def enroll(self): request = CertificateRequest(common_name=self.common_name, key_password=self.privatekey_passphrase, origin="Red Hat Ansible") zone_config = self.conn.read_zone_conf(self.zone) request.update_from_zone_config(zone_config) use_existed_key = False if self._check_private_key_correct() and not self.privatekey_reuse: private_key = to_text(open(self.privatekey_filename, "rb").read()) request.private_key = private_key use_existed_key = True elif self.privatekey_type: key_type = {"RSA": "rsa", "ECDSA": "ec", "EC": "ec"}. \ get(self.privatekey_type) if not key_type: self.module.fail_json(msg=("Failed to determine key type: %s." "Must be RSA or ECDSA" % self.privatekey_type)) if key_type == "rsa": request.key_type = KeyType(KeyType.RSA, self.privatekey_size) elif key_type == "ecdsa" or "ec": request.key_type = KeyType(KeyType.ECDSA, self.privatekey_curve) else: self.module.fail_json(msg=("Failed to determine key type: %s." "Must be RSA or ECDSA" % self.privatekey_type)) request.ip_addresses = self.ip_addresses request.san_dns = self.san_dns request.email_addresses = self.email_addresses request.chain_option = self.module.params['chain_option'] try: csr = open(self.csr_path, "rb").read() request.csr = csr except Exception as e: self.module.log(msg=str(e)) pass self.conn.request_cert(request, self.zone) print(request.csr) while True: cert = self.conn.retrieve_cert(request) # vcert.Certificate if cert: break else: time.sleep(5) if self.chain_filename: self._atomic_write(self.chain_filename, "\n".join(cert.chain)) self._atomic_write(self.certificate_filename, cert.cert) else: self._atomic_write(self.certificate_filename, cert.full_chain) if not use_existed_key: self._atomic_write(self.privatekey_filename, request.private_key_pem)
def enroll(self): request = CertificateRequest( common_name=self.common_name, key_password=self.privatekey_passphrase, ) use_existed_key = False if self._check_private_key_correct(): # May be None private_key = to_text(open(self.privatekey_filename, "rb").read()) request.private_key = private_key use_existed_key = True elif self.privatekey_type: key_type = { "RSA": "rsa", "ECDSA": "ec", "EC": "ec" }.get(self.privatekey_type) if not key_type: self.module.fail_json( msg="Failed to determine key type: {0}. Must be RSA or ECDSA" .format(self.privatekey_type)) request.key_type = key_type request.key_curve = self.privatekey_curve request.key_length = self.privatekey_size request.ip_addresses = self.ip_addresses request.san_dns = self.san_dns request.email_addresses = self.email_addresses request.chain_option = self.module.params['chain_option'] try: csr = open(self.csr_path, "rb").read() request.csr = csr except Exception as e: self.module.log(msg=str(e)) pass self.conn.request_cert(request, self.zone) print(request.csr) while True: cert = self.conn.retrieve_cert(request) # vcert.Certificate if cert: break else: time.sleep(5) if self.chain_filename: self._atomic_write(self.chain_filename, "\n".join(cert.chain)) self._atomic_write(self.certificate_filename, cert.cert) else: self._atomic_write(self.certificate_filename, cert.full_chain) if not use_existed_key: self._atomic_write(self.privatekey_filename, request.private_key_pem)