121 lines
4.8 KiB
YAML
121 lines
4.8 KiB
YAML
---
|
|
- debug:
|
|
msg: "Executing tests with backend {{ select_crypto_backend }}"
|
|
|
|
- name: "({{ select_crypto_backend }}) Get CSR info"
|
|
openssl_csr_info:
|
|
path: '{{ remote_tmp_dir }}/csr_1.csr'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: "({{ select_crypto_backend }}) Check whether subject and extensions behaves as expected"
|
|
assert:
|
|
that:
|
|
- result.subject.organizationalUnitName == 'ACME Department'
|
|
- "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
|
|
- "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
|
|
- result.public_key_type == 'RSA'
|
|
- result.public_key_data.size == default_rsa_key_size
|
|
# TLS Feature
|
|
- result.extensions_by_oid['1.3.6.1.5.5.7.1.24'].critical == false
|
|
- result.extensions_by_oid['1.3.6.1.5.5.7.1.24'].value == 'MAMCAQU='
|
|
# Key Usage
|
|
- result.extensions_by_oid['2.5.29.15'].critical == true
|
|
- result.extensions_by_oid['2.5.29.15'].value in ['AwMA/4A=', 'AwMH/4A=']
|
|
# Subject Alternative Names
|
|
- result.extensions_by_oid['2.5.29.17'].critical == false
|
|
- result.extensions_by_oid['2.5.29.17'].value == 'MGCCD3d3dy5hbnNpYmxlLmNvbYcEAQIDBIcQAAAAAAAAAAAAAAAAAAAAAYEQdGVzdEBleGFtcGxlLm9yZ4YjaHR0cHM6Ly9leGFtcGxlLm9yZy90ZXN0L2luZGV4Lmh0bWw='
|
|
# Basic Constraints
|
|
- result.extensions_by_oid['2.5.29.19'].critical == true
|
|
- result.extensions_by_oid['2.5.29.19'].value == 'MAYBAf8CARc='
|
|
# Extended Key Usage
|
|
- result.extensions_by_oid['2.5.29.37'].critical == false
|
|
- result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='
|
|
|
|
- name: "({{ select_crypto_backend }}) Check SubjectKeyIdentifier and AuthorityKeyIdentifier"
|
|
assert:
|
|
that:
|
|
- result.subject_key_identifier == "00:11:22:33"
|
|
- result.authority_key_identifier == "44:55:66:77"
|
|
- result.authority_cert_issuer == expected_authority_cert_issuer
|
|
- result.authority_cert_serial_number == 12345
|
|
# Subject Key Identifier
|
|
- result.extensions_by_oid['2.5.29.14'].critical == false
|
|
# Authority Key Identifier
|
|
- result.extensions_by_oid['2.5.29.35'].critical == false
|
|
vars:
|
|
expected_authority_cert_issuer:
|
|
- "DNS:ca.example.org"
|
|
- "IP:1.2.3.4"
|
|
when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')
|
|
|
|
- name: "({{ select_crypto_backend }}) Update result list"
|
|
set_fact:
|
|
info_results: "{{ info_results + [result] }}"
|
|
|
|
- name: "({{ select_crypto_backend }}) Read CSR"
|
|
slurp:
|
|
src: '{{ remote_tmp_dir }}/csr_1.csr'
|
|
register: slurp
|
|
|
|
- name: "({{ select_crypto_backend }}) Get CSR info directly"
|
|
openssl_csr_info:
|
|
content: '{{ slurp.content | b64decode }}'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result_direct
|
|
|
|
- name: "({{ select_crypto_backend }}) Compare output of direct and loaded info"
|
|
assert:
|
|
that:
|
|
- result == result_direct
|
|
|
|
- name: "({{ select_crypto_backend }}) Get CSR info"
|
|
openssl_csr_info:
|
|
path: '{{ remote_tmp_dir }}/csr_2.csr'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: "({{ select_crypto_backend }}) Update result list"
|
|
set_fact:
|
|
info_results: "{{ info_results + [result] }}"
|
|
|
|
- name: "({{ select_crypto_backend }}) Get CSR info"
|
|
openssl_csr_info:
|
|
path: '{{ remote_tmp_dir }}/csr_3.csr'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
|
|
assert:
|
|
that:
|
|
- result.authority_key_identifier is none
|
|
- result.authority_cert_issuer == expected_authority_cert_issuer
|
|
- result.authority_cert_serial_number == 12345
|
|
vars:
|
|
expected_authority_cert_issuer:
|
|
- "DNS:ca.example.org"
|
|
- "IP:1.2.3.4"
|
|
when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')
|
|
|
|
- name: "({{ select_crypto_backend }}) Update result list"
|
|
set_fact:
|
|
info_results: "{{ info_results + [result] }}"
|
|
|
|
- name: "({{ select_crypto_backend }}) Get CSR info"
|
|
openssl_csr_info:
|
|
path: '{{ remote_tmp_dir }}/csr_4.csr'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
|
|
assert:
|
|
that:
|
|
- result.authority_key_identifier == "44:55:66:77"
|
|
- result.authority_cert_issuer is none
|
|
- result.authority_cert_serial_number is none
|
|
when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')
|
|
|
|
- name: "({{ select_crypto_backend }}) Update result list"
|
|
set_fact:
|
|
info_results: "{{ info_results + [result] }}"
|