Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Examples for Key->Cert->PKCS12->PEMkey to facilite automated testing
- Loading branch information
1 parent
bda0310
commit cbfad5e
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| openssl::certificate::x509 { 'sample_x509': | ||
| ensure => present, | ||
| base_dir => '/tmp', | ||
| key_size => 1024, #entropy in CI is limited | ||
| organization => 'voxpupuli', | ||
| } | ||
|
|
||
| -> openssl::export::pkcs12 { 'export': | ||
| ensure => 'present', | ||
| basedir => '/tmp', | ||
| pkey => '/tmp/sample_x509.key', | ||
| cert => '/tmp/sample_x509.crt', | ||
| } | ||
|
|
||
| -> openssl::export::pem_key { 'key-UUID': | ||
| ensure => present, | ||
| pfx_cert => '/tmp/export.p12', | ||
| pem_key => '/tmp/key.pem', | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| # frozen_string_literal: true | ||
|
|
||
| require 'spec_helper_acceptance' | ||
|
|
||
| # the openssl output changed and differs between EL9 vs older versions | ||
| # https://github.com/mizzy/serverspec/commit/ac366dd40015f0b53e70a3ed881b931dfc83c603 might not be a correct fix | ||
| # Ewoud is working on a fix in https://github.com/ekohl/serverspec/commit/64874e9c8cc70b097300c3a60281572a3528768e | ||
| # in the meantime we won't use x509_certificate matcher | ||
| describe 'x509 to pkcs12 to pem key' do | ||
| it_behaves_like 'the example', 'x509_pkcs12_pemkey.pp' do | ||
| describe x509_certificate('/tmp/sample_x509.crt') do | ||
| it { is_expected.to be_certificate } | ||
| it { is_expected.to be_valid } | ||
| its(:keylength) { is_expected.to eq 1024 } | ||
| end | ||
|
|
||
| if fact('openssl_version').split('.').first.to_i >= 3 | ||
|
Check failure on line 17 in spec/acceptance/x509_pkcs12_pemkey_spec.rb
|
||
| describe command('openssl pkcs12 -info -in /tmp/export.p12 -passin pass: -passout pass:') do | ||
| its(:stdout) { is_expected.to contain('-----BEGIN CERTIFICATE-----') } | ||
| its(:stdout) { is_expected.to contain('-----BEGIN ENCRYPTED PRIVATE KEY-----') } | ||
| its(:exit_status) { is_expected.to eq 0 } | ||
| end | ||
| end | ||
|
|
||
| # rubocop:disable RSpec/RepeatedExampleGroupBody | ||
| describe file('/tmp/sample_x509.crt') do | ||
| it { is_expected.to be_file } | ||
| its(:size) { is_expected.to be > 0 } | ||
| end | ||
|
|
||
| describe file('/tmp/sample_x509.key') do | ||
| it { is_expected.to be_file } | ||
| its(:size) { is_expected.to be > 0 } | ||
| end | ||
|
|
||
| describe file('/tmp/export.p12') do | ||
| it { is_expected.to be_file } | ||
| its(:size) { is_expected.to be > 0 } | ||
| end | ||
| # rubocop:enable RSpec/RepeatedExampleGroupBody | ||
| end | ||
| end | ||
