def dump(self): """Serialize the object into a dictionary.""" result = { 'size': self.size, 'filename': self.path, 'changed': self.changed, 'fingerprint': self.fingerprint, } if self.backup_file: result['backup_file'] = self.backup_file if self.return_content: if self.privatekey_bytes is None: self.privatekey_bytes = load_file_if_exists(self.path, ignore_errors=True) if self.privatekey_bytes: if identify_private_key_format(self.privatekey_bytes) == 'raw': result['privatekey'] = base64.b64encode( self.privatekey_bytes) else: result['privatekey'] = self.privatekey_bytes.decode( 'utf-8') else: result['privatekey'] = None return result
def dump(self): """Serialize the object into a dictionary.""" result = { 'privatekey': self.privatekey_path, 'filename': self.path, 'format': self.format, 'changed': self.changed, 'fingerprint': self.fingerprint, } if self.backup_file: result['backup_file'] = self.backup_file if self.return_content: if self.publickey_bytes is None: self.publickey_bytes = load_file_if_exists(self.path, ignore_errors=True) result['publickey'] = self.publickey_bytes.decode( 'utf-8') if self.publickey_bytes else None result['diff'] = dict( before=self.diff_before, after=self.diff_after, ) return result
def __init__(self, module, module_backend): super(CertificateSigningRequestModule, self).__init__(module.params['path'], module.params['state'], module.params['force'], module.check_mode) self.module_backend = module_backend self.return_content = module.params['return_content'] self.backup = module.params['backup'] self.backup_file = None self.module_backend.set_existing(load_file_if_exists( self.path, module))
def dump(self): """Serialize the object into a dictionary.""" result = { 'size': self.size, 'filename': self.path, 'changed': self.changed, } if self.backup_file: result['backup_file'] = self.backup_file if self.return_content: content = load_file_if_exists(self.path, ignore_errors=True) result['dhparams'] = content.decode('utf-8') if content else None return result
def dump(self): """Serialize the object into a dictionary.""" result = { 'filename': self.path, } if self.privatekey_path: result['privatekey_path'] = self.privatekey_path if self.backup_file: result['backup_file'] = self.backup_file if self.return_content: if self.pkcs12_bytes is None: self.pkcs12_bytes = load_file_if_exists(self.path, ignore_errors=True) result['pkcs12'] = base64.b64encode(self.pkcs12_bytes) if self.pkcs12_bytes else None return result
def __init__(self, module, module_backend): super(PrivateKeyModule, self).__init__( module.params['path'], module.params['state'], module.params['force'], module.check_mode, ) self.module_backend = module_backend self.return_content = module.params['return_content'] if self.force: module_backend.regenerate = 'always' self.backup = module.params['backup'] self.backup_file = None if module.params['mode'] is None: module.params['mode'] = '0600' module_backend.set_existing(load_file_if_exists(self.path, module))
def check(self, module, perms_required=True): """Ensure the resource is in its desired state.""" state_and_perms = super(Pkcs, self).check(module, perms_required) def _check_pkey_passphrase(): if self.privatekey_passphrase: try: load_privatekey(self.privatekey_path, self.privatekey_passphrase) except crypto.Error: return False except OpenSSLBadPassphraseError: return False return True if not state_and_perms: return state_and_perms if os.path.exists(self.path) and module.params['action'] == 'export': dummy = self.generate(module) self.src = self.path try: pkcs12_privatekey, pkcs12_certificate, pkcs12_other_certificates, pkcs12_friendly_name = self.parse( ) except crypto.Error: return False if (pkcs12_privatekey is not None) and (self.privatekey_path is not None): expected_pkey = crypto.dump_privatekey( crypto.FILETYPE_PEM, self.pkcs12.get_privatekey()) if pkcs12_privatekey != expected_pkey: return False elif bool(pkcs12_privatekey) != bool(self.privatekey_path): return False if (pkcs12_certificate is not None) and (self.certificate_path is not None): expected_cert = crypto.dump_certificate( crypto.FILETYPE_PEM, self.pkcs12.get_certificate()) if pkcs12_certificate != expected_cert: return False elif bool(pkcs12_certificate) != bool(self.certificate_path): return False if (pkcs12_other_certificates is not None) and (self.other_certificates is not None): expected_other_certs = [ crypto.dump_certificate(crypto.FILETYPE_PEM, other_cert) for other_cert in self.pkcs12.get_ca_certificates() ] if set(pkcs12_other_certificates) != set(expected_other_certs): return False elif bool(pkcs12_other_certificates) != bool( self.other_certificates): return False if pkcs12_privatekey: # This check is required because pyOpenSSL will not return a friendly name # if the private key is not set in the file if ((self.pkcs12.get_friendlyname() is not None) and (pkcs12_friendly_name is not None)): if self.pkcs12.get_friendlyname() != pkcs12_friendly_name: return False elif bool(self.pkcs12.get_friendlyname()) != bool( pkcs12_friendly_name): return False elif module.params['action'] == 'parse' and os.path.exists( self.src) and os.path.exists(self.path): try: pkey, cert, other_certs, friendly_name = self.parse() except crypto.Error: return False expected_content = to_bytes(''.join([ to_native(pem) for pem in [pkey, cert] + other_certs if pem is not None ])) dumped_content = load_file_if_exists(self.path, ignore_errors=True) if expected_content != dumped_content: return False else: return False return _check_pkey_passphrase()