Fix crash in x509_certificate (#241)

* Fix crash in x509_certificate.

* Add test.

changelogs/fragments/241-x509_certificate-assertonly.yml

@@ -0,0 +1,2 @@
+bugfixes:
+- "x509_certificate - fix crash when ``assertonly`` provider is used and some error conditions should be reported (https://github.com/ansible-collections/community.crypto/issues/240, https://github.com/ansible-collections/community.crypto/pull/241)."

plugins/module_utils/crypto/module_backends/certificate_assertonly.py

@@ -177,25 +177,25 @@ class AssertOnlyCertificateBackend(CertificateBackend):
         if self.privatekey_path is not None or self.privatekey_content is not None:
             if not self._validate_privatekey():
                 messages.append(
-                    'Certificate %s and private key %s do not match' %
+                    'Certificate and private key %s do not match' %
-                    (self.path, self.privatekey_path or '(provided in module options)')
+                    (self.privatekey_path or '(provided in module options)')
                 )
 
         if self.csr_path is not None or self.csr_content is not None:
             if not self._validate_csr_signature():
                 messages.append(
-                    'Certificate %s and CSR %s do not match: private key mismatch' %
+                    'Certificate and CSR %s do not match: private key mismatch' %
-                    (self.path, self.csr_path or '(provided in module options)')
+                    (self.csr_path or '(provided in module options)')
                 )
             if not self._validate_csr_subject():
                 messages.append(
-                    'Certificate %s and CSR %s do not match: subject mismatch' %
+                    'Certificate and CSR %s do not match: subject mismatch' %
-                    (self.path, self.csr_path or '(provided in module options)')
+                    (self.csr_path or '(provided in module options)')
                 )
             if not self._validate_csr_extensions():
                 messages.append(
-                    'Certificate %s and CSR %s do not match: extensions mismatch' %
+                    'Certificate and CSR %s do not match: extensions mismatch' %
-                    (self.path, self.csr_path or '(provided in module options)')
+                    (self.csr_path or '(provided in module options)')
                 )
 
         if self.signature_algorithms is not None:

tests/integration/targets/x509_certificate/tasks/assertonly.yml

@@ -114,6 +114,16 @@
       - extension_missing_eku is failed
       - "'Found no extendedKeyUsage extension' in extension_missing_eku.msg"
 
+- name: (Assertonly, {{select_crypto_backend}}) - Check wrong key fail
+  x509_certificate:
+    path: '{{ output_dir }}/cert_noext.pem'
+    privatekey_path: '{{ output_dir }}/privatekeypw.pem'
+    privatekey_passphrase: hunter2
+    provider: assertonly
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  ignore_errors: yes
+  register: private_key_error
+
 - name: (Assertonly, {{select_crypto_backend}}) - Check private key passphrase fail 1
   x509_certificate:
     path: '{{ output_dir }}/cert_noext.pem'
@@ -146,6 +156,8 @@
 - name: (Assertonly, {{select_crypto_backend}}) -
   assert:
     that:
+      - private_key_error is failed
+      - "'Certificate and private key ' in private_key_error.msg and ' do not match' in private_key_error.msg"
       - passphrase_error_1 is failed
       - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
       - passphrase_error_2 is failed