You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/openssl_certificate/tasks/ownca.yml

570 lines
21 KiB
YAML

---
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
openssl_privatekey:
path: '{{ output_dir }}/ca_privatekey.pem'
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey with passphrase
openssl_privatekey:
path: '{{ output_dir }}/ca_privatekey_pw.pem'
passphrase: hunter2
cipher: auto
select_crypto_backend: cryptography
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR
openssl_csr:
path: '{{ output_dir }}/ca_csr.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
subject:
commonName: Example CA
useCommonNameForSAN: no
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR (privatekey passphrase)
openssl_csr:
path: '{{ output_dir }}/ca_csr_pw.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem'
privatekey_passphrase: hunter2
subject:
commonName: Example CA
useCommonNameForSAN: no
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate
openssl_certificate:
path: '{{ output_dir }}/ca_cert.pem'
csr_path: '{{ output_dir }}/ca_csr.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: selfsigned
selfsigned_digest: sha256
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (privatekey passphrase)
openssl_certificate:
path: '{{ output_dir }}/ca_cert_pw.pem'
csr_path: '{{ output_dir }}/ca_csr_pw.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem'
privatekey_passphrase: hunter2
provider: selfsigned
selfsigned_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert.pem'
csr_path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_certificate
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert.pem'
csr_path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_certificate_idempotence
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (check mode)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert.pem'
csr_path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
check_mode: yes
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Check ownca certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert.pem'
privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: assertonly
has_expired: False
version: 3
signature_algorithms:
- sha256WithRSAEncryption
- sha256WithECDSAEncryption
subject:
commonName: www.example.com
issuer:
commonName: Example CA
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca v2 certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_v2.pem'
csr_path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_version: 2
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_v2_certificate
ignore_errors: true
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate2
openssl_certificate:
path: '{{ output_dir }}/ownca_cert2.pem'
csr_path: '{{ output_dir }}/csr2.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Check ownca certificate2
openssl_certificate:
path: '{{ output_dir }}/ownca_cert2.pem'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
provider: assertonly
has_expired: False
version: 3
signature_algorithms:
- sha256WithRSAEncryption
- sha256WithECDSAEncryption
subject:
commonName: www.example.com
C: US
ST: California
L: Los Angeles
O: ACME Inc.
OU:
- Roadrunner pest control
- Pyrotechnics
keyUsage:
- digitalSignature
extendedKeyUsage:
- ipsecUser
- biometricInfo
issuer:
commonName: Example CA
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Create ownca certificate with notBefore and notAfter
openssl_certificate:
provider: ownca
ownca_not_before: 20181023133742Z
ownca_not_after: 20191023133742Z
path: "{{ output_dir }}/ownca_cert3.pem"
csr_path: "{{ output_dir }}/csr.csr"
privatekey_path: "{{ output_dir }}/privatekey3.pem"
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Create ownca certificate with relative notBefore and notAfter
openssl_certificate:
provider: ownca
ownca_not_before: +1s
ownca_not_after: +52w
path: "{{ output_dir }}/ownca_cert4.pem"
csr_path: "{{ output_dir }}/csr.csr"
privatekey_path: "{{ output_dir }}/privatekey3.pem"
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca ECC certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_ecc.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
privatekey_path: '{{ output_dir }}/privatekey_ecc.pem'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_certificate_ecc
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned certificate (privatekey passphrase)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_ecc_2.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert_pw.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem'
ownca_privatekey_passphrase: hunter2
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
register: selfsigned_certificate_passphrase
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 1)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_pw1.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
ownca_privatekey_passphrase: hunter2
provider: ownca
ownca_digest: sha256
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
register: passphrase_error_1
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_pw2.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekeypw.pem'
ownca_privatekey_passphrase: wrong_password
provider: ownca
ownca_digest: sha256
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
register: passphrase_error_2
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 3)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_pw3.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekeypw.pem'
provider: ownca
ownca_digest: sha256
New cryptography backend for openssl_certificate (#53924) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.
