Speed up tests (#153)
* Improve openssh_* tests. * Use 2048 instead of 4096 bit keys in many places. ci_complete * Parameterize default RSA key length for tests. * Reduce default RSA key size to 1024. ci_complete * Fix error. ci_complete * Use variable more often. * Use 2048 bits for RSA keys for certificates on RHEL8 and CentOS8. ci_complete * Fix missing constant. ci_complete * Print default key sizes.pull/154/head
Felix Fontein
GitHub
parent
d7ad3e32d4
commit
4d8dcad190
|
|
@ -4,8 +4,8 @@
|
|||
command: "{{ openssl_binary }} ecparam -name prime256v1 -genkey -out {{ output_dir }}/account-ec256.pem"
|
||||
- name: Create ECC384 account key
|
||||
command: "{{ openssl_binary }} ecparam -name secp384r1 -genkey -out {{ output_dir }}/account-ec384.pem"
|
||||
- name: Create RSA-2048 account key
|
||||
command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/account-rsa2048.pem 2048"
|
||||
- name: Create RSA account key
|
||||
command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/account-rsa.pem {{ default_rsa_key_size }}"
|
||||
## SET UP ACCOUNTS ############################################################################
|
||||
- name: Make sure ECC256 account hasn't been created yet
|
||||
acme_account:
|
||||
|
|
@ -28,13 +28,13 @@
|
|||
contact:
|
||||
- mailto:example@example.org
|
||||
- mailto:example@example.com
|
||||
- name: Create RSA-2048 account
|
||||
- name: Create RSA account
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
validate_certs: no
|
||||
account_key_src: "{{ output_dir }}/account-rsa2048.pem"
|
||||
account_key_src: "{{ output_dir }}/account-rsa.pem"
|
||||
state: present
|
||||
allow_creation: yes
|
||||
terms_agreed: yes
|
||||
|
|
@ -46,7 +46,7 @@
|
|||
certgen_title: Certificate 1
|
||||
certificate_name: cert-1
|
||||
key_type: rsa
|
||||
rsa_bits: 2048
|
||||
rsa_bits: "{{ default_rsa_key_size }}"
|
||||
subject_alt_name: "DNS:example.com"
|
||||
subject_alt_name_critical: no
|
||||
account_key: account-ec256
|
||||
|
|
@ -107,7 +107,7 @@
|
|||
key_type: ec384
|
||||
subject_alt_name: "DNS:*.example.com,DNS:example.org,DNS:t1.example.com"
|
||||
subject_alt_name_critical: no
|
||||
account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa2048.pem') }}"
|
||||
account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa.pem') }}"
|
||||
challenge: dns-01
|
||||
modify_account: no
|
||||
deactivate_authzs: no
|
||||
|
|
@ -131,10 +131,10 @@
|
|||
certgen_title: Certificate 4
|
||||
certificate_name: cert-4
|
||||
key_type: rsa
|
||||
rsa_bits: 2048
|
||||
rsa_bits: "{{ default_rsa_key_size }}"
|
||||
subject_alt_name: "DNS:example.com,DNS:t1.example.com,DNS:test.t2.example.com,DNS:example.org,DNS:test.example.org"
|
||||
subject_alt_name_critical: no
|
||||
account_key: account-rsa2048
|
||||
account_key: account-rsa
|
||||
challenge: http-01
|
||||
modify_account: no
|
||||
deactivate_authzs: yes
|
||||
|
|
@ -242,7 +242,7 @@
|
|||
certgen_title: Certificate 6
|
||||
certificate_name: cert-6
|
||||
key_type: rsa
|
||||
rsa_bits: 2048
|
||||
rsa_bits: "{{ default_rsa_key_size }}"
|
||||
subject_alt_name: "DNS:example.org"
|
||||
subject_alt_name_critical: no
|
||||
account_key: account-ec256
|
||||
|
|
@ -274,7 +274,7 @@
|
|||
certgen_title: Certificate 7
|
||||
certificate_name: cert-7
|
||||
key_type: rsa
|
||||
rsa_bits: 2048
|
||||
rsa_bits: "{{ default_rsa_key_size }}"
|
||||
subject_alt_name:
|
||||
- "IP:127.0.0.1"
|
||||
# - "IP:::1"
|
||||
|
|
@ -302,7 +302,7 @@
|
|||
certgen_title: Certificate 8
|
||||
certificate_name: cert-8
|
||||
key_type: rsa
|
||||
rsa_bits: 2048
|
||||
rsa_bits: "{{ default_rsa_key_size }}"
|
||||
subject_alt_name:
|
||||
- "IP:127.0.0.1"
|
||||
# IPv4 only since our test validation server doesn't work
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@
|
|||
command: "{{ openssl_binary }} ecparam -name prime256v1 -genkey -out {{ output_dir }}/account-ec256.pem"
|
||||
- name: Create ECC384 account key
|
||||
command: "{{ openssl_binary }} ecparam -name secp384r1 -genkey -out {{ output_dir }}/account-ec384.pem"
|
||||
- name: Create RSA-2048 account key
|
||||
command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/account-rsa2048.pem 2048"
|
||||
- name: Create RSA account key
|
||||
command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/account-rsa.pem {{ default_rsa_key_size }}"
|
||||
## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
|
||||
- name: Obtain cert 1
|
||||
include_tasks: obtain-cert.yml
