archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

openssl_certificate: compare bytes with bytes on python3 (#30522)

Browse Source 
* compare bytes with bytes on python3
pull/30493/merge
MarkusTeufelberger 7 years ago committed by Toshio Kuratomi
parent 3eab636b3f
commit acf99085b5
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File

20
lib/ansible/modules/crypto/openssl_certificate.py
Unescape Escape View File

@ -537,34 +537,38 @@ class AssertOnlyCertificate(Certificate):
if self.keyUsage: if self.keyUsage:
for extension_idx in range(0, self.cert.get_extension_count()): for extension_idx in range(0, self.cert.get_extension_count()):
extension = self.cert.get_extension(extension_idx) extension = self.cert.get_extension(extension_idx)
if extension.get_short_name() == 'keyUsage': if extension.get_short_name() == b'keyUsage':
keyUsage = [OpenSSL._util.lib.OBJ_txt2nid(keyUsage) for keyUsage in self.keyUsage] keyUsage = [OpenSSL._util.lib.OBJ_txt2nid(keyUsage) for keyUsage in self.keyUsage]
current_ku = [OpenSSL._util.lib.OBJ_txt2nid(usage.strip()) for usage in str(extension).split(',')] current_ku = [OpenSSL._util.lib.OBJ_txt2nid(usage.strip()) for usage in
to_bytes(extension, errors='surrogate_or_strict').split(b',')]
if (not self.keyUsage_strict and not all(x in current_ku for x in keyUsage)) or \ if (not self.keyUsage_strict and not all(x in current_ku for x in keyUsage)) or \
(self.keyUsage_strict and not set(keyUsage) == set(current_ku)): (self.keyUsage_strict and not set(keyUsage) == set(current_ku)):
self.message.append( self.message.append(
'Invalid keyUsage component (got %s, expected all of %s to be present)' % (str(extension).split(', '), keyUsage) 'Invalid keyUsage component (got %s, expected all of %s to be present)' % (str(extension).split(', '), self.keyUsage)
) )
def _validate_extendedKeyUsage(): def _validate_extendedKeyUsage():
if self.extendedKeyUsage: if self.extendedKeyUsage:
for extension_idx in range(0, self.cert.get_extension_count()): for extension_idx in range(0, self.cert.get_extension_count()):
extension = self.cert.get_extension(extension_idx) extension = self.cert.get_extension(extension_idx)
if extension.get_short_name() == 'extendedKeyUsage': if extension.get_short_name() == b'extendedKeyUsage':
extKeyUsage = [OpenSSL._util.lib.OBJ_txt2nid(keyUsage) for keyUsage in self.extendedKeyUsage] extKeyUsage = [OpenSSL._util.lib.OBJ_txt2nid(keyUsage) for keyUsage in self.extendedKeyUsage]
current_xku = [OpenSSL._util.lib.OBJ_txt2nid(usage.strip()) for usage in str(extension).split(',')] current_xku = [OpenSSL._util.lib.OBJ_txt2nid(usage.strip()) for usage in
to_bytes(extension, errors='surrogate_or_strict').split(b',')]
if (not self.extendedKeyUsage_strict and not all(x in current_xku for x in extKeyUsage)) or \ if (not self.extendedKeyUsage_strict and not all(x in current_xku for x in extKeyUsage)) or \
(self.extendedKeyUsage_strict and not set(extKeyUsage) == set(current_xku)): (self.extendedKeyUsage_strict and not set(extKeyUsage) == set(current_xku)):
self.message.append( self.message.append(
'Invalid extendedKeyUsage component (got %s, expected all of %s to be present)' % (str(extension).split(', '), extKeyUsage) 'Invalid extendedKeyUsage component (got %s, expected all of %s to be present)' % (str(extension).split(', '),
self.extendedKeyUsage)
) )
def _validate_subjectAltName(): def _validate_subjectAltName():
if self.subjectAltName: if self.subjectAltName:
for extension_idx in range(0, self.cert.get_extension_count()): for extension_idx in range(0, self.cert.get_extension_count()):
extension = self.cert.get_extension(extension_idx) extension = self.cert.get_extension(extension_idx)
if extension.get_short_name() == 'subjectAltName': if extension.get_short_name() == b'subjectAltName':
l_altnames = [altname.replace('IP Address', 'IP') for altname in str(extension).split(', ')] l_altnames = [altname.replace(b'IP Address', b'IP') for altname in
to_bytes(extension, errors='surrogate_or_strict').split(b', ')]
if (not self.subjectAltName_strict and not all(x in l_altnames for x in self.subjectAltName)) or \ if (not self.subjectAltName_strict and not all(x in l_altnames for x in self.subjectAltName)) or \
(self.subjectAltName_strict and not set(self.subjectAltName) == set(l_altnames)): (self.subjectAltName_strict and not set(self.subjectAltName) == set(l_altnames)):
self.message.append( self.message.append(

Write Preview
Loading…
Cancel
Save