community.crypto/tests/integration/targets/openssl_csr_info/tasks/impl.yml

---
- debug:
    msg: "Executing tests with backend {{ select_crypto_backend }}"

- name: "({{ select_crypto_backend }}) Get CSR info"
  openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_1.csr'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: "({{ select_crypto_backend }}) Check whether subject and extensions behaves as expected"
  assert:
    that:
      - result.subject.organizationalUnitName == 'ACME Department'
      - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
      - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
      - result.public_key_type == 'RSA'
      - result.public_key_data.size == default_rsa_key_size
      # TLS Feature
      - result.extensions_by_oid['1.3.6.1.5.5.7.1.24'].critical == false
      - result.extensions_by_oid['1.3.6.1.5.5.7.1.24'].value == 'MAMCAQU='
      # Key Usage
      - result.extensions_by_oid['2.5.29.15'].critical == true
      - result.extensions_by_oid['2.5.29.15'].value in ['AwMA/4A=', 'AwMH/4A=']
      # Subject Alternative Names
      - result.extensions_by_oid['2.5.29.17'].critical == false
      - result.extensions_by_oid['2.5.29.17'].value == 'MGCCD3d3dy5hbnNpYmxlLmNvbYcEAQIDBIcQAAAAAAAAAAAAAAAAAAAAAYEQdGVzdEBleGFtcGxlLm9yZ4YjaHR0cHM6Ly9leGFtcGxlLm9yZy90ZXN0L2luZGV4Lmh0bWw='
      # Basic Constraints
      - result.extensions_by_oid['2.5.29.19'].critical == true
      - result.extensions_by_oid['2.5.29.19'].value == 'MAYBAf8CARc='
      # Extended Key Usage
      - result.extensions_by_oid['2.5.29.37'].critical == false
      - result.extensions_by_oid['2.5.29.37'].value == 'MHQGCCsGAQUFBwMBBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUFBwMJBgRVHSUABggrBgEFBQcBAwYIKwYBBQUHAwoGCCsGAQUFBwMHBggrBgEFBQcBAg=='

- name: "({{ select_crypto_backend }}) Check SubjectKeyIdentifier and AuthorityKeyIdentifier"
  assert:
    that:
      - result.subject_key_identifier == "00:11:22:33"
      - result.authority_key_identifier == "44:55:66:77"
      - result.authority_cert_issuer == expected_authority_cert_issuer
      - result.authority_cert_serial_number == 12345
      # Subject Key Identifier
      - result.extensions_by_oid['2.5.29.14'].critical == false
      # Authority Key Identifier
      - result.extensions_by_oid['2.5.29.35'].critical == false
  vars:
    expected_authority_cert_issuer:
      - "DNS:ca.example.org"
      - "IP:1.2.3.4"
  when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')

- name: "({{ select_crypto_backend }}) Update result list"
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: "({{ select_crypto_backend }}) Read CSR"
  slurp:
    src: '{{ remote_tmp_dir }}/csr_1.csr'
  register: slurp

- name: "({{ select_crypto_backend }}) Get CSR info directly"
  openssl_csr_info:
    content: '{{ slurp.content | b64decode }}'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result_direct

- name: "({{ select_crypto_backend }}) Compare output of direct and loaded info"
  assert:
    that:
      - result == result_direct

- name: "({{ select_crypto_backend }}) Get CSR info"
  openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_2.csr'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: "({{ select_crypto_backend }}) Update result list"
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: "({{ select_crypto_backend }}) Get CSR info"
  openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_3.csr'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
  assert:
    that:
      - result.authority_key_identifier is none
      - result.authority_cert_issuer == expected_authority_cert_issuer
      - result.authority_cert_serial_number == 12345
  vars:
    expected_authority_cert_issuer:
      - "DNS:ca.example.org"
      - "IP:1.2.3.4"
  when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')

- name: "({{ select_crypto_backend }}) Update result list"
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: "({{ select_crypto_backend }}) Get CSR info"
  openssl_csr_info:
    path: '{{ remote_tmp_dir }}/csr_4.csr'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: "({{ select_crypto_backend }}) Check AuthorityKeyIdentifier"
  assert:
    that:
      - result.authority_key_identifier == "44:55:66:77"
      - result.authority_cert_issuer is none
      - result.authority_cert_serial_number is none
  when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')

- name: "({{ select_crypto_backend }}) Update result list"
  set_fact:
    info_results: "{{ info_results + [result] }}"