ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (#747)

* Use community.dns.quote_txt filter instead of regex replace to quote TXT entry value.

* Fix documentation of acme_certificate's challenge_data return value.

* Also return cert_id from acme_certificate_renewal_info module.

* The cert ID cannot be computed if the certificate has no AKI.

This happens with older Pebble versions, which are used when
testing against older ansible-core/-base/Ansible versions.

* Fix AKI extraction for older OpenSSL versions.

tests/unit/plugins/module_utils/acme/backend_data.py

@@ -81,9 +81,12 @@ TEST_CSRS = [
 
 
 TEST_CERT = load_fixture("cert_1.pem")
+TEST_CERT_2 = load_fixture("cert_2.pem")
 
 
-TEST_CERT_OPENSSL_OUTPUT = load_fixture("cert_1.txt")
+TEST_CERT_OPENSSL_OUTPUT = load_fixture("cert_1.txt")  # OpenSSL 3.3.0 output
+TEST_CERT_OPENSSL_OUTPUT_2 = load_fixture("cert_2.txt")  # OpenSSL 3.3.0 output
+TEST_CERT_OPENSSL_OUTPUT_2B = load_fixture("cert_2-b.txt")  # OpenSSL 1.1.1f output
 
 
 TEST_CERT_DAYS = [
@@ -93,18 +96,28 @@ TEST_CERT_DAYS = [
 ]
 
 
+TEST_CERT_INFO = CertificateInformation(
+    not_valid_after=datetime.datetime(2018, 11, 26, 15, 28, 24),
+    not_valid_before=datetime.datetime(2018, 11, 25, 15, 28, 23),
+    serial_number=1,
+    subject_key_identifier=b'\x98\xD2\xFD\x3C\xCC\xCD\x69\x45\xFB\xE2\x8C\x30\x2C\x54\x62\x18\x34\xB7\x07\x73',
+    authority_key_identifier=None,
+)
+
+
+TEST_CERT_INFO_2 = CertificateInformation(
+    not_valid_before=datetime.datetime(2024, 5, 4, 20, 42, 21),
+    not_valid_after=datetime.datetime(2029, 5, 4, 20, 42, 20),
+    serial_number=4218235397573492796,
+    subject_key_identifier=b'\x17\xE5\x83\x22\x14\xEF\x74\xD3\xBE\x7E\x30\x76\x56\x1F\x51\x74\x65\x1F\xE9\xF0',
+    authority_key_identifier=b'\x13\xC3\x4C\x3E\x59\x45\xDD\xE3\x63\x51\xA3\x46\x80\xC4\x08\xC7\x14\xC0\x64\x4E',
+)
+
+
 TEST_CERT_INFO = [
-    (
-        TEST_CERT,
-        CertificateInformation(
-            not_valid_after=datetime.datetime(2018, 11, 26, 15, 28, 24),
-            not_valid_before=datetime.datetime(2018, 11, 25, 15, 28, 23),
-            serial_number=1,
-            subject_key_identifier=b'\x98\xD2\xFD\x3C\xCC\xCD\x69\x45\xFB\xE2\x8C\x30\x2C\x54\x62\x18\x34\xB7\x07\x73',
-            authority_key_identifier=None,
-        ),
-        TEST_CERT_OPENSSL_OUTPUT,
-    ),
+    (TEST_CERT, TEST_CERT_INFO, TEST_CERT_OPENSSL_OUTPUT),
+    (TEST_CERT_2, TEST_CERT_INFO_2, TEST_CERT_OPENSSL_OUTPUT_2),
+    (TEST_CERT_2, TEST_CERT_INFO_2, TEST_CERT_OPENSSL_OUTPUT_2B),
 ]
 
 

