diff --git a/changelogs/fragments/241-x509_certificate-assertonly.yml b/changelogs/fragments/241-x509_certificate-assertonly.yml new file mode 100644 index 000000000..abf643570 --- /dev/null +++ b/changelogs/fragments/241-x509_certificate-assertonly.yml @@ -0,0 +1,2 @@ +bugfixes: +- "x509_certificate - fix crash when ``assertonly`` provider is used and some error conditions should be reported (https://github.com/ansible-collections/community.crypto/issues/240, https://github.com/ansible-collections/community.crypto/pull/241)." diff --git a/plugins/module_utils/crypto/module_backends/certificate_assertonly.py b/plugins/module_utils/crypto/module_backends/certificate_assertonly.py index 62ef6c211..7e074ad06 100644 --- a/plugins/module_utils/crypto/module_backends/certificate_assertonly.py +++ b/plugins/module_utils/crypto/module_backends/certificate_assertonly.py @@ -177,25 +177,25 @@ def assertonly(self): if self.privatekey_path is not None or self.privatekey_content is not None: if not self._validate_privatekey(): messages.append( - 'Certificate %s and private key %s do not match' % - (self.path, self.privatekey_path or '(provided in module options)') + 'Certificate and private key %s do not match' % + (self.privatekey_path or '(provided in module options)') ) if self.csr_path is not None or self.csr_content is not None: if not self._validate_csr_signature(): messages.append( - 'Certificate %s and CSR %s do not match: private key mismatch' % - (self.path, self.csr_path or '(provided in module options)') + 'Certificate and CSR %s do not match: private key mismatch' % + (self.csr_path or '(provided in module options)') ) if not self._validate_csr_subject(): messages.append( - 'Certificate %s and CSR %s do not match: subject mismatch' % - (self.path, self.csr_path or '(provided in module options)') + 'Certificate and CSR %s do not match: subject mismatch' % + (self.csr_path or '(provided in module options)') ) if not self._validate_csr_extensions(): messages.append( - 'Certificate %s and CSR %s do not match: extensions mismatch' % - (self.path, self.csr_path or '(provided in module options)') + 'Certificate and CSR %s do not match: extensions mismatch' % + (self.csr_path or '(provided in module options)') ) if self.signature_algorithms is not None: diff --git a/tests/integration/targets/x509_certificate/tasks/assertonly.yml b/tests/integration/targets/x509_certificate/tasks/assertonly.yml index b6f355a75..2416f1e71 100644 --- a/tests/integration/targets/x509_certificate/tasks/assertonly.yml +++ b/tests/integration/targets/x509_certificate/tasks/assertonly.yml @@ -114,6 +114,16 @@ - extension_missing_eku is failed - "'Found no extendedKeyUsage extension' in extension_missing_eku.msg" +- name: (Assertonly, {{select_crypto_backend}}) - Check wrong key fail + x509_certificate: + path: '{{ output_dir }}/cert_noext.pem' + privatekey_path: '{{ output_dir }}/privatekeypw.pem' + privatekey_passphrase: hunter2 + provider: assertonly + select_crypto_backend: '{{ select_crypto_backend }}' + ignore_errors: yes + register: private_key_error + - name: (Assertonly, {{select_crypto_backend}}) - Check private key passphrase fail 1 x509_certificate: path: '{{ output_dir }}/cert_noext.pem' @@ -146,6 +156,8 @@ - name: (Assertonly, {{select_crypto_backend}}) - assert: that: + - private_key_error is failed + - "'Certificate and private key ' in private_key_error.msg and ' do not match' in private_key_error.msg" - passphrase_error_1 is failed - "'assphrase' in passphrase_error_1.msg or 'assword' in passphrase_error_1.msg" - passphrase_error_2 is failed