openssl_publickey: forgot to pass backend (#67036)

* Forgot to pass backend. * Add changelog. * Pass on backend from get_fingerprint. * Handle cryptography backend in get_fingerprint.
4 years ago · a0e5e2e4c5
parent b1a8bded3f
commit a0e5e2e4c5
3 changed files with 26 additions and 15 deletions
--- a/changelogs/fragments/67036-openssl_publickey-backend.yml
+++ b/changelogs/fragments/67036-openssl_publickey-backend.yml
@ -0,0 +1,2 @@
+bugfixes:
+- "openssl_publickey - fix a module crash caused when pyOpenSSL is not installed (https://github.com/ansible/ansible/issues/67035)."
--- a/lib/ansible/module_utils/crypto.py
+++ b/lib/ansible/module_utils/crypto.py
@ -166,24 +166,32 @@ def get_fingerprint_of_bytes(source):
    return fingerprint


-def get_fingerprint(path, passphrase=None, content=None):
+def get_fingerprint(path, passphrase=None, content=None, backend='pyopenssl'):
    """Generate the fingerprint of the public key. """

-    privatekey = load_privatekey(path, passphrase=passphrase, content=content, check_passphrase=False)
-    try:
-        publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey)
-    except AttributeError:
-        # If PyOpenSSL < 16.0 crypto.dump_publickey() will fail.
+    privatekey = load_privatekey(path, passphrase=passphrase, content=content, check_passphrase=False, backend=backend)
+
+    if backend == 'pyopenssl':
        try:
-            bio = crypto._new_mem_buf()
-            rc = crypto._lib.i2d_PUBKEY_bio(bio, privatekey._pkey)
-            if rc != 1:
-                crypto._raise_current_error()
-            publickey = crypto._bio_to_string(bio)
+            publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey)
        except AttributeError:
-            # By doing this we prevent the code from raising an error
-            # yet we return no value in the fingerprint hash.
-            return None
+            # If PyOpenSSL < 16.0 crypto.dump_publickey() will fail.
+            try:
+                bio = crypto._new_mem_buf()
+                rc = crypto._lib.i2d_PUBKEY_bio(bio, privatekey._pkey)
+                if rc != 1:
+                    crypto._raise_current_error()
+                publickey = crypto._bio_to_string(bio)
+            except AttributeError:
+                # By doing this we prevent the code from raising an error
+                # yet we return no value in the fingerprint hash.
+                return None
+    elif backend == 'cryptography':
+        publickey = privatekey.public_key().public_bytes(
+            serialization.Encoding.DER,
+            serialization.PublicFormat.SubjectPublicKeyInfo
+        )
+
    return get_fingerprint_of_bytes(publickey)


--- a/lib/ansible/modules/crypto/openssl_publickey.py
+++ b/lib/ansible/modules/crypto/openssl_publickey.py
@ -299,7 +299,8 @@ class PublicKey(crypto_utils.OpenSSLObject):
        self.fingerprint = crypto_utils.get_fingerprint(
            path=self.privatekey_path,
            content=self.privatekey_content,
-            passphrase=self.privatekey_passphrase
+            passphrase=self.privatekey_passphrase,
+            backend=self.backend,
        )
        file_args = module.load_file_common_arguments(module.params)
        if module.set_fs_attributes_if_different(file_args, False):