From 5b1c68579d3e8ecc28a6b85383a85c1f279da63c Mon Sep 17 00:00:00 2001 From: s3lph <5564491+s3lph@users.noreply.github.com> Date: Fri, 26 Oct 2018 05:41:00 +0200 Subject: [PATCH] Type error in openssl_certificate (#47508) * Fixed #47505: Type error in openssl_certificate * Use to_bytes instead of str.encode in SelfSignedCertificate. Updates #47508 * Use to_bytes instead of str.encode in OwnCACertificate * Added integration tests for openssl_certificate: selfsigned_not_before/after and ownca_not_before/after --- .../modules/crypto/openssl_certificate.py | 8 ++++---- .../openssl_certificate/tasks/ownca.yml | 11 ++++++++++ .../openssl_certificate/tasks/selfsigned.yml | 20 +++++++++++++++++++ .../tests/validate_ownca.yml | 18 +++++++++++++++++ .../tests/validate_selfsigned.yml | 18 +++++++++++++++++ 5 files changed, 71 insertions(+), 4 deletions(-) diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index b29afccf6a2..d2790db7b0b 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -521,11 +521,11 @@ class SelfSignedCertificate(Certificate): cert = crypto.X509() cert.set_serial_number(self.serial_number) if self.notBefore: - cert.set_notBefore(self.notBefore) + cert.set_notBefore(to_bytes(self.notBefore)) else: cert.gmtime_adj_notBefore(0) if self.notAfter: - cert.set_notAfter(self.notAfter) + cert.set_notAfter(to_bytes(self.notAfter)) else: # If no NotAfter specified, expire in # 10 years. 315360000 is 10 years in seconds. @@ -618,11 +618,11 @@ class OwnCACertificate(Certificate): cert = crypto.X509() cert.set_serial_number(self.serial_number) if self.notBefore: - cert.set_notBefore(self.notBefore.encode()) + cert.set_notBefore(to_bytes(self.notBefore)) else: cert.gmtime_adj_notBefore(0) if self.notAfter: - cert.set_notAfter(self.notAfter.encode()) + cert.set_notAfter(to_bytes(self.notAfter)) else: # If no NotAfter specified, expire in # 10 years. 315360000 is 10 years in seconds. diff --git a/test/integration/targets/openssl_certificate/tasks/ownca.yml b/test/integration/targets/openssl_certificate/tasks/ownca.yml index 9f7dbbff5c8..63edbd26104 100644 --- a/test/integration/targets/openssl_certificate/tasks/ownca.yml +++ b/test/integration/targets/openssl_certificate/tasks/ownca.yml @@ -116,4 +116,15 @@ issuer: commonName: Example CA +- name: Create ownca certificate with notBefore and notAfter + openssl_certificate: + provider: ownca + ownca_not_before: 20181023133742Z + ownca_not_after: 20191023133742Z + path: "{{ output_dir }}/ownca_cert3.pem" + csr_path: "{{ output_dir }}/csr.csr" + privatekey_path: "{{ output_dir }}/privatekey3.pem" + ownca_path: '{{ output_dir }}/ca_cert.pem' + ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem' + - import_tasks: ../tests/validate_ownca.yml diff --git a/test/integration/targets/openssl_certificate/tasks/selfsigned.yml b/test/integration/targets/openssl_certificate/tasks/selfsigned.yml index 82b290dbe0f..b57a11f196b 100644 --- a/test/integration/targets/openssl_certificate/tasks/selfsigned.yml +++ b/test/integration/targets/openssl_certificate/tasks/selfsigned.yml @@ -114,4 +114,24 @@ - ipsecUser - biometricInfo +- name: Create private key 3 + openssl_privatekey: + path: "{{ output_dir }}/privatekey3.pem" + +- name: Create CSR 3 + openssl_csr: + subject: + CN: www.example.com + privatekey_path: "{{ output_dir }}/privatekey3.pem" + path: "{{ output_dir }}/csr3.pem" + +- name: Create certificate3 with notBefore and notAfter + openssl_certificate: + provider: selfsigned + selfsigned_not_before: 20181023133742Z + selfsigned_not_after: 20191023133742Z + path: "{{ output_dir }}/cert3.pem" + csr_path: "{{ output_dir }}/csr3.pem" + privatekey_path: "{{ output_dir }}/privatekey3.pem" + - import_tasks: ../tests/validate_selfsigned.yml diff --git a/test/integration/targets/openssl_certificate/tests/validate_ownca.yml b/test/integration/targets/openssl_certificate/tests/validate_ownca.yml index 779452fb181..d54287ecd98 100644 --- a/test/integration/targets/openssl_certificate/tests/validate_ownca.yml +++ b/test/integration/targets/openssl_certificate/tests/validate_ownca.yml @@ -47,3 +47,21 @@ assert: that: - ownca_cert2_modulus.stdout == privatekey2_modulus.stdout + +- name: Validate owncal certificate3 (test - notBefore) + shell: 'openssl x509 -noout -in {{ output_dir }}/ownca_cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' + register: ownca_cert3_notBefore + +- name: Validate ownca certificate3 (test - notAfter) + shell: 'openssl x509 -noout -in {{ output_dir }}/ownca_cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' + register: ownca_cert3_notAfter + +- name: Validate ownca certificate3 (assert - notBefore) + assert: + that: + - ownca_cert3_notBefore.stdout == 'Oct 23 13:37:42 2018' + +- name: Validate ownca certificate3 (assert - notAfter) + assert: + that: + - ownca_cert3_notAfter.stdout == 'Oct 23 13:37:42 2019' diff --git a/test/integration/targets/openssl_certificate/tests/validate_selfsigned.yml b/test/integration/targets/openssl_certificate/tests/validate_selfsigned.yml index de37106945e..f98d6f191e7 100644 --- a/test/integration/targets/openssl_certificate/tests/validate_selfsigned.yml +++ b/test/integration/targets/openssl_certificate/tests/validate_selfsigned.yml @@ -50,3 +50,21 @@ assert: that: - cert2_modulus.stdout == privatekey2_modulus.stdout + +- name: Validate certificate3 (test - notBefore) + shell: 'openssl x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"' + register: cert3_notBefore + +- name: Validate certificate3 (test - notAfter) + shell: 'openssl x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"' + register: cert3_notAfter + +- name: Validate certificate3 (assert - notBefore) + assert: + that: + - cert3_notBefore.stdout == 'Oct 23 13:37:42 2018' + +- name: Validate certificate3 (assert - notAfter) + assert: + that: + - cert3_notAfter.stdout == 'Oct 23 13:37:42 2019'