diff --git a/tests/integration/targets/get_certificate/files/bogus_ca.pem b/tests/integration/targets/get_certificate/files/bogus_ca.pem deleted file mode 100644 index 16119c9e..00000000 --- a/tests/integration/targets/get_certificate/files/bogus_ca.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC+DCCAeACCQCWuDvGDH3otTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJV -UzEOMAwGA1UECAwFQm9ndXMxEDAOBgNVBAcMB0JhbG9uZXkxDTALBgNVBAoMBEFD -TUUwHhcNMTgwNzEyMTgxNDA0WhcNMjMwNzExMTgxNDA0WjA+MQswCQYDVQQGEwJV -UzEOMAwGA1UECAwFQm9ndXMxEDAOBgNVBAcMB0JhbG9uZXkxDTALBgNVBAoMBEFD -TUUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLTGCpn8b+/2qdpkvK -iwXU8PMOXBOmRa+GmzxsxMr1QZcY0m6pY3uuIvqErMFf4qp4BMxQF+VpDLVJUJX/ -1oKCM7J3hEfgmKRD4RmKhBlnWVv5YGZmvlXRJBl1AsDTONZy8iKJB5NYnB3ZyrJq -H2GAgyJ55aYckoU55vwjRzKp49dZmzX5YS04Kzzzw/SmOuW8kMypZV5TJH+NXqKc -pw3u3cJ4yJ9DHSU5pnhC5BeKl8XDMO42jRWt5/7C7JDiCbZ9lu5jQiv/4DhsRsHF -A8/Lgl47sNDaBMbha786I9laPHLlVycpYaP6pwtizhN9ZRTdDOHmWi/vjiamERLL -FjjLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAA+1uj3tHaCai+A1H/kOgTN5e0eW -/wmaxu8gNK5eiHrecNJNAlFxVTrCwhvv4nUW7NXVcW/1WUqSO0QMiPJhCsSLVAMF -8MuYH73B+ctRqAGdeOAWF+ftCywZTEj5h5F0XiWB+TmkPlTVNShMiPFelDJpLy7u -9MfiPEJjo4sZotQl8/pZ6R9cY6GpEXWnttcuhLJCEuiB8fWO7epiWYCt/Ak+CVmZ -OzfI/euV6Upaen22lNu8V3ZwWEFtmU5CioKJ3S8DK5Mw/LJIJw1ZY9E+fTtn8x0k -xlI4e7urD2FYhTdv2fFUG8Z5arb/3bICgsUYQZ+G1c3wjWtJg9zcy8hpnZQ= ------END CERTIFICATE----- diff --git a/tests/integration/targets/get_certificate/meta/main.yml b/tests/integration/targets/get_certificate/meta/main.yml index ff3be5e7..a5f4dfb0 100644 --- a/tests/integration/targets/get_certificate/meta/main.yml +++ b/tests/integration/targets/get_certificate/meta/main.yml @@ -5,4 +5,5 @@ dependencies: - setup_openssl + - setup_remote_tmp_dir - prepare_http_tests diff --git a/tests/integration/targets/get_certificate/tests/validate.yml b/tests/integration/targets/get_certificate/tests/validate.yml index 3dde3071..dd38b879 100644 --- a/tests/integration/targets/get_certificate/tests/validate.yml +++ b/tests/integration/targets/get_certificate/tests/validate.yml @@ -101,19 +101,14 @@ # We got the correct response from the module - "'ca_cert file does not exist' == result.msg" -- name: Get a temp directory - tempfile: - state: directory - register: my_temp_dir - - name: Download CA Cert as pem from server get_url: url: "http://ansible.http.tests/cacert.pem" - dest: "{{ my_temp_dir.path }}/temp.pem" + dest: "{{ remote_tmp_dir }}/temp.pem" - name: Get servers certificate comparing it to its own ca_cert file get_certificate: - ca_cert: '{{ my_temp_dir.path }}/temp.pem' + ca_cert: '{{ remote_tmp_dir }}/temp.pem' host: "{{ httpbin_host }}" port: 443 select_crypto_backend: "{{ select_crypto_backend }}" @@ -124,14 +119,34 @@ - result is not changed - result is not failed -- name: Deploy the bogus_ca.pem file - copy: - src: "bogus_ca.pem" - dest: "{{ my_temp_dir.path }}/bogus_ca.pem" +- name: Generate bogus CA privatekey + openssl_privatekey: + path: '{{ remote_tmp_dir }}/bogus_ca.key' + type: ECC + curve: secp256r1 + +- name: Generate bogus CA CSR + openssl_csr: + path: '{{ remote_tmp_dir }}/bogus_ca.csr' + privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key' + subject: + commonName: Bogus CA + useCommonNameForSAN: no + basic_constraints: + - 'CA:TRUE' + basic_constraints_critical: yes + +- name: Generate selfsigned bogus CA certificate + x509_certificate: + path: '{{ remote_tmp_dir }}/bogus_ca.pem' + csr_path: '{{ remote_tmp_dir }}/bogus_ca.csr' + privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key' + provider: selfsigned + selfsigned_digest: sha256 - name: Get servers certificate comparing it to an invalid ca_cert file get_certificate: - ca_cert: '{{ my_temp_dir.path }}/bogus_ca.pem' + ca_cert: '{{ remote_tmp_dir }}/bogus_ca.pem' host: "{{ httpbin_host }}" port: 443 select_crypto_backend: "{{ select_crypto_backend }}" @@ -141,4 +156,4 @@ - assert: that: - result is not changed - - result.failed + - result is failed