@ -15,7 +15,7 @@ DOCUMENTATION = r'''
- - -
module : java_cert
version_added : ' 2.3 '
short_description : Uses keytool to import / remove key from java keystore ( cacerts )
short_description : Uses keytool to import / remove key from java keystore ( cacerts )
description :
- This is a wrapper module around keytool , which can be used to import / remove
certificates from a given java keystore .
@ -23,7 +23,7 @@ options:
cert_url :
description :
- Basic URL to fetch SSL certificate from .
- One of i C( cert_url ) or C ( cert_path ) is required to load certificate .
- One of ( cert_url ) or C ( cert_path ) is required to load certificate .
type : str
cert_port :
description :
@ -34,7 +34,7 @@ options:
cert_path :
description :
- Local path to load certificate from .
- One of or is required to load certificate .
- One of C( cert_url) or C( cert_path) is required to load certificate .
type : path
cert_alias :
description :
@ -158,6 +158,7 @@ cmd:
'''
import os
import re
# import module snippets
from ansible . module_utils . basic import AnsibleModule
@ -166,7 +167,7 @@ from ansible.module_utils.basic import AnsibleModule
def get_keystore_type ( keystore_type ) :
''' Check that custom keystore is presented in parameters '''
if keystore_type :
return ( " -storetype ' %s ' " ) % ( keystore_type )
return " -storetype ' %s ' " % keystore_type
return ' '
@ -184,7 +185,6 @@ def check_cert_present(module, executable, keystore_path, keystore_pass, alias,
def import_cert_url ( module , executable , url , port , keystore_path , keystore_pass , alias , keystore_type ) :
''' Import certificate from URL into keystore located at keystore_path '''
import re
https_proxy = os . getenv ( " https_proxy " )
no_proxy = os . getenv ( " no_proxy " )
@ -192,7 +192,7 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
proxy_opts = ' '
if https_proxy is not None :
( proxy_host , proxy_port ) = https_proxy . split ( ' : ' )
proxy_opts = ( " -J-Dhttps.proxyHost= %s -J-Dhttps.proxyPort= %s " ) % ( proxy_host , proxy_port )
proxy_opts = " -J-Dhttps.proxyHost= %s -J-Dhttps.proxyPort= %s " % ( proxy_host , proxy_port )
if no_proxy is not None :
# For Java's nonProxyHosts property, items are separated by '|',
@ -202,17 +202,14 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
# The property name is http.nonProxyHosts, there is no
# separate setting for HTTPS.
proxy_opts + = ( " -J-Dhttp.nonProxyHosts= ' %s ' " ) % ( non_proxy_hosts )
proxy_opts + = " -J-Dhttp.nonProxyHosts= ' %s ' " % non_proxy_hosts
fetch_cmd = ( " %s -printcert -rfc -sslserver %s %s : %d " ) % ( executable , proxy_opts , url , port )
fetch_cmd = " %s -printcert -rfc -sslserver %s %s : %d " % ( executable , proxy_opts , url , port )
import_cmd = ( " %s -importcert -noprompt -keystore ' %s ' "
" -storepass ' %s ' -alias ' %s ' %s " ) % ( executable , keystore_path ,
keystore_pass , alias ,
get_keystore_type ( keystore_type ) )
if module . check_mode :
module . exit_json ( changed = True )
# Fetch SSL certificate from remote host.
( _ , fetch_out , _ ) = module . run_command ( fetch_cmd , check_rc = True )
@ -222,12 +219,12 @@ def import_cert_url(module, executable, url, port, keystore_path, keystore_pass,
check_rc = False )
diff = { ' before ' : ' \n ' , ' after ' : ' %s \n ' % alias }
if import_rc == 0 :
return module . exit_json ( changed = True , msg = import_out ,
rc = import_rc , cmd = import_cmd , stdout = import_out ,
diff = diff )
module . exit_json ( changed = True , msg = import_out ,
rc = import_rc , cmd = import_cmd , stdout = import_out ,
diff = diff )
else :
return module . fail_json ( msg = import_out , rc = import_rc , cmd = import_cmd ,
error = import_err )
module . fail_json ( msg = import_out , rc = import_rc , cmd = import_cmd ,
error = import_err )
def import_cert_path ( module , executable , path , keystore_path , keystore_pass , alias , keystore_type ) :
@ -238,20 +235,17 @@ def import_cert_path(module, executable, path, keystore_path, keystore_pass, ali
keystore_pass , path , alias ,
get_keystore_type ( keystore_type ) )
if module . check_mode :
module . exit_json ( changed = True )
# Use local certificate from local path and import it to a java keystore
( import_rc , import_out , import_err ) = module . run_command ( import_cmd ,
check_rc = False )
diff = { ' before ' : ' \n ' , ' after ' : ' %s \n ' % alias }
if import_rc == 0 :
return module . exit_json ( changed = True , msg = import_out ,
rc = import_rc , cmd = import_cmd , stdout = import_out ,
error = import_err , diff = diff )
module . exit_json ( changed = True , msg = import_out ,
rc = import_rc , cmd = import_cmd , stdout = import_out ,
error = import_err , diff = diff )
else :
return module . fail_json ( msg = import_out , rc = import_rc , cmd = import_cmd )
