archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

openssl_certificate: check for existence before loading CSR / private keys / ... (#60740)

Browse Source 
* Check file existence before loading files.

* Remove superfluous import.

* Add changelog.
pull/60746/head
Felix Fontein 5 years ago committed by GitHub
parent 13364fc530
commit 16056f4978
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/60740-openssl_certificate-check-existence.yml
Unescape Escape View File

@ -0,0 +1,2 @@
bugfixes:
- "openssl_certificate - improve behavior when required files are missing."

49
lib/ansible/modules/crypto/openssl_certificate.py
Unescape Escape View File

@ -809,7 +809,6 @@ try:
from cryptography import x509 from cryptography import x509
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import Encoding from cryptography.hazmat.primitives.serialization import Encoding
from cryptography.hazmat.primitives.hashes import SHA1
from cryptography.x509 import NameAttribute, Name from cryptography.x509 import NameAttribute, Name
from cryptography.x509.oid import NameOID from cryptography.x509.oid import NameOID
CRYPTOGRAPHY_VERSION = LooseVersion(cryptography.__version__) CRYPTOGRAPHY_VERSION = LooseVersion(cryptography.__version__)
@ -1000,6 +999,16 @@ class SelfSignedCertificateCryptography(Certificate):
self.digest = crypto_utils.select_message_digest(module.params['selfsigned_digest']) self.digest = crypto_utils.select_message_digest(module.params['selfsigned_digest'])
self.version = module.params['selfsigned_version'] self.version = module.params['selfsigned_version']
self.serial_number = x509.random_serial_number() self.serial_number = x509.random_serial_number()
if not os.path.exists(self.csr_path):
raise CertificateError(
'The certificate signing request file {0} does not exist'.format(self.csr_path)
)
if not os.path.exists(self.privatekey_path):
raise CertificateError(
'The private key file {0} does not exist'.format(self.privatekey_path)
)
self.csr = crypto_utils.load_certificate_request(self.csr_path, backend=self.backend) self.csr = crypto_utils.load_certificate_request(self.csr_path, backend=self.backend)
self._module = module self._module = module
@ -1093,6 +1102,16 @@ class SelfSignedCertificate(Certificate):
self.digest = module.params['selfsigned_digest'] self.digest = module.params['selfsigned_digest']
self.version = module.params['selfsigned_version'] self.version = module.params['selfsigned_version']
self.serial_number = randint(1000, 99999) self.serial_number = randint(1000, 99999)
if not os.path.exists(self.csr_path):
raise CertificateError(
'The certificate signing request file {0} does not exist'.format(self.csr_path)
)
if not os.path.exists(self.privatekey_path):
raise CertificateError(
'The private key file {0} does not exist'.format(self.privatekey_path)
)
self.csr = crypto_utils.load_certificate_request(self.csr_path) self.csr = crypto_utils.load_certificate_request(self.csr_path)
try: try:
self.privatekey = crypto_utils.load_privatekey( self.privatekey = crypto_utils.load_privatekey(
@ -1175,6 +1194,20 @@ class OwnCACertificateCryptography(Certificate):
self.ca_cert_path = module.params['ownca_path'] self.ca_cert_path = module.params['ownca_path']
self.ca_privatekey_path = module.params['ownca_privatekey_path'] self.ca_privatekey_path = module.params['ownca_privatekey_path']
self.ca_privatekey_passphrase = module.params['ownca_privatekey_passphrase'] self.ca_privatekey_passphrase = module.params['ownca_privatekey_passphrase']
if not os.path.exists(self.csr_path):
raise CertificateError(
'The certificate signing request file {0} does not exist'.format(self.csr_path)
)
if not os.path.exists(self.ca_cert_path):
raise CertificateError(
'The CA certificate file {0} does not exist'.format(self.ca_cert_path)
)
if not os.path.exists(self.ca_privatekey_path):
raise CertificateError(
'The CA private key file {0} does not exist'.format(self.ca_privatekey_path)
)
self.csr = crypto_utils.load_certificate_request(self.csr_path, backend=self.backend) self.csr = crypto_utils.load_certificate_request(self.csr_path, backend=self.backend)
self.ca_cert = crypto_utils.load_certificate(self.ca_cert_path, backend=self.backend) self.ca_cert = crypto_utils.load_certificate(self.ca_cert_path, backend=self.backend)
try: try:
@ -1272,6 +1305,20 @@ class OwnCACertificate(Certificate):
self.ca_cert_path = module.params['ownca_path'] self.ca_cert_path = module.params['ownca_path']
self.ca_privatekey_path = module.params['ownca_privatekey_path'] self.ca_privatekey_path = module.params['ownca_privatekey_path']
self.ca_privatekey_passphrase = module.params['ownca_privatekey_passphrase'] self.ca_privatekey_passphrase = module.params['ownca_privatekey_passphrase']
if not os.path.exists(self.csr_path):
raise CertificateError(
'The certificate signing request file {0} does not exist'.format(self.csr_path)
)
if not os.path.exists(self.ca_cert_path):
raise CertificateError(
'The CA certificate file {0} does not exist'.format(self.ca_cert_path)
)
if not os.path.exists(self.ca_privatekey_path):
raise CertificateError(
'The CA private key file {0} does not exist'.format(self.ca_privatekey_path)
)
self.csr = crypto_utils.load_certificate_request(self.csr_path) self.csr = crypto_utils.load_certificate_request(self.csr_path)
self.ca_cert = crypto_utils.load_certificate(self.ca_cert_path) self.ca_cert = crypto_utils.load_certificate(self.ca_cert_path)
try: try:

Write Preview
Loading…
Cancel
Save