mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Enable integration tests for the crypto/ namespace (#26684)
Crypto namespace contains the openssl modules. It has no integration testing as of now. This commits aims to add integration tests for the crypto namespace. This will make it easier to spot breaking changes in the future. This tests currently apply to: * openssl_privatekey * openssl_publickey * openssl_csr
This commit is contained in:
parent
b3e8fa72ce
commit
8b22c45a45
20 changed files with 152 additions and 14 deletions
|
@ -35,15 +35,12 @@ class OpenSSLObjectError(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
def get_fingerprint(path, passphrase):
|
def get_fingerprint(path, passphrase=None):
|
||||||
"""Generate the fingerprint of the public key. """
|
"""Generate the fingerprint of the public key. """
|
||||||
|
|
||||||
fingerprint = {}
|
fingerprint = {}
|
||||||
|
|
||||||
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
|
privatekey = load_privatekey(path, passphrase)
|
||||||
open(path, 'rb').read(),
|
|
||||||
passphrase)
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey)
|
publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey)
|
||||||
for algo in hashlib.algorithms:
|
for algo in hashlib.algorithms:
|
||||||
|
@ -63,10 +60,14 @@ def load_privatekey(path, passphrase=None):
|
||||||
"""Load the specified OpenSSL private key."""
|
"""Load the specified OpenSSL private key."""
|
||||||
|
|
||||||
try:
|
try:
|
||||||
privatekey_content = open(path, 'rb').read()
|
if passphrase:
|
||||||
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
|
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
|
||||||
privatekey_content,
|
open(path, 'rb').read(),
|
||||||
passphrase)
|
passphrase)
|
||||||
|
else:
|
||||||
|
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
|
||||||
|
open(path, 'rb').read())
|
||||||
|
|
||||||
return privatekey
|
return privatekey
|
||||||
except (IOError, OSError) as exc:
|
except (IOError, OSError) as exc:
|
||||||
raise OpenSSLObjectError(exc)
|
raise OpenSSLObjectError(exc)
|
||||||
|
|
|
@ -179,6 +179,7 @@ except ImportError:
|
||||||
else:
|
else:
|
||||||
pyopenssl_found = True
|
pyopenssl_found = True
|
||||||
|
|
||||||
|
from ansible.module_utils import crypto as crypto_utils
|
||||||
from ansible.module_utils.basic import AnsibleModule
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
from ansible.module_utils._text import to_native
|
from ansible.module_utils._text import to_native
|
||||||
|
|
||||||
|
@ -231,10 +232,11 @@ class CertificateSigningRequest(object):
|
||||||
if self.subjectAltName is not None:
|
if self.subjectAltName is not None:
|
||||||
req.add_extensions([crypto.X509Extension(b"subjectAltName", False, self.subjectAltName.encode('ascii'))])
|
req.add_extensions([crypto.X509Extension(b"subjectAltName", False, self.subjectAltName.encode('ascii'))])
|
||||||
|
|
||||||
privatekey_content = open(self.privatekey_path).read()
|
self.privatekey = crypto_utils.load_privatekey(
|
||||||
self.privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
|
self.privatekey_path,
|
||||||
privatekey_content,
|
self.privatekey_passphrase
|
||||||
self.privatekey_passphrase)
|
)
|
||||||
|
|
||||||
req.set_pubkey(self.privatekey)
|
req.set_pubkey(self.privatekey)
|
||||||
req.sign(self.privatekey, self.digest)
|
req.sign(self.privatekey, self.digest)
|
||||||
self.request = req
|
self.request = req
|
||||||
|
|
|
@ -187,7 +187,7 @@ class PublicKey(object):
|
||||||
self.privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, privatekey_content)
|
self.privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, privatekey_content)
|
||||||
publickey_content = crypto.dump_publickey(crypto.FILETYPE_PEM, self.privatekey)
|
publickey_content = crypto.dump_publickey(crypto.FILETYPE_PEM, self.privatekey)
|
||||||
|
|
||||||
