def _get_csr_domains(self):
'''
Parse the CSR and return the list of requested domains
'''
if HAS_CURRENT_CRYPTOGRAPHY:
return cryptography_get_csr_domains(self.module, self.csr)
openssl_csr_cmd = [
self._openssl_bin, "req", "-in", self.csr, "-noout", "-text"
]
dummy, out, dummy = self.module.run_command(openssl_csr_cmd,
check_rc=True)
domains = set([])
common_name = re.search(r"Subject:.*? CN\s?=\s?([^\s,;/]+)",
to_text(out, errors='surrogate_or_strict'))
if common_name is not None:
domains.add(common_name.group(1))
subject_alt_names = re.search(
r"X509v3 Subject Alternative Name: (?:critical)?\n +([^\n]+)\n",
to_text(out, errors='surrogate_or_strict'),
re.MULTILINE | re.DOTALL)
if subject_alt_names is not None:
for san in subject_alt_names.group(1).split(", "):
if san.startswith("DNS:"):
domains.add(san[4:])
return domains
def test_csrdomains_cryptography(tmpdir):
fn = tmpdir / 'test.csr'
fn.write(TEST_CSR)
module = MagicMock()
domains = cryptography_get_csr_domains(module, str(fn))
assert domains == set(['ansible.com', 'example.com', 'example.org'])
