def enroll(self):
request = CertificateRequest(common_name=self.common_name,
key_password=self.privatekey_passphrase,
origin="Red Hat Ansible")
zone_config = self.conn.read_zone_conf(self.zone)
request.update_from_zone_config(zone_config)
use_existed_key = False
if self._check_private_key_correct() and not self.privatekey_reuse:
private_key = to_text(open(self.privatekey_filename, "rb").read())
request.private_key = private_key
use_existed_key = True
elif self.privatekey_type:
key_type = {"RSA": "rsa", "ECDSA": "ec", "EC": "ec"}. \
get(self.privatekey_type)
if not key_type:
self.module.fail_json(msg=("Failed to determine key type: %s."
"Must be RSA or ECDSA" %
self.privatekey_type))
if key_type == "rsa":
request.key_type = KeyType(KeyType.RSA, self.privatekey_size)
elif key_type == "ecdsa" or "ec":
request.key_type = KeyType(KeyType.ECDSA,
self.privatekey_curve)
else:
self.module.fail_json(msg=("Failed to determine key type: %s."
"Must be RSA or ECDSA" %
self.privatekey_type))
request.ip_addresses = self.ip_addresses
request.san_dns = self.san_dns
request.email_addresses = self.email_addresses
request.chain_option = self.module.params['chain_option']
try:
csr = open(self.csr_path, "rb").read()
request.csr = csr
except Exception as e:
self.module.log(msg=str(e))
pass
self.conn.request_cert(request, self.zone)
print(request.csr)
while True:
cert = self.conn.retrieve_cert(request) # vcert.Certificate
if cert:
break
else:
time.sleep(5)
if self.chain_filename:
self._atomic_write(self.chain_filename, "\n".join(cert.chain))
self._atomic_write(self.certificate_filename, cert.cert)
else:
self._atomic_write(self.certificate_filename, cert.full_chain)
if not use_existed_key:
self._atomic_write(self.privatekey_filename,
request.private_key_pem)
def enroll(self):
request = CertificateRequest(
common_name=self.common_name,
key_password=self.privatekey_passphrase,
)
use_existed_key = False
if self._check_private_key_correct(): # May be None
private_key = to_text(open(self.privatekey_filename, "rb").read())
request.private_key = private_key
use_existed_key = True
elif self.privatekey_type:
key_type = {
"RSA": "rsa",
"ECDSA": "ec",
"EC": "ec"
}.get(self.privatekey_type)
if not key_type:
self.module.fail_json(
msg="Failed to determine key type: {0}. Must be RSA or ECDSA"
.format(self.privatekey_type))
request.key_type = key_type
request.key_curve = self.privatekey_curve
request.key_length = self.privatekey_size
request.ip_addresses = self.ip_addresses
request.san_dns = self.san_dns
request.email_addresses = self.email_addresses
request.chain_option = self.module.params['chain_option']
try:
csr = open(self.csr_path, "rb").read()
request.csr = csr
except Exception as e:
self.module.log(msg=str(e))
pass
self.conn.request_cert(request, self.zone)
print(request.csr)
while True:
cert = self.conn.retrieve_cert(request) # vcert.Certificate
if cert:
break
else:
time.sleep(5)
if self.chain_filename:
self._atomic_write(self.chain_filename, "\n".join(cert.chain))
self._atomic_write(self.certificate_filename, cert.cert)
else:
self._atomic_write(self.certificate_filename, cert.full_chain)
if not use_existed_key:
self._atomic_write(self.privatekey_filename,
request.private_key_pem)
