2019-03-02 00:37:28 +01:00
|
|
|
---
|
2019-03-22 14:21:23 +01:00
|
|
|
- name: (Expired, {{select_crypto_backend}}) Generate privatekey
|
2019-03-02 00:37:28 +01:00
|
|
|
openssl_privatekey:
|
|
|
|
path: '{{ output_dir }}/has_expired_privatekey.pem'
|
|
|
|
|
2019-03-22 14:21:23 +01:00
|
|
|
- name: (Expired, {{select_crypto_backend}}) Generate CSR
|
2019-03-02 00:37:28 +01:00
|
|
|
openssl_csr:
|
|
|
|
path: '{{ output_dir }}/has_expired_csr.csr'
|
|
|
|
privatekey_path: '{{ output_dir }}/has_expired_privatekey.pem'
|
|
|
|
subject:
|
|
|
|
commonName: www.example.com
|
|
|
|
|
2019-03-22 14:21:23 +01:00
|
|
|
- name: (Expired, {{select_crypto_backend}}) Generate expired selfsigned certificate
|
2019-03-02 00:37:28 +01:00
|
|
|
openssl_certificate:
|
|
|
|
path: '{{ output_dir }}/has_expired_cert.pem'
|
|
|
|
csr_path: '{{ output_dir }}/has_expired_csr.csr'
|
|
|
|
privatekey_path: '{{ output_dir }}/has_expired_privatekey.pem'
|
|
|
|
provider: selfsigned
|
|
|
|
selfsigned_digest: sha256
|
|
|
|
selfsigned_not_after: "-1s"
|
2019-03-22 14:21:23 +01:00
|
|
|
selfsigned_not_before: "-100s"
|
|
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
|
|
|
when: select_crypto_backend == 'pyopenssl' # cryptography won't allow creating expired certificates
|
2019-03-02 00:37:28 +01:00
|
|
|
|
2019-03-22 14:21:23 +01:00
|
|
|
- name: (Expired, {{select_crypto_backend}}) Generate expired selfsigned certificate
|
|
|
|
command: "openssl x509 -req -days -1 -in {{ output_dir }}/has_expired_csr.csr -signkey {{ output_dir }}/has_expired_privatekey.pem -out {{ output_dir }}/has_expired_cert.pem"
|
|
|
|
when: select_crypto_backend == 'cryptography' # So we create it with 'command'
|
|
|
|
|
|
|
|
- name: "(Expired) Check task fails because cert is expired (has_expired: false)"
|
2019-03-02 00:37:28 +01:00
|
|
|
openssl_certificate:
|
|
|
|
provider: assertonly
|
|
|
|
path: "{{ output_dir }}/has_expired_cert.pem"
|
|
|
|
has_expired: false
|
2019-03-22 14:21:23 +01:00
|
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
2019-03-02 00:37:28 +01:00
|
|
|
ignore_errors: true
|
|
|
|
register: expired_cert_check
|
|
|
|
|
2019-03-22 14:21:23 +01:00
|
|
|
- name: (Expired, {{select_crypto_backend}}) Ensure previous task failed
|
2019-03-02 00:37:28 +01:00
|
|
|
assert:
|
|
|
|
that: expired_cert_check is failed
|
|
|
|
|
2019-03-22 14:21:23 +01:00
|
|
|
- name: "(Expired) Check expired cert check is ignored (has_expired: true)"
|
2019-03-02 00:37:28 +01:00
|
|
|
openssl_certificate:
|
|
|
|
provider: assertonly
|
|
|
|
path: "{{ output_dir }}/has_expired_cert.pem"
|
|
|
|
has_expired: true
|
2019-03-22 14:21:23 +01:00
|
|
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
2019-03-02 00:37:28 +01:00
|
|
|
register: expired_cert_skip
|