openssl_certificate/csr_info: add ordered issuer/subject return value (#60708)

* Add ordered issuer/subject return value.

* Add changelog.
pull/60705/head
Felix Fontein 5 years ago committed by GitHub
parent 100b56439e
commit cf69b73c04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,3 @@
minor_changes:
- "openssl_certificate_info - added ``issuer_ordered`` and ``subject_ordered`` return values."
- "openssl_csr_info - added ``subject_ordered`` return value."

@ -169,15 +169,31 @@ ocsp_must_staple_critical:
returned: success
type: bool
issuer:
description: The certificate's issuer.
description:
- The certificate's issuer.
- Note that for repeated values, only the last one will be returned.
returned: success
type: dict
sample: '{"organizationName": "Ansible"}'
sample: '{"organizationName": "Ansible", "commonName": "ca.example.com"}'
issuer_ordered:
description: The certificate's issuer as an ordered list of tuples.
returned: success
type: list
sample: '[["organizationName", "Ansible"], ["commonName": "ca.example.com"]]'
version_added: "2.9"
subject:
description: The certificate's subject.
description:
- The certificate's subject as a dictionary.
- Note that for repeated values, only the last one will be returned.
returned: success
type: dict
sample: '{"commonName": "www.example.com", "emailAddress": "test@example.com"}'
subject_ordered:
description: The certificate's subject as an ordered list of tuples.
returned: success
type: list
sample: '[["commonName", "www.example.com"], ["emailAddress": "test@example.com"]]'
version_added: "2.9"
not_after:
description: C(notAfter) date as ASN.1 TIME
returned: success
@ -333,11 +349,11 @@ class CertificateInfo(crypto_utils.OpenSSLObject):
pass
@abc.abstractmethod
def _get_subject(self):
def _get_subject_ordered(self):
pass
@abc.abstractmethod
def _get_issuer(self):
def _get_issuer_ordered(self):
pass
@abc.abstractmethod
@ -389,8 +405,16 @@ class CertificateInfo(crypto_utils.OpenSSLObject):
self.cert = crypto_utils.load_certificate(self.path, backend=self.backend)
result['signature_algorithm'] = self._get_signature_algorithm()
result['subject'] = self._get_subject()
result['issuer'] = self._get_issuer()
subject = self._get_subject_ordered()
issuer = self._get_issuer_ordered()
result['subject'] = dict()
for k, v in subject:
result['subject'][k] = v
result['subject_ordered'] = subject
result['issuer'] = dict()
for k, v in issuer:
result['issuer'][k] = v
result['issuer_ordered'] = issuer
result['version'] = self._get_version()
result['key_usage'], result['key_usage_critical'] = self._get_key_usage()
result['extended_key_usage'], result['extended_key_usage_critical'] = self._get_extended_key_usage()
@ -427,16 +451,16 @@ class CertificateInfoCryptography(CertificateInfo):
def _get_signature_algorithm(self):
return crypto_utils.cryptography_oid_to_name(self.cert.signature_algorithm_oid)
def _get_subject(self):
result = dict()
def _get_subject_ordered(self):
result = []
for attribute in self.cert.subject:
result[crypto_utils.cryptography_oid_to_name(attribute.oid)] = attribute.value
result.append([crypto_utils.cryptography_oid_to_name(attribute.oid), attribute.value])
return result
def _get_issuer(self):
result = dict()
def _get_issuer_ordered(self):
result = []
for attribute in self.cert.issuer:
result[crypto_utils.cryptography_oid_to_name(attribute.oid)] = attribute.value
result.append([crypto_utils.cryptography_oid_to_name(attribute.oid), attribute.value])
return result
def _get_version(self):
@ -556,15 +580,15 @@ class CertificateInfoPyOpenSSL(CertificateInfo):
return to_text(self.cert.get_signature_algorithm())
def __get_name(self, name):
result = dict()
result = []
for sub in name.get_components():
result[crypto_utils.pyopenssl_normalize_name(sub[0])] = to_text(sub[1])
result.append([crypto_utils.pyopenssl_normalize_name(sub[0]), to_text(sub[1])])
return result
def _get_subject(self):
def _get_subject_ordered(self):
return self.__get_name(self.cert.get_subject())
def _get_issuer(self):
def _get_issuer_ordered(self):
return self.__get_name(self.cert.get_issuer())
def _get_version(self):

