def test_cert_changed_fail_read_keystore(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule(argument_spec=module_argument_spec, supports_check_mode=module_supports_check_mode, mutually_exclusive=module_choose_between, required_one_of=module_choose_between) module.exit_json = Mock() module.fail_json = Mock(return_value=True) with patch('os.remove', return_value=True): self.create_file.side_effect = ['/tmp/placeholder', ''] self.run_command.side_effect = [(0, 'foo: wxyz:9876:stuv', ''), (1, '', 'Oops')] self.get_bin_path.side_effect = ['keytool', 'openssl', ''] jks = JavaKeystore(module) jks.cert_changed() module.fail_json.assert_called_with(cmd=[ "keytool", "-list", "-alias", "foo", "-keystore", "/path/to/keystore.jks", "-v" ], msg='', err='Oops', rc=1)
def test_create_jks_success(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='test', password='******')) module = AnsibleModule(argument_spec=module_argument_spec, supports_check_mode=module_supports_check_mode, mutually_exclusive=module_choose_between, required_one_of=module_choose_between) with patch('os.remove', return_value=True): self.create_path.side_effect = ['/tmp/tmpgrzm2ah7'] self.create_file.side_effect = [ '/tmp/etacifitrec', '/tmp/yek_etavirp', '' ] self.run_command.side_effect = [(0, '', ''), (0, '', '')] self.get_bin_path.side_effect = ['keytool', 'openssl', ''] jks = JavaKeystore(module) assert jks.create() == { 'changed': True, 'cmd': [ "keytool", "-importkeystore", "-destkeystore", "/path/to/keystore.jks", "-srckeystore", "/tmp/tmpgrzm2ah7", "-srcstoretype", "pkcs12", "-alias", "test", "-noprompt" ], 'msg': '', 'rc': 0 }
def test_cert_changed_password_mismatch(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule(argument_spec=module_argument_spec, supports_check_mode=module_supports_check_mode, mutually_exclusive=module_choose_between, required_one_of=module_choose_between) with patch('os.remove', return_value=True): self.create_file.side_effect = ['/tmp/placeholder', ''] self.run_command.side_effect = [ (0, 'foo=abcd:1234:efgh', ''), (1, 'keytool error: java.io.IOException: Keystore password was incorrect', '') ] self.get_bin_path.side_effect = ['keytool', 'openssl', ''] jks = JavaKeystore(module) result = jks.cert_changed() self.assertTrue(result, 'Password mismatch detected')
def test_cert_changed_fail_read_cert(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule(argument_spec=module_argument_spec, supports_check_mode=module_supports_check_mode, mutually_exclusive=module_choose_between, required_one_of=module_choose_between) module.exit_json = Mock() module.fail_json = Mock() with patch('os.remove', return_value=True): self.create_file.side_effect = ['/tmp/tmpdj6bvvme', ''] self.run_command.side_effect = [(1, '', 'Oops'), (0, 'SHA256: wxyz:9876:stuv', '')] self.get_bin_path.side_effect = ['keytool', 'openssl', ''] self.current_type.side_effect = ['jks'] jks = JavaKeystore(module) jks.cert_changed() module.fail_json.assert_called_once_with(cmd=[ "openssl", "x509", "-noout", "-in", "/tmp/tmpdj6bvvme", "-fingerprint", "-sha256" ], msg='', err='Oops', rc=1)
def test_create_jks_fail_import_key(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='test', password='******')) module = AnsibleModule(argument_spec=module_argument_spec, supports_check_mode=module_supports_check_mode, mutually_exclusive=module_choose_between, required_one_of=module_choose_between) module.exit_json = Mock() module.fail_json = Mock() with patch('os.remove', return_value=True): self.create_path.side_effect = ['/tmp/tmpgrzm2ah7'] self.create_file.side_effect = [ '/tmp/etacifitrec', '/tmp/yek_etavirp', '' ] self.run_command.side_effect = [(0, '', ''), (1, '', 'Oops')] self.get_bin_path.side_effect = ['keytool', 'openssl', ''] jks = JavaKeystore(module) jks.create() module.fail_json.assert_called_once_with(cmd=[ "keytool", "-importkeystore", "-destkeystore", "/path/to/keystore.jks", "-srckeystore", "/tmp/tmpgrzm2ah7", "-srcstoretype", "pkcs12", "-alias", "test", "-noprompt" ], msg='', err='Oops', rc=1)
def test_create_jks_fail_export_pkcs12(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='test', password='******')) module = AnsibleModule(argument_spec=module_argument_spec, supports_check_mode=module_supports_check_mode, mutually_exclusive=module_choose_between, required_one_of=module_choose_between) module.exit_json = Mock() module.fail_json = Mock() with patch('os.remove', return_value=True): self.create_path.side_effect = ['/tmp/tmp1cyp12xa'] self.create_file.side_effect = [ '/tmp/tmpvalcrt32', '/tmp/tmpwh4key0c', '' ] self.run_command.side_effect = [(1, '', 'Oops'), (0, '', '')] self.get_bin_path.side_effect = ['keytool', 'openssl', ''] jks = JavaKeystore(module) jks.create() module.fail_json.assert_called_once_with(cmd=[ "openssl", "pkcs12", "-export", "-name", "test", "-in", "/tmp/tmpvalcrt32", "-inkey", "/tmp/tmpwh4key0c", "-out", "/tmp/tmp1cyp12xa", "-passout", "stdin" ], msg='', err='Oops', rc=1)
def test_cert_changed_fingerprint_mismatch(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) with patch('os.remove', return_value=True): self.create_file.side_effect = ['/tmp/placeholder', ''] self.run_command.side_effect = [(0, 'foo=abcd:1234:efgh', ''), (0, 'SHA256: wxyz:9876:stuv', '')] self.get_bin_path.side_effect = ['keytool', 'openssl', ''] jks = JavaKeystore(module) result = jks.cert_changed() self.assertTrue(result, 'Fingerprint mismatch')
def test_cert_unchanged_same_fingerprint(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule(argument_spec=module_argument_spec, supports_check_mode=module_supports_check_mode, mutually_exclusive=module_choose_between, required_one_of=module_choose_between) with patch('os.remove', return_value=True): self.create_file.side_effect = ['/tmp/placeholder', ''] self.run_command.side_effect = [(0, 'foo=abcd:1234:efgh', ''), (0, 'SHA256: abcd:1234:efgh', '')] self.get_bin_path.side_effect = ['keytool', 'openssl', ''] self.current_type.side_effect = ['jks'] jks = JavaKeystore(module) result = jks.cert_changed() self.assertFalse(result, 'Fingerprint is identical')
def test_cert_changed_fail_alias_does_not_exist(self): set_module_args( dict(certificate='cert-foo', private_key='private-foo', dest='/path/to/keystore.jks', name='foo', password='******')) module = AnsibleModule( argument_spec=self.spec.argument_spec, supports_check_mode=self.spec.supports_check_mode) with patch('os.remove', return_value=True): self.create_file.side_effect = ['/tmp/placeholder', ''] self.run_command.side_effect = [ (0, 'foo=abcd:1234:efgh', ''), (1, 'keytool error: java.lang.Exception: Alias <foo> does not exist', '') ] self.get_bin_path.side_effect = ['keytool', 'openssl', ''] jks = JavaKeystore(module) result = jks.cert_changed() self.assertTrue(result, 'Alias mismatch detected')