ansible

Commit Graph

Author	SHA1	Message	Date
Felix Fontein	188903448a	openssl_*: add backup option (#54294 )	6 years ago
Felix Fontein	90c067e947	openssl_* modules: private key errors (#54088 ) * Improve error handling, in particular with respect to private key loading problems. * Add tests to validate that modules regenerate invalid input and don't crash. * Don't crash when input is invalid. * Create 'better' broken input. * Fix paths. * Simplifying pyOpenSSL error handling.	6 years ago
Andrea Tartaglia	36a790dcde	New cryptography backend for openssl_certificate (#53924 ) