internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-03-26 21:33:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b5a9a419135aa9404d9fcf76723ee14efc7ff68c
community.crypto/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml
Felix Fontein b5a9a41913 Use ansible_facts.xxx instead of ansible_xxx. (#980)
2026-02-07 16:12:21 +01:00

234 lines
8.3 KiB
YAML
Raw Blame History

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- ansible.builtin.debug:
msg: "Executing tests with backend {{ select_crypto_backend }}"
- name: ({{ select_crypto_backend }}) Get key 1 info
community.crypto.openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_1.pem'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check that RSA key info is ok
ansible.builtin.assert:
that:
- "'public_key' in result"
- "'public_key_fingerprints' in result"
- "'type' in result"
- "result.type == 'RSA'"
- "'public_data' in result"
- "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size"
- "result.public_data.exponent > 5"
- "'private_data' not in result"
- name: ({{ select_crypto_backend }}) Read private key
ansible.builtin.slurp:
src: '{{ remote_tmp_dir }}/privatekey_1.pem'
register: slurp
- name: ({{ select_crypto_backend }}) Get key 1 info directly
community.crypto.openssl_privatekey_info:
content: '{{ slurp.content | b64decode }}'
select_crypto_backend: '{{ select_crypto_backend }}'
register: result_direct
- name: ({{ select_crypto_backend }}) Compare output of direct and loaded info
ansible.builtin.assert:
that:
- >-
(result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict)
==
(result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict)
- name: ({{ select_crypto_backend }}) Get key 2 info
community.crypto.openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_2.pem'
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check that RSA key info is ok
ansible.builtin.assert:
that:
- "'public_key' in result"
- "'public_key_fingerprints' in result"
- "'type' in result"
- "result.type == 'RSA'"
- "'public_data' in result"
- "result.public_data.size == default_rsa_key_size"
- "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size"
- "result.public_data.exponent > 5"
- "'private_data' in result"
- "result.public_data.modulus == result.private_data.p * result.private_data.q"
- "result.private_data.exponent > 5"
- name: ({{ select_crypto_backend }}) Get key 3 info (without passphrase)
community.crypto.openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_3.pem'
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: true
register: result
- name: Check that loading passphrase protected key without passphrase failed
ansible.builtin.assert:
that:
- result is failed
# Check that return values are there
- result.can_load_key is defined
- result.can_parse_key is defined
# Check that return values are correct
- result.can_load_key
- not result.can_parse_key
# Check that additional data isn't there
- "'pulic_key' not in result"
- "'pulic_key_fingerprints' not in result"
- "'type' not in result"
- "'public_data' not in result"
- "'private_data' not in result"
- name: ({{ select_crypto_backend }}) Get key 3 info (with wrong passphrase)
community.crypto.openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_3.pem'
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
passphrase: blabla
ignore_errors: true
register: result
- name: Check that loading passphrase protected key with wrong passphrase failed
ansible.builtin.assert:
that:
- result is failed
# Check that return values are there
- result.can_load_key is defined
- result.can_parse_key is defined
# Check that return values are correct
- result.can_load_key
- not result.can_parse_key
# Check that additional data isn't there
- "'pulic_key' not in result"
- "'pulic_key_fingerprints' not in result"
- "'type' not in result"
- "'public_data' not in result"
- "'private_data' not in result"
- name: ({{ select_crypto_backend }}) Get key 3 info (with passphrase)
community.crypto.openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_3.pem'
passphrase: hunter2
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check that RSA key info is ok
ansible.builtin.assert:
that:
- "'public_key' in result"
- "'public_key_fingerprints' in result"
- "'type' in result"
- "result.type == 'RSA'"
- "'public_data' in result"
- "2 ** (result.public_data.size - 1) < result.public_data.modulus < 2 ** result.public_data.size"
- "result.public_data.exponent > 5"
- "'private_data' in result"
- "result.public_data.modulus == result.private_data.p * result.private_data.q"
- "result.private_data.exponent > 5"
- name: ({{ select_crypto_backend }}) Get key 4 info
community.crypto.openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_4.pem'
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check that ECC key info is ok
ansible.builtin.assert:
that:
- "'public_key' in result"
- "'public_key_fingerprints' in result"
- "'type' in result"
- "result.type == 'ECC'"
- "'public_data' in result"
- "result.public_data.curve is string"
- "result.public_data.x != 0"
- "result.public_data.y != 0"
- "result.public_data.exponent_size == (521 if (ansible_facts.distribution == 'CentOS' and ansible_facts.distribution_major_version == '6') else 256)"
- "'private_data' in result"
- "result.private_data.multiplier > 1024"
- name: ({{ select_crypto_backend }}) Get key 5 info
community.crypto.openssl_privatekey_info:
path: '{{ remote_tmp_dir }}/privatekey_5.pem'
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check that DSA key info is ok
ansible.builtin.assert:
that:
- "'public_key' in result"
- "'public_key_fingerprints' in result"
- "'type' in result"
- "result.type == 'DSA'"
- "'public_data' in result"
- "result.public_data.p > 2"
- "result.public_data.q > 2"
- "result.public_data.g >= 2"
- "result.public_data.y > 2"
- "'private_data' in result"
- "result.private_data.x > 2"
- name: ({{ select_crypto_backend }}) Get empty key info
community.crypto.openssl_privatekey_info:
content: ''
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
ignore_errors: true
- name: Check that empty key loading failed
ansible.builtin.assert:
that:
- result is failed
# Check that return values are there
- result.can_load_key is defined
- result.can_parse_key is defined
# Check that return values are correct
- result.can_load_key
- not result.can_parse_key
# Check that additional data isn't there
- "'pulic_key' not in result"
- "'pulic_key_fingerprints' not in result"
- "'type' not in result"
- "'public_data' not in result"
- "'private_data' not in result"
- name: ({{ select_crypto_backend }}) Get corrupt key info
community.crypto.openssl_privatekey_info:
content: C0RRUPT
return_private_key_data: true
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
ignore_errors: true
- name: Check that corrupt key loading failed
ansible.builtin.assert:
that:
- result is failed
# Check that return values are there
- result.can_load_key is defined
- result.can_parse_key is defined
# Check that return values are correct
- result.can_load_key
- not result.can_parse_key
# Check that additional data isn't there
- "'pulic_key' not in result"
- "'pulic_key_fingerprints' not in result"
- "'type' not in result"
- "'public_data' not in result"
- "'private_data' not in result"
Reference in New Issue View Git Blame Copy Permalink