publickey_file = open(self.path, 'w')
|
publickey_file = open(self.path, 'wb')
|
||||||
publickey_file.write(publickey_content)
|
publickey_file.write(publickey_content)
|
||||||
publickey_file.close()
|
publickey_file.close()
|
||||||
|
|
||||||
|
|
1
test/integration/targets/openssl_csr/aliases
Normal file
1
test/integration/targets/openssl_csr/aliases
Normal file
|
@ -0,0 +1 @@
|
||||||
|
posix/ci/group1
|
2
test/integration/targets/openssl_csr/meta/main.yml
Normal file
2
test/integration/targets/openssl_csr/meta/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
dependencies:
|
||||||
|
- setup_openssl
|
11
test/integration/targets/openssl_csr/tasks/main.yml
Normal file
11
test/integration/targets/openssl_csr/tasks/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
- name: Generate privatekey
|
||||||
|
openssl_privatekey:
|
||||||
|
path: '{{ output_dir }}/privatekey.pem'
|
||||||
|
|
||||||
|
- name: Generate CSR
|
||||||
|
openssl_csr:
|
||||||
|
path: '{{ output_dir }}/csr.csr'
|
||||||
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||||
|
commonName: 'www.ansible.com'
|
||||||
|
|
||||||
|
- import_tasks: ../tests/validate.yml
|
17
test/integration/targets/openssl_csr/tests/validate.yml
Normal file
17
test/integration/targets/openssl_csr/tests/validate.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
- name: Validate CSR (test - privatekey modulus)
|
||||||
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
|
||||||
|
register: privatekey_modulus
|
||||||
|
|
||||||
|
- name: Validate CSR (test - Common Name)
|
||||||
|
shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq"
|
||||||
|
register: csr_cn
|
||||||
|
|
||||||
|
- name: Validate CSR (test - csr modulus)
|
||||||
|
shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr | openssl md5'
|
||||||
|
register: csr_modulus
|
||||||
|
|
||||||
|
- name: Validate CSR (assert)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
|
||||||
|
- csr_modulus.stdout == privatekey_modulus.stdout
|
1
test/integration/targets/openssl_privatekey/aliases
Normal file
1
test/integration/targets/openssl_privatekey/aliases
Normal file
|
@ -0,0 +1 @@
|
||||||
|
posix/ci/group1
|
|
@ -0,0 +1,2 @@
|
||||||
|
dependencies:
|
||||||
|
- setup_openssl
|
15
test/integration/targets/openssl_privatekey/tasks/main.yml
Normal file
15
test/integration/targets/openssl_privatekey/tasks/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
- name: Generate privatekey1 - standard
|
||||||
|
openssl_privatekey:
|
||||||
|
path: '{{ output_dir }}/privatekey1.pem'
|
||||||
|
|
||||||
|
- name: Generate privatekey2 - size 2048
|
||||||
|
openssl_privatekey:
|
||||||
|
path: '{{ output_dir }}/privatekey2.pem'
|
||||||
|
size: 2048
|
||||||
|
|
||||||
|
- name: Generate privatekey3 - type DSA
|
||||||
|
openssl_privatekey:
|
||||||
|
path: '{{ output_dir }}/privatekey3.pem'
|
||||||
|
type: DSA
|
||||||
|
|
||||||
|
- import_tasks: ../tests/validate.yml
|
|
@ -0,0 +1,28 @@
|
||||||
|
- name: Validate privatekey1 (test)
|
||||||
|
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey1.pem | grep Private | sed 's/Private-Key: (\\(.*\\) bit)/\\1/'"
|
||||||
|
register: privatekey1
|
||||||
|
|
||||||
|
- name: Validate privatekey1 (assert)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- privatekey1.stdout == '4096'
|
||||||
|
|
||||||
|
|
||||||
|
- name: Validate privatekey2 (test)
|
||||||
|
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey2.pem | grep Private | sed 's/Private-Key: (\\(.*\\) bit)/\\1/'"
|
||||||
|
register: privatekey2
|
||||||
|
|
||||||
|
- name: Validate privatekey2 (assert)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- privatekey2.stdout == '2048'
|
||||||
|
|
||||||
|
|
||||||
|
- name: Validate privatekey3 (test)
|
||||||
|
shell: "openssl dsa -noout -text -in {{ output_dir }}/privatekey3.pem | grep Private | sed 's/Private-Key: (\\(.*\\) bit)/\\1/'"