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
certgen_title: Certificate 1 for revocation
|
||||
certificate_name: cert-1
|
||||
key_type: rsa
|
||||
rsa_bits: 2048
|
||||
rsa_bits: "{{ default_rsa_key_size }}"
|
||||
subject_alt_name: "DNS:example.com"
|
||||
subject_alt_name_critical: no
|
||||
account_key_content: "{{ lookup('file', output_dir ~ '/account-ec256.pem') }}"
|
||||
|
|
@ -48,7 +48,7 @@
|
|||
key_type: ec384
|
||||
subject_alt_name: "DNS:t1.example.com"
|
||||
subject_alt_name_critical: no
|
||||
account_key: account-rsa2048
|
||||
account_key: account-rsa
|
||||
challenge: dns-01
|
||||
modify_account: yes
|
||||
deactivate_authzs: no
|
||||
|
|
@ -80,7 +80,7 @@
|
|||
- name: Revoke certificate 3 via account key (fullchain)
|
||||
acme_certificate_revoke:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa2048.pem') }}"
|
||||
account_key_content: "{{ lookup('file', output_dir ~ '/account-rsa.pem') }}"
|
||||
certificate: "{{ output_dir }}/cert-3-fullchain.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
certgen_title: Certificate 1
|
||||
certificate_name: cert-1
|
||||
key_type: rsa
|
||||
rsa_bits: 2048
|
||||
rsa_bits: "{{ default_rsa_key_size }}"
|
||||
subject_alt_name: "DNS:example.com"
|
||||
subject_alt_name_critical: no
|
||||
account_key: account-ec256
|
||||
|
|
|
|||
|
|
@ -6,24 +6,11 @@
|
|||
- name: openssh_cert integration tests
|
||||
when: not (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6")
|
||||
block:
|
||||
- name: Generate keypair (check mode)
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/id_key'
|
||||
type: rsa
|
||||
check_mode: yes
|
||||
- name: Generate keypair
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/id_key'
|
||||
type: rsa
|
||||
- name: Generate keypair (idempotent)
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/id_key'
|
||||
type: rsa
|
||||
- name: Generate keypair (idempotent, check mode)
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/id_key'
|
||||
type: rsa
|
||||
check_mode: yes
|
||||
size: 2048
|
||||
- name: Generate always valid cert (check mode)
|
||||
openssh_cert:
|
||||
type: user
|
||||
|
|
@ -393,24 +380,10 @@
|
|||
#valid_from: "2001-01-21"
|
||||
#valid_to: "2019-01-21"
|
||||
check_mode: yes
|
||||
- name: Remove keypair (check mode)
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/id_key'
|
||||
state: absent
|
||||
check_mode: yes
|
||||
- name: Remove keypair
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/id_key'
|
||||
state: absent
|
||||
- name: Remove keypair (idempotent)
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/id_key'
|
||||
state: absent
|
||||
- name: Remove keypair (idempotent, check mode)
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/id_key'
|
||||
state: absent
|
||||
check_mode: yes
|
||||
|
||||
- name: openssh_cert integration tests that require ssh-agent
|
||||
when: openssh_version is version("7.6",">=")
|
||||
|
|
@ -421,6 +394,7 @@
|
|||
openssh_keypair:
|
||||
path: '{{ output_dir }}/id_key'
|
||||
type: rsa
|
||||
size: 2048
|
||||
- name: Generate always valid cert using agent without key in agent (should fail)
|
||||
openssh_cert:
|
||||
type: user
|
||||
|
|
|
|||
|
|
@ -4,20 +4,35 @@
|
|||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- name: Generate privatekey1 - standard (check mode)
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey1'
|
||||
size: 2048
|
||||
register: privatekey1_result_check
|
||||
check_mode: true
|
||||
|
||||
- name: Generate privatekey1 - standard
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey1'
|
||||
size: 2048
|
||||
register: privatekey1_result
|
||||
|
||||
- name: Generate privatekey1 - standard (check mode idempotent)
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey1'
|
||||
size: 2048
|
||||
register: privatekey1_idem_result_check
|
||||
check_mode: true
|
||||
|
||||
- name: Generate privatekey1 - standard (idempotent)
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey1'
|
||||
size: 2048
|
||||
register: privatekey1_idem_result
|
||||
|
||||
- name: Generate privatekey2 - size 2048
|
||||
- name: Generate privatekey2 - default size
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey2'
|
||||
size: 2048
|
||||
|
||||
- name: Generate privatekey3 - type dsa
|
||||
openssh_keypair:
|
||||
|
|
@ -27,6 +42,7 @@
|
|||
- name: Generate privatekey4 - standard
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey4'
|
||||
size: 2048
|
||||
|
||||
- name: Delete privatekey4 - standard
