summaryrefslogtreecommitdiffstats
path: root/test/integration/targets/module_utils_urls
diff options
context:
space:
mode:
Diffstat (limited to 'test/integration/targets/module_utils_urls')
-rw-r--r--test/integration/targets/module_utils_urls/aliases2
-rw-r--r--test/integration/targets/module_utils_urls/library/test_peercert.py98
-rw-r--r--test/integration/targets/module_utils_urls/meta/main.yml3
-rw-r--r--test/integration/targets/module_utils_urls/tasks/main.yml32
4 files changed, 135 insertions, 0 deletions
diff --git a/test/integration/targets/module_utils_urls/aliases b/test/integration/targets/module_utils_urls/aliases
new file mode 100644
index 0000000..3c4491b
--- /dev/null
+++ b/test/integration/targets/module_utils_urls/aliases
@@ -0,0 +1,2 @@
+shippable/posix/group1
+needs/httptester
diff --git a/test/integration/targets/module_utils_urls/library/test_peercert.py b/test/integration/targets/module_utils_urls/library/test_peercert.py
new file mode 100644
index 0000000..ecb7d20
--- /dev/null
+++ b/test/integration/targets/module_utils_urls/library/test_peercert.py
@@ -0,0 +1,98 @@
+#!/usr/bin/python
+
+# Copyright: (c) 2020, Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: test_perrcert
+short_description: Test getting the peer certificate of a HTTP response
+description: Test getting the peer certificate of a HTTP response.
+options:
+ url:
+ description: The endpoint to get the peer cert for
+ required: true
+ type: str
+author:
+- Ansible Project
+'''
+
+EXAMPLES = r'''
+#
+'''
+
+RETURN = r'''
+#
+'''
+
+import base64
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.common.text.converters import to_text
+from ansible.module_utils.urls import getpeercert, Request
+
+
+def get_x509_shorthand(name, value):
+ prefix = {
+ 'countryName': 'C',
+ 'stateOrProvinceName': 'ST',
+ 'localityName': 'L',
+ 'organizationName': 'O',
+ 'commonName': 'CN',
+ 'organizationalUnitName': 'OU',
+ }[name]
+
+ return '%s=%s' % (prefix, value)
+
+
+def main():
+ module_args = dict(
+ url=dict(type='str', required=True),
+ )
+ module = AnsibleModule(
+ argument_spec=module_args,
+ supports_check_mode=True,
+ )
+ result = {
+ 'changed': False,
+ 'cert': None,
+ 'raw_cert': None,
+ }
+
+ req = Request().get(module.params['url'])
+ try:
+ cert = getpeercert(req)
+ b_cert = getpeercert(req, binary_form=True)
+
+ finally:
+ req.close()
+
+ if cert:
+ processed_cert = {
+ 'issuer': '',
+ 'not_after': cert.get('notAfter', None),
+ 'not_before': cert.get('notBefore', None),
+ 'serial_number': cert.get('serialNumber', None),
+ 'subject': '',
+ 'version': cert.get('version', None),
+ }
+
+ for field in ['issuer', 'subject']:
+ field_values = []
+ for x509_part in cert.get(field, []):
+ field_values.append(get_x509_shorthand(x509_part[0][0], x509_part[0][1]))
+
+ processed_cert[field] = ",".join(field_values)
+
+ result['cert'] = processed_cert
+
+ if b_cert:
+ result['raw_cert'] = to_text(base64.b64encode(b_cert))
+
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/test/integration/targets/module_utils_urls/meta/main.yml b/test/integration/targets/module_utils_urls/meta/main.yml
new file mode 100644
index 0000000..f3a332d
--- /dev/null
+++ b/test/integration/targets/module_utils_urls/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+- prepare_http_tests
+- setup_remote_tmp_dir
diff --git a/test/integration/targets/module_utils_urls/tasks/main.yml b/test/integration/targets/module_utils_urls/tasks/main.yml
new file mode 100644
index 0000000..ca76a7d
--- /dev/null
+++ b/test/integration/targets/module_utils_urls/tasks/main.yml
@@ -0,0 +1,32 @@
+- name: get peercert for HTTP connection
+ test_peercert:
+ url: http://{{ httpbin_host }}/get
+ register: cert_http
+
+- name: assert get peercert for HTTP connection
+ assert:
+ that:
+ - cert_http.raw_cert == None
+
+- name: get peercert for HTTPS connection
+ test_peercert:
+ url: https://{{ httpbin_host }}/get
+ register: cert_https
+
+# Alpine does not have openssl, just make sure the text was actually set instead
+- name: check if openssl is installed
+ command: which openssl
+ ignore_errors: yes
+ register: openssl
+
+- name: get actual certificate from endpoint
+ shell: echo | openssl s_client -connect {{ httpbin_host }}:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
+ register: cert_https_actual
+ changed_when: no
+ when: openssl is successful
+
+- name: assert get peercert for HTTPS connection
+ assert:
+ that:
+ - cert_https.raw_cert != None
+ - openssl is failed or cert_https.raw_cert == cert_https_actual.stdout_lines[1:-1] | join("")