diff options
Diffstat (limited to 'test/integration/targets/module_utils_urls')
4 files changed, 135 insertions, 0 deletions
diff --git a/test/integration/targets/module_utils_urls/aliases b/test/integration/targets/module_utils_urls/aliases new file mode 100644 index 0000000..3c4491b --- /dev/null +++ b/test/integration/targets/module_utils_urls/aliases @@ -0,0 +1,2 @@ +shippable/posix/group1 +needs/httptester diff --git a/test/integration/targets/module_utils_urls/library/test_peercert.py b/test/integration/targets/module_utils_urls/library/test_peercert.py new file mode 100644 index 0000000..ecb7d20 --- /dev/null +++ b/test/integration/targets/module_utils_urls/library/test_peercert.py @@ -0,0 +1,98 @@ +#!/usr/bin/python + +# Copyright: (c) 2020, Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = r''' +--- +module: test_perrcert +short_description: Test getting the peer certificate of a HTTP response +description: Test getting the peer certificate of a HTTP response. +options: + url: + description: The endpoint to get the peer cert for + required: true + type: str +author: +- Ansible Project +''' + +EXAMPLES = r''' +# +''' + +RETURN = r''' +# +''' + +import base64 + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.common.text.converters import to_text +from ansible.module_utils.urls import getpeercert, Request + + +def get_x509_shorthand(name, value): + prefix = { + 'countryName': 'C', + 'stateOrProvinceName': 'ST', + 'localityName': 'L', + 'organizationName': 'O', + 'commonName': 'CN', + 'organizationalUnitName': 'OU', + }[name] + + return '%s=%s' % (prefix, value) + + +def main(): + module_args = dict( + url=dict(type='str', required=True), + ) + module = AnsibleModule( + argument_spec=module_args, + supports_check_mode=True, + ) + result = { + 'changed': False, + 'cert': None, + 'raw_cert': None, + } + + req = Request().get(module.params['url']) + try: + cert = getpeercert(req) + b_cert = getpeercert(req, binary_form=True) + + finally: + req.close() + + if cert: + processed_cert = { + 'issuer': '', + 'not_after': cert.get('notAfter', None), + 'not_before': cert.get('notBefore', None), + 'serial_number': cert.get('serialNumber', None), + 'subject': '', + 'version': cert.get('version', None), + } + + for field in ['issuer', 'subject']: + field_values = [] + for x509_part in cert.get(field, []): + field_values.append(get_x509_shorthand(x509_part[0][0], x509_part[0][1])) + + processed_cert[field] = ",".join(field_values) + + result['cert'] = processed_cert + + if b_cert: + result['raw_cert'] = to_text(base64.b64encode(b_cert)) + + module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/test/integration/targets/module_utils_urls/meta/main.yml b/test/integration/targets/module_utils_urls/meta/main.yml new file mode 100644 index 0000000..f3a332d --- /dev/null +++ b/test/integration/targets/module_utils_urls/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: +- prepare_http_tests +- setup_remote_tmp_dir diff --git a/test/integration/targets/module_utils_urls/tasks/main.yml b/test/integration/targets/module_utils_urls/tasks/main.yml new file mode 100644 index 0000000..ca76a7d --- /dev/null +++ b/test/integration/targets/module_utils_urls/tasks/main.yml @@ -0,0 +1,32 @@ +- name: get peercert for HTTP connection + test_peercert: + url: http://{{ httpbin_host }}/get + register: cert_http + +- name: assert get peercert for HTTP connection + assert: + that: + - cert_http.raw_cert == None + +- name: get peercert for HTTPS connection + test_peercert: + url: https://{{ httpbin_host }}/get + register: cert_https + +# Alpine does not have openssl, just make sure the text was actually set instead +- name: check if openssl is installed + command: which openssl + ignore_errors: yes + register: openssl + +- name: get actual certificate from endpoint + shell: echo | openssl s_client -connect {{ httpbin_host }}:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' + register: cert_https_actual + changed_when: no + when: openssl is successful + +- name: assert get peercert for HTTPS connection + assert: + that: + - cert_https.raw_cert != None + - openssl is failed or cert_https.raw_cert == cert_https_actual.stdout_lines[1:-1] | join("") |