|
||||
openssh_keypair:
|
||||
|
|
@ -36,17 +52,20 @@
|
|||
- name: Generate privatekey5 - standard
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey5'
|
||||
size: 2048
|
||||
register: publickey_gen
|
||||
|
||||
- name: Generate privatekey6
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey6'
|
||||
type: rsa
|
||||
size: 2048
|
||||
|
||||
- name: Regenerate privatekey6 via force
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey6'
|
||||
type: rsa
|
||||
size: 2048
|
||||
force: yes
|
||||
register: output_regenerated_via_force
|
||||
|
||||
|
|
@ -63,6 +82,7 @@
|
|||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekeybroken'
|
||||
type: rsa
|
||||
size: 2048
|
||||
register: output_broken
|
||||
ignore_errors: yes
|
||||
|
||||
|
|
@ -71,6 +91,7 @@
|
|||
path: '{{ output_dir }}/privatekeybroken'
|
||||
type: rsa
|
||||
force: yes
|
||||
size: 2048
|
||||
register: output_broken_force
|
||||
|
||||
- name: Generate read-only private key
|
||||
|
|
@ -78,24 +99,28 @@
|
|||
path: '{{ output_dir }}/privatekeyreadonly'
|
||||
type: rsa
|
||||
mode: '0200'
|
||||
size: 2048
|
||||
|
||||
- name: Regenerate read-only private key via force
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekeyreadonly'
|
||||
type: rsa
|
||||
force: yes
|
||||
size: 2048
|
||||
register: output_read_only
|
||||
|
||||
- name: Generate privatekey7 - standard with comment
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey7'
|
||||
comment: 'test@privatekey7'
|
||||
size: 2048
|
||||
register: privatekey7_result
|
||||
|
||||
- name: Modify privatekey7 comment
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey7'
|
||||
comment: 'test_modified@privatekey7'
|
||||
size: 2048
|
||||
register: privatekey7_modified_result
|
||||
|
||||
- name: Generate password protected key
|
||||
|
|
@ -104,6 +129,7 @@
|
|||
- name: Try to modify the password protected key - should fail
|
||||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey8'
|
||||
size: 2048
|
||||
register: privatekey8_result
|
||||
ignore_errors: yes
|
||||
|
||||
|
|
@ -111,6 +137,7 @@
|
|||
openssh_keypair:
|
||||
path: '{{ output_dir }}/privatekey8'
|
||||
force: yes
|
||||
size: 2048
|
||||
register: privatekey8_result_force
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
|
|
|||
|
|
@ -3,6 +3,14 @@
|
|||
debug:
|
||||
var: privatekey1_result
|
||||
|
||||
- name: Validate general behavior
|
||||
assert:
|
||||
that:
|
||||
- privatekey1_result_check is changed
|
||||
- privatekey1_result is changed
|
||||
- privatekey1_idem_result_check is not changed
|
||||
- privatekey1_idem_result is not changed
|
||||
|
||||
- name: Validate privatekey1 return fingerprint
|
||||
assert:
|
||||
that:
|
||||
|
|
@ -21,7 +29,7 @@
|
|||
assert:
|
||||
that:
|
||||
- privatekey1_result["size"]|type_debug == 'int'
|
||||
- privatekey1_result["size"] == 4096
|
||||
- privatekey1_result["size"] == 2048
|
||||
|
||||
- name: Validate privatekey1 return key type
|
||||
assert:
|
||||
|
|
@ -29,14 +37,14 @@
|
|||
- privatekey1_result["type"] is string
|
||||
- privatekey1_result["type"] == "rsa"
|
||||
|
||||
- name: Validate privatekey1 (test - RSA key with size 4096 bits)
|
||||
- name: Validate privatekey1 (test - RSA key with size 2048 bits)
|
||||
shell: "ssh-keygen -lf {{ output_dir }}/privatekey1 | grep -o -E '^[0-9]+'"
|
||||
register: privatekey1
|
||||
|
||||
- name: Validate privatekey1 (assert - RSA key with size 4096 bits)
|
||||
- name: Validate privatekey1 (assert - RSA key with size 2048 bits)
|
||||
assert:
|
||||
that:
|
||||
- privatekey1.stdout == '4096'
|
||||
- privatekey1.stdout == '2048'
|
||||
|
||||
- name: Validate privatekey1 idempotence
|
||||
assert:
|
||||
|
|
@ -44,14 +52,14 @@
|
|||
- privatekey1_idem_result is not changed
|
||||
|
||||
|
||||
- name: Validate privatekey2 (test - RSA key with size 2048 bits)
|
||||
- name: Validate privatekey2 (test - RSA key with default size 4096 bits)
|
||||
shell: "ssh-keygen -lf {{ output_dir }}/privatekey2 | grep -o -E '^[0-9]+'"
|
||||
register: privatekey2
|
||||
|
||||
- name: Validate privatekey2 (assert - RSA key with size 2048 bits)
|
||||
- name: Validate privatekey2 (assert - RSA key with size 4096 bits)
|
||||
assert:
|
||||
that:
|
||||
- privatekey2.stdout == '2048'
|
||||
- privatekey2.stdout == '4096'
|
||||
|
||||
|
||||
- name: Validate privatekey3 (test - DSA key with size 1024 bits)
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Generate privatekey"
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
|
||||
openssl_csr:
|
||||
|
|
@ -261,6 +262,7 @@
|
|||
passphrase: hunter2
|
||||
cipher: auto
|
||||
select_crypto_backend: cryptography
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Generate CSR with privatekey passphrase"
|
||||
openssl_csr:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
- name: Prepare private key for backend autodetection test
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_backend_selection.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
- name: Run module with backend autodetection
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr_backend_selection.csr'
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
- name: Generate privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: Generate privatekey with password
|
||||
openssl_privatekey:
|
||||
|
|
@ -14,6 +15,7 @@
|
|||
passphrase: hunter2
|
||||
cipher: auto
|
||||
select_crypto_backend: cryptography
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: Generate CSR 1
|
||||
openssl_csr:
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Generate privatekey"
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Generate CSR (check mode)"
|
||||
openssl_csr_pipe:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
- name: Prepare private key for backend autodetection test
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_backend_selection.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
- name: Run module with backend autodetection
|
||||
openssl_csr_pipe:
|
||||
privatekey_path: '{{ output_dir }}/privatekey_backend_selection.pem'
|
||||
|
|
|
|||
|
|
@ -2,12 +2,15 @@
|
|||
- name: Generate privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/ansible_pkey.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
- name: Generate privatekey2
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/ansible_pkey2.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
- name: Generate privatekey3
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/ansible_pkey3.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
- name: Generate CSR
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/ansible.csr'
|
||||
|
|
@ -137,6 +140,7 @@
|
|||
path: '{{ output_dir }}/privatekeypw.pem'
|
||||
passphrase: hunter2
|
||||
cipher: auto
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: cryptography
|
||||
- name: Generate PKCS#12 file (password fail 1)
|
||||
openssl_pkcs12:
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Generate privatekey4 - standard"
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey4.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Delete privatekey4 - standard"
|
||||
|
|
@ -51,6 +52,7 @@
|
|||
path: '{{ output_dir }}/privatekey5.pem'
|
||||
passphrase: ansible
|
||||
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Generate privatekey5 - standard - idempotence"
|
||||
|
|
@ -58,6 +60,7 @@
|
|||
path: '{{ output_dir }}/privatekey5.pem'
|
||||
passphrase: ansible
|
||||
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey5_idempotence
|
||||
|
||||
|
|
@ -66,6 +69,7 @@
|
|||
path: '{{ output_dir }}/privatekey6.pem'
|
||||
passphrase: ànsïblé
|
||||
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
|
||||
- set_fact:
|
||||
|
|
@ -202,6 +206,7 @@
|
|||
path: '{{ output_dir }}/privatekeypw.pem'
|
||||
passphrase: hunter2
|
||||
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
backup: yes
|
||||
register: passphrase_1
|
||||
|
|
@ -211,6 +216,7 @@
|
|||
path: '{{ output_dir }}/privatekeypw.pem'
|
||||
passphrase: hunter2
|
||||
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
backup: yes
|
||||
register: passphrase_2
|
||||
|
|
@ -218,6 +224,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase"
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekeypw.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
backup: yes
|
||||
register: passphrase_3
|
||||
|
|
@ -225,6 +232,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Regenerate privatekey without passphrase (idempotent)"
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekeypw.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
backup: yes
|
||||
register: passphrase_4
|
||||
|
|
@ -234,6 +242,7 @@
|
|||
path: '{{ output_dir }}/privatekeypw.pem'
|
||||
passphrase: hunter2
|
||||
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
backup: yes
|
||||
register: passphrase_5
|
||||
|
|
@ -245,6 +254,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Regenerate broken key"
