Commit graph

11 commits

Author SHA1 Message Date
Felix Fontein
16d4d2dba9
acme_certificate: add select_chain option (#60710)
* Add select_alternate_chain option.

* Fix docs.

* Allow to match via subject key identifier and authority key identifier.

* Simplify test.

* Add comments.

* Add tests.

* Fix bugs.

* Also consider main chain when searching for alternatives.

* Bump version_added.

* Rename select_alternate_chain -> select_chain.
2019-10-29 08:09:15 +01:00
Felix Fontein
4551965af1 ACME modules: bump test container version (#61192)
* Fix root cert path.

* Bump testing container version.

* Improve check (needed due to letsencrypt/pebble#257).
2019-08-23 15:30:28 -07:00
Felix Fontein
8b68feb67e
acme_certificate: allow to download alternate certificate chains (#56334)
* Improve link handling.

* Also fetch alternate certificate chains.

* Add retrieve_all_alternates option.

* Simplify code.

* Forgot when condition.

* Add tests for retrieve_all_alternates.

* Fixes.

* Moved utility function for link parsing to module_utils.

* Fix grammar.
2019-08-09 23:54:48 +02:00
Felix Fontein
c50a75a41e
acme_*: new test container, tests for IP certificates (#57530)
* Bump container version.

* Use new URLs.

* Add IP certificate tests.

* Disable IPv6 IP from IP certificate.

Background: in CI, the ACME test container apparently has no IPv6 support.
Without IPv6 support, Pebble can't connect to validate, and thus validation
fails.
2019-06-08 14:02:44 +02:00
Felix Fontein
d2f524fb27 Use {{ ansible_python.executable }} instead of python in integration tests. (#47340) 2018-10-19 09:00:34 +02:00
Felix Fontein
960d99a785 ACME: new helper module for ACME challenges which need TLS certs (#43756)
* Added helper module for generating ACME challenge certificates.

* Soft-fail on missing cryptography. Also check version.

* Adding integration test.

* Move acme_challenge_cert_helper from web_infrastructure to crypto/acme.

* Adjusting to draft-05.

* The cryptography branch has already been merged.
2018-08-22 23:12:43 +02:00
Felix Fontein
cfba02bc3b Allowing to force account URI. (#44282) 2018-08-17 07:43:38 +02:00
Felix Fontein
d8d366ef37 ACME: using new acme-test-container (#44095)
* Using new acme-test-container image.

* Add test for cleaning account contacts.
2018-08-14 07:35:15 -07:00
Felix Fontein
aef16ee195 ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170)
* Collecting PEM -> DER conversions.

* Using cryptography instead of OpenSSL binary in some situations.

* Moving key-to-disk writing for key content to parse_account_key.

* Rename parse_account_key -> parse_key.

* Move OpenSSL specific code for key parsing and request signing into global functions.

* Also using cryptography for key parsing and request signing.

* Remove assert statements.

* Fixing handling of key contents for cryptography code path.

* Allow to disable the use of cryptography.

* Updating documentation.

* 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments.

* Changing option to select_crypto_backend.

* Python 2.6 compatibility.

* Trying to test both backends separately for acme_account.

* Also testing both backends separately for acme_certificate and acme_certificate_revoke.

* Adding changelog entry which informs about select_crypto_backend option in case autodetect fails.

* Fixing YAML.
2018-08-12 19:12:01 +02:00
Felix Fontein
7b7709ae75 ACME: support for TLS-ALPN-01 (#42158)
* Added support for TLS-ALPN-01 verification.

* Unrelated commit to re-trigger tests.

* Added test for TLS-ALPN-01.

* Try to remove to_bytes in the hope that binary data survives in Python 2.

* Using Base64 encoding for TLS-ALPN-01 value.
2018-08-07 08:52:22 +02:00
Felix Fontein
d4c16f51be New acme_* integration test using ACME test docker container (#41626)
* Using ACME test container for acme_account integration test.

* Removing dependency on setup_openssl. Waiting for controller and Pebble.

* More tinkering.

* Reducing number of tries.

* One more try.

* Another try.

* Added acme_certificate tests.

* Removed double key.

* Added tests for acme_certificate_revoke.

* Making task names more meaningful (during certificate generation).

* Using newer test container which integrates letsencrypt/pebble#137. Adding test for revoking certificate by its private key.

* Using new version of Pebble which limits the random auth delay.

* Simplifying certificates for revocation tests.

* Reworking acme_certificate tests (there are now more, but they are faster).

* Test whether account_key_content works.

* Preparing TLS-ALPN-01 support.

* Using official Ansible image of testing container on quay.io.

* Bumping version.

* Bumping version of test container to 1.1.0.

* Adjusting to new CI group names.

* Pass ACME simulator IP as playbook variable.

* Let test plugin wait for controller and CA endpoints to become active.

* Refactor common setup parts of tests to setup_acme.

* _ -> dummy

* Moving common obtain-cert.yml to setup_acme.
2018-07-30 11:10:17 -07:00