mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
openssl_certificate: Return self.cert.get_VALUES() (#33970)
Currently when we make up the return value, we take values based of the parameters rather than the generated openssl_certificate itself. This commits returns the actual certificate values making it all time accurate.
This commit is contained in:
parent
a2810f44a8
commit
a724b8e722
3 changed files with 23 additions and 8 deletions
|
@ -378,7 +378,6 @@ class SelfSignedCertificate(Certificate):
|
|||
|
||||
def __init__(self, module):
|
||||
super(SelfSignedCertificate, self).__init__(module)
|
||||
self.serial_number = randint(1000, 99999)
|
||||
self.notBefore = module.params['selfsigned_notBefore']
|
||||
self.notAfter = module.params['selfsigned_notAfter']
|
||||
self.digest = module.params['selfsigned_digest']
|
||||
|
@ -387,7 +386,6 @@ class SelfSignedCertificate(Certificate):
|
|||
self.privatekey = crypto_utils.load_privatekey(
|
||||
self.privatekey_path, self.privatekey_passphrase
|
||||
)
|
||||
self.cert = None
|
||||
|
||||
def generate(self, module):
|
||||
|
||||
|
@ -403,7 +401,7 @@ class SelfSignedCertificate(Certificate):
|
|||
|
||||
if not self.check(module, perms_required=False) or self.force:
|
||||
cert = crypto.X509()
|
||||
cert.set_serial_number(self.serial_number)
|
||||
cert.set_serial_number(randint(1000, 99999))
|
||||
if self.notBefore:
|
||||
cert.set_notBefore(self.notBefore)
|
||||
else:
|
||||
|
@ -420,11 +418,11 @@ class SelfSignedCertificate(Certificate):
|
|||
cert.add_extensions(self.csr.get_extensions())
|
||||
|
||||
cert.sign(self.privatekey, self.digest)
|
||||
self.certificate = cert
|
||||
self.cert = cert
|
||||
|
||||
try:
|
||||
with open(self.path, 'wb') as cert_file:
|
||||
cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, self.certificate))
|
||||
cert_file.write(crypto.dump_certificate(crypto.FILETYPE_PEM, self.cert))
|
||||
except EnvironmentError as exc:
|
||||
raise CertificateError(exc)
|
||||
|
||||
|
@ -441,9 +439,9 @@ class SelfSignedCertificate(Certificate):
|
|||
'filename': self.path,
|
||||
'privatekey': self.privatekey_path,
|
||||
'csr': self.csr_path,
|
||||
'notBefore': self.notBefore,
|
||||
'notAfter': self.notAfter,
|
||||
'serial_number': self.serial_number,
|
||||
'notBefore': self.cert.get_notBefore(),
|
||||
'notAfter': self.cert.get_notAfter(),
|
||||
'serial_number': self.cert.get_serial_number(),
|
||||
}
|
||||
|
||||
return result
|
||||
|
|
|
@ -17,6 +17,16 @@
|
|||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
provider: selfsigned
|
||||
selfsigned_digest: sha256
|
||||
register: selfsigned_certificate
|
||||
|
||||
- name: Generate selfsigned certificate
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/cert.pem'
|
||||
csr_path: '{{ output_dir }}/csr.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
provider: selfsigned
|
||||
selfsigned_digest: sha256
|
||||
register: selfsigned_certificate_idempotence
|
||||
|
||||
- name: Check selfsigned certificate
|
||||
openssl_certificate:
|
||||
|
|
|
@ -16,6 +16,13 @@
|
|||
- cert_modulus.stdout == privatekey_modulus.stdout
|
||||
- cert_version.stdout == '3'
|
||||
|
||||
- name: Validate certificate idempotence
|
||||
assert:
|
||||
that:
|
||||
- selfsigned_certificate.serial_number == selfsigned_certificate_idempotence.serial_number
|
||||
- selfsigned_certificate.notBefore == selfsigned_certificate_idempotence.notBefore
|
||||
- selfsigned_certificate.notAfter == selfsigned_certificate_idempotence.notAfter
|
||||
|
||||
- name: Validate certificate v2 (test - certificate version == 2)
|
||||
shell: 'openssl x509 -noout -in {{ output_dir}}/cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
|
||||
register: cert_v2_version
|
||||
|
|
Loading…
Reference in a new issue