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/broken.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: output_broken
|
||||
|
||||
|
|
@ -253,6 +263,7 @@
|
|||
path: '{{ output_dir }}/privatekeypw.pem'
|
||||
passphrase: hunter2
|
||||
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
backup: yes
|
||||
state: absent
|
||||
|
|
@ -263,6 +274,7 @@
|
|||
path: '{{ output_dir }}/privatekeypw.pem'
|
||||
passphrase: hunter2
|
||||
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
backup: yes
|
||||
state: absent
|
||||
|
|
@ -272,6 +284,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_mode.pem'
|
||||
mode: '0400'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_mode_1
|
||||
- name: "({{ select_crypto_backend }}) Stat for privatekey_mode"
|
||||
|
|
@ -283,6 +296,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_mode.pem'
|
||||
mode: '0400'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_mode_2
|
||||
|
||||
|
|
@ -298,6 +312,7 @@
|
|||
path: '{{ output_dir }}/privatekey_mode.pem'
|
||||
mode: '0400'
|
||||
force: yes
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_mode_3
|
||||
- name: "({{ select_crypto_backend }}) Stat for privatekey_mode"
|
||||
|
|
@ -310,6 +325,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_fmt_1.pem'
|
||||
format: auto
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_fmt_1_step_1
|
||||
|
||||
|
|
@ -317,6 +333,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_fmt_1.pem'
|
||||
format: auto
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_fmt_1_step_2
|
||||
|
||||
|
|
@ -324,6 +341,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_fmt_1.pem'
|
||||
format: pkcs1
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_fmt_1_step_3
|
||||
|
||||
|
|
@ -331,6 +349,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_fmt_1.pem'
|
||||
format: pkcs8
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_fmt_1_step_4
|
||||
|
||||
|
|
@ -338,6 +357,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_fmt_1.pem'
|
||||
format: pkcs8
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_fmt_1_step_5
|
||||
|
||||
|
|
@ -345,6 +365,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_fmt_1.pem'
|
||||
format: auto_ignore
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_fmt_1_step_6
|
||||
|
||||
|
|
@ -352,6 +373,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_fmt_1.pem'
|
||||
format: auto
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_fmt_1_step_7
|
||||
|
||||
|
|
@ -359,6 +381,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_fmt_1.pem'
|
||||
format: raw
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
ignore_errors: yes
|
||||
register: privatekey_fmt_1_step_8
|
||||
|
|
@ -374,6 +397,7 @@
|
|||
path: '{{ output_dir }}/privatekey_fmt_1.pem'
|
||||
format: pkcs8
|
||||
format_mismatch: convert
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: privatekey_fmt_1_step_9
|
||||
|
||||
|
|
@ -496,14 +520,14 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
loop: "{{ regenerate_values }}"
|
||||
- name: "({{ select_crypto_backend }}) Regenerate - setup password protected keys"
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-b-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
passphrase: hunter2
|
||||
cipher: "{{ 'aes256' if select_crypto_backend == 'pyopenssl' else 'auto' }}"
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
|
|
@ -519,7 +543,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-c-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
check_mode: yes
|
||||
|
|
@ -541,7 +565,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-c-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
loop: "{{ regenerate_values }}"
|
||||
|
|
@ -562,7 +586,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-b-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
check_mode: yes
|
||||
|
|
@ -584,7 +608,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-b-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
loop: "{{ regenerate_values }}"
|
||||
|
|
@ -605,7 +629,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
check_mode: yes
|
||||
|
|
@ -623,7 +647,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
loop: "{{ regenerate_values }}"
|
||||
|
|
@ -640,7 +664,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1048
|
||||
size: '{{ default_rsa_key_size + 20 }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
check_mode: yes
|
||||
|
|
