1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Enable integration tests for the crypto/ namespace (#26684)

Crypto namespace contains the openssl modules. It has no integration
testing as of now.

This commits aims to add integration tests for the crypto namespace.
This will make it easier to spot breaking changes in the future.

This tests currently apply to:

  * openssl_privatekey
  * openssl_publickey
  * openssl_csr
This commit is contained in:
Yanis Guenane 2017-07-25 13:18:18 +02:00 committed by John R Barker
parent b3e8fa72ce
commit 8b22c45a45
20 changed files with 152 additions and 14 deletions

View file

@ -35,15 +35,12 @@ class OpenSSLObjectError(Exception):
pass pass
def get_fingerprint(path, passphrase): def get_fingerprint(path, passphrase=None):
"""Generate the fingerprint of the public key. """ """Generate the fingerprint of the public key. """
fingerprint = {} fingerprint = {}
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, privatekey = load_privatekey(path, passphrase)
open(path, 'rb').read(),
passphrase)
try: try:
publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey) publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey)
for algo in hashlib.algorithms: for algo in hashlib.algorithms:
@ -63,10 +60,14 @@ def load_privatekey(path, passphrase=None):
"""Load the specified OpenSSL private key.""" """Load the specified OpenSSL private key."""
try: try:
privatekey_content = open(path, 'rb').read() if passphrase:
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
privatekey_content, open(path, 'rb').read(),
passphrase) passphrase)
else:
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
open(path, 'rb').read())
return privatekey return privatekey
except (IOError, OSError) as exc: except (IOError, OSError) as exc:
raise OpenSSLObjectError(exc) raise OpenSSLObjectError(exc)

View file

@ -179,6 +179,7 @@ except ImportError:
else: else:
pyopenssl_found = True pyopenssl_found = True
from ansible.module_utils import crypto as crypto_utils
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_native from ansible.module_utils._text import to_native
@ -231,10 +232,11 @@ class CertificateSigningRequest(object):
if self.subjectAltName is not None: if self.subjectAltName is not None:
req.add_extensions([crypto.X509Extension(b"subjectAltName", False, self.subjectAltName.encode('ascii'))]) req.add_extensions([crypto.X509Extension(b"subjectAltName", False, self.subjectAltName.encode('ascii'))])
privatekey_content = open(self.privatekey_path).read() self.privatekey = crypto_utils.load_privatekey(
self.privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, self.privatekey_path,
privatekey_content, self.privatekey_passphrase
self.privatekey_passphrase) )
req.set_pubkey(self.privatekey) req.set_pubkey(self.privatekey)
req.sign(self.privatekey, self.digest) req.sign(self.privatekey, self.digest)
self.request = req self.request = req

View file

@ -187,7 +187,7 @@ class PublicKey(object):
self.privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, privatekey_content) self.privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, privatekey_content)
publickey_content = crypto.dump_publickey(crypto.FILETYPE_PEM, self.privatekey) publickey_content = crypto.dump_publickey(crypto.FILETYPE_PEM, self.privatekey)
publickey_file = open(self.path, 'w') publickey_file = open(self.path, 'wb')
publickey_file.write(publickey_content) publickey_file.write(publickey_content)
publickey_file.close() publickey_file.close()

View file

@ -0,0 +1 @@
posix/ci/group1

View file

@ -0,0 +1,2 @@
dependencies:
- setup_openssl

View file

@ -0,0 +1,11 @@
- name: Generate privatekey
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
- name: Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: 'www.ansible.com'
- import_tasks: ../tests/validate.yml

View file

@ -0,0 +1,17 @@
- name: Validate CSR (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
register: privatekey_modulus
- name: Validate CSR (test - Common Name)
shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq"
register: csr_cn
- name: Validate CSR (test - csr modulus)
shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr | openssl md5'
register: csr_modulus
- name: Validate CSR (assert)
assert:
that:
- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
- csr_modulus.stdout == privatekey_modulus.stdout

View file

@ -0,0 +1 @@
posix/ci/group1

View file

@ -0,0 +1,2 @@
dependencies:
- setup_openssl

View file

@ -0,0 +1,15 @@
- name: Generate privatekey1 - standard
openssl_privatekey:
path: '{{ output_dir }}/privatekey1.pem'
- name: Generate privatekey2 - size 2048
openssl_privatekey:
path: '{{ output_dir }}/privatekey2.pem'
size: 2048
- name: Generate privatekey3 - type DSA
openssl_privatekey:
path: '{{ output_dir }}/privatekey3.pem'
type: DSA
- import_tasks: ../tests/validate.yml

View file

@ -0,0 +1,28 @@
- name: Validate privatekey1 (test)
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey1.pem | grep Private | sed 's/Private-Key: (\\(.*\\) bit)/\\1/'"
register: privatekey1
- name: Validate privatekey1 (assert)
assert:
that:
- privatekey1.stdout == '4096'
- name: Validate privatekey2 (test)
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey2.pem | grep Private | sed 's/Private-Key: (\\(.*\\) bit)/\\1/'"
register: privatekey2
- name: Validate privatekey2 (assert)
assert:
that:
- privatekey2.stdout == '2048'
- name: Validate privatekey3 (test)
shell: "openssl dsa -noout -text -in {{ output_dir }}/privatekey3.pem | grep Private | sed 's/Private-Key: (\\(.*\\) bit)/\\1/'"
register: privatekey3
- name: Validate privatekey3 (assert)
assert:
that:
- privatekey1.stdout == '4096'

View file

@ -0,0 +1 @@
posix/ci/group1

View file

@ -0,0 +1,2 @@
dependencies:
- setup_openssl

View file

@ -0,0 +1,13 @@
- block:
- name: Generate privatekey
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
- name: Generate publickey
openssl_publickey:
path: '{{ output_dir }}/publickey.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- import_tasks: ../tests/validate.yml
when: pyopenssl_version.stdout|version_compare('16.0.0', '>=')

View file

@ -0,0 +1,12 @@
- name: Validate public key (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
register: privatekey_modulus
- name: Validate public key (test - publickey modulus)
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub | openssl md5'
register: publickey_modulus
- name: Validate public key (assert)
assert:
that:
- publickey_modulus.stdout == privatekey_modulus.stdout

View file

@ -0,0 +1,25 @@
- name: Incluse OS-specific variables
include_vars: '{{ ansible_os_family }}.yml'
when: not ansible_os_family == "Darwin"
- name: Install pyOpenSSL
become: True
package:
name: '{{ pyopenssl_package_name_python3 }}'
when: not ansible_os_family == 'Darwin' and ansible_python_version|version_compare('3.0', '>=')
- name: Install pyOpenSSL
become: True
package:
name: '{{ pyopenssl_package_name }}'
when: not ansible_os_family == 'Darwin' and ansible_python_version|version_compare('3.0', '<')
- name: Install pyOpenSSL
become: True
pip:
name: pyOpenSSL
when: ansible_os_family == 'Darwin'
- name: register openssl version
command: python -c 'import OpenSSL; print(OpenSSL.__version__)'
register: pyopenssl_version

View file

@ -0,0 +1,2 @@
pyopenssl_package_name: python-openssl
pyopenssl_package_name_python3: python3-openssl

View file

@ -0,0 +1 @@
pyopenssl_package_name: py27-openssl

View file

@ -0,0 +1 @@
pyopenssl_package_name: pyOpenSSL

View file

@ -0,0 +1 @@
pyopenssl_package_name: python-pyOpenSSL