internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-03-26 21:33:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
33ef158b094f16d5e04ea9db3ed8bad010744d02
community.crypto/tests/integration/targets/x509_certificate_info/tasks/impl.yml
Felix Fontein 33ef158b09 Fix linting errors.
2025-04-26 12:18:21 +02:00

223 lines
10 KiB
YAML
Raw Blame History

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- debug:
msg: "Executing tests with backend {{ select_crypto_backend }}"
- name: ({{select_crypto_backend}}) Get certificate info
x509_certificate_info:
path: '{{ remote_tmp_dir }}/cert_1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: ({{select_crypto_backend}}) Get certificate info (IDNA encoding)
x509_certificate_info:
path: '{{ remote_tmp_dir }}/cert_1.pem'
name_encoding: idna
select_crypto_backend: '{{ select_crypto_backend }}'
register: result_idna
- name: ({{select_crypto_backend}}) Get certificate info (Unicode encoding)
x509_certificate_info:
path: '{{ remote_tmp_dir }}/cert_1.pem'
name_encoding: unicode
select_crypto_backend: '{{ select_crypto_backend }}'
register: result_unicode
- name: Check whether issuer and subject and extensions behave as expected
assert:
that:
- result.issuer.organizationalUnitName == 'ACME Department'
- "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered"
- "['organizationalUnitName', 'ACME Department'] in result.issuer_ordered"
- result.subject.organizationalUnitName == 'ACME Department'
- "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
- "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
- result.public_key_type == 'RSA'
- result.public_key_data.size == (default_rsa_key_size_certificates | int)
- "result.subject_alt_name == [
'DNS:www.ansible.com',
'DNS:' ~ ('öç' if cryptography_version.stdout is version('2.1', '<') else 'xn--7ca3a') ~ '.com',
'DNS:' ~ ('www.öç' if cryptography_version.stdout is version('2.1', '<') else 'xn--74h') ~ '.com',
'IP:1.2.3.4',
'IP:::1',
'email:test@example.org',
'URI:https://example.org/test/index.html'
]"
- "result_idna.subject_alt_name == [
'DNS:www.ansible.com',
'DNS:xn--7ca3a.com',
'DNS:' ~ ('www.xn--7ca3a' if cryptography_version.stdout is version('2.1', '<') else 'xn--74h') ~ '.com',
'IP:1.2.3.4',
'IP:::1',
'email:test@example.org',
'URI:https://example.org/test/index.html'
]"
- "result_unicode.subject_alt_name == [
'DNS:www.ansible.com',
'DNS:öç.com',
'DNS:' ~ ('www.öç' if cryptography_version.stdout is version('2.1', '<') else '☺') ~ '.com',
'IP:1.2.3.4',
'IP:::1',
'email:test@example.org',
'URI:https://example.org/test/index.html'
]"
# TLS Feature
- result.extensions_by_oid['1.3.6.1.5.5.7.1.24'].critical == false
- result.extensions_by_oid['1.3.6.1.5.5.7.1.24'].value == 'MAMCAQU='
# Key Usage
- result.extensions_by_oid['2.5.29.15'].critical == true
- result.extensions_by_oid['2.5.29.15'].value in ['AwMA/4A=', 'AwMH/4A=']
# Subject Alternative Names
- result.extensions_by_oid['2.5.29.17'].critical == false
- >
result.extensions_by_oid['2.5.29.17'].value == (
