def needs_regeneration(self): """Check whether a regeneration is necessary.""" if self.existing_csr_bytes is None: return True try: self.existing_csr = load_certificate_request(None, content=self.existing_csr_bytes, backend=self.backend) except Exception as dummy: return True self._ensure_private_key_loaded() return not self._check_csr()
def _ensure_csr_loaded(self): """Load the CSR into self.csr.""" if self.csr is not None: return if self.csr_path is None and self.csr_content is None: return self.csr = load_certificate_request( path=self.csr_path, content=self.csr_content, backend=self.backend, )
def get_info(self): result = dict() self.csr = load_certificate_request(self.path, content=self.content, backend=self.backend) subject = self._get_subject_ordered() result['subject'] = dict() for k, v in subject: result['subject'][k] = v result['subject_ordered'] = subject result['key_usage'], result[ 'key_usage_critical'] = self._get_key_usage() result['extended_key_usage'], result[ 'extended_key_usage_critical'] = self._get_extended_key_usage() result['basic_constraints'], result[ 'basic_constraints_critical'] = self._get_basic_constraints() result['ocsp_must_staple'], result[ 'ocsp_must_staple_critical'] = self._get_ocsp_must_staple() result['subject_alt_name'], result[ 'subject_alt_name_critical'] = self._get_subject_alt_name() ( result['name_constraints_permitted'], result['name_constraints_excluded'], result['name_constraints_critical'], ) = self._get_name_constraints() result['public_key'] = self._get_public_key(binary=False) pk = self._get_public_key(binary=True) result['public_key_fingerprints'] = get_fingerprint_of_bytes( pk) if pk is not None else dict() if self.backend != 'pyopenssl': ski = self._get_subject_key_identifier() if ski is not None: ski = to_native(binascii.hexlify(ski)) ski = ':'.join([ski[i:i + 2] for i in range(0, len(ski), 2)]) result['subject_key_identifier'] = ski aki, aci, acsn = self._get_authority_key_identifier() if aki is not None: aki = to_native(binascii.hexlify(aki)) aki = ':'.join([aki[i:i + 2] for i in range(0, len(aki), 2)]) result['authority_key_identifier'] = aki result['authority_cert_issuer'] = aci result['authority_cert_serial_number'] = acsn result['extensions_by_oid'] = self._get_all_extensions() result['signature_valid'] = self._is_signature_valid() if not result['signature_valid']: self.module.fail_json(msg='CSR signature is invalid!', **result) return result
def get_info(self, prefer_one_fingerprint=False): result = dict() self.csr = load_certificate_request(None, content=self.content, backend=self.backend) subject = self._get_subject_ordered() result['subject'] = dict() for k, v in subject: result['subject'][k] = v result['subject_ordered'] = subject result['key_usage'], result[ 'key_usage_critical'] = self._get_key_usage() result['extended_key_usage'], result[ 'extended_key_usage_critical'] = self._get_extended_key_usage() result['basic_constraints'], result[ 'basic_constraints_critical'] = self._get_basic_constraints() result['ocsp_must_staple'], result[ 'ocsp_must_staple_critical'] = self._get_ocsp_must_staple() result['subject_alt_name'], result[ 'subject_alt_name_critical'] = self._get_subject_alt_name() ( result['name_constraints_permitted'], result['name_constraints_excluded'], result['name_constraints_critical'], ) = self._get_name_constraints() result['public_key'] = self._get_public_key_pem() public_key_info = get_publickey_info( self.module, self.backend, key=self._get_public_key_object(), prefer_one_fingerprint=prefer_one_fingerprint) result.update({ 'public_key_type': public_key_info['type'], 'public_key_data': public_key_info['public_data'], 'public_key_fingerprints': public_key_info['fingerprints'], }) if self.backend != 'pyopenssl': ski = self._get_subject_key_identifier() if ski is not None: ski = to_native(binascii.hexlify(ski)) ski = ':'.join([ski[i:i + 2] for i in range(0, len(ski), 2)]) result['subject_key_identifier'] = ski aki, aci, acsn = self._get_authority_key_identifier() if aki is not None: aki = to_native(binascii.hexlify(aki)) aki = ':'.join([aki[i:i + 2] for i in range(0, len(aki), 2)]) result['authority_key_identifier'] = aki result['authority_cert_issuer'] = aci result['authority_cert_serial_number'] = acsn result['extensions_by_oid'] = self._get_all_extensions() result['signature_valid'] = self._is_signature_valid() if self.validate_signature and not result['signature_valid']: self.module.fail_json(msg='CSR signature is invalid!', **result) return result