ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-22 12:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Allow multiple values per key in name fields in openssl_certificate/csr (#30338)

Browse source 
* allow multiple values per key in name fields in openssl_certificate

* check correct side of comparison

* trigger only on lists

* add subject parameter to openssl_csr

* fix key: value mapping not skipping None elements

* temporary fix for undefined "subject" field

* fix iteration over subject entries

* fix docs

* quote sample string

* allow csr with only subject defined

* fix integration test

* look up NIDs before comparing, add hidden _strict params

* deal with empty issuer/subject fields

* adapt integration tests

* also normalize output from pyopenssl

* fix issue with _sanitize_inputs

* don't convert empty lists

* workaround for pyopenssl limitations

* properly encode the input to the txt2nid function

* another to_bytes fix

* make subject, commonname and subjecAltName completely optional

* don't compare hashes of keys in openssl_csr integration tests

* add integration test for old API in openssl_csr

* compare keys directly in certificate and publickey integration tests

* fix typo
This commit is contained in:
MarkusTeufelberger 2017-12-12 13:35:22 +01:00 committed by John R Barker
commit 9ea1b18ff7
8 changed files with 141 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

26
test/integration/targets/openssl_certificate/tasks/main.yml
View file

@ -7,7 +7,8 @@
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: 'www.ansible.com'
subject:
commonName: www.example.com
- name: Generate selfsigned certificate
openssl_certificate:
@ -27,6 +28,8 @@
signature_algorithms:
- sha256WithRSAEncryption
- sha256WithECDSAEncryption
subject:
commonName: www.example.com
- name: Generate selfsigned v2 certificate
openssl_certificate:
@ -43,14 +46,17 @@
- name: Generate CSR2
openssl_csr:
C: US
ST: California
L: Los Angeles
O: ACME Inc.
OU: Roadrunner pest control
subject:
CN: www.example.com
C: US
ST: California
L: Los Angeles
O: ACME Inc.
OU:
- Roadrunner pest control
- Pyrotechnics
path: '{{ output_dir }}/csr2.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
CN: 'www.example.com'
keyUsage:
- digitalSignature
extendedKeyUsage:
@ -76,12 +82,14 @@
- sha256WithRSAEncryption
- sha256WithECDSAEncryption
subject:
CN: www.example.com
commonName: www.example.com
C: US
ST: California
L: Los Angeles
O: ACME Inc.
OU: Roadrunner pest control
OU:
- Roadrunner pest control
- Pyrotechnics
keyUsage:
- digitalSignature
extendedKeyUsage:

8
test/integration/targets/openssl_certificate/tests/validate.yml
View file

@ -1,9 +1,9 @@
- name: Validate certificate (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
register: privatekey_modulus
- name: Validate certificate (test - certificate modulus)
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert.pem | openssl md5'
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert.pem'
register: cert_modulus
- name: Validate certificate (test - certficate version == default == 3)
@ -26,11 +26,11 @@
- cert_v2_version.stdout == '2'
- name: Validate certificate2 (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey2.pem | openssl md5'
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey2.pem'
register: privatekey2_modulus
- name: Validate certificate2 (test - certificate modulus)
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert2.pem | openssl md5'
shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert2.pem'
register: cert2_modulus
- name: Validate certificate2 (assert)