ansible/test/integration/targets/openssl_certificate_info/tasks/main.yml

---
- name: Generate privatekey
  openssl_privatekey:
    path: '{{ output_dir }}/privatekey.pem'

- name: Generate privatekey with password
  openssl_privatekey:
    path: '{{ output_dir }}/privatekeypw.pem'
    passphrase: hunter2
    cipher: auto
    select_crypto_backend: cryptography

- name: Generate CSR 1
  openssl_csr:
    path: '{{ output_dir }}/csr_1.csr'
    privatekey_path: '{{ output_dir }}/privatekey.pem'
    subject:
      commonName: www.example.com
      C: de
      L: Somewhere
      ST: Zurich
      streetAddress: Welcome Street
      O: Ansible
      organizationalUnitName: Crypto Department
      serialNumber: "1234"
      SN: Last Name
      GN: First Name
      title: Chief
      pseudonym: test
      UID: asdf
      emailAddress: test@example.com
      postalAddress: 1234 Somewhere
      postalCode: "1234"
    useCommonNameForSAN: no
    key_usage:
      - digitalSignature
      - keyAgreement
      - Non Repudiation
      - Key Encipherment
      - dataEncipherment
      - Certificate Sign
      - cRLSign
      - Encipher Only
      - decipherOnly
    key_usage_critical: yes
    extended_key_usage:
      - serverAuth  # the same as "TLS Web Server Authentication"
      - TLS Web Server Authentication
      - TLS Web Client Authentication
      - Code Signing
      - E-mail Protection
      - timeStamping
      - OCSPSigning
      - Any Extended Key Usage
      - qcStatements
      - DVCS
      - IPSec User
      - biometricInfo
    subject_alt_name:
      - "DNS:www.ansible.com"
      - "IP:1.2.3.4"
      - "IP:::1"
      - "email:test@example.org"
      - "URI:https://example.org/test/index.html"
    basic_constraints:
      - "CA:TRUE"
      - "pathlen:23"
    basic_constraints_critical: yes
    ocsp_must_staple: yes

- name: Generate CSR 2
  openssl_csr:
    path: '{{ output_dir }}/csr_2.csr'
    privatekey_path: '{{ output_dir }}/privatekeypw.pem'
    privatekey_passphrase: hunter2
    useCommonNameForSAN: no
    basic_constraints:
      - "CA:TRUE"

- name: Generate CSR 3
  openssl_csr:
    path: '{{ output_dir }}/csr_3.csr'
    privatekey_path: '{{ output_dir }}/privatekey.pem'
    useCommonNameForSAN: no
    subject_alt_name:
      - "DNS:*.ansible.com"
      - "DNS:*.example.org"
      - "IP:DEAD:BEEF::1"
    basic_constraints:
      - "CA:FALSE"

- name: Generate CSR 4
  openssl_csr:
    path: '{{ output_dir }}/csr_4.csr'
    privatekey_path: '{{ output_dir }}/privatekey.pem'
    useCommonNameForSAN: no

- name: Generate selfsigned certificates
  openssl_certificate:
    path: '{{ output_dir }}/cert_{{ item }}.pem'
    csr_path: '{{ output_dir }}/csr_{{ item }}.csr'
    privatekey_path: '{{ output_dir }}/privatekey.pem'
    provider: selfsigned
    selfsigned_digest: sha256
    selfsigned_not_after: "+10d"
    selfsigned_not_before: "-3d"
  loop:
  - 1
  - 2
  - 3
  - 4

- name: Prepare result list
  set_fact:
    info_results: []

- name: Running tests with pyOpenSSL backend
  include_tasks: impl.yml
  vars:
    select_crypto_backend: pyopenssl
  when: pyopenssl_version.stdout is version('0.15', '>=')

- name: Prepare result list
  set_fact:
    pyopenssl_info_results: "{{ info_results }}"
    info_results: []

- name: Running tests with cryptography backend
  include_tasks: impl.yml
  vars:
    select_crypto_backend: cryptography
  when: cryptography_version.stdout is version('1.6', '>=')

- name: Prepare result list
  set_fact:
    cryptography_info_results: "{{ info_results }}"

- block:
  - name: Dump pyOpenSSL results
    debug:
      var: pyopenssl_info_results
  - name: Dump cryptography results
    debug:
      var: cryptography_info_results
  - name: Compare results
    assert:
      that:
      - item.0 == item.1
      quiet: yes
    loop: "{{ pyopenssl_info_results | zip(cryptography_info_results) | list }}"
  when: pyopenssl_version.stdout is version('0.15', '>=') and cryptography_version.stdout is version('1.6', '>=')