2018-12-23 09:23:31 +00:00
|
|
|
---
|
2017-07-25 11:18:18 +00:00
|
|
|
- name: Validate CSR (test - privatekey modulus)
|
2017-12-12 12:35:22 +00:00
|
|
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem'
|
2017-07-25 11:18:18 +00:00
|
|
|
register: privatekey_modulus
|
|
|
|
|
|
|
|
- name: Validate CSR (test - Common Name)
|
|
|
|
shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq"
|
|
|
|
register: csr_cn
|
|
|
|
|
|
|
|
- name: Validate CSR (test - csr modulus)
|
2017-12-12 12:35:22 +00:00
|
|
|
shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr'
|
2017-07-25 11:18:18 +00:00
|
|
|
register: csr_modulus
|
|
|
|
|
|
|
|
- name: Validate CSR (assert)
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
|
|
|
|
- csr_modulus.stdout == privatekey_modulus.stdout
|
2017-09-14 16:03:00 +00:00
|
|
|
|
2019-01-03 11:34:24 +00:00
|
|
|
- name: Validate CSR (check mode, idempotency)
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- generate_csr_check is changed
|
|
|
|
- generate_csr is changed
|
|
|
|
- generate_csr_check_idempotent is not changed
|
|
|
|
- generate_csr_check_idempotent_check is not changed
|
|
|
|
|
2019-02-11 10:30:56 +00:00
|
|
|
- name: Validate CSR without SAN (check mode, idempotency)
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- generate_csr_nosan_check is changed
|
|
|
|
- generate_csr_nosan is changed
|
|
|
|
- generate_csr_nosan_check_idempotent is not changed
|
|
|
|
- generate_csr_nosan_check_idempotent_check is not changed
|
|
|
|
|
2019-01-03 11:34:24 +00:00
|
|
|
- name: Validate CSR_KU_XKU (assert idempotency, change)
|
2017-09-14 16:03:00 +00:00
|
|
|
assert:
|
|
|
|
that:
|
2018-02-08 12:03:28 +00:00
|
|
|
- csr_ku_xku is not changed
|
2019-01-03 11:34:24 +00:00
|
|
|
- csr_ku_xku_change is changed
|
|
|
|
- csr_ku_xku_change_2 is changed
|
2017-12-12 12:35:22 +00:00
|
|
|
|
|
|
|
- name: Validate old_API CSR (test - Common Name)
|
|
|
|
shell: "openssl req -noout -subject -in {{ output_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"
|
|
|
|
register: csr_oldapi_cn
|
|
|
|
|
|
|
|
- name: Validate old_API CSR (test - csr modulus)
|
|
|
|
shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr_oldapi.csr'
|
|
|
|
register: csr_oldapi_modulus
|
|
|
|
|
|
|
|
- name: Validate old_API CSR (assert)
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com'
|
|
|
|
- csr_oldapi_modulus.stdout == privatekey_modulus.stdout
|
2018-02-08 12:03:28 +00:00
|
|
|
|
2019-03-05 16:07:07 +00:00
|
|
|
- name: Validate invalid SAN
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- generate_csr_invalid_san is failed
|
|
|
|
- "'Subject Alternative Name' in generate_csr_invalid_san.msg"
|
|
|
|
|
2018-02-08 12:03:28 +00:00
|
|
|
- name: Validate OCSP Must Staple CSR (test - everything)
|
|
|
|
shell: "openssl req -noout -in {{ output_dir }}/csr_ocsp.csr -text"
|
|
|
|
register: csr_ocsp
|
|
|
|
|
|
|
|
- name: Validate OCSP Must Staple CSR (assert)
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- "(csr_ocsp.stdout is search('\\s+TLS Feature:\\s*\\n\\s+status_request\\s+')) or
|
|
|
|
(csr_ocsp.stdout is search('\\s+1.3.6.1.5.5.7.1.24:\\s*\\n\\s+0\\.\\.\\.\\.\\s+'))"
|
|
|
|
|
|
|
|
- name: Validate OCSP Must Staple CSR (assert idempotency)
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- csr_ocsp_idempotency is not changed
|
2018-12-23 09:23:31 +00:00
|
|
|
|
|
|
|
- name: Validate ECC CSR (test - privatekey's public key)
|
|
|
|
shell: 'openssl ec -pubout -in {{ output_dir }}/privatekey2.pem'
|
|
|
|
register: privatekey_ecc_key
|
|
|
|
|
|
|
|
- name: Validate ECC CSR (test - Common Name)
|
|
|
|
shell: "openssl req -noout -subject -in {{ output_dir }}/csr2.csr -nameopt oneline,-space_eq"
|
|
|
|
register: csr_ecc_cn
|
|
|
|
|
|
|
|
- name: Validate ECC CSR (test - CSR pubkey)
|
|
|
|
shell: 'openssl req -noout -pubkey -in {{ output_dir }}/csr2.csr'
|
|
|
|
register: csr_ecc_pubkey
|
|
|
|
|
|
|
|
- name: Validate ECC CSR (assert)
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- csr_ecc_cn.stdout.split('=')[-1] == 'www.ansible.com'
|
|
|
|
- csr_ecc_pubkey.stdout == privatekey_ecc_key.stdout
|
2019-01-21 17:19:05 +00:00
|
|
|
|
|
|
|
- name: Validate CSR (text common name - Common Name)
|
|
|
|
shell: "openssl req -noout -subject -in {{ output_dir }}/csr3.csr -nameopt oneline,-space_eq"
|
|
|
|
register: csr3_cn
|
|
|
|
|
|
|
|
- name: Validate CSR (assert)
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- csr3_cn.stdout.split('=')[-1] == 'This is for Ansible'
|
2019-03-07 15:29:35 +00:00
|
|
|
|
|
|
|
- name: Validate country name idempotency and validation
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- country_idempotent_1 is changed
|
|
|
|
- country_idempotent_2 is not changed
|
|
|
|
- country_idempotent_3 is not changed
|
|
|
|
- country_fail_4 is failed
|
2019-03-08 16:21:18 +00:00
|
|
|
|
|
|
|
- name:
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- passphrase_error_1 is failed
|
|
|
|
- "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg"
|
|
|
|
- passphrase_error_2 is failed
|
|
|
|
- "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_2.msg"
|
|
|
|
- passphrase_error_3 is failed
|
|
|
|
- "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_3.msg"
|