ansible/test/integration/targets/win_certificate_info/tasks/main.yml
Micah Hunsberger a54e77193b New Windows Module: win_certificate_info (#64035)
* win_cert_stat initial commit with tests

* documentation fix.
first attempt windows server 2008 compatibility

* add formatted dates
removed debug tests

* make choices generic list

* return a list of certificates
use .net x509 store instead of PS cert provider

* fixed tests file

* fix timestamps returning null

* rename to win_certificate_info

* rename tests win_certificate_info

* return certificates as a sorted array
open the store with readonly privileges

* extensions always returned as an array
2019-12-17 12:43:03 +10:00

88 lines
2.4 KiB
YAML

### keys in files/ have been generated with
# generate root private key
# openssl genrsa -aes256 -out enckey.pem 2048
# openssl rsa -in envkey.pem -out root-key.pem
#
# generate root certificate
# openssl req -x509 -key root-key.pem -days 24855 -out root-vert.pem -subj "/CN=root.ansible.com/C=US"
#
# generate subject private key
# openssl genrsa -aes256 -out enckey.pem 2048
# openssl rsa -in enckey.pem -out subj-key.pem
#
# generate subject certificate
# openssl req -new -key subj-key.pem -out cert.csr -subj "/CN=subject.ansible.com/C=US"
# openssl x509 -req -in cert.csr -CA root-cert.pem -CAkey root-key.pem -CAcreateserial -out subj-cert.pem -days 24855
###
---
- name: ensure test dir is present
win_file:
path: '{{win_cert_dir}}\exported'
state: directory
- name: copy across test cert files
win_copy:
src: files/
dest: '{{win_cert_dir}}'
- name: subject cert imported to personal store
win_certificate_store:
path: '{{win_cert_dir}}\subj-cert.pem'
state: present
store_name: My
- name: root certificate imported to trusted root
win_certificate_store:
path: '{{win_cert_dir}}\root-cert.pem'
store_name: Root
state: present
- name: get raw root certificate
shell: 'cat root-cert.pem | grep "^[^-]"'
args:
chdir: '{{ role_path }}/files'
register: root_raw
delegate_to: localhost
- name: get public key of root certificate
shell: 'openssl x509 -pubkey -noout -in root-cert.pem | grep "^[^-]"'
args:
chdir: '{{ role_path }}/files'
register: root_pub
delegate_to: localhost
- name: get subject certificate
shell: 'cat subj-cert.pem | grep "^[^-]"'
args:
chdir: '{{ role_path }}/files'
register: subj_raw
delegate_to: localhost
- name: get public key of subject certificate
shell: 'openssl x509 -pubkey -noout -in subj-cert.pem | grep "^[^-]"'
args:
chdir: '{{ role_path }}/files'
register: subj_pub
delegate_to: localhost
- block:
- name: run tests
include_tasks: tests.yml
always:
- name: ensure subject cert removed from personal store
win_certificate_store:
thumbprint: '{{subj_thumbprint}}'
state: absent
store_name: My
- name: ensure root cert removed from trusted root
win_certificate_store:
thumbprint: '{{root_thumbprint}}'
state: absent
store_name: Root
- name: ensure test dir is deleted
win_file:
path: '{{win_cert_dir}}'
state: absent