mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-05-07 13:53:06 +00:00
02ee3fb974
* Remove superfluous remote_src. * Use temp dir twice instead of output_dir. * Use remote temp directory instead of output_dir. * Fix syntax error. * Add some fixes. * Copy more files to remote. * More fixes. * Fixing ACME/'cloud' tests. * Forgot when. * Try to fix filters. * Skip unnecessary steps. * Avoid collision.
184 lines
6.2 KiB
YAML
184 lines
6.2 KiB
YAML
---
|
|
- debug:
|
|
msg: "Executing tests with backend {{ select_crypto_backend }}"
|
|
|
|
- name: ({{select_crypto_backend}}) Get key 1 info
|
|
openssl_privatekey_info:
|
|
path: '{{ remote_tmp_dir }}/privatekey_1.pem'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: Check that RSA key info is ok
|
|
assert:
|
|
that:
|
|
- "'public_key' in result"
|
|
- "'public_key_fingerprints' in result"
|
|
- "'type' in result"
|
|
- "result.type == 'RSA'"
|
|
- "'public_data' in result"
|
|
- "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size"
|
|
- "result.public_data.exponent > 5"
|
|
- "'private_data' not in result"
|
|
|
|
- name: Update result list
|
|
set_fact:
|
|
info_results: "{{ info_results | combine({'key1': result}) }}"
|
|
|
|
- name: ({{select_crypto_backend}}) Read private key
|
|
slurp:
|
|
src: '{{ remote_tmp_dir }}/privatekey_1.pem'
|
|
register: slurp
|
|
|
|
- name: ({{select_crypto_backend}}) Get key 1 info directly
|
|
openssl_privatekey_info:
|
|
content: '{{ slurp.content | b64decode }}'
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result_direct
|
|
|
|
- name: ({{select_crypto_backend}}) Compare output of direct and loaded info
|
|
assert:
|
|
that:
|
|
- result == result_direct
|
|
|
|
- name: ({{select_crypto_backend}}) Get key 2 info
|
|
openssl_privatekey_info:
|
|
path: '{{ remote_tmp_dir }}/privatekey_2.pem'
|
|
return_private_key_data: yes
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: Check that RSA key info is ok
|
|
assert:
|
|
that:
|
|
- "'public_key' in result"
|
|
- "'public_key_fingerprints' in result"
|
|
- "'type' in result"
|
|
- "result.type == 'RSA'"
|
|
- "'public_data' in result"
|
|
- "result.public_data.size == default_rsa_key_size"
|
|
- "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size"
|
|
- "result.public_data.exponent > 5"
|
|
- "'private_data' in result"
|
|
- "result.public_data.modulus == result.private_data.p * result.private_data.q"
|
|
- "result.private_data.exponent > 5"
|
|
|
|
- name: Update result list
|
|
set_fact:
|
|
info_results: "{{ info_results | combine({'key2': result}) }}"
|
|
|
|
- name: ({{select_crypto_backend}}) Get key 3 info (without passphrase)
|
|
openssl_privatekey_info:
|
|
path: '{{ remote_tmp_dir }}/privatekey_3.pem'
|
|
return_private_key_data: yes
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
ignore_errors: yes
|
|
register: result
|
|
|
|
- name: Check that loading passphrase protected key without passphrase failed
|
|
assert:
|
|
that:
|
|
- result is failed
|
|
# Check that return values are there
|
|
- result.can_load_key is defined
|
|
- result.can_parse_key is defined
|
|
# Check that return values are correct
|
|
- result.can_load_key
|
|
- not result.can_parse_key
|
|
# Check that additional data isn't there
|
|
- "'pulic_key' not in result"
|
|
- "'pulic_key_fingerprints' not in result"
|
|
- "'type' not in result"
|
|
- "'public_data' not in result"
|
|
- "'private_data' not in result"
|
|
|
|
- name: ({{select_crypto_backend}}) Get key 3 info (with passphrase)
|
|
openssl_privatekey_info:
|
|
path: '{{ remote_tmp_dir }}/privatekey_3.pem'
|
|
passphrase: hunter2
|
|
return_private_key_data: yes
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: Check that RSA key info is ok
|
|
assert:
|
|
that:
|
|
- "'public_key' in result"
|
|
- "'public_key_fingerprints' in result"
|
|
- "'type' in result"
|
|
- "result.type == 'RSA'"
|
|
- "'public_data' in result"
|
|
- "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size"
|
|
- "result.public_data.exponent > 5"
|
|
- "'private_data' in result"
|
|
- "result.public_data.modulus == result.private_data.p * result.private_data.q"
|
|
- "result.private_data.exponent > 5"
|
|
|
|
- name: Update result list
|
|
set_fact:
|
|
info_results: "{{ info_results | combine({'key3': result}) }}"
|
|
|
|
- name: ({{select_crypto_backend}}) Get key 4 info
|
|
openssl_privatekey_info:
|
|
path: '{{ remote_tmp_dir }}/privatekey_4.pem'
|
|
return_private_key_data: yes
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- block:
|
|
- name: Check that ECC key info is ok
|
|
assert:
|
|
that:
|
|
- "'public_key' in result"
|
|
- "'public_key_fingerprints' in result"
|
|
- "'type' in result"
|
|
- "result.type == 'ECC'"
|
|
- "'public_data' in result"
|
|
- "result.public_data.curve is string"
|
|
- "result.public_data.x != 0"
|
|
- "result.public_data.y != 0"
|
|
- "result.public_data.exponent_size == (521 if (ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6') else 256)"
|
|
- "'private_data' in result"
|
|
- "result.private_data.multiplier > 1024"
|
|
|
|
- name: Update result list
|
|
set_fact:
|
|
info_results: "{{ info_results | combine({'key4': result}) }}"
|
|
when: select_crypto_backend != 'pyopenssl' or (pyopenssl_version.stdout is version('16.1.0', '>=') and cryptography_version.stdout is version('0.0', '>'))
|
|
|
|
- name: Check that ECC key info is ok
|
|
assert:
|
|
that:
|
|
- "'public_key' in result"
|
|
- "'public_key_fingerprints' in result"
|
|
- "'type' in result"
|
|
- "result.type.startswith('unknown ')"
|
|
- "'public_data' in result"
|
|
- "'private_data' in result"
|
|
when: select_crypto_backend == 'pyopenssl' and not (pyopenssl_version.stdout is version('16.1.0', '>=') and cryptography_version.stdout is version('0.0', '>'))
|
|
|
|
- name: ({{select_crypto_backend}}) Get key 5 info
|
|
openssl_privatekey_info:
|
|
path: '{{ remote_tmp_dir }}/privatekey_5.pem'
|
|
return_private_key_data: yes
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
register: result
|
|
|
|
- name: Check that DSA key info is ok
|
|
assert:
|
|
that:
|
|
- "'public_key' in result"
|
|
- "'public_key_fingerprints' in result"
|
|
- "'type' in result"
|
|
- "result.type == 'DSA'"
|
|
- "'public_data' in result"
|
|
- "result.public_data.p > 2"
|
|
- "result.public_data.q > 2"
|
|
- "result.public_data.g >= 2"
|
|
- "result.public_data.y > 2"
|
|
- "'private_data' in result"
|
|
- "result.private_data.x > 2"
|
|
|
|
- name: Update result list
|
|
set_fact:
|
|
info_results: "{{ info_results | combine({'key5': result}) }}"
|