module . fail_json ( msg = import_out , rc = import_rc , cmd = import_cmd )
def import_pkcs12_path ( module , executable , path , keystore_path , keystore_pass , pkcs12_pass , pkcs12_alias , alias , keystore_type ) :
@ -263,20 +257,17 @@ def import_pkcs12_path(module, executable, path, keystore_path, keystore_pass, p
keystore_pass , path , pkcs12_pass , pkcs12_alias ,
alias , get_keystore_type ( keystore_type ) )
if module . check_mode :
module . exit_json ( changed = True )
# Use local certificate from local path and import it to a java keystore
( import_rc , import_out , import_err ) = module . run_command ( import_cmd ,
check_rc = False )
diff = { ' before ' : ' \n ' , ' after ' : ' %s \n ' % alias }
if import_rc == 0 :
return module . exit_json ( changed = True , msg = import_out ,
rc = import_rc , cmd = import_cmd , stdout = import_out ,
error = import_err , diff = diff )
module . exit_json ( changed = True , msg = import_out ,
rc = import_rc , cmd = import_cmd , stdout = import_out ,
error = import_err , diff = diff )
else :
return module . fail_json ( msg = import_out , rc = import_rc , cmd = import_cmd )
module . fail_json ( msg = import_out , rc = import_rc , cmd = import_cmd )
def delete_cert ( module , executable , keystore_path , keystore_pass , alias , keystore_type ) :
@ -284,24 +275,19 @@ def delete_cert(module, executable, keystore_path, keystore_pass, alias, keystor
del_cmd = ( " %s -delete -keystore ' %s ' -storepass ' %s ' "
" -alias ' %s ' %s " ) % ( executable , keystore_path , keystore_pass , alias , get_keystore_type ( keystore_type ) )
if module . check_mode :
module . exit_json ( changed = True )
# Delete SSL certificate from keystore
( del_rc , del_out , del_err ) = module . run_command ( del_cmd , check_rc = True )
diff = { ' before ' : ' %s \n ' % alias , ' after ' : None }
return module . exit_json ( changed = True , msg = del_out ,
rc = del_rc , cmd = del_cmd , stdout = del_out ,
error = del_err , diff = diff )
module . exit_json ( changed = True , msg = del_out ,
rc = del_rc , cmd = del_cmd , stdout = del_out ,
error = del_err , diff = diff )
def test_keytool ( module , executable ) :
''' Test if keytool is actuall executable or not '''
test_cmd = " %s " % ( executable )
module . run_command ( test_cmd , check_rc = True )
''' Test if keytool is actually executable or not '''
module . run_command ( " %s " % executable , check_rc = True )
def test_keystore ( module , keystore_path ) :
@ -311,9 +297,7 @@ def test_keystore(module, keystore_path):
if not os . path . exists ( keystore_path ) and not os . path . isfile ( keystore_path ) :
# Keystore doesn't exist we want to create it
return module . fail_json ( changed = False ,
msg = " Module require existing keystore at keystore_path ' %s ' "
% ( keystore_path ) )
module . fail_json ( changed = False , msg = " Module require existing keystore at keystore_path ' %s ' " % keystore_path )
def main ( ) :
@ -363,7 +347,7 @@ def main():
if path and not cert_alias :
module . fail_json ( changed = False ,
msg = " Using local path import from %s requires alias argument. "
% ( keystore_path ) )
% keystore_path )
test_keytool ( module , executable )
@ -373,23 +357,27 @@ def main():
cert_present = check_cert_present ( module , executable , keystore_path ,
keystore_pass , cert_alias , keystore_type )
if state == ' absent ' :
if cert_present :
delete_cert ( module , executable , keystore_path , keystore_pass , cert_alias , keystore_type )
if state == ' absent ' and cert_present :
if module . check_mode :
module . exit_json ( changed = True )
delete_cert ( module , executable , keystore_path , keystore_pass , cert_alias , keystore_type )
elif state == ' present ' and not cert_present :
if module . check_mode :
module . exit_json ( changed = True )
elif state == ' present ' :
if not cert_present :
if pkcs12_path :
import_pkcs12_path ( module , executable , pkcs12_path , keystore_path ,
keystore_pass , pkcs12_pass , pkcs12_alias , cert_alias , keystore_type )
if pkcs12_path :
import_pkcs12_path ( module , executable , pkcs12_path , keystore_path ,
keystore_pass , pkcs12_pass , pkcs12_alias , cert_alias , keystore_type )
if path :
import_cert_path ( module , executable , path , keystore_path ,
keystore_pass , cert_alias , keystore_type )
if path :
import_cert_path ( module , executable , path , keystore_path ,
keystore_pass , cert_alias , keystore_type )
if url :
import_cert_url ( module , executable , url , port , keystore_path ,
keystore_pass , cert_alias , keystore_type )
if url :
import_cert_url ( module , executable , url , port , keystore_path ,
keystore_pass , cert_alias , keystore_type )
module . exit_json ( changed = False )
Abhijeet Kasurde
7 years ago
committed by