community.general/test/integration/targets/openssl_certificate/tests/validate_selfsigned.yml

---
- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - privatekey modulus)
  shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
  register: privatekey_modulus

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certificate modulus)
  shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert.pem'
  register: cert_modulus

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - issuer value)
  shell: 'openssl x509 -noout  -in {{ output_dir}}/cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g; s/ //g;"'
  register: cert_issuer


- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (test - certficate version == default == 3)
  shell: 'openssl x509 -noout  -in {{ output_dir}}/cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
  register: cert_version

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate (assert)
  assert:
    that:
      - cert_modulus.stdout == privatekey_modulus.stdout
      - cert_version.stdout == '3'
      - cert_issuer.stdout == 'CN=www.example.com'

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate idempotence
  assert:
    that:
      - selfsigned_certificate.serial_number == selfsigned_certificate_idempotence.serial_number
      - selfsigned_certificate.notBefore == selfsigned_certificate_idempotence.notBefore
      - selfsigned_certificate.notAfter == selfsigned_certificate_idempotence.notAfter

- block:
  - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate v2 (test - certificate version == 2)
    shell: 'openssl x509 -noout  -in {{ output_dir}}/cert_v2.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"'
    register: cert_v2_version

  - name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate version 2 (assert)
    assert:
      that:
        - cert_v2_version.stdout == '2'
  when: select_crypto_backend != 'cryptography'

- block:
  - name: (Selfsigned validateion, {{ select_crypto_backend }} Validate certificate v2 is failed
    assert:
      that:
        - selfsigned_v2_cert is failed
        - "'The cryptography backend does not support v2 certificates' in selfsigned_v2_cert.msg"
  when: select_crypto_backend == 'cryptography'

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (test - privatekey modulus)
  shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey2.pem'
  register: privatekey2_modulus

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (test - certificate modulus)
  shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert2.pem'
  register: cert2_modulus

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate2 (assert)
  assert:
    that:
      - cert2_modulus.stdout == privatekey2_modulus.stdout

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (test - notBefore)
  shell: 'openssl x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not Before" | sed "s/.*: \(.*\) .*/\1/g"'
  register: cert3_notBefore

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (test - notAfter)
  shell: 'openssl x509 -noout -in {{ output_dir }}/cert3.pem -text | grep "Not After" | sed "s/.*: \(.*\) .*/\1/g"'
  register: cert3_notAfter

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (assert - notBefore)
  assert:
    that:
      - cert3_notBefore.stdout == 'Oct 23 13:37:42 2018'

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate certificate3 (assert - notAfter)
  assert:
    that:
      - cert3_notAfter.stdout == 'Oct 23 13:37:42 2019'

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (test - privatekey's pubkey)
  shell: 'openssl ec -pubout -in {{ output_dir }}/privatekey_ecc.pem'
  register: privatekey_ecc_pubkey

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (test - certificate pubkey)
  shell: 'openssl x509 -noout -pubkey -in {{ output_dir }}/cert_ecc.pem'
  register: cert_ecc_pubkey

- name: (Selfsigned validation, {{select_crypto_backend}}) Validate ECC certificate (assert)
  assert:
    that:
      - cert_ecc_pubkey.stdout == privatekey_ecc_pubkey.stdout

- name: (Selfsigned validation, {{select_crypto_backend}})
  assert:
    that:
      - passphrase_error_1 is failed
      - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
      - passphrase_error_2 is failed
      - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_2.msg"
      - passphrase_error_3 is failed
      - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_3.msg"