|
||||||
|
register: privatekey3
|
||||||
|
|
||||||
|
- name: Validate privatekey3 (assert)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- privatekey1.stdout == '4096'
|
1
test/integration/targets/openssl_publickey/aliases
Normal file
1
test/integration/targets/openssl_publickey/aliases
Normal file
|
@ -0,0 +1 @@
|
||||||
|
posix/ci/group1
|
2
test/integration/targets/openssl_publickey/meta/main.yml
Normal file
2
test/integration/targets/openssl_publickey/meta/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
dependencies:
|
||||||
|
- setup_openssl
|
13
test/integration/targets/openssl_publickey/tasks/main.yml
Normal file
13
test/integration/targets/openssl_publickey/tasks/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
- block:
|
||||||
|
- name: Generate privatekey
|
||||||
|
openssl_privatekey:
|
||||||
|
path: '{{ output_dir }}/privatekey.pem'
|
||||||
|
|
||||||
|
- name: Generate publickey
|
||||||
|
openssl_publickey:
|
||||||
|
path: '{{ output_dir }}/publickey.pub'
|
||||||
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||||
|
|
||||||
|
- import_tasks: ../tests/validate.yml
|
||||||
|
|
||||||
|
when: pyopenssl_version.stdout|version_compare('16.0.0', '>=')
|
|
@ -0,0 +1,12 @@
|
||||||
|
- name: Validate public key (test - privatekey modulus)
|
||||||
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
|
||||||
|
register: privatekey_modulus
|
||||||
|
|
||||||
|
- name: Validate public key (test - publickey modulus)
|
||||||
|
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub | openssl md5'
|
||||||
|
register: publickey_modulus
|
||||||
|
|
||||||
|
- name: Validate public key (assert)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- publickey_modulus.stdout == privatekey_modulus.stdout
|
25
test/integration/targets/setup_openssl/tasks/main.yml
Normal file
25
test/integration/targets/setup_openssl/tasks/main.yml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
- name: Incluse OS-specific variables
|
||||||
|
include_vars: '{{ ansible_os_family }}.yml'
|
||||||
|
when: not ansible_os_family == "Darwin"
|
||||||
|
|
||||||
|
- name: Install pyOpenSSL
|
||||||
|
become: True
|
||||||
|
package:
|
||||||
|
name: '{{ pyopenssl_package_name_python3 }}'
|
||||||
|
when: not ansible_os_family == 'Darwin' and ansible_python_version|version_compare('3.0', '>=')
|
||||||
|
|
||||||
|
- name: Install pyOpenSSL
|
||||||
|
become: True
|
||||||
|
package:
|
||||||
|
name: '{{ pyopenssl_package_name }}'
|
||||||
|
when: not ansible_os_family == 'Darwin' and ansible_python_version|version_compare('3.0', '<')
|
||||||
|
|
||||||
|
- name: Install pyOpenSSL
|
||||||
|
become: True
|
||||||
|
pip:
|
||||||
|
name: pyOpenSSL
|
||||||
|
when: ansible_os_family == 'Darwin'
|
||||||
|
|
||||||
|
- name: register openssl version
|
||||||
|
command: python -c 'import OpenSSL; print(OpenSSL.__version__)'
|
||||||
|
register: pyopenssl_version
|
2
test/integration/targets/setup_openssl/vars/Debian.yml
Normal file
2
test/integration/targets/setup_openssl/vars/Debian.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
pyopenssl_package_name: python-openssl
|
||||||
|
pyopenssl_package_name_python3: python3-openssl
|
1
test/integration/targets/setup_openssl/vars/FreeBSD.yml
Normal file
1
test/integration/targets/setup_openssl/vars/FreeBSD.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
pyopenssl_package_name: py27-openssl
|
1
test/integration/targets/setup_openssl/vars/RedHat.yml
Normal file
1
test/integration/targets/setup_openssl/vars/RedHat.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
pyopenssl_package_name: pyOpenSSL
|
1
test/integration/targets/setup_openssl/vars/Suse.yml
Normal file
1
test/integration/targets/setup_openssl/vars/Suse.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
pyopenssl_package_name: python-pyOpenSSL
|
Loading…
Reference in a new issue