ansible/test/integration/targets/openssl_certificate/tests/validate_selfsigned.yml

165 lines
7.7 KiB
YAML
Raw Normal View History

---
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
register: privatekey_modulus
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certificate modulus)
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert.pem'
register: cert_modulus
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - issuer value)
shell: 'openssl x509 -noout -in {{ output_dir}}/cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g; s/ //g;"'
register: cert_issuer
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certficate version == default == 3)
shell: 'openssl x509 -noout -in {{ output_dir}}/cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
register: cert_version
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (assert)
assert:
that:
- cert_modulus.stdout == privatekey_modulus.stdout
- cert_version.stdout == '3'
- cert_issuer.stdout == 'CN=www.example.com'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate idempotence
assert:
that:
- selfsigned_certificate.serial_number == selfsigned_certificate_idempotence.serial_number
- selfsigned_certificate.notBefore == selfsigned_certificate_idempotence.notBefore
- selfsigned_certificate.notAfter == selfsigned_certificate_idempotence.notAfter
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate data retrieval
assert:
that:
- selfsigned_certificate.certificate == lookup('file', output_dir ~ '/cert.pem', rstrip=False)
- selfsigned_certificate.certificate == selfsigned_certificate_idempotence.certificate
- name: Make sure that changes in CSR are detected even if private key is specified
assert:
that:
- selfsigned_certificate_csr_minimal_change is changed
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- block:
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate v2 (test - certificate version == 2)
shell: 'openssl x509 -noout -in {{ output_dir}}/cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
register: cert_v2_version
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate version 2 (assert)
assert:
that:
- cert_v2_version.stdout == '2'
when: select_crypto_backend != 'cryptography'
- block:
- name: (Selfsigned validateion, {{ select_crypto_backend }} Validate certificate v2 is failed
assert:
that:
- selfsigned_v2_cert is failed
- "'The cryptography backend does not support v2 certificates' in selfsigned_v2_cert.msg"
when: select_crypto_backend == 'cryptography'
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey2.pem'
register: privatekey2_modulus
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (test - certificate modulus)
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert2.pem'
register: cert2_modulus
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (assert)
assert:
that:
- cert2_modulus.stdout == privatekey2_modulus.stdout
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (test - notBefore)
shell: 'openssl x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"'
register: cert3_notBefore
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (test - notAfter)
shell: 'openssl x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"'
register: cert3_notAfter
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (assert - notBefore)
assert:
that:
- cert3_notBefore.stdout == 'Oct 23 13:37:42 2018'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (assert - notAfter)
assert:
that:
- cert3_notAfter.stdout == 'Oct 23 13:37:42 2019'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (test - privatekey's pubkey)
shell: 'openssl ec -pubout -in {{ output_dir }}/privatekey_ecc.pem'
register: privatekey_ecc_pubkey
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (test - certificate pubkey)
shell: 'openssl x509 -noout -pubkey -in {{ output_dir }}/cert_ecc.pem'
register: cert_ecc_pubkey
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (assert)
assert:
that:
- cert_ecc_pubkey.stdout == privatekey_ecc_pubkey.stdout
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
2019-03-22 14:21:23 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}})
assert:
that:
- passphrase_error_1 is failed
- "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
- passphrase_error_2 is failed
- "'assphrase' in passphrase_error_2.msg or 'assword' in passphrase_error_2.msg or 'serializ' in passphrase_error_2.msg"
- passphrase_error_3 is failed
- "'assphrase' in passphrase_error_3.msg or 'assword' in passphrase_error_3.msg or 'serializ' in passphrase_error_3.msg"
- name: (Selfsigned validation, {{select_crypto_backend}}) Verify that broken certificate will be regenerated
assert:
that:
- selfsigned_broken is changed
2019-03-30 15:38:43 +01:00
- name: (Selfsigned validation, {{select_crypto_backend}}) Check backup
2019-03-30 15:38:43 +01:00
assert:
that:
- selfsigned_backup_1 is changed
- selfsigned_backup_1.backup_file is undefined
- selfsigned_backup_2 is not changed
- selfsigned_backup_2.backup_file is undefined
- selfsigned_backup_3 is changed
- selfsigned_backup_3.backup_file is string
- selfsigned_backup_4 is changed
- selfsigned_backup_4.backup_file is string
- selfsigned_backup_5 is not changed
- selfsigned_backup_5.backup_file is undefined
- name: (Selfsigned validation, {{select_crypto_backend}}) Check create subject key identifier
assert:
that:
- selfsigned_subject_key_identifier_1 is changed
- selfsigned_subject_key_identifier_2 is not changed
- selfsigned_subject_key_identifier_3 is changed
- selfsigned_subject_key_identifier_4 is not changed
- selfsigned_subject_key_identifier_5 is changed
when: select_crypto_backend != 'pyopenssl'
- name: (Selfsigned validation, {{select_crypto_backend}}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.6, < 2.8)
assert:
that:
- selfsigned_certificate_ed25519_ed448.results[0] is failed
- selfsigned_certificate_ed25519_ed448.results[1] is failed
- selfsigned_certificate_ed25519_ed448_idempotence.results[0] is failed
- selfsigned_certificate_ed25519_ed448_idempotence.results[1] is failed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=') and cryptography_version.stdout is version('2.8', '<')
- name: (Selfsigned validation, {{select_crypto_backend}}) Verify Ed25519 and Ed448 tests (for cryptography >= 2.8)
assert:
that:
- selfsigned_certificate_ed25519_ed448 is succeeded
- selfsigned_certificate_ed25519_ed448.results[0] is changed
- selfsigned_certificate_ed25519_ed448.results[1] is changed
- selfsigned_certificate_ed25519_ed448_idempotence is succeeded
- selfsigned_certificate_ed25519_ed448_idempotence.results[0] is not changed
- selfsigned_certificate_ed25519_ed448_idempotence.results[1] is not changed
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.8', '>=')