def dump(self):
"""Serialize the object into a dictionary."""
result = {
'size': self.size,
'filename': self.path,
'changed': self.changed,
'fingerprint': self.fingerprint,
}
if self.backup_file:
result['backup_file'] = self.backup_file
if self.return_content:
if self.privatekey_bytes is None:
self.privatekey_bytes = load_file_if_exists(self.path,
ignore_errors=True)
if self.privatekey_bytes:
if identify_private_key_format(self.privatekey_bytes) == 'raw':
result['privatekey'] = base64.b64encode(
self.privatekey_bytes)
else:
result['privatekey'] = self.privatekey_bytes.decode(
'utf-8')
else:
result['privatekey'] = None
return result
def dump(self):
"""Serialize the object into a dictionary."""
result = {
'privatekey': self.privatekey_path,
'filename': self.path,
'format': self.format,
'changed': self.changed,
'fingerprint': self.fingerprint,
}
if self.backup_file:
result['backup_file'] = self.backup_file
if self.return_content:
if self.publickey_bytes is None:
self.publickey_bytes = load_file_if_exists(self.path,
ignore_errors=True)
result['publickey'] = self.publickey_bytes.decode(
'utf-8') if self.publickey_bytes else None
result['diff'] = dict(
before=self.diff_before,
after=self.diff_after,
)
return result
def __init__(self, module, module_backend):
super(CertificateSigningRequestModule,
self).__init__(module.params['path'], module.params['state'],
module.params['force'], module.check_mode)
self.module_backend = module_backend
self.return_content = module.params['return_content']
self.backup = module.params['backup']
self.backup_file = None
self.module_backend.set_existing(load_file_if_exists(
self.path, module))
def dump(self):
"""Serialize the object into a dictionary."""
result = {
'size': self.size,
'filename': self.path,
'changed': self.changed,
}
if self.backup_file:
result['backup_file'] = self.backup_file
if self.return_content:
content = load_file_if_exists(self.path, ignore_errors=True)
result['dhparams'] = content.decode('utf-8') if content else None
return result
def dump(self):
"""Serialize the object into a dictionary."""
result = {
'filename': self.path,
}
if self.privatekey_path:
result['privatekey_path'] = self.privatekey_path
if self.backup_file:
result['backup_file'] = self.backup_file
if self.return_content:
if self.pkcs12_bytes is None:
self.pkcs12_bytes = load_file_if_exists(self.path, ignore_errors=True)
result['pkcs12'] = base64.b64encode(self.pkcs12_bytes) if self.pkcs12_bytes else None
return result
def __init__(self, module, module_backend):
super(PrivateKeyModule, self).__init__(
module.params['path'],
module.params['state'],
module.params['force'],
module.check_mode,
)
self.module_backend = module_backend
self.return_content = module.params['return_content']
if self.force:
module_backend.regenerate = 'always'
self.backup = module.params['backup']
self.backup_file = None
if module.params['mode'] is None:
module.params['mode'] = '0600'
module_backend.set_existing(load_file_if_exists(self.path, module))
def check(self, module, perms_required=True):
"""Ensure the resource is in its desired state."""
state_and_perms = super(Pkcs, self).check(module, perms_required)
def _check_pkey_passphrase():
if self.privatekey_passphrase:
try:
load_privatekey(self.privatekey_path,
self.privatekey_passphrase)
except crypto.Error:
return False
except OpenSSLBadPassphraseError:
return False
return True
if not state_and_perms:
return state_and_perms
if os.path.exists(self.path) and module.params['action'] == 'export':
dummy = self.generate(module)
self.src = self.path
try:
pkcs12_privatekey, pkcs12_certificate, pkcs12_other_certificates, pkcs12_friendly_name = self.parse(
)
except crypto.Error:
return False
if (pkcs12_privatekey is not None) and (self.privatekey_path
is not None):
expected_pkey = crypto.dump_privatekey(
crypto.FILETYPE_PEM, self.pkcs12.get_privatekey())
if pkcs12_privatekey != expected_pkey:
return False
elif bool(pkcs12_privatekey) != bool(self.privatekey_path):
return False
if (pkcs12_certificate is not None) and (self.certificate_path
is not None):
expected_cert = crypto.dump_certificate(
crypto.FILETYPE_PEM, self.pkcs12.get_certificate())
if pkcs12_certificate != expected_cert:
return False
elif bool(pkcs12_certificate) != bool(self.certificate_path):
return False
if (pkcs12_other_certificates
is not None) and (self.other_certificates is not None):
expected_other_certs = [
crypto.dump_certificate(crypto.FILETYPE_PEM, other_cert)
for other_cert in self.pkcs12.get_ca_certificates()
]
if set(pkcs12_other_certificates) != set(expected_other_certs):
return False
elif bool(pkcs12_other_certificates) != bool(
self.other_certificates):
return False
if pkcs12_privatekey:
# This check is required because pyOpenSSL will not return a friendly name
# if the private key is not set in the file
if ((self.pkcs12.get_friendlyname() is not None)
and (pkcs12_friendly_name is not None)):
if self.pkcs12.get_friendlyname() != pkcs12_friendly_name:
return False
elif bool(self.pkcs12.get_friendlyname()) != bool(
pkcs12_friendly_name):
return False
elif module.params['action'] == 'parse' and os.path.exists(
self.src) and os.path.exists(self.path):
try:
pkey, cert, other_certs, friendly_name = self.parse()
except crypto.Error:
return False
expected_content = to_bytes(''.join([
to_native(pem) for pem in [pkey, cert] + other_certs
if pem is not None
]))
dumped_content = load_file_if_exists(self.path, ignore_errors=True)
if expected_content != dumped_content:
return False
else:
return False
return _check_pkey_passphrase()
