Enable integration tests for the crypto/ namespace (#26684)

Crypto namespace contains the openssl modules. It has no integration
testing as of now.

This commits aims to add integration tests for the crypto namespace.
This will make it easier to spot breaking changes in the future.

This tests currently apply to:

  * openssl_privatekey
  * openssl_publickey
  * openssl_csr
pull/27265/head
Yanis Guenane 7 years ago committed by John R Barker
parent b3e8fa72ce
commit 8b22c45a45

@ -35,15 +35,12 @@ class OpenSSLObjectError(Exception):
pass
def get_fingerprint(path, passphrase):
def get_fingerprint(path, passphrase=None):
"""Generate the fingerprint of the public key. """
fingerprint = {}
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
open(path, 'rb').read(),
passphrase)
privatekey = load_privatekey(path, passphrase)
try:
publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey)
for algo in hashlib.algorithms:
@ -63,10 +60,14 @@ def load_privatekey(path, passphrase=None):
"""Load the specified OpenSSL private key."""
try:
privatekey_content = open(path, 'rb').read()
if passphrase:
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
privatekey_content,
open(path, 'rb').read(),
passphrase)
else:
privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
open(path, 'rb').read())
return privatekey
except (IOError, OSError) as exc:
raise OpenSSLObjectError(exc)

@ -179,6 +179,7 @@ except ImportError:
else:
pyopenssl_found = True
from ansible.module_utils import crypto as crypto_utils
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_native
@ -231,10 +232,11 @@ class CertificateSigningRequest(object):
if self.subjectAltName is not None:
req.add_extensions([crypto.X509Extension(b"subjectAltName", False, self.subjectAltName.encode('ascii'))])
privatekey_content = open(self.privatekey_path).read()
self.privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM,
privatekey_content,
self.privatekey_passphrase)
self.privatekey = crypto_utils.load_privatekey(
self.privatekey_path,
self.privatekey_passphrase
)
req.set_pubkey(self.privatekey)
req.sign(self.privatekey, self.digest)
self.request = req

@ -187,7 +187,7 @@ class PublicKey(object):
self.privatekey = crypto.load_privatekey(crypto.FILETYPE_PEM, privatekey_content)
publickey_content = crypto.dump_publickey(crypto.FILETYPE_PEM, self.privatekey)
publickey_file = open(self.path, 'w')
publickey_file = open(self.path, 'wb')
publickey_file.write(publickey_content)
publickey_file.close()

@ -0,0 +1,2 @@
dependencies:
- setup_openssl

@ -0,0 +1,11 @@
- name: Generate privatekey
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
- name: Generate CSR
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: 'www.ansible.com'
- import_tasks: ../tests/validate.yml

@ -0,0 +1,17 @@
- name: Validate CSR (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
register: privatekey_modulus
- name: Validate CSR (test - Common Name)
shell: "openssl req -noout -subject -in {{ output_dir }}/csr.csr -nameopt oneline,-space_eq"
register: csr_cn
- name: Validate CSR (test - csr modulus)
shell: 'openssl req -noout -modulus -in {{ output_dir }}/csr.csr | openssl md5'
register: csr_modulus
- name: Validate CSR (assert)
assert:
that:
- csr_cn.stdout.split('=')[-1] == 'www.ansible.com'
- csr_modulus.stdout == privatekey_modulus.stdout

@ -0,0 +1,15 @@
- name: Generate privatekey1 - standard
openssl_privatekey:
path: '{{ output_dir }}/privatekey1.pem'
- name: Generate privatekey2 - size 2048
openssl_privatekey:
path: '{{ output_dir }}/privatekey2.pem'
size: 2048
- name: Generate privatekey3 - type DSA
openssl_privatekey:
path: '{{ output_dir }}/privatekey3.pem'
type: DSA
- import_tasks: ../tests/validate.yml

@ -0,0 +1,28 @@
- name: Validate privatekey1 (test)
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey1.pem | grep Private | sed 's/Private-Key: (\\(.*\\) bit)/\\1/'"
register: privatekey1
- name: Validate privatekey1 (assert)
assert:
that:
- privatekey1.stdout == '4096'
- name: Validate privatekey2 (test)
shell: "openssl rsa -noout -text -in {{ output_dir }}/privatekey2.pem | grep Private | sed 's/Private-Key: (\\(.*\\) bit)/\\1/'"
register: privatekey2
- name: Validate privatekey2 (assert)
assert:
that:
- privatekey2.stdout == '2048'
- name: Validate privatekey3 (test)
shell: "openssl dsa -noout -text -in {{ output_dir }}/privatekey3.pem | grep Private | sed 's/Private-Key: (\\(.*\\) bit)/\\1/'"
register: privatekey3
- name: Validate privatekey3 (assert)
assert:
that:
- privatekey1.stdout == '4096'

@ -0,0 +1,13 @@
- block:
- name: Generate privatekey
openssl_privatekey:
path: '{{ output_dir }}/privatekey.pem'
- name: Generate publickey
openssl_publickey:
path: '{{ output_dir }}/publickey.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
- import_tasks: ../tests/validate.yml
when: pyopenssl_version.stdout|version_compare('16.0.0', '>=')

@ -0,0 +1,12 @@
- name: Validate public key (test - privatekey modulus)
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
register: privatekey_modulus
- name: Validate public key (test - publickey modulus)
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey.pub | openssl md5'
register: publickey_modulus
- name: Validate public key (assert)
assert:
that:
- publickey_modulus.stdout == privatekey_modulus.stdout

@ -0,0 +1,25 @@
- name: Incluse OS-specific variables
include_vars: '{{ ansible_os_family }}.yml'
when: not ansible_os_family == "Darwin"
- name: Install pyOpenSSL
become: True
package:
name: '{{ pyopenssl_package_name_python3 }}'
when: not ansible_os_family == 'Darwin' and ansible_python_version|version_compare('3.0', '>=')
- name: Install pyOpenSSL
become: True
package:
name: '{{ pyopenssl_package_name }}'
when: not ansible_os_family == 'Darwin' and ansible_python_version|version_compare('3.0', '<')
- name: Install pyOpenSSL
become: True
pip:
name: pyOpenSSL
when: ansible_os_family == 'Darwin'
- name: register openssl version
command: python -c 'import OpenSSL; print(OpenSSL.__version__)'
register: pyopenssl_version

@ -0,0 +1,2 @@
pyopenssl_package_name: python-openssl
pyopenssl_package_name_python3: python3-openssl

@ -0,0 +1 @@
pyopenssl_package_name: py27-openssl

@ -0,0 +1 @@
pyopenssl_package_name: pyOpenSSL

@ -0,0 +1 @@
pyopenssl_package_name: python-pyOpenSSL
Loading…
Cancel
Save