tests/unit/plugins/module_utils/acme/fixtures/cert_2-b.txt

@@ -0,0 +1,57 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4218235397573492796 (0x3a8a2ebeb358c03c)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN = Pebble Intermediate CA 734609
+        Validity
+            Not Before: May  4 20:42:21 2024 GMT
+            Not After : May  4 20:42:20 2029 GMT
+        Subject: CN = example.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (1024 bit)
+                Modulus:
+                    00:c1:43:a5:f9:ad:00:b7:bb:1b:73:27:00:b3:a2:
+                    4e:27:0d:ff:ae:64:3e:a0:7e:f9:28:56:48:47:21:
+                    9e:0f:d8:fb:69:b5:21:e8:98:84:60:6c:aa:73:b9:
+                    6e:d9:f6:19:ad:85:e0:c2:f6:80:d3:22:b8:5a:d6:
+                    3a:89:3e:2a:7a:fc:1d:bf:fc:69:20:e5:91:b8:34:
+                    52:26:c8:15:74:e1:36:0c:cd:ab:01:4a:ad:83:f5:
+                    0b:77:96:31:cf:1c:ea:6f:88:75:23:ac:51:a6:d8:
+                    77:43:1b:b3:44:93:2c:8d:05:25:fb:77:41:36:94:
+                    81:d5:ca:56:ff:b5:23:b2:a5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                17:E5:83:22:14:EF:74:D3:BE:7E:30:76:56:1F:51:74:65:1F:E9:F0
+            X509v3 Authority Key Identifier: 
+                keyid:13:C3:4C:3E:59:45:DD:E3:63:51:A3:46:80:C4:08:C7:14:C0:64:4E
+
+            Authority Information Access: 
+                OCSP - URI:http://10.88.0.74:5000/ocsp
+
+            X509v3 Subject Alternative Name: 
+                DNS:example.com
+    Signature Algorithm: sha256WithRSAEncryption
+         31:43:de:b6:48:f4:b8:30:46:25:65:e6:91:22:33:1b:d1:ba:
+         3f:60:f8:c3:18:32:72:e9:f8:d1:88:11:5a:0a:86:dc:1d:6d:
+         a5:ea:58:cd:05:ea:cd:5e:40:86:c1:ae:d5:cd:2e:8a:ca:50:
+         ee:df:bd:cf:6c:d9:20:3b:4b:49:f8:d5:8a:e3:be:f3:dd:24:
+         b2:7f:3f:3b:bf:e6:8d:7a:f8:8f:4b:6e:25:60:80:33:6f:0f:
+         53:b7:7d:94:2a:d2:4a:db:3a:2f:70:79:d7:bf:05:ed:df:10:
+         61:e7:24:ac:b2:fc:03:bd:ad:8c:e1:f3:1d:cc:78:99:e3:22:
+         59:bf:c5:92:57:95:92:56:35:fc:05:8b:26:10:c5:1b:87:17:
+         64:0b:bd:33:a9:54:d5:c0:2b:43:56:1b:52:d3:4f:8b:6f:25:
+         06:58:7f:6f:aa:27:35:05:d5:57:6d:83:a0:73:de:40:3f:67:
+         1c:5a:92:c6:37:e6:8f:c7:b8:91:d7:50:b9:4d:d4:f2:92:1f:
+         8b:93:0c:e2:b4:b8:d7:1d:8e:ce:6d:19:dc:8f:12:8e:c0:f2:
+         92:3b:95:5a:8c:c8:69:0e:0b:f7:fa:1f:55:62:80:7c:e2:f6:
+         41:3f:7d:69:36:9e:7c:90:7e:d7:3b:e6:a3:15:de:a4:7d:95:
+         13:46:c6:1a

tests/unit/plugins/module_utils/acme/fixtures/cert_2-b.txt.license

@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project

tests/unit/plugins/module_utils/acme/fixtures/cert_2.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfagAwIBAgIIOoouvrNYwDwwDQYJKoZIhvcNAQELBQAwKDEmMCQGA1UE
+AxMdUGViYmxlIEludGVybWVkaWF0ZSBDQSA3MzQ2MDkwHhcNMjQwNTA0MjA0MjIx
+WhcNMjkwNTA0MjA0MjIwWjAWMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAwUOl+a0At7sbcycAs6JOJw3/rmQ+oH75KFZI
+RyGeD9j7abUh6JiEYGyqc7lu2fYZrYXgwvaA0yK4WtY6iT4qevwdv/xpIOWRuDRS
+JsgVdOE2DM2rAUqtg/ULd5Yxzxzqb4h1I6xRpth3QxuzRJMsjQUl+3dBNpSB1cpW
+/7UjsqUCAwEAAaOB0TCBzjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBflgyIU73TT
+vn4wdlYfUXRlH+nwMB8GA1UdIwQYMBaAFBPDTD5ZRd3jY1GjRoDECMcUwGROMDcG
+CCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAYYbaHR0cDovLzEwLjg4LjAuNzQ6NTAw
+MC9vY3NwMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IB
+AQAxQ962SPS4MEYlZeaRIjMb0bo/YPjDGDJy6fjRiBFaCobcHW2l6ljNBerNXkCG
+wa7VzS6KylDu373PbNkgO0tJ+NWK477z3SSyfz87v+aNeviPS24lYIAzbw9Tt32U
+KtJK2zovcHnXvwXt3xBh5ySssvwDva2M4fMdzHiZ4yJZv8WSV5WSVjX8BYsmEMUb
+hxdkC70zqVTVwCtDVhtS00+LbyUGWH9vqic1BdVXbYOgc95AP2ccWpLGN+aPx7iR
+11C5TdTykh+LkwzitLjXHY7ObRncjxKOwPKSO5VajMhpDgv3+h9VYoB84vZBP31p
+Np58kH7XO+ajFd6kfZUTRsYa
+-----END CERTIFICATE-----

