ansible/test/integration/targets/openssl_certificate_info/tasks/impl.yml

---
- debug:
    msg: "Executing tests with backend {{ select_crypto_backend }}"

- name: ({{select_crypto_backend}}) Get certificate info
  openssl_certificate_info:
    path: '{{ output_dir }}/cert_1.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: Check whether issuer and subject behave as expected
  assert:
    that:
      - result.issuer.organizationalUnitName == 'ACME Department'
      - "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered"
      - "['organizationalUnitName', 'ACME Department'] in result.issuer_ordered"
      - result.subject.organizationalUnitName == 'ACME Department'
      - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
      - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"

- name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier
  assert:
    that:
      - result.subject_key_identifier == "00:11:22:33"
      - result.authority_key_identifier == "44:55:66:77"
      - result.authority_cert_issuer == expected_authority_cert_issuer
      - result.authority_cert_serial_number == 12345
  vars:
    expected_authority_cert_issuer:
      - "DNS:ca.example.org"
      - "IP:1.2.3.4"
  when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')

- name: Update result list
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: ({{select_crypto_backend}}) Get certificate info
  openssl_certificate_info:
    path: '{{ output_dir }}/cert_2.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
    valid_at:
      today: "+0d"
      past: "20190101235901Z"
      twentydays: "+20d"
  register: result
- assert:
    that:
    - result.valid_at.today
    - not result.valid_at.past
    - not result.valid_at.twentydays

- name: Update result list
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: ({{select_crypto_backend}}) Get certificate info
  openssl_certificate_info:
    path: '{{ output_dir }}/cert_3.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: Check AuthorityKeyIdentifier
  assert:
    that:
      - result.authority_key_identifier is none
      - result.authority_cert_issuer == expected_authority_cert_issuer
      - result.authority_cert_serial_number == 12345
  vars:
    expected_authority_cert_issuer:
      - "DNS:ca.example.org"
      - "IP:1.2.3.4"
  when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')

- name: Update result list
  set_fact:
    info_results: "{{ info_results + [result] }}"

- name: ({{select_crypto_backend}}) Get certificate info
  openssl_certificate_info:
    path: '{{ output_dir }}/cert_4.pem'
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: result

- name: Check AuthorityKeyIdentifier
  assert:
    that:
      - result.authority_key_identifier == "44:55:66:77"
      - result.authority_cert_issuer is none
      - result.authority_cert_serial_number is none
  when: select_crypto_backend != 'pyopenssl' and cryptography_version.stdout is version('1.3', '>=')

- name: Update result list
  set_fact:
    info_results: "{{ info_results + [result] }}"