mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Type error in openssl_certificate (#47508)
* Fixed #47505: Type error in openssl_certificate * Use to_bytes instead of str.encode in SelfSignedCertificate. Updates #47508 * Use to_bytes instead of str.encode in OwnCACertificate * Added integration tests for openssl_certificate: selfsigned_not_before/after and ownca_not_before/after
This commit is contained in:
parent
8f3c29a98f
commit
5b1c68579d
5 changed files with 71 additions and 4 deletions
|
@ -521,11 +521,11 @@ class SelfSignedCertificate(Certificate):
|
||||||
cert = crypto.X509()
|
cert = crypto.X509()
|
||||||
cert.set_serial_number(self.serial_number)
|
cert.set_serial_number(self.serial_number)
|
||||||
if self.notBefore:
|
if self.notBefore:
|
||||||
cert.set_notBefore(self.notBefore)
|
cert.set_notBefore(to_bytes(self.notBefore))
|
||||||
else:
|
else:
|
||||||
cert.gmtime_adj_notBefore(0)
|
cert.gmtime_adj_notBefore(0)
|
||||||
if self.notAfter:
|
if self.notAfter:
|
||||||
cert.set_notAfter(self.notAfter)
|
cert.set_notAfter(to_bytes(self.notAfter))
|
||||||
else:
|
else:
|
||||||
# If no NotAfter specified, expire in
|
# If no NotAfter specified, expire in
|
||||||
# 10 years. 315360000 is 10 years in seconds.
|
# 10 years. 315360000 is 10 years in seconds.
|
||||||
|
@ -618,11 +618,11 @@ class OwnCACertificate(Certificate):
|
||||||
cert = crypto.X509()
|
cert = crypto.X509()
|
||||||
cert.set_serial_number(self.serial_number)
|
cert.set_serial_number(self.serial_number)
|
||||||
if self.notBefore:
|
if self.notBefore:
|
||||||
cert.set_notBefore(self.notBefore.encode())
|
cert.set_notBefore(to_bytes(self.notBefore))
|
||||||
else:
|
else:
|
||||||
cert.gmtime_adj_notBefore(0)
|
cert.gmtime_adj_notBefore(0)
|
||||||
if self.notAfter:
|
if self.notAfter:
|
||||||
cert.set_notAfter(self.notAfter.encode())
|
cert.set_notAfter(to_bytes(self.notAfter))
|
||||||
else:
|
else:
|
||||||
# If no NotAfter specified, expire in
|
# If no NotAfter specified, expire in
|
||||||
# 10 years. 315360000 is 10 years in seconds.
|
# 10 years. 315360000 is 10 years in seconds.
|
||||||
|
|
|
@ -116,4 +116,15 @@
|
||||||
issuer:
|
issuer:
|
||||||
commonName: Example CA
|
commonName: Example CA
|
||||||
|
|
||||||
|
- name: Create ownca certificate with notBefore and notAfter
|
||||||
|
openssl_certificate:
|
||||||
|
provider: ownca
|
||||||
|
ownca_not_before: 20181023133742Z
|
||||||
|
ownca_not_after: 20191023133742Z
|
||||||
|
path: "{{ output_dir }}/ownca_cert3.pem"
|
||||||
|
csr_path: "{{ output_dir }}/csr.csr"
|
||||||
|
privatekey_path: "{{ output_dir }}/privatekey3.pem"
|
||||||
|
ownca_path: '{{ output_dir }}/ca_cert.pem'
|
||||||
|
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
|
||||||
|
|
||||||
- import_tasks: ../tests/validate_ownca.yml
|
- import_tasks: ../tests/validate_ownca.yml
|
||||||
|
|
|
@ -114,4 +114,24 @@
|
||||||
- ipsecUser
|
- ipsecUser
|
||||||
- biometricInfo
|
- biometricInfo
|
||||||
|
|
||||||
|
- name: Create private key 3
|
||||||
|
openssl_privatekey:
|
||||||
|
path: "{{ output_dir }}/privatekey3.pem"
|
||||||
|
|
||||||
|
- name: Create CSR 3
|
||||||
|
openssl_csr:
|
||||||
|
subject:
|
||||||
|
CN: www.example.com
|
||||||
|
privatekey_path: "{{ output_dir }}/privatekey3.pem"
|
||||||
|
path: "{{ output_dir }}/csr3.pem"
|
||||||
|
|
||||||
|
- name: Create certificate3 with notBefore and notAfter
|
||||||
|
openssl_certificate:
|
||||||
|
provider: selfsigned
|
||||||
|
selfsigned_not_before: 20181023133742Z
|
||||||
|
selfsigned_not_after: 20191023133742Z
|
||||||
|
path: "{{ output_dir }}/cert3.pem"
|
||||||
|
csr_path: "{{ output_dir }}/csr3.pem"
|
||||||
|
privatekey_path: "{{ output_dir }}/privatekey3.pem"
|
||||||
|
|
||||||
- import_tasks: ../tests/validate_selfsigned.yml
|
- import_tasks: ../tests/validate_selfsigned.yml
|
||||||
|
|
|
@ -47,3 +47,21 @@
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- ownca_cert2_modulus.stdout == privatekey2_modulus.stdout
|
- ownca_cert2_modulus.stdout == privatekey2_modulus.stdout
|
||||||
|
|
||||||
|
- name: Validate owncal certificate3 (test - notBefore)
|
||||||
|
shell: 'openssl x509 -noout -in {{ output_dir }}/ownca_cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"'
|
||||||
|
register: ownca_cert3_notBefore
|
||||||
|
|
||||||
|
- name: Validate ownca certificate3 (test - notAfter)
|
||||||
|
shell: 'openssl x509 -noout -in {{ output_dir }}/ownca_cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"'
|
||||||
|
register: ownca_cert3_notAfter
|
||||||
|
|
||||||
|
- name: Validate ownca certificate3 (assert - notBefore)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- ownca_cert3_notBefore.stdout == 'Oct 23 13:37:42 2018'
|
||||||
|
|
||||||
|
- name: Validate ownca certificate3 (assert - notAfter)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- ownca_cert3_notAfter.stdout == 'Oct 23 13:37:42 2019'
|
||||||
|
|
|
@ -50,3 +50,21 @@
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- cert2_modulus.stdout == privatekey2_modulus.stdout
|
- cert2_modulus.stdout == privatekey2_modulus.stdout
|
||||||
|
|
||||||
|
- name: Validate certificate3 (test - notBefore)
|
||||||
|
shell: 'openssl x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"'
|
||||||
|
register: cert3_notBefore
|
||||||
|
|
||||||
|
- name: Validate certificate3 (test - notAfter)
|
||||||
|
shell: 'openssl x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"'
|
||||||
|
register: cert3_notAfter
|
||||||
|
|
||||||
|
- name: Validate certificate3 (assert - notBefore)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- cert3_notBefore.stdout == 'Oct 23 13:37:42 2018'
|
||||||
|
|
||||||
|
- name: Validate certificate3 (assert - notAfter)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- cert3_notAfter.stdout == 'Oct 23 13:37:42 2019'
|
||||||
|
|
Loading…
Reference in a new issue