2020-03-09 13:11:34 +00:00
---
- debug :
msg : "Executing tests with backend {{ select_crypto_backend }}"
- name : ({{select_crypto_backend}}) Get certificate info
2020-04-06 12:34:24 +00:00
x509_certificate_info :
2021-09-07 20:37:40 +00:00
path : '{{ remote_tmp_dir }}/cert_1.pem'
2020-03-09 13:11:34 +00:00
select_crypto_backend : '{{ select_crypto_backend }}'
register : result
- name : Check whether issuer and subject behave as expected
assert :
that :
- result.issuer.organizationalUnitName == 'ACME Department'
- "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered"
- "['organizationalUnitName', 'ACME Department'] in result.issuer_ordered"
- result.subject.organizationalUnitName == 'ACME Department'
- "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
- "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
2021-05-19 12:02:45 +00:00
- result.public_key_type == 'RSA'
- result.public_key_data.size == (default_rsa_key_size_certifiates | int)
2020-03-09 13:11:34 +00:00
- name : Check SubjectKeyIdentifier and AuthorityKeyIdentifier
assert :
that :
- result.subject_key_identifier == "00:11:22:33"
- result.authority_key_identifier == "44:55:66:77"
- result.authority_cert_issuer == expected_authority_cert_issuer
- result.authority_cert_serial_number == 12345
vars :
expected_authority_cert_issuer :
- "DNS:ca.example.org"
- "IP:1.2.3.4"
2021-09-28 15:46:35 +00:00
when : cryptography_version.stdout is version('1.3', '>=')
2020-03-09 13:11:34 +00:00
2021-09-07 20:37:40 +00:00
- name : ({{select_crypto_backend}}) Read file
slurp :
src : '{{ remote_tmp_dir }}/cert_1.pem'
register : slurp
2020-03-09 13:11:34 +00:00
- name : ({{select_crypto_backend}}) Get certificate info directly
2020-04-06 12:34:24 +00:00
x509_certificate_info :
2021-09-07 20:37:40 +00:00
content : '{{ slurp.content | b64decode }}'
2020-03-09 13:11:34 +00:00
select_crypto_backend : '{{ select_crypto_backend }}'
register : result_direct
- name : ({{select_crypto_backend}}) Compare output of direct and loaded info
assert :
that :
- result == result_direct
- name : ({{select_crypto_backend}}) Get certificate info
2020-04-06 12:34:24 +00:00
x509_certificate_info :
2021-09-07 20:37:40 +00:00
path : '{{ remote_tmp_dir }}/cert_2.pem'
2020-03-09 13:11:34 +00:00
select_crypto_backend : '{{ select_crypto_backend }}'
valid_at :
today : "+0d"
past : "20190101235901Z"
twentydays : "+20d"
register : result
- assert :
that :
- result.valid_at.today
- not result.valid_at.past
- not result.valid_at.twentydays
- name : ({{select_crypto_backend}}) Get certificate info
2020-04-06 12:34:24 +00:00
x509_certificate_info :
2021-09-07 20:37:40 +00:00
path : '{{ remote_tmp_dir }}/cert_3.pem'
2020-03-09 13:11:34 +00:00
select_crypto_backend : '{{ select_crypto_backend }}'
register : result
- name : Check AuthorityKeyIdentifier
assert :
that :
- result.authority_key_identifier is none
- result.authority_cert_issuer == expected_authority_cert_issuer
- result.authority_cert_serial_number == 12345
vars :
expected_authority_cert_issuer :
- "DNS:ca.example.org"
- "IP:1.2.3.4"
2021-09-28 15:46:35 +00:00
when : cryptography_version.stdout is version('1.3', '>=')
2020-03-09 13:11:34 +00:00
- name : ({{select_crypto_backend}}) Get certificate info
2020-04-06 12:34:24 +00:00
x509_certificate_info :
2021-09-07 20:37:40 +00:00
path : '{{ remote_tmp_dir }}/cert_4.pem'
2020-03-09 13:11:34 +00:00
select_crypto_backend : '{{ select_crypto_backend }}'
register : result
- name : Check AuthorityKeyIdentifier
assert :
that :
- result.authority_key_identifier == "44:55:66:77"
- result.authority_cert_issuer is none
- result.authority_cert_serial_number is none
2021-09-28 15:46:35 +00:00
when : cryptography_version.stdout is version('1.3', '>=')
2020-03-09 13:11:34 +00:00
2021-09-07 20:37:40 +00:00
- name : Copy packed cert 1 to remote
copy :
src : cert1.pem
dest : '{{ remote_tmp_dir }}/packed-cert-1.pem'
2020-03-09 13:11:34 +00:00
- name : ({{select_crypto_backend}}) Get certificate info for packaged cert 1
2020-04-06 12:34:24 +00:00
x509_certificate_info :
2021-09-07 20:37:40 +00:00
path : '{{ remote_tmp_dir }}/packed-cert-1.pem'
2020-03-09 13:11:34 +00:00
select_crypto_backend : '{{ select_crypto_backend }}'
register : result
- assert :
that :
- "'ocsp_uri' in result"
- "result.ocsp_uri == 'http://ocsp.int-x3.letsencrypt.org'"
2020-10-13 08:41:09 +00:00
- name : Check fingerprints
assert :
that :
- (result.fingerprints.sha256 == '57:7c:f1:f5:dd:cc:6e:e9:f3:17:28:73:17:e4:25:c7:69:74:3e:f7:9a:df:58:20:7a:5a:e4:aa:de:bf:24:5b' if result.fingerprints.sha256 is defined else true)
- (result.fingerprints.sha1 == 'b7:79:64:f4:2b:e0:ae:45:74:d4:f3:08:f6:53:cb:39:26:fa:52:6b' if result.fingerprints.sha1 is defined else true)
