a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community.crypto/tests/integration/targets/openssl_csr_info/tasks/impl.yml

126 lines
5.2 KiB
YAML
Raw Blame History

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- debug:
msg: "Executing tests with backend {{ select_crypto_backend }}"
- name: "({{ select_crypto_backend }}) Get CSR info"
openssl_csr_info:
path: '{{ remote_tmp_dir }}/csr_1.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: "({{ select_crypto_backend }}) Get CSR info (IDNA encoding)"
openssl_csr_info:
path: '{{ remote_tmp_dir }}/csr_1.csr'
name_encoding: idna
select_crypto_backend: '{{ select_crypto_backend }}'
register: result_idna
- name: "({{ select_crypto_backend }}) Get CSR info (Unicode encoding)"
openssl_csr_info:
path: '{{ remote_tmp_dir }}/csr_1.csr'
name_encoding: unicode
select_crypto_backend: '{{ select_crypto_backend }}'
register: result_unicode
- name: "({{ select_crypto_backend }}) Check whether subject and extensions behaves as expected"
assert:
that:
- result.subject.organizationalUnitName == 'ACME Department'
- "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
- "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
- result.public_key_type == 'RSA'
- result.public_key_data.size == default_rsa_key_size
# TLS Feature
- result.extensions_by_oid['1.3.6.1.5.5.7.1.24'].critical == false
- result.extensions_by_oid['1.3.6.1.5.5.7.1.24'].value == 'MAMCAQU='
# Key Usage
- result.extensions_by_oid['2.5.29.15'].critical == true
- result.extensions_by_oid['2.5.29.15'].value in ['AwMA/4A=', 'AwMH/4A=']
# Subject Alternative Names
- result.subject_alt_name[1] == ("DNS:âņsïbłè.com" if cryptography_version.stdout is version('2.1', '<') else "DNS:xn--sb-oia0a7a53bya.com")
- result_unicode.subject_alt_name[1] == "DNS:âņsïbłè.com"
- result_idna.subject_alt_name[1] == "DNS:xn--sb-oia0a7a53bya.com"
- result.extensions_by_oid['2.5.29.17'].critical == false
- result.extensions_by_oid['2.5.29.17'].value == 'MHmCD3d3dy5hbnNpYmxlLmNvbYIXeG4tLXNiLW9pYTBhN2E1M2J5YS5jb22HBAECAwSHEAAAAAAAAAAAAAAAAAAAAAGBEHRlc3RAZXhhbXBsZS5vcmeGI2h0dHBzOi8vZXhhbXBsZS5vcmcvdGVzdC9pbmRleC5odG1s'
# Basic Constraints
- result.extensions_by_oid['2.5.29.19'].critical == true
- result.extensions_by_oid['2.5.29.19'].value == 'MAYBAf8CARc='
# Extended Key Usage
- result.extensions_by_oid['2.5.29.37'].critical == false
- result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='
- name: "({{ select_crypto_backend }}) Check SubjectKeyIdentifier and AuthorityKeyIdentifier"
assert:
that:
- result.subject_key_identifier == "00:11:22:33"
- result.authority_key_identifier == "44:55:66:77"
- result.authority_cert_issuer == expected_authority_cert_issuer
- result.authority_cert_serial_number == 12345
# Subject Key Identifier
- result.extensions_by_oid['2.5.29.14'].critical == false
# Authority Key Identifier
- result.extensions_by_oid['2.5.29.35'].critical == false
vars:
expected_authority_cert_issuer:
- "DNS:ca.example.org"
- "IP:1.2.3.4"
when: cryptography_version.stdout is version('1.3', '>=')
- name: "({{ select_crypto_backend }}) Read CSR"
slurp:
src: '{{ remote_tmp_dir }}/csr_1.csr'
register: slurp
- name: "({{ select_crypto_backend }}) Get CSR info directly"
openssl_csr_info:
content: '{{ slurp.content | b64decode }}'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result_direct
- name: "({{ select_crypto_backend }}) Compare output of direct and loaded info"
assert:
that:
- result == result_direct
- name: "({{ select_crypto_backend }}) Get CSR info"
openssl_csr_info:
path: '{{ remote_tmp_dir }}/csr_2.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: "({{ select_crypto_backend }}) Get CSR info"
openssl_csr_info:
path: '{{ remote_tmp_dir }}/csr_3.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
assert:
that:
- result.authority_key_identifier is none
- result.authority_cert_issuer == expected_authority_cert_issuer
- result.authority_cert_serial_number == 12345
vars:
expected_authority_cert_issuer:
- "DNS:ca.example.org"
- "IP:1.2.3.4"
when: cryptography_version.stdout is version('1.3', '>=')
- name: "({{ select_crypto_backend }}) Get CSR info"
openssl_csr_info:
path: '{{ remote_tmp_dir }}/csr_4.csr'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
assert:
that:
- result.authority_key_identifier == "44:55:66:77"
- result.authority_cert_issuer is none
- result.authority_cert_serial_number is none
when: cryptography_version.stdout is version('1.3', '>=')
Reference in New Issue View Git Blame Copy Permalink