def test_cert_changed_fail_read_keystore(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(argument_spec=module_argument_spec,
supports_check_mode=module_supports_check_mode,
mutually_exclusive=module_choose_between,
required_one_of=module_choose_between)
module.exit_json = Mock()
module.fail_json = Mock(return_value=True)
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/placeholder', '']
self.run_command.side_effect = [(0, 'foo: wxyz:9876:stuv', ''),
(1, '', 'Oops')]
self.get_bin_path.side_effect = ['keytool', 'openssl', '']
jks = JavaKeystore(module)
jks.cert_changed()
module.fail_json.assert_called_with(cmd=[
"keytool", "-list", "-alias", "foo", "-keystore",
"/path/to/keystore.jks", "-v"
],
msg='',
err='Oops',
rc=1)
def test_create_jks_success(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='test',
password='******'))
module = AnsibleModule(argument_spec=module_argument_spec,
supports_check_mode=module_supports_check_mode,
mutually_exclusive=module_choose_between,
required_one_of=module_choose_between)
with patch('os.remove', return_value=True):
self.create_path.side_effect = ['/tmp/tmpgrzm2ah7']
self.create_file.side_effect = [
'/tmp/etacifitrec', '/tmp/yek_etavirp', ''
]
self.run_command.side_effect = [(0, '', ''), (0, '', '')]
self.get_bin_path.side_effect = ['keytool', 'openssl', '']
jks = JavaKeystore(module)
assert jks.create() == {
'changed':
True,
'cmd': [
"keytool", "-importkeystore", "-destkeystore",
"/path/to/keystore.jks", "-srckeystore",
"/tmp/tmpgrzm2ah7", "-srcstoretype", "pkcs12", "-alias",
"test", "-noprompt"
],
'msg':
'',
'rc':
0
}
def test_cert_changed_password_mismatch(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(argument_spec=module_argument_spec,
supports_check_mode=module_supports_check_mode,
mutually_exclusive=module_choose_between,
required_one_of=module_choose_between)
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/placeholder', '']
self.run_command.side_effect = [
(0, 'foo=abcd:1234:efgh', ''),
(1,
'keytool error: java.io.IOException: Keystore password was incorrect',
'')
]
self.get_bin_path.side_effect = ['keytool', 'openssl', '']
jks = JavaKeystore(module)
result = jks.cert_changed()
self.assertTrue(result, 'Password mismatch detected')
def test_cert_changed_fail_read_cert(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(argument_spec=module_argument_spec,
supports_check_mode=module_supports_check_mode,
mutually_exclusive=module_choose_between,
required_one_of=module_choose_between)
module.exit_json = Mock()
module.fail_json = Mock()
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/tmpdj6bvvme', '']
self.run_command.side_effect = [(1, '', 'Oops'),
(0, 'SHA256: wxyz:9876:stuv', '')]
self.get_bin_path.side_effect = ['keytool', 'openssl', '']
self.current_type.side_effect = ['jks']
jks = JavaKeystore(module)
jks.cert_changed()
module.fail_json.assert_called_once_with(cmd=[
"openssl", "x509", "-noout", "-in", "/tmp/tmpdj6bvvme",
"-fingerprint", "-sha256"
],
msg='',
err='Oops',
rc=1)
def test_create_jks_fail_import_key(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='test',
password='******'))
module = AnsibleModule(argument_spec=module_argument_spec,
supports_check_mode=module_supports_check_mode,
mutually_exclusive=module_choose_between,
required_one_of=module_choose_between)
module.exit_json = Mock()
module.fail_json = Mock()
with patch('os.remove', return_value=True):
self.create_path.side_effect = ['/tmp/tmpgrzm2ah7']
self.create_file.side_effect = [
'/tmp/etacifitrec', '/tmp/yek_etavirp', ''
]
self.run_command.side_effect = [(0, '', ''), (1, '', 'Oops')]
self.get_bin_path.side_effect = ['keytool', 'openssl', '']
jks = JavaKeystore(module)
jks.create()
module.fail_json.assert_called_once_with(cmd=[
"keytool", "-importkeystore", "-destkeystore",
"/path/to/keystore.jks", "-srckeystore", "/tmp/tmpgrzm2ah7",
"-srcstoretype", "pkcs12", "-alias", "test", "-noprompt"
],
msg='',
err='Oops',
rc=1)
def test_create_jks_fail_export_pkcs12(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='test',
password='******'))
module = AnsibleModule(argument_spec=module_argument_spec,
supports_check_mode=module_supports_check_mode,
mutually_exclusive=module_choose_between,
required_one_of=module_choose_between)
module.exit_json = Mock()
module.fail_json = Mock()
with patch('os.remove', return_value=True):
self.create_path.side_effect = ['/tmp/tmp1cyp12xa']
self.create_file.side_effect = [
'/tmp/tmpvalcrt32', '/tmp/tmpwh4key0c', ''
]
self.run_command.side_effect = [(1, '', 'Oops'), (0, '', '')]
self.get_bin_path.side_effect = ['keytool', 'openssl', '']
jks = JavaKeystore(module)
jks.create()
module.fail_json.assert_called_once_with(cmd=[
"openssl", "pkcs12", "-export", "-name", "test", "-in",
"/tmp/tmpvalcrt32", "-inkey", "/tmp/tmpwh4key0c", "-out",
"/tmp/tmp1cyp12xa", "-passout", "stdin"
],
msg='',
err='Oops',
rc=1)
def test_cert_changed_fingerprint_mismatch(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/placeholder', '']
self.run_command.side_effect = [(0, 'foo=abcd:1234:efgh', ''),
(0, 'SHA256: wxyz:9876:stuv', '')]
self.get_bin_path.side_effect = ['keytool', 'openssl', '']
jks = JavaKeystore(module)
result = jks.cert_changed()
self.assertTrue(result, 'Fingerprint mismatch')
def test_cert_unchanged_same_fingerprint(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(argument_spec=module_argument_spec,
supports_check_mode=module_supports_check_mode,
mutually_exclusive=module_choose_between,
required_one_of=module_choose_between)
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/placeholder', '']
self.run_command.side_effect = [(0, 'foo=abcd:1234:efgh', ''),
(0, 'SHA256: abcd:1234:efgh', '')]
self.get_bin_path.side_effect = ['keytool', 'openssl', '']
self.current_type.side_effect = ['jks']
jks = JavaKeystore(module)
result = jks.cert_changed()
self.assertFalse(result, 'Fingerprint is identical')
def test_cert_changed_fail_alias_does_not_exist(self):
set_module_args(
dict(certificate='cert-foo',
private_key='private-foo',
dest='/path/to/keystore.jks',
name='foo',
password='******'))
module = AnsibleModule(
argument_spec=self.spec.argument_spec,
supports_check_mode=self.spec.supports_check_mode)
with patch('os.remove', return_value=True):
self.create_file.side_effect = ['/tmp/placeholder', '']
self.run_command.side_effect = [
(0, 'foo=abcd:1234:efgh', ''),
(1,
'keytool error: java.lang.Exception: Alias <foo> does not exist',
'')
]
self.get_bin_path.side_effect = ['keytool', 'openssl', '']
jks = JavaKeystore(module)
result = jks.cert_changed()
self.assertTrue(result, 'Alias mismatch detected')