6 years ago
select_crypto_backend: '{{ select_crypto_backend }}'
ignore_errors: yes
register: passphrase_error_3
- name: Create broken certificate
copy:
dest: "{{ output_dir }}/ownca_broken.pem"
content: "broken"
- name: Regenerate broken cert
openssl_certificate:
path: '{{ output_dir }}/ownca_broken.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
privatekey_path: '{{ output_dir }}/privatekey_ecc.pem'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
register: ownca_broken
- name: (OwnCA, {{select_crypto_backend}}) Backup test
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_backup.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_1
- name: (OwnCA, {{select_crypto_backend}}) Backup test (idempotent)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_backup.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_2
- name: (OwnCA, {{select_crypto_backend}}) Backup test (change)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_backup.pem'
csr_path: '{{ output_dir }}/csr.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_3
- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_backup.pem'
state: absent
provider: ownca
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_4
- name: (OwnCA, {{select_crypto_backend}}) Backup test (remove, idempotent)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_backup.pem'
state: absent
provider: ownca
backup: yes
select_crypto_backend: '{{ select_crypto_backend }}'
register: ownca_backup_5
- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_ski.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_subject_key_identifier: always_create
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_subject_key_identifier_1
- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (idempotency)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_ski.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_subject_key_identifier: always_create
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_subject_key_identifier_2
- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (remove)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_ski.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_subject_key_identifier: never_create
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_subject_key_identifier_3
- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (remove idempotency)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_ski.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_subject_key_identifier: never_create
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_subject_key_identifier_4
- name: (OwnCA, {{select_crypto_backend}}) Create subject key identifier (re-enable)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_ski.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_subject_key_identifier: always_create
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_subject_key_identifier_5
- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_aki.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: yes
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_authority_key_identifier_1
- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (idempotency)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_aki.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: yes
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_authority_key_identifier_2
- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (remove)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_aki.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: no
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_authority_key_identifier_3
- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (remove idempotency)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_aki.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: no
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_authority_key_identifier_4
- name: (OwnCA, {{select_crypto_backend}}) Create authority key identifier (re-add)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_aki.pem'
csr_path: '{{ output_dir }}/csr_ecc.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/privatekey.pem'
provider: ownca
ownca_digest: sha256
ownca_create_authority_key_identifier: yes
select_crypto_backend: '{{ select_crypto_backend }}'
when: select_crypto_backend != 'pyopenssl'
register: ownca_authority_key_identifier_5
- name: (OwnCA, {{select_crypto_backend}}) Ed25519 and Ed448 tests (for cryptography >= 2.6)
block:
- name: (OwnCA, {{select_crypto_backend}}) Generate privatekeys
openssl_privatekey:
path: '{{ output_dir }}/privatekey_{{ item }}.pem'
type: '{{ item }}'
loop:
- Ed25519
- Ed448
- name: (OwnCA, {{select_crypto_backend}}) Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/privatekey_{{ item }}.pem'
subject:
commonName: www.ansible.com
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
ownca_path: '{{ output_dir }}/ca_cert.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey.pem'
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_idempotence
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey
openssl_privatekey:
path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
type: '{{ item }}'
cipher: auto
passphrase: Test123
loop:
- Ed25519
- Ed448
- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR
openssl_csr:
path: '{{ output_dir }}/ca_csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
privatekey_passphrase: Test123
subject:
commonName: Example CA
useCommonNameForSAN: no
basic_constraints:
- 'CA:TRUE'
basic_constraints_critical: yes
key_usage:
- cRLSign
- keyCertSign
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate
openssl_certificate:
path: '{{ output_dir }}/ca_cert_{{ item }}.pem'
csr_path: '{{ output_dir }}/ca_csr_{{ item }}.csr'
privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
privatekey_passphrase: Test123
provider: selfsigned
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}_2.pem'
csr_path: '{{ output_dir }}/csr.csr'
ownca_path: '{{ output_dir }}/ca_cert_{{ item }}.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
ownca_privatekey_passphrase: Test123
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2
ignore_errors: yes
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (idempotent)
openssl_certificate:
path: '{{ output_dir }}/ownca_cert_{{ item }}_2.pem'
csr_path: '{{ output_dir }}/csr.csr'
ownca_path: '{{ output_dir }}/ca_cert_{{ item }}.pem'
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_{{ item }}.pem'
ownca_privatekey_passphrase: Test123
provider: ownca
ownca_digest: sha256
select_crypto_backend: '{{ select_crypto_backend }}'
loop:
- Ed25519
- Ed448
register: ownca_certificate_ed25519_ed448_2_idempotence
ignore_errors: yes
when: select_crypto_backend == 'cryptography' and cryptography_version.stdout is version('2.6', '>=')
- import_tasks: ../tests/validate_ownca.yml