diff --git a/changelogs/fragments/60740-openssl_certificate-check-existence.yml b/changelogs/fragments/60740-openssl_certificate-check-existence.yml new file mode 100644 index 00000000000..7e99211a49a --- /dev/null +++ b/changelogs/fragments/60740-openssl_certificate-check-existence.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_certificate - improve behavior when required files are missing." diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index c2905a34d6b..a16ab4db2c3 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -809,7 +809,6 @@ try: from cryptography import x509 from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.serialization import Encoding - from cryptography.hazmat.primitives.hashes import SHA1 from cryptography.x509 import NameAttribute, Name from cryptography.x509.oid import NameOID CRYPTOGRAPHY_VERSION = LooseVersion(cryptography.__version__) @@ -1000,6 +999,16 @@ class SelfSignedCertificateCryptography(Certificate): self.digest = crypto_utils.select_message_digest(module.params['selfsigned_digest']) self.version = module.params['selfsigned_version'] self.serial_number = x509.random_serial_number() + + if not os.path.exists(self.csr_path): + raise CertificateError( + 'The certificate signing request file {0} does not exist'.format(self.csr_path) + ) + if not os.path.exists(self.privatekey_path): + raise CertificateError( + 'The private key file {0} does not exist'.format(self.privatekey_path) + ) + self.csr = crypto_utils.load_certificate_request(self.csr_path, backend=self.backend) self._module = module @@ -1093,6 +1102,16 @@ class SelfSignedCertificate(Certificate): self.digest = module.params['selfsigned_digest'] self.version = module.params['selfsigned_version'] self.serial_number = randint(1000, 99999) + + if not os.path.exists(self.csr_path): + raise CertificateError( + 'The certificate signing request file {0} does not exist'.format(self.csr_path) + ) + if not os.path.exists(self.privatekey_path): + raise CertificateError( + 'The private key file {0} does not exist'.format(self.privatekey_path) + ) + self.csr = crypto_utils.load_certificate_request(self.csr_path) try: self.privatekey = crypto_utils.load_privatekey( @@ -1175,6 +1194,20 @@ class OwnCACertificateCryptography(Certificate): self.ca_cert_path = module.params['ownca_path'] self.ca_privatekey_path = module.params['ownca_privatekey_path'] self.ca_privatekey_passphrase = module.params['ownca_privatekey_passphrase'] + + if not os.path.exists(self.csr_path): + raise CertificateError( + 'The certificate signing request file {0} does not exist'.format(self.csr_path) + ) + if not os.path.exists(self.ca_cert_path): + raise CertificateError( + 'The CA certificate file {0} does not exist'.format(self.ca_cert_path) + ) + if not os.path.exists(self.ca_privatekey_path): + raise CertificateError( + 'The CA private key file {0} does not exist'.format(self.ca_privatekey_path) + ) + self.csr = crypto_utils.load_certificate_request(self.csr_path, backend=self.backend) self.ca_cert = crypto_utils.load_certificate(self.ca_cert_path, backend=self.backend) try: @@ -1272,6 +1305,20 @@ class OwnCACertificate(Certificate): self.ca_cert_path = module.params['ownca_path'] self.ca_privatekey_path = module.params['ownca_privatekey_path'] self.ca_privatekey_passphrase = module.params['ownca_privatekey_passphrase'] + + if not os.path.exists(self.csr_path): + raise CertificateError( + 'The certificate signing request file {0} does not exist'.format(self.csr_path) + ) + if not os.path.exists(self.ca_cert_path): + raise CertificateError( + 'The CA certificate file {0} does not exist'.format(self.ca_cert_path) + ) + if not os.path.exists(self.ca_privatekey_path): + raise CertificateError( + 'The CA private key file {0} does not exist'.format(self.ca_privatekey_path) + ) + self.csr = crypto_utils.load_certificate_request(self.csr_path) self.ca_cert = crypto_utils.load_certificate(self.ca_cert_path) try: