def __init__(self, module): super(AssertOnlyCertificate, self).__init__(module) self.signature_algorithms = module.params['signature_algorithms'] if module.params['subject']: self.subject = crypto_utils.parse_name_field(module.params['subject']) else: self.subject = [] self.subject_strict = module.params['subject_strict'] if module.params['issuer']: self.issuer = crypto_utils.parse_name_field(module.params['issuer']) else: self.issuer = [] self.issuer_strict = module.params['issuer_strict'] self.has_expired = module.params['has_expired'] self.version = module.params['version'] self.keyUsage = module.params['keyUsage'] self.keyUsage_strict = module.params['keyUsage_strict'] self.extendedKeyUsage = module.params['extendedKeyUsage'] self.extendedKeyUsage_strict = module.params['extendedKeyUsage_strict'] self.subjectAltName = module.params['subjectAltName'] self.subjectAltName_strict = module.params['subjectAltName_strict'] self.notBefore = module.params['notBefore'] self.notAfter = module.params['notAfter'] self.valid_at = module.params['valid_at'] self.invalid_at = module.params['invalid_at'] self.valid_in = module.params['valid_in'] self.message = [] self._sanitize_inputs()
def __init__(self, module): super(AssertOnlyCertificate, self).__init__(module) self.signature_algorithms = module.params['signature_algorithms'] if module.params['subject']: self.subject = crypto_utils.parse_name_field(module.params['subject']) else: self.subject = [] self.subject_strict = module.params['subject_strict'] if module.params['issuer']: self.issuer = crypto_utils.parse_name_field(module.params['issuer']) else: self.issuer = [] self.issuer_strict = module.params['issuer_strict'] self.has_expired = module.params['has_expired'] self.version = module.params['version'] self.keyUsage = module.params['keyUsage'] self.keyUsage_strict = module.params['keyUsage_strict'] self.extendedKeyUsage = module.params['extendedKeyUsage'] self.extendedKeyUsage_strict = module.params['extendedKeyUsage_strict'] self.subjectAltName = module.params['subjectAltName'] self.subjectAltName_strict = module.params['subjectAltName_strict'] self.notBefore = module.params['notBefore'] self.notAfter = module.params['notAfter'] self.valid_at = module.params['valid_at'] self.invalid_at = module.params['invalid_at'] self.valid_in = module.params['valid_in'] self.message = [] self._sanitize_inputs()
def __init__(self, module): super(CertificateSigningRequestBase, self).__init__(module.params['path'], module.params['state'], module.params['force'], module.check_mode) self.digest = module.params['digest'] self.privatekey_path = module.params['privatekey_path'] self.privatekey_passphrase = module.params['privatekey_passphrase'] self.version = module.params['version'] self.subjectAltName = module.params['subject_alt_name'] self.subjectAltName_critical = module.params[ 'subject_alt_name_critical'] self.keyUsage = module.params['key_usage'] self.keyUsage_critical = module.params['key_usage_critical'] self.extendedKeyUsage = module.params['extended_key_usage'] self.extendedKeyUsage_critical = module.params[ 'extended_key_usage_critical'] self.basicConstraints = module.params['basic_constraints'] self.basicConstraints_critical = module.params[ 'basic_constraints_critical'] self.ocspMustStaple = module.params['ocsp_must_staple'] self.ocspMustStaple_critical = module.params[ 'ocsp_must_staple_critical'] self.request = None self.privatekey = None self.backup = module.params['backup'] self.backup_file = None self.subject = [ ('C', module.params['country_name']), ('ST', module.params['state_or_province_name']), ('L', module.params['locality_name']), ('O', module.params['organization_name']), ('OU', module.params['organizational_unit_name']), ('CN', module.params['common_name']), ('emailAddress', module.params['email_address']), ] if module.params['subject']: self.subject = self.subject + crypto_utils.parse_name_field( module.params['subject']) self.subject = [(entry[0], entry[1]) for entry in self.subject if entry[1]] if not self.subjectAltName and module.params['use_common_name_for_san']: for sub in self.subject: if sub[0] in ('commonName', 'CN'): self.subjectAltName = ['DNS:%s' % sub[1]] break
def __init__(self, module): super(CertificateSigningRequest, self).__init__(module.params['path'], module.params['state'], module.params['force'], module.check_mode) self.digest = module.params['digest'] self.privatekey_path = module.params['privatekey_path'] self.privatekey_passphrase = module.params['privatekey_passphrase'] self.version = module.params['version'] self.subjectAltName = module.params['subjectAltName'] self.subjectAltName_critical = module.params['subjectAltName_critical'] self.keyUsage = module.params['keyUsage'] self.keyUsage_critical = module.params['keyUsage_critical'] self.extendedKeyUsage = module.params['extendedKeyUsage'] self.extendedKeyUsage_critical = module.params[ 'extendedKeyUsage_critical'] self.basicConstraints = module.params['basicConstraints'] self.basicConstraints_critical = module.params[ 'basicConstraints_critical'] self.ocspMustStaple = module.params['ocspMustStaple'] self.ocspMustStaple_critical = module.params['ocspMustStaple_critical'] self.request = None self.privatekey = None self.subject = [ ('C', module.params['countryName']), ('ST', module.params['stateOrProvinceName']), ('L', module.params['localityName']), ('O', module.params['organizationName']), ('OU', module.params['organizationalUnitName']), ('CN', module.params['commonName']), ('emailAddress', module.params['emailAddress']), ] if module.params['subject']: self.subject = self.subject + crypto_utils.parse_name_field( module.params['subject']) self.subject = [(entry[0], entry[1]) for entry in self.subject if entry[1]] if not self.subjectAltName: for sub in self.subject: if OpenSSL._util.lib.OBJ_txt2nid(to_bytes( sub[0])) == 13: # 13 is the NID for "commonName" self.subjectAltName = ['DNS:%s' % sub[1]] break
def __init__(self, module): super(CertificateSigningRequest, self).__init__( module.params['path'], module.params['state'], module.params['force'], module.check_mode ) self.digest = module.params['digest'] self.privatekey_path = module.params['privatekey_path'] self.privatekey_passphrase = module.params['privatekey_passphrase'] self.version = module.params['version'] self.subjectAltName = module.params['subjectAltName'] self.subjectAltName_critical = module.params['subjectAltName_critical'] self.keyUsage = module.params['keyUsage'] self.keyUsage_critical = module.params['keyUsage_critical'] self.extendedKeyUsage = module.params['extendedKeyUsage'] self.extendedKeyUsage_critical = module.params['extendedKeyUsage_critical'] self.basicConstraints = module.params['basicConstraints'] self.basicConstraints_critical = module.params['basicConstraints_critical'] self.ocspMustStaple = module.params['ocspMustStaple'] self.ocspMustStaple_critical = module.params['ocspMustStaple_critical'] self.request = None self.privatekey = None self.subject = [ ('C', module.params['countryName']), ('ST', module.params['stateOrProvinceName']), ('L', module.params['localityName']), ('O', module.params['organizationName']), ('OU', module.params['organizationalUnitName']), ('CN', module.params['commonName']), ('emailAddress', module.params['emailAddress']), ] if module.params['subject']: self.subject = self.subject + crypto_utils.parse_name_field(module.params['subject']) self.subject = [(entry[0], entry[1]) for entry in self.subject if entry[1]] if not self.subjectAltName: for sub in self.subject: if OpenSSL._util.lib.OBJ_txt2nid(to_bytes(sub[0])) == 13: # 13 is the NID for "commonName" self.subjectAltName = ['DNS:%s' % sub[1]] break
def __init__(self, module): super(CRL, self).__init__( module.params['path'], module.params['state'], module.params['force'], module.check_mode ) self.update = module.params['mode'] == 'update' self.ignore_timestamps = module.params['ignore_timestamps'] self.return_content = module.params['return_content'] self.crl_content = None self.privatekey_path = module.params['privatekey_path'] self.privatekey_content = module.params['privatekey_content'] if self.privatekey_content is not None: self.privatekey_content = self.privatekey_content.encode('utf-8') self.privatekey_passphrase = module.params['privatekey_passphrase'] self.issuer = crypto_utils.parse_name_field(module.params['issuer']) self.issuer = [(entry[0], entry[1]) for entry in self.issuer if entry[1]] self.last_update = crypto_utils.get_relative_time_option(module.params['last_update'], 'last_update') self.next_update = crypto_utils.get_relative_time_option(module.params['next_update'], 'next_update') self.digest = crypto_utils.select_message_digest(module.params['digest']) if self.digest is None: raise CRLError('The digest "{0}" is not supported'.format(module.params['digest'])) self.revoked_certificates = [] for i, rc in enumerate(module.params['revoked_certificates']): result = { 'serial_number': None, 'revocation_date': None, 'issuer': None, 'issuer_critical': False, 'reason': None, 'reason_critical': False, 'invalidity_date': None, 'invalidity_date_critical': False, } path_prefix = 'revoked_certificates[{0}].'.format(i) if rc['path'] is not None or rc['content'] is not None: # Load certificate from file or content try: if rc['content'] is not None: rc['content'] = rc['content'].encode('utf-8') cert = crypto_utils.load_certificate(rc['path'], content=rc['content'], backend='cryptography') try: result['serial_number'] = cert.serial_number except AttributeError: # The property was called "serial" before cryptography 1.4 result['serial_number'] = cert.serial except crypto_utils.OpenSSLObjectError as e: if rc['content'] is not None: module.fail_json( msg='Cannot parse certificate from {0}content: {1}'.format(path_prefix, to_native(e)) ) else: module.fail_json( msg='Cannot read certificate "{1}" from {0}path: {2}'.format(path_prefix, rc['path'], to_native(e)) ) else: # Specify serial_number (and potentially issuer) directly result['serial_number'] = rc['serial_number'] # All other options if rc['issuer']: result['issuer'] = [crypto_utils.cryptography_get_name(issuer) for issuer in rc['issuer']] result['issuer_critical'] = rc['issuer_critical'] result['revocation_date'] = crypto_utils.get_relative_time_option( rc['revocation_date'], path_prefix + 'revocation_date' ) if rc['reason']: result['reason'] = crypto_utils.REVOCATION_REASON_MAP[rc['reason']] result['reason_critical'] = rc['reason_critical'] if rc['invalidity_date']: result['invalidity_date'] = crypto_utils.get_relative_time_option( rc['invalidity_date'], path_prefix + 'invalidity_date' ) result['invalidity_date_critical'] = rc['invalidity_date_critical'] self.revoked_certificates.append(result) self.module = module self.backup = module.params['backup'] self.backup_file = None try: self.privatekey = crypto_utils.load_privatekey( path=self.privatekey_path, content=self.privatekey_content, passphrase=self.privatekey_passphrase, backend='cryptography' ) except crypto_utils.OpenSSLBadPassphraseError as exc: raise CRLError(exc) self.crl = None try: with open(self.path, 'rb') as f: data = f.read() self.crl = x509.load_pem_x509_crl(data, default_backend()) if self.return_content: self.crl_content = data except Exception as dummy: self.crl_content = None
def __init__(self, module): super(CertificateSigningRequestBase, self).__init__( module.params['path'], module.params['state'], module.params['force'], module.check_mode ) self.digest = module.params['digest'] self.privatekey_path = module.params['privatekey_path'] self.privatekey_passphrase = module.params['privatekey_passphrase'] self.version = module.params['version'] self.subjectAltName = module.params['subject_alt_name'] self.subjectAltName_critical = module.params['subject_alt_name_critical'] self.keyUsage = module.params['key_usage'] self.keyUsage_critical = module.params['key_usage_critical'] self.extendedKeyUsage = module.params['extended_key_usage'] self.extendedKeyUsage_critical = module.params['extended_key_usage_critical'] self.basicConstraints = module.params['basic_constraints'] self.basicConstraints_critical = module.params['basic_constraints_critical'] self.ocspMustStaple = module.params['ocsp_must_staple'] self.ocspMustStaple_critical = module.params['ocsp_must_staple_critical'] self.create_subject_key_identifier = module.params['create_subject_key_identifier'] self.subject_key_identifier = module.params['subject_key_identifier'] self.authority_key_identifier = module.params['authority_key_identifier'] self.authority_cert_issuer = module.params['authority_cert_issuer'] self.authority_cert_serial_number = module.params['authority_cert_serial_number'] self.request = None self.privatekey = None if self.create_subject_key_identifier and self.subject_key_identifier is not None: module.fail_json(msg='subject_key_identifier cannot be specified if create_subject_key_identifier is true') self.backup = module.params['backup'] self.backup_file = None self.subject = [ ('C', module.params['country_name']), ('ST', module.params['state_or_province_name']), ('L', module.params['locality_name']), ('O', module.params['organization_name']), ('OU', module.params['organizational_unit_name']), ('CN', module.params['common_name']), ('emailAddress', module.params['email_address']), ] if module.params['subject']: self.subject = self.subject + crypto_utils.parse_name_field(module.params['subject']) self.subject = [(entry[0], entry[1]) for entry in self.subject if entry[1]] if not self.subjectAltName and module.params['use_common_name_for_san']: for sub in self.subject: if sub[0] in ('commonName', 'CN'): self.subjectAltName = ['DNS:%s' % sub[1]] break if self.subject_key_identifier is not None: try: self.subject_key_identifier = binascii.unhexlify(self.subject_key_identifier.replace(':', '')) except Exception as e: raise CertificateSigningRequestError('Cannot parse subject_key_identifier: {0}'.format(e)) if self.authority_key_identifier is not None: try: self.authority_key_identifier = binascii.unhexlify(self.authority_key_identifier.replace(':', '')) except Exception as e: raise CertificateSigningRequestError('Cannot parse authority_key_identifier: {0}'.format(e))