@ -660,7 +684,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: RSA
|
||||
size: 1048
|
||||
size: '{{ default_rsa_key_size + 20 }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
loop: "{{ regenerate_values }}"
|
||||
|
|
@ -687,7 +711,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: DSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
check_mode: yes
|
||||
|
|
@ -707,7 +731,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: DSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
loop: "{{ regenerate_values }}"
|
||||
|
|
@ -735,7 +759,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: DSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
format: pkcs8
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
|
|
@ -756,7 +780,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: DSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
format: pkcs8
|
||||
regenerate: '{{ item }}'
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
|
|
@ -784,7 +808,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: DSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
format: pkcs1
|
||||
format_mismatch: convert
|
||||
regenerate: '{{ item }}'
|
||||
|
|
@ -804,7 +828,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/regenerate-a-{{ item }}.pem'
|
||||
type: DSA
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
format: pkcs1
|
||||
format_mismatch: convert
|
||||
regenerate: '{{ item }}'
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@
|
|||
- name: Run module with backend autodetection
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_backend_selection.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- block:
|
||||
- name: Running tests with pyOpenSSL backend
|
||||
|
|
@ -76,7 +77,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/fingerprint-{{ item }}.pem'
|
||||
type: "{{ item }}"
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: pyopenssl
|
||||
loop:
|
||||
- RSA
|
||||
|
|
@ -87,7 +88,7 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/fingerprint-{{ item }}.pem'
|
||||
type: "{{ item }}"
|
||||
size: 1024
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: cryptography
|
||||
loop:
|
||||
- RSA
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Validate privatekey5 (assert - Passphrase protected key + idempotence)"
|
||||
assert:
|
||||
that:
|
||||
- privatekey5.stdout == '4096'
|
||||
- privatekey5.stdout == '{{ default_rsa_key_size }}'
|
||||
when: openssl_version.stdout is version('0.9.8zh', '>=')
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Validate privatekey5 idempotence (assert - Passphrase protected key + idempotence)"
|
||||
|
|
@ -85,7 +85,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Validate privatekey6 (assert - Passphrase protected key with non ascii character)"
|
||||
assert:
|
||||
that:
|
||||
- privatekey6.stdout == '4096'
|
||||
- privatekey6.stdout == '{{ default_rsa_key_size }}'
|
||||
when: openssl_version.stdout is version('0.9.8zh', '>=')
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Validate ECC generation (dump with OpenSSL)"
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@
|
|||
- "'type' in result"
|
||||
- "result.type == 'RSA'"
|
||||
- "'public_data' in result"
|
||||
- "result.public_data.size == 2048"
|
||||
- "result.public_data.size == default_rsa_key_size"
|
||||
- "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size"
|
||||
- "result.public_data.exponent > 5"
|
||||
- "'private_data' in result"
|
||||
|
|
|
|||
|
|
@ -12,13 +12,14 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_2.pem'
|
||||
type: RSA
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: Generate privatekey 3 (with password)
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_3.pem'
|
||||
passphrase: hunter2
|
||||
cipher: auto
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
- name: Generate privatekey 4 (ECC)
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
openssl_privatekey_pipe:
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
content: "{{ result.privatekey }}"
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
register: update_check
|
||||
check_mode: true
|
||||
|
||||
|
|
@ -35,7 +35,7 @@
|
|||
openssl_privatekey_pipe:
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
content: "{{ result.privatekey }}"
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
return_current_key: true
|
||||
register: update_check_return
|
||||
check_mode: true
|
||||
|
|
@ -44,14 +44,14 @@
|
|||
