Remove included fake CA cert, create one on demand. (#501)

tests/integration/targets/get_certificate/files/bogus_ca.pem

@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC+DCCAeACCQCWuDvGDH3otTANBgkqhkiG9w0BAQsFADA+MQswCQYDVQQGEwJV
-UzEOMAwGA1UECAwFQm9ndXMxEDAOBgNVBAcMB0JhbG9uZXkxDTALBgNVBAoMBEFD
-TUUwHhcNMTgwNzEyMTgxNDA0WhcNMjMwNzExMTgxNDA0WjA+MQswCQYDVQQGEwJV
-UzEOMAwGA1UECAwFQm9ndXMxEDAOBgNVBAcMB0JhbG9uZXkxDTALBgNVBAoMBEFD
-TUUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLTGCpn8b+/2qdpkvK
-iwXU8PMOXBOmRa+GmzxsxMr1QZcY0m6pY3uuIvqErMFf4qp4BMxQF+VpDLVJUJX/
-1oKCM7J3hEfgmKRD4RmKhBlnWVv5YGZmvlXRJBl1AsDTONZy8iKJB5NYnB3ZyrJq
-H2GAgyJ55aYckoU55vwjRzKp49dZmzX5YS04Kzzzw/SmOuW8kMypZV5TJH+NXqKc
-pw3u3cJ4yJ9DHSU5pnhC5BeKl8XDMO42jRWt5/7C7JDiCbZ9lu5jQiv/4DhsRsHF
-A8/Lgl47sNDaBMbha786I9laPHLlVycpYaP6pwtizhN9ZRTdDOHmWi/vjiamERLL
-FjjLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAA+1uj3tHaCai+A1H/kOgTN5e0eW
-/wmaxu8gNK5eiHrecNJNAlFxVTrCwhvv4nUW7NXVcW/1WUqSO0QMiPJhCsSLVAMF
-8MuYH73B+ctRqAGdeOAWF+ftCywZTEj5h5F0XiWB+TmkPlTVNShMiPFelDJpLy7u
-9MfiPEJjo4sZotQl8/pZ6R9cY6GpEXWnttcuhLJCEuiB8fWO7epiWYCt/Ak+CVmZ
-OzfI/euV6Upaen22lNu8V3ZwWEFtmU5CioKJ3S8DK5Mw/LJIJw1ZY9E+fTtn8x0k
-xlI4e7urD2FYhTdv2fFUG8Z5arb/3bICgsUYQZ+G1c3wjWtJg9zcy8hpnZQ=
------END CERTIFICATE-----

tests/integration/targets/get_certificate/meta/main.yml

@@ -5,4 +5,5 @@
 
 dependencies:
   - setup_openssl
+  - setup_remote_tmp_dir
   - prepare_http_tests

tests/integration/targets/get_certificate/tests/validate.yml

@@ -101,19 +101,14 @@
       # We got the correct response from the module
       - "'ca_cert file does not exist' == result.msg"
 
-- name: Get a temp directory
-  tempfile:
-    state: directory
-  register: my_temp_dir
-
 - name: Download CA Cert as pem from server
   get_url:
     url: "http://ansible.http.tests/cacert.pem"
-    dest: "{{ my_temp_dir.path }}/temp.pem"
+    dest: "{{ remote_tmp_dir }}/temp.pem"
 
 - name: Get servers certificate comparing it to its own ca_cert file
   get_certificate:
-    ca_cert: '{{ my_temp_dir.path }}/temp.pem'
+    ca_cert: '{{ remote_tmp_dir }}/temp.pem'
     host: "{{ httpbin_host }}"
     port: 443
     select_crypto_backend: "{{ select_crypto_backend }}"
@@ -124,14 +119,34 @@
       - result is not changed
       - result is not failed
 
-- name: Deploy the bogus_ca.pem file
+- name: Generate bogus CA privatekey
-  copy:
+  openssl_privatekey:
-    src: "bogus_ca.pem"
+    path: '{{ remote_tmp_dir }}/bogus_ca.key'
-    dest: "{{ my_temp_dir.path }}/bogus_ca.pem"
+    type: ECC
+    curve: secp256r1
+
+- name: Generate bogus CA CSR
+  openssl_csr:
+    path: '{{ remote_tmp_dir }}/bogus_ca.csr'
+    privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key'
+    subject:
+      commonName: Bogus CA
+    useCommonNameForSAN: no
+    basic_constraints:
+      - 'CA:TRUE'
+    basic_constraints_critical: yes
+
+- name: Generate selfsigned bogus CA certificate
+  x509_certificate:
+    path: '{{ remote_tmp_dir }}/bogus_ca.pem'
+    csr_path: '{{ remote_tmp_dir }}/bogus_ca.csr'
+    privatekey_path: '{{ remote_tmp_dir }}/bogus_ca.key'
+    provider: selfsigned
+    selfsigned_digest: sha256
 
 - name: Get servers certificate comparing it to an invalid ca_cert file
   get_certificate:
-    ca_cert: '{{ my_temp_dir.path }}/bogus_ca.pem'
+    ca_cert: '{{ remote_tmp_dir }}/bogus_ca.pem'
     host: "{{ httpbin_host }}"
     port: 443
     select_crypto_backend: "{{ select_crypto_backend }}"
@@ -141,4 +156,4 @@
 - assert:
     that:
       - result is not changed
-      - result.failed
+      - result is failed