tests/unit/plugins/module_utils/acme/fixtures/cert_2.pem.license

@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project

tests/unit/plugins/module_utils/acme/fixtures/cert_2.txt

@@ -0,0 +1,56 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4218235397573492796 (0x3a8a2ebeb358c03c)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Pebble Intermediate CA 734609
+        Validity
+            Not Before: May  4 20:42:21 2024 GMT
+            Not After : May  4 20:42:20 2029 GMT
+        Subject: CN=example.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c1:43:a5:f9:ad:00:b7:bb:1b:73:27:00:b3:a2:
+                    4e:27:0d:ff:ae:64:3e:a0:7e:f9:28:56:48:47:21:
+                    9e:0f:d8:fb:69:b5:21:e8:98:84:60:6c:aa:73:b9:
+                    6e:d9:f6:19:ad:85:e0:c2:f6:80:d3:22:b8:5a:d6:
+                    3a:89:3e:2a:7a:fc:1d:bf:fc:69:20:e5:91:b8:34:
+                    52:26:c8:15:74:e1:36:0c:cd:ab:01:4a:ad:83:f5:
+                    0b:77:96:31:cf:1c:ea:6f:88:75:23:ac:51:a6:d8:
+                    77:43:1b:b3:44:93:2c:8d:05:25:fb:77:41:36:94:
+                    81:d5:ca:56:ff:b5:23:b2:a5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Digital Signature, Key Encipherment
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication, TLS Web Client Authentication
+            X509v3 Basic Constraints: critical
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                17:E5:83:22:14:EF:74:D3:BE:7E:30:76:56:1F:51:74:65:1F:E9:F0
+            X509v3 Authority Key Identifier: 
+                13:C3:4C:3E:59:45:DD:E3:63:51:A3:46:80:C4:08:C7:14:C0:64:4E
+            Authority Information Access: 
+                OCSP - URI:http://10.88.0.74:5000/ocsp
+            X509v3 Subject Alternative Name: 
+                DNS:example.com
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        31:43:de:b6:48:f4:b8:30:46:25:65:e6:91:22:33:1b:d1:ba:
+        3f:60:f8:c3:18:32:72:e9:f8:d1:88:11:5a:0a:86:dc:1d:6d:
+        a5:ea:58:cd:05:ea:cd:5e:40:86:c1:ae:d5:cd:2e:8a:ca:50:
+        ee:df:bd:cf:6c:d9:20:3b:4b:49:f8:d5:8a:e3:be:f3:dd:24:
+        b2:7f:3f:3b:bf:e6:8d:7a:f8:8f:4b:6e:25:60:80:33:6f:0f:
+        53:b7:7d:94:2a:d2:4a:db:3a:2f:70:79:d7:bf:05:ed:df:10:
+        61:e7:24:ac:b2:fc:03:bd:ad:8c:e1:f3:1d:cc:78:99:e3:22:
+        59:bf:c5:92:57:95:92:56:35:fc:05:8b:26:10:c5:1b:87:17:
+        64:0b:bd:33:a9:54:d5:c0:2b:43:56:1b:52:d3:4f:8b:6f:25:
+        06:58:7f:6f:aa:27:35:05:d5:57:6d:83:a0:73:de:40:3f:67:
+        1c:5a:92:c6:37:e6:8f:c7:b8:91:d7:50:b9:4d:d4:f2:92:1f:
+        8b:93:0c:e2:b4:b8:d7:1d:8e:ce:6d:19:dc:8f:12:8e:c0:f2:
+        92:3b:95:5a:8c:c8:69:0e:0b:f7:fa:1f:55:62:80:7c:e2:f6:
+        41:3f:7d:69:36:9e:7c:90:7e:d7:3b:e6:a3:15:de:a4:7d:95:
+        13:46:c6:1a

tests/unit/plugins/module_utils/acme/fixtures/cert_2.txt.license

@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project