openssl_privatekey_pipe:
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
content: "{{ result.privatekey }}"
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
register: update
|
||||
|
||||
- name: ({{select_crypto_backend}}) Update key (idempotent, check mode)
|
||||
openssl_privatekey_pipe:
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
content: "{{ update.privatekey }}"
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
register: update_idempotent_check
|
||||
check_mode: true
|
||||
|
||||
|
|
@ -59,14 +59,14 @@
|
|||
openssl_privatekey_pipe:
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
content: "{{ update.privatekey }}"
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
register: update_idempotent
|
||||
|
||||
- name: ({{select_crypto_backend}}) Update key (idempotent, check mode, with return_current_key=true)
|
||||
openssl_privatekey_pipe:
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
content: "{{ update.privatekey }}"
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
return_current_key: true
|
||||
register: update_idempotent_return_check
|
||||
check_mode: true
|
||||
|
|
@ -75,7 +75,7 @@
|
|||
openssl_privatekey_pipe:
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
content: "{{ update.privatekey }}"
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
return_current_key: true
|
||||
register: update_idempotent_return
|
||||
|
||||
|
|
@ -92,7 +92,7 @@
|
|||
- update_check_return.privatekey == result.privatekey
|
||||
- update is changed
|
||||
- update.privatekey != result.privatekey
|
||||
- update_info.public_data.size == 2048
|
||||
- update_info.public_data.size == default_rsa_key_size
|
||||
- update_idempotent_check is not changed
|
||||
- update_idempotent_check.privatekey is undefined
|
||||
- update_idempotent is not changed
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
- name: Run module with backend autodetection
|
||||
openssl_privatekey_pipe:
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- block:
|
||||
- name: Running tests with pyOpenSSL backend
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Generate privatekey"
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format"
|
||||
openssl_publickey:
|
||||
|
|
@ -64,6 +65,7 @@
|
|||
path: '{{ output_dir }}/privatekey3.pem'
|
||||
passphrase: ansible
|
||||
cipher: aes256
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Generate publickey3 - with passphrase protected privatekey"
|
||||
openssl_publickey:
|
||||
|
|
@ -96,6 +98,7 @@
|
|||
path: '{{ output_dir }}/privatekey5.pem'
|
||||
type: ECC
|
||||
curve: secp256r1
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Generate publickey 5 - PEM format"
|
||||
openssl_publickey:
|
||||
|
|
@ -125,6 +128,7 @@
|
|||
passphrase: hunter2
|
||||
cipher: auto
|
||||
select_crypto_backend: cryptography
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: "({{ select_crypto_backend }}) Generate publickey - PEM format (failed passphrase 1)"
|
||||
openssl_publickey:
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
- name: Generate privatekey1 - standard
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_autodetect.pem'
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: Run module with backend autodetection
|
||||
openssl_publickey:
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
- name: Add RSA tests
|
||||
set_fact:
|
||||
key_types: "{{ key_types + [ { 'type': 'RSA' } ] }}"
|
||||
key_types: "{{ key_types + [ { 'type': 'RSA', 'size': default_rsa_key_size } ] }}"
|
||||
when: cryptography_version.stdout is version('1.4', '>=')
|
||||
|
||||
- name: Add DSA + ECDSA tests
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
## PRIVATE KEY ################################################################################
|
||||
- name: ({{ certgen_title }}) Create cert private key (RSA)
|
||||
command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/{{ certificate_name }}.key {{ rsa_bits if key_type == 'rsa' else 2048 }}"
|
||||
command: "{{ openssl_binary }} genrsa -out {{ output_dir }}/{{ certificate_name }}.key {{ rsa_bits if key_type == 'rsa' else default_rsa_key_size }}"
|
||||
when: "key_type == 'rsa'"
|
||||
- name: ({{ certgen_title }}) Create cert private key (ECC 256)
|
||||
command: "{{ openssl_binary }} ecparam -name prime256v1 -genkey -out {{ output_dir }}/{{ certificate_name }}.key"
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
../../setup_openssl/vars/main.yml
|
||||
|
|
@ -96,3 +96,7 @@
|