'MIGCgg93d3cuYW5zaWJsZS5jb22CDXhuLS03Y2EzYS5jb22CEXd3dy54bi0tN2NhM2EuY29thwQBAgMEhxAAAAAAAAAAAAAAAAAAAAABgRB0ZXN0QGV4YW1wbGUub3JnhiNodHRwczovL2V4YW1wbGUub3JnL3Rlc3QvaW5kZXguaHRtbA=='
if cryptography_version.stdout is version('2.1', '<') else
'MHyCD3d3dy5hbnNpYmxlLmNvbYINeG4tLTdjYTNhLmNvbYILeG4tLTc0aC5jb22HBAECAwSHEAAAAAAAAAAAAAAAAAAAAAGBEHRlc3RAZXhhbXBsZS5vcmeGI2h0dHBzOi8vZXhhbXBsZS5vcmcvdGVzdC9pbmRleC5odG1s'
)
# Basic Constraints
- result.extensions_by_oid['2.5.29.19'].critical == true
- result.extensions_by_oid['2.5.29.19'].value == 'MAYBAf8CARc='
# Extended Key Usage
- result.extensions_by_oid['2.5.29.37'].critical == false
- result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='
- name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier
assert:
that:
- result.subject_key_identifier == "00:11:22:33"
- result.authority_key_identifier == "44:55:66:77"
- result.authority_cert_issuer == expected_authority_cert_issuer
- result.authority_cert_serial_number == 12345
# Subject Key Identifier
- result.extensions_by_oid['2.5.29.14'].critical == false
# Authority Key Identifier
- result.extensions_by_oid['2.5.29.35'].critical == false
vars:
expected_authority_cert_issuer:
- "DNS:ca.example.org"
- "IP:1.2.3.4"
when: cryptography_version.stdout is version('1.3', '>=')
- name: ({{select_crypto_backend}}) Read file
slurp:
src: '{{ remote_tmp_dir }}/cert_1.pem'
register: slurp
- name: ({{select_crypto_backend}}) Get certificate info directly
x509_certificate_info:
content: '{{ slurp.content | b64decode }}'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result_direct
- name: ({{select_crypto_backend}}) Compare output of direct and loaded info
assert:
that:
- >-
(result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict)
==
(result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict)
- name: ({{select_crypto_backend}}) Get certificate info
x509_certificate_info:
path: '{{ remote_tmp_dir }}/cert_2.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
valid_at:
today: "+0d"
past: "20190101235901Z"
twentydays: "+20d"
register: result
- assert:
that:
- result.valid_at.today
- not result.valid_at.past
- not result.valid_at.twentydays
- name: ({{select_crypto_backend}}) Get certificate info
x509_certificate_info:
path: '{{ remote_tmp_dir }}/cert_3.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check AuthorityKeyIdentifier
assert:
that:
- result.authority_key_identifier is none
- result.authority_cert_issuer == expected_authority_cert_issuer
- result.authority_cert_serial_number == 12345
vars:
expected_authority_cert_issuer:
- "DNS:ca.example.org"
- "IP:1.2.3.4"
when: cryptography_version.stdout is version('1.3', '>=')
- name: ({{select_crypto_backend}}) Get certificate info
x509_certificate_info:
path: '{{ remote_tmp_dir }}/cert_4.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check AuthorityKeyIdentifier
assert:
that:
- result.authority_key_identifier == "44:55:66:77"
- result.authority_cert_issuer is none
- result.authority_cert_serial_number is none
when: cryptography_version.stdout is version('1.3', '>=')
- name: Copy packed cert 1 to remote
copy:
src: cert1.pem
dest: '{{ remote_tmp_dir }}/packed-cert-1.pem'
