コード例 #1
0
 def _check_pkey_passphrase():
     if self.privatekey_passphrase:
         try:
             crypto_utils.load_privatekey(self.privatekey_path,
                                          self.privatekey_passphrase)
         except crypto.Error:
             return False
         except crypto_utils.OpenSSLBadPassphraseError:
             return False
     return True
コード例 #2
0
    def generate(self, module):
        """Generate PKCS#12 file archive."""
        self.pkcs12 = crypto.PKCS12()

        if self.other_certificates:
            other_certs = [crypto_utils.load_certificate(other_cert) for other_cert
                           in self.other_certificates]
            self.pkcs12.set_ca_certificates(other_certs)

        if self.certificate_path:
            self.pkcs12.set_certificate(crypto_utils.load_certificate(
                                        self.certificate_path))

        if self.friendly_name:
            self.pkcs12.set_friendlyname(to_bytes(self.friendly_name))

        if self.privatekey_path:
            try:
                self.pkcs12.set_privatekey(crypto_utils.load_privatekey(
                                           self.privatekey_path,
                                           self.privatekey_passphrase)
                                           )
            except crypto_utils.OpenSSLBadPassphraseError as exc:
                raise PkcsError(exc)

        return self.pkcs12.export(self.passphrase, self.iter_size, self.maciter_size)
コード例 #3
0
    def _check_size_and_type(self):
        def _check_size(privatekey):
            return self.size == privatekey.bits()

        def _check_type(privatekey):
            return self.type == privatekey.type()

        try:
            privatekey = crypto_utils.load_privatekey(self.path, self.passphrase)
        except crypto_utils.OpenSSLBadPassphraseError as exc:
            raise PrivateKeyError(exc)

        return _check_size(privatekey) and _check_type(privatekey)
コード例 #4
0
    def get_info(self):
        result = dict(
            can_load_key=False,
            can_parse_key=False,
            key_is_consistent=None,
        )
        if self.content is not None:
            priv_key_detail = self.content.encode('utf-8')
            result['can_load_key'] = True
        else:
            try:
                with open(self.path, 'rb') as b_priv_key_fh:
                    priv_key_detail = b_priv_key_fh.read()
                result['can_load_key'] = True
            except (IOError, OSError) as exc:
                self.module.fail_json(msg=to_native(exc), **result)
        try:
            self.key = crypto_utils.load_privatekey(
                path=None,
                content=priv_key_detail,
                passphrase=to_bytes(self.passphrase)
                if self.passphrase is not None else self.passphrase,
                backend=self.backend)
            result['can_parse_key'] = True
        except crypto_utils.OpenSSLObjectError as exc:
            self.module.fail_json(msg=to_native(exc), **result)

        result['public_key'] = self._get_public_key(binary=False)
        pk = self._get_public_key(binary=True)
        result[
            'public_key_fingerprints'] = crypto_utils.get_fingerprint_of_bytes(
                pk) if pk is not None else dict()

        key_type, key_public_data, key_private_data = self._get_key_info()
        result['type'] = key_type
        result['public_data'] = key_public_data
        if self.return_private_key_data:
            result['private_data'] = key_private_data

        result['key_is_consistent'] = self._is_key_consistent(
            key_public_data, key_private_data)
        if result['key_is_consistent'] is False:
            # Only fail when it is False, to avoid to fail on None (which means "we don't know")
            result['key_is_consistent'] = False
            self.module.fail_json(
                msg="Private key is not consistent! (See "
                "https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html)",
                **result)
        return result
コード例 #5
0
 def _create_publickey(self, module):
     self.privatekey = crypto_utils.load_privatekey(
         path=self.privatekey_path,
         content=self.privatekey_content,
         passphrase=self.privatekey_passphrase,
         backend=self.backend)
     if self.backend == 'cryptography':
         if self.format == 'OpenSSH':
             return self.privatekey.public_key().public_bytes(
                 crypto_serialization.Encoding.OpenSSH,
                 crypto_serialization.PublicFormat.OpenSSH)
         else:
             return self.privatekey.public_key().public_bytes(
                 crypto_serialization.Encoding.PEM,
                 crypto_serialization.PublicFormat.SubjectPublicKeyInfo)
     else:
         try:
             return crypto.dump_publickey(crypto.FILETYPE_PEM,
                                          self.privatekey)
         except AttributeError as dummy:
             raise PublicKeyError(
                 'You need to have PyOpenSSL>=16.0.0 to generate public keys'
             )
コード例 #6
0
 def _check_passphrase(self):
     try:
         crypto_utils.load_privatekey(self.path, self.passphrase)
         return True
     except Exception as dummy:
         return False