@ -135,10 +135,18 @@ ocsp_must_staple_critical:
returned: success
type: bool
subject:
description: The CSR's subject.
description:
- The CSR's subject as a dictionary.
- Note that for repeated values, only the last one will be returned.
returned: success
type: dict
sample: '{"commonName": "www.example.com", "emailAddress": "test@example.com"}'
subject_ordered:
description: The CSR's subject as an ordered list of tuples.
returned: success
type: list
sample: '[["commonName", "www.example.com"], ["emailAddress": "test@example.com"]]'
version_added: "2.9"
public_key:
description: CSR's public key in PEM format
returned: success
@ -225,7 +233,7 @@ class CertificateSigningRequestInfo(crypto_utils.OpenSSLObject):
pass
@abc.abstractmethod
def _get_subject(self):
def _get_subject_ordered(self):
pass
@abc.abstractmethod
@ -264,7 +272,11 @@ class CertificateSigningRequestInfo(crypto_utils.OpenSSLObject):
result = dict()
self.csr = crypto_utils.load_certificate_request(self.path, backend=self.backend)
result['subject'] = self._get_subject()
subject = self._get_subject_ordered()
result['subject'] = dict()
for k, v in subject:
result['subject'][k] = v
result['subject_ordered'] = subject
result['key_usage'], result['key_usage_critical'] = self._get_key_usage()
result['extended_key_usage'], result['extended_key_usage_critical'] = self._get_extended_key_usage()
result['basic_constraints'], result['basic_constraints_critical'] = self._get_basic_constraints()
@ -291,10 +303,10 @@ class CertificateSigningRequestInfoCryptography(CertificateSigningRequestInfo):
def __init__(self, module):
super(CertificateSigningRequestInfoCryptography, self).__init__(module, 'cryptography')
def _get_subject(self):
result = dict()
def _get_subject_ordered(self):
result = []
for attribute in self.csr.subject:
result[crypto_utils.cryptography_oid_to_name(attribute.oid)] = attribute.value
result.append([crypto_utils.cryptography_oid_to_name(attribute.oid), attribute.value])
return result
def _get_key_usage(self):
@ -398,12 +410,12 @@ class CertificateSigningRequestInfoPyOpenSSL(CertificateSigningRequestInfo):
super(CertificateSigningRequestInfoPyOpenSSL, self).__init__(module, 'pyopenssl')
def __get_name(self, name):
result = dict()
result = []
for sub in name.get_components():
result[crypto_utils.pyopenssl_normalize_name(sub[0])] = to_text(sub[1])
result.append([crypto_utils.pyopenssl_normalize_name(sub[0]), to_text(sub[1])])
return result
def _get_subject(self):
def _get_subject_ordered(self):
return self.__get_name(self.csr.get_subject())
def _get_extension(self, short_name):

@ -8,6 +8,16 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check whether issuer and subject behave as expected
assert:
that:
- result.issuer.organizationalUnitName == 'ACME Department'
- "['organizationalUnitName', 'Crypto Department'] in result.issuer_ordered"
- "['organizationalUnitName', 'ACME Department'] in result.issuer_ordered"
- result.subject.organizationalUnitName == 'ACME Department'
- "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
- "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
- name: Update result list
set_fact:
info_results: "{{ info_results + [result] }}"

@ -21,7 +21,9 @@
ST: Zurich
streetAddress: Welcome Street
O: Ansible
organizationalUnitName: Crypto Department
organizationalUnitName:
- Crypto Department
- ACME Department
serialNumber: "1234"
SN: Last Name
GN: First Name

@ -8,6 +8,13 @@
select_crypto_backend: '{{ select_crypto_backend }}'
register: result
- name: Check whether subject behaves as expected
assert:
that:
- result.subject.organizationalUnitName == 'ACME Department'
- "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered"
- "['organizationalUnitName', 'ACME Department'] in result.subject_ordered"
- name: Update result list
set_fact:
info_results: "{{ info_results + [result] }}"

@ -21,7 +21,9 @@
ST: Zurich
streetAddress: Welcome Street
O: Ansible
organizationalUnitName: Crypto Department
organizationalUnitName:
- Crypto Department
- ACME Department
serialNumber: "1234"
SN: Last Name
GN: First Name

Loading…
Cancel
Save