- name: ({{select_crypto_backend}}) Get certificate info for packaged cert 1
x509_certificate_info:
path: '{{ remote_tmp_dir }}/packed-cert-1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check extensions
assert:
that:
- "'ocsp_uri' in result"
- "result.ocsp_uri == 'http://ocsp.foobarbaz.example.com'"
- "'issuer_uri' in result"
- "result.issuer_uri == 'http://cert.foobarbaz.example.com/inter.pem'"
- result.extensions_by_oid | length == 9
# Precert Signed Certificate Timestamps
- result.extensions_by_oid['1.3.6.1.4.1.11129.2.4.2'].critical == false
- >-
result.extensions_by_oid['1.3.6.1.4.1.11129.2.4.2'].value ==
'BIHvAO0AdADd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAAAZYL7QgtAAAEAwBFMEMCIAXku/W4fMbkoOkHguRt8RfxVy6dgwpi9A8IDTRkOn1XAh9g9RjiBvMJdM/+UQS+WNXaxOqA5JzUfvCFjbYLbEZ5AHUADeHyMCvTDcFAYhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQAAAGWC+0H2AAABAMARjBEAiB26F5G8YPuZ11gAfEXqAFpVk01VcbOsS6w3dn2CJf6zgIgeEWCpg9tsQ8dB7/hU1zOmkZom62VDXvk8Cs+yscbQq4='
# Authority Information Access
- result.extensions_by_oid['1.3.6.1.5.5.7.1.1'].critical == false
- result.extensions_by_oid['1.3.6.1.5.5.7.1.1'].value == 'MGgwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmZvb2JhcmJhei5leGFtcGxlLmNvbTA3BggrBgEFBQcwAoYraHR0cDovL2NlcnQuZm9vYmFyYmF6LmV4YW1wbGUuY29tL2ludGVyLnBlbQ=='
# Subject Key Identifier
- result.extensions_by_oid['2.5.29.14'].critical == false
- result.extensions_by_oid['2.5.29.14'].value == 'BBSq0oNG47DU/2s2mDG6sXXx3vBVoA=='
# Key Usage
- result.extensions_by_oid['2.5.29.15'].critical == true
- result.extensions_by_oid['2.5.29.15'].value == 'AwIFoA=='
# Subject Alternative Names
- result.extensions_by_oid['2.5.29.17'].critical == false
- result.extensions_by_oid['2.5.29.17'].value == 'MHWCC2V4YW1wbGUubmV0gg93d3cuZXhhbXBsZS5uZXSCD2Zvby5leGFtcGxlLm5ldIIPYmFyLmV4YW1wbGUubmV0gg9iYXouZXhhbXBsZS5uZXSCD2JhbS5leGFtcGxlLm5ldIIRKi5iYW0uZXhhbXBsZS5uZXQ='
# Basic Constraints
- result.extensions_by_oid['2.5.29.19'].critical == true
- result.extensions_by_oid['2.5.29.19'].value == 'MAA='
# Certificate Policies
- result.extensions_by_oid['2.5.29.32'].critical == false
- result.extensions_by_oid['2.5.29.32'].value == 'MHMwCAYGZ4EMAQIBMGcGCysGAQQBgt8TAQEBMFgwNgYIKwYBBQUHAgEWKmh0dHA6Ly9jcHMuZm9vYmFyYmF6LmV4YW1wbGUuY29tL3NvbWV0aGluZzAeBggrBgEFBQcCAjASDBBCbGFibGEgd2hhdGV2ZXIu'
# Authority Key Identifier
- result.extensions_by_oid['2.5.29.35'].critical == false
- result.extensions_by_oid['2.5.29.35'].value == 'MBaAFGgVOaTes3MnP1bD3KkShc1RApS4'
# Extended Key Usage
- result.extensions_by_oid['2.5.29.37'].critical == false
- result.extensions_by_oid['2.5.29.37'].value == 'MBQGCCsGAQUFBwMBBggrBgEFBQcDAg=='
- name: Check fingerprints
assert:
that:
- (result.fingerprints.sha256 == '08:26:60:3d:29:11:f2:88:09:3f:40:71:bb:67:cb:59:9c:6e:cf:e0:49:22:ab:e8:60:bd:f6:9a:01:e3:0e:2c' if result.fingerprints.sha256 is defined else true)
- (result.fingerprints.sha1 == '5a:32:7f:22:61:f3:2e:ad:a7:d8:77:07:1c:7f:08:cd:ab:7f:bc:11' if result.fingerprints.sha1 is defined else true)
Reference in New Issue View Git Blame Copy Permalink