openssl_certificate: fix passphrase handling for cryptography backend (#56155)

* Make sure passphrase is bytes string. * Fix typo. * Add more passphrase tests. * Fix test names. * Add changelog.
2026-05-07 05:42:50 +00:00 · 2019-05-08 05:58:15 +02:00
parent 193f69064f
commit 7a957ba64a
5 changed files with 75 additions and 5 deletions
--- a/test/integration/targets/openssl_certificate/tasks/ownca.yml
+++ b/test/integration/targets/openssl_certificate/tasks/ownca.yml
@@ -3,6 +3,13 @@
  openssl_privatekey:
    path: '{{ output_dir }}/ca_privatekey.pem'

+- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey with passphrase
+  openssl_privatekey:
+    path: '{{ output_dir }}/ca_privatekey_pw.pem'
+    passphrase: hunter2
+    cipher: auto
+    select_crypto_backend: cryptography
+
 - name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR
  openssl_csr:
    path: '{{ output_dir }}/ca_csr.csr'
@@ -14,6 +21,18 @@
    - 'CA:TRUE'
    basic_constraints_critical: yes

+- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR (privatekey passphrase)
+  openssl_csr:
+    path: '{{ output_dir }}/ca_csr_pw.csr'
+    privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem'
+    privatekey_passphrase: hunter2
+    subject:
+      commonName: Example CA
+    useCommonNameForSAN: no
+    basic_constraints:
+    - 'CA:TRUE'
+    basic_constraints_critical: yes
+
 - name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate
  openssl_certificate:
    path: '{{ output_dir }}/ca_cert.pem'
@@ -23,6 +42,16 @@
    selfsigned_digest: sha256
    select_crypto_backend: '{{ select_crypto_backend }}'

+- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (privatekey passphrase)
+  openssl_certificate:
+    path: '{{ output_dir }}/ca_cert_pw.pem'
+    csr_path: '{{ output_dir }}/ca_csr_pw.csr'
+    privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem'
+    privatekey_passphrase: hunter2
+    provider: selfsigned
+    selfsigned_digest: sha256
+    select_crypto_backend: '{{ select_crypto_backend }}'
+
 - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
  openssl_certificate:
    path: '{{ output_dir }}/ownca_cert.pem'
@@ -164,6 +193,18 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: ownca_certificate_ecc

+- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned certificate (privatekey passphrase)
+  openssl_certificate:
+    path: '{{ output_dir }}/ownca_cert_ecc_2.pem'
+    csr_path: '{{ output_dir }}/csr_ecc.csr'
+    ownca_path: '{{ output_dir }}/ca_cert_pw.pem'
+    ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem'
+    ownca_privatekey_passphrase: hunter2
+    provider: ownca
+    ownca_digest: sha256
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: selfsigned_certificate_passphrase
+
 - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 1)
  openssl_certificate:
    path: '{{ output_dir }}/ownca_cert_pw1.pem'
@@ -179,7 +220,7 @@

 - name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2)
  openssl_certificate:
-    path: '{{ output_dir }}/ownca_cert_pw1.pem'
+    path: '{{ output_dir }}/ownca_cert_pw2.pem'
    csr_path: '{{ output_dir }}/csr_ecc.csr'
    ownca_path: '{{ output_dir }}/ca_cert.pem'
    ownca_privatekey_path: '{{ output_dir }}/privatekeypw.pem'
--- a/test/integration/targets/openssl_certificate/tasks/selfsigned.yml
+++ b/test/integration/targets/openssl_certificate/tasks/selfsigned.yml
@@ -176,6 +176,25 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: selfsigned_certificate_ecc

+- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR (privatekey passphrase)
+  openssl_csr:
+    path: '{{ output_dir }}/csr_pass.csr'
+    privatekey_path: '{{ output_dir }}/privatekeypw.pem'
+    privatekey_passphrase: hunter2
+    subject:
+      commonName: www.example.com
+
+- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (privatekey passphrase)
+  openssl_certificate:
+    path: '{{ output_dir }}/cert_pass.pem'
+    csr_path: '{{ output_dir }}/csr_pass.csr'
+    privatekey_path: '{{ output_dir }}/privatekeypw.pem'
+    privatekey_passphrase: hunter2
+    provider: selfsigned
+    selfsigned_digest: sha256
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: selfsigned_certificate_passphrase
+
 - name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 1)
  openssl_certificate:
    path: '{{ output_dir }}/cert_pw1.pem'
--- a/test/integration/targets/openssl_csr/tasks/impl.yml
+++ b/test/integration/targets/openssl_csr/tasks/impl.yml
@@ -249,7 +249,15 @@
    cipher: auto
    select_crypto_backend: cryptography

- name: Generate publickey - PEM format
+- name: Generate CSR with privatekey passphrase
+  openssl_csr:
+    path: '{{ output_dir }}/csr_pw.csr'
+    privatekey_path: '{{ output_dir }}/privatekeypw.pem'
+    privatekey_passphrase: hunter2
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: passphrase_1
+
+- name: Generate CSR (failed passphrase 1)
  openssl_csr:
    path: '{{ output_dir }}/csr_pw1.csr'
    privatekey_path: '{{ output_dir }}/privatekey.pem'
@@ -258,7 +266,7 @@
  ignore_errors: yes
  register: passphrase_error_1

- name: Generate publickey - PEM format
+- name: Generate CSR (failed passphrase 2)
  openssl_csr:
    path: '{{ output_dir }}/csr_pw2.csr'
    privatekey_path: '{{ output_dir }}/privatekeypw.pem'
@@ -267,7 +275,7 @@
  ignore_errors: yes
  register: passphrase_error_2

- name: Generate publickey - PEM format
+- name: Generate CSR (failed passphrase 3)
  openssl_csr:
    path: '{{ output_dir }}/csr_pw3.csr'
    privatekey_path: '{{ output_dir }}/privatekeypw.pem'