a54e77193b
* win_cert_stat initial commit with tests * documentation fix. first attempt windows server 2008 compatibility * add formatted dates removed debug tests * make choices generic list * return a list of certificates use .net x509 store instead of PS cert provider * fixed tests file * fix timestamps returning null * rename to win_certificate_info * rename tests win_certificate_info * return certificates as a sorted array open the store with readonly privileges * extensions always returned as an array
88 lines
2.4 KiB
YAML
88 lines
2.4 KiB
YAML
### keys in files/ have been generated with
|
|
# generate root private key
|
|
# openssl genrsa -aes256 -out enckey.pem 2048
|
|
# openssl rsa -in envkey.pem -out root-key.pem
|
|
#
|
|
# generate root certificate
|
|
# openssl req -x509 -key root-key.pem -days 24855 -out root-vert.pem -subj "/CN=root.ansible.com/C=US"
|
|
#
|
|
# generate subject private key
|
|
# openssl genrsa -aes256 -out enckey.pem 2048
|
|
# openssl rsa -in enckey.pem -out subj-key.pem
|
|
#
|
|
# generate subject certificate
|
|
# openssl req -new -key subj-key.pem -out cert.csr -subj "/CN=subject.ansible.com/C=US"
|
|
# openssl x509 -req -in cert.csr -CA root-cert.pem -CAkey root-key.pem -CAcreateserial -out subj-cert.pem -days 24855
|
|
###
|
|
---
|
|
- name: ensure test dir is present
|
|
win_file:
|
|
path: '{{win_cert_dir}}\exported'
|
|
state: directory
|
|
|
|
- name: copy across test cert files
|
|
win_copy:
|
|
src: files/
|
|
dest: '{{win_cert_dir}}'
|
|
|
|
- name: subject cert imported to personal store
|
|
win_certificate_store:
|
|
path: '{{win_cert_dir}}\subj-cert.pem'
|
|
state: present
|
|
store_name: My
|
|
|
|
- name: root certificate imported to trusted root
|
|
win_certificate_store:
|
|
path: '{{win_cert_dir}}\root-cert.pem'
|
|
store_name: Root
|
|
state: present
|
|
|
|
- name: get raw root certificate
|
|
shell: 'cat root-cert.pem | grep "^[^-]"'
|
|
args:
|
|
chdir: '{{ role_path }}/files'
|
|
register: root_raw
|
|
delegate_to: localhost
|
|
|
|
- name: get public key of root certificate
|
|
shell: 'openssl x509 -pubkey -noout -in root-cert.pem | grep "^[^-]"'
|
|
args:
|
|
chdir: '{{ role_path }}/files'
|
|
register: root_pub
|
|
delegate_to: localhost
|
|
|
|
- name: get subject certificate
|
|
shell: 'cat subj-cert.pem | grep "^[^-]"'
|
|
args:
|
|
chdir: '{{ role_path }}/files'
|
|
register: subj_raw
|
|
delegate_to: localhost
|
|
|
|
- name: get public key of subject certificate
|
|
shell: 'openssl x509 -pubkey -noout -in subj-cert.pem | grep "^[^-]"'
|
|
args:
|
|
chdir: '{{ role_path }}/files'
|
|
register: subj_pub
|
|
delegate_to: localhost
|
|
|
|
- block:
|
|
- name: run tests
|
|
include_tasks: tests.yml
|
|
|
|
always:
|
|
- name: ensure subject cert removed from personal store
|
|
win_certificate_store:
|
|
thumbprint: '{{subj_thumbprint}}'
|
|
state: absent
|
|
store_name: My
|
|
|
|
- name: ensure root cert removed from trusted root
|
|
win_certificate_store:
|
|
thumbprint: '{{root_thumbprint}}'
|
|
state: absent
|
|
store_name: Root
|
|
|
|
- name: ensure test dir is deleted
|
|
win_file:
|
|
path: '{{win_cert_dir}}'
|
|
state: absent
|