|||
- name: Register cryptography version
|
||||
command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'"
|
||||
register: cryptography_version
|
||||
|
||||
- name: Print default key sizes
|
||||
debug:
|
||||
msg: "Default RSA key size: {{ default_rsa_key_size }} (for certificates: {{ default_rsa_key_size_certifiates }})"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
default_rsa_key_size: 1024
|
||||
default_rsa_key_size_certifiates: '{{ 2048 if ansible_os_family == "RedHat" and ansible_facts.distribution_major_version | int >= 8 else 1024 }}'
|
||||
|
|
@ -2,12 +2,12 @@
|
|||
- name: Generate account key
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/account.key'
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: Generate privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey.pem'
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size }}'
|
||||
|
||||
- name: Generate CSRs
|
||||
openssl_csr:
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
- name: (Assertonly, {{select_crypto_backend}}) - Generate privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (Assertonly, {{select_crypto_backend}}) - Generate privatekey with password
|
||||
openssl_privatekey:
|
||||
|
|
@ -9,6 +10,7 @@
|
|||
passphrase: hunter2
|
||||
cipher: auto
|
||||
select_crypto_backend: cryptography
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (Assertonly, {{select_crypto_backend}}) - Generate CSR (no extensions)
|
||||
openssl_csr:
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
- name: (Expired, {{select_crypto_backend}}) Generate privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/has_expired_privatekey.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (Expired, {{select_crypto_backend}}) Generate CSR
|
||||
openssl_csr:
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/ca_privatekey.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey with passphrase
|
||||
openssl_privatekey:
|
||||
|
|
@ -9,6 +10,7 @@
|
|||
passphrase: hunter2
|
||||
cipher: auto
|
||||
select_crypto_backend: cryptography
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR
|
||||
openssl_csr:
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
- name: (Removal, {{select_crypto_backend}}) Generate privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/removal_privatekey.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (Removal, {{select_crypto_backend}}) Generate CSR
|
||||
openssl_csr:
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
- name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey with password
|
||||
openssl_privatekey:
|
||||
|
|
@ -9,6 +10,7 @@
|
|||
passphrase: hunter2
|
||||
cipher: auto
|
||||
select_crypto_backend: cryptography
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate without CSR
|
||||
x509_certificate:
|
||||
|
|
@ -126,6 +128,7 @@
|
|||
- name: (Selfsigned, {{select_crypto_backend}}) Generate privatekey2
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey2.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR2
|
||||
openssl_csr:
|
||||
|
|
@ -184,6 +187,7 @@
|
|||
- name: (Selfsigned, {{select_crypto_backend}}) Create private key 3
|
||||
openssl_privatekey:
|
||||
path: "{{ output_dir }}/privatekey3.pem"
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: (Selfsigned, {{select_crypto_backend}}) Create CSR 3
|
||||
openssl_csr:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
- name: Generate privatekey
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: Generate privatekey with password
|
||||
openssl_privatekey:
|
||||
|
|
@ -14,6 +15,7 @@
|
|||
passphrase: hunter2
|
||||
cipher: auto
|
||||
select_crypto_backend: cryptography
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
|
||||
- name: Generate CSR 1
|
||||
openssl_csr:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
- name: "({{ select_crypto_backend }}) Generate privatekey"
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/{{ item }}.pem'
|
||||
size: 2048
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
loop:
|
||||
- privatekey
|
||||
- privatekey2
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
- name: Prepare private key for backend autodetection test
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/privatekey_backend_selection.pem'
|
||||
size: '{{ default_rsa_key_size_certifiates }}'
|
||||
- name: Run module with backend autodetection
|
||||
x509_certificate_pipe:
|
||||
provider: selfsigned
|
||||
|
|
|
|||
Loading…
Reference in New Issue