
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
- "dirName:O =Example Net, CN= example.net"
- "dirName:/O =Example Com/CN= example.com"
openssl_csr: add support for name constraints extension (#92) * Add support for name constraints extension to openssl_csr. * Linting. * Add tests. * Fix IP address general name handling.
2020-08-18 10:23:37 +00:00
value_for_name_constraints_permitted:
- "DNS:www.example.com"
- "IP:1.2.3.0/255.255.255.0"
- "IP:0::0:1:0:0/112"
value_for_name_constraints_permitted_pyopenssl:
- "DNS:www.example.com"
- "IP:1.2.3.0/255.255.255.0"
Initial commit
2020-03-09 13:11:34 +00:00
register: everything_3
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Get info from CSR with everything"
cryptography backend: parse dirName, RID and otherName names (#9)
2020-06-21 20:47:48 +00:00
community.crypto.openssl_csr_info:
path: '{{ output_dir }}/csr_everything.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: everything_info
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Ed25519 and Ed448 tests (for cryptography >= 2.6)"
Initial commit
2020-03-09 13:11:34 +00:00
block:
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate privatekeys"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_privatekey:
path: '{{ output_dir }}/privatekey_{{ item }}.pem'
type: '{{ item }}'
loop:
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448_privatekey
ignore_errors: yes
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR if private key generation succeeded"
Initial commit
2020-03-09 13:11:34 +00:00
when: generate_csr_ed25519_ed448_privatekey is not failed
block:
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448
ignore_errors: yes
Always show current backend during tests in `name:`. (#118) * Always show current backend during tests. * Remove double prefix.
2020-10-09 09:10:53 +00:00
- name: "({{ select_crypto_backend }}) Generate CSR (idempotent)"
Initial commit
2020-03-09 13:11:34 +00:00
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: generate_csr_ed25519_ed448_idempotent
ignore_errors: yes
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')
openssl_csr: allow to specify CRL distribution endpoints (#167) * Improve error messages for name decoding (not all names appear in SANs). * Refactor DN parsing, add relative DN parsing code. * Allow to specify CRL distribution points. * Add changelog fragment. * Fix typo. * Make sure value argument to x509.NameAttribute is a text. * Update changelogs/fragments/167-openssl_csr-crl-distribution-points.yml Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Add example. Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2021-01-26 08:57:40 +00:00
- name: "({{ select_crypto_backend }}) CRL distribution endpoints (for cryptography >= 1.6)"
block:
- name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints"
openssl_csr:
path: '{{ output_dir }}/csr_crl_d_e.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
crl_distribution_points:
- full_name:
- "URI:https://ca.example.com/revocations.crl"
crl_issuer:
- "URI:https://ca.example.com/"
reasons:
- key_compromise
- ca_compromise
- cessation_of_operation
- relative_name:
- CN=ca.example.com
reasons:
- certificate_hold
- {}
select_crypto_backend: '{{ select_crypto_backend }}'
register: crl_distribution_endpoints_1
- name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (idempotence)"
openssl_csr:
path: '{{ output_dir }}/csr_crl_d_e.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
crl_distribution_points:
- full_name:
- "URI:https://ca.example.com/revocations.crl"
crl_issuer:
- "URI:https://ca.example.com/"
reasons:
- key_compromise
- ca_compromise
- cessation_of_operation
- relative_name:
- CN=ca.example.com
reasons:
- certificate_hold
- {}
select_crypto_backend: '{{ select_crypto_backend }}'
register: crl_distribution_endpoints_2
- name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (change)"
openssl_csr:
path: '{{ output_dir }}/csr_crl_d_e.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
crl_distribution_points:
- full_name:
- "URI:https://ca.example.com/revocations.crl"
crl_issuer:
- "URI:https://ca.example.com/"
reasons:
- key_compromise
- ca_compromise
- cessation_of_operation
- relative_name:
- CN=ca.example.com
reasons:
- certificate_hold
select_crypto_backend: '{{ select_crypto_backend }}'
register: crl_distribution_endpoints_3
- name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints (no endpoints)"
openssl_csr:
path: '{{ output_dir }}/csr_crl_d_e.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
register: crl_distribution_endpoints_4
- name: "({{ select_crypto_backend }}) Create CSR with CRL distribution endpoints"
openssl_csr:
path: '{{ output_dir }}/csr_crl_d_e.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject:
commonName: www.ansible.com
crl_distribution_points:
- full_name:
- "URI:https://ca.example.com/revocations.crl"
select_crypto_backend: '{{ select_crypto_backend }}'
register: crl_distribution_endpoints_5
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('1.6', '>=')