ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity
community.general/test/integration/targets/openssl_publickey/tasks/main.yml
Felix Fontein caf7fd2245 openssl_*: improve passphrase handling for private keys in PyOpenSSL (#53489) 
* Raise OpenSSLBadPassphraseError if passphrase is wrong.

* Improve handling of passphrase errors.

Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.

* Add changelog.

* Add tests.

* Adjustments for some versions of PyOpenSSL.

* Update lib/ansible/modules/crypto/openssl_certificate.py

Improve text.

Co-Authored-By: felixfontein <felix@fontein.de>
2019-03-08 16:21:18 +00:00

113 lines
4 KiB
YAML
Raw Blame History

---
- block:
- name: Generate privatekey
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
- name: Generate publickey - PEM format
openssl_publickey:
path: '{{ output_dir }}/publickey.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- name: Generate publickey - OpenSSH format
openssl_publickey:
path: '{{ output_dir }}/publickey-ssh.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
format: OpenSSH
# cryptography.hazmat.primitives import serialization.Encoding.OpenSSH and
# cryptography.hazmat.primitives import serialization.PublicFormat.OpenSSH constants
# appeared in version 1.4 of cryptography
when: cryptography_version.stdout is version('1.4.0', '>=')
- name: Generate publickey - OpenSSH format - test idempotence (issue 33256)
openssl_publickey:
path: '{{ output_dir }}/publickey-ssh.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
format: OpenSSH
when: cryptography_version.stdout is version('1.4.0', '>=')
register: publickey_ssh_idempotence
- name: Generate publickey2 - standard
openssl_publickey:
path: '{{ output_dir }}/publickey2.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- name: Delete publickey2 - standard
openssl_publickey:
state: absent
path: '{{ output_dir }}/publickey2.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- name: Generate privatekey3 - with passphrase
openssl_privatekey:
path: '{{ output_dir }}/privatekey3.pem'
passphrase: ansible
cipher: aes256
- name: Generate publickey3 - with passphrase protected privatekey
openssl_publickey:
path: '{{ output_dir }}/publickey3.pub'
privatekey_path: '{{ output_dir }}/privatekey3.pem'
privatekey_passphrase: ansible
- name: Generate publickey3 - with passphrase protected privatekey - idempotence
openssl_publickey:
path: '{{ output_dir }}/publickey3.pub'
privatekey_path: '{{ output_dir }}/privatekey3.pem'
privatekey_passphrase: ansible
register: publickey3_idempotence
- name: Generate empty file that will hold a public key (issue 33072)
file:
path: '{{ output_dir }}/publickey4.pub'
state: touch
- name: Generate publickey in empty existing file (issue 33072)
openssl_publickey:
path: '{{ output_dir }}/publickey4.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- name: Generate privatekey 5 (ECC)
openssl_privatekey:
path: '{{ output_dir }}/privatekey5.pem'
type: ECC
curve: secp256k1
- name: Generate publickey 5 - PEM format
openssl_publickey:
path: '{{ output_dir }}/publickey5.pub'
privatekey_path: '{{ output_dir }}/privatekey5.pem'
- name: Generate privatekey with password
openssl_privatekey:
path: '{{ output_dir }}/privatekeypw.pem'
passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography
- name: Generate publickey - PEM format (failed passphrase 1)
openssl_publickey:
path: '{{ output_dir }}/publickey_pw1.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
privatekey_passphrase: hunter2
ignore_errors: yes
register: passphrase_error_1
- name: Generate publickey - PEM format (failed passphrase 2)
openssl_publickey:
path: '{{ output_dir }}/publickey_pw2.pub'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
privatekey_passphrase: wrong_password
ignore_errors: yes
register: passphrase_error_2
- name: Generate publickey - PEM format (failed passphrase 3)
openssl_publickey:
path: '{{ output_dir }}/publickey_pw3.pub'
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
ignore_errors: yes
register: passphrase_error_3
- import_tasks: ../tests/validate.yml
when: pyopenssl_version.stdout is version('16.0.0', '>=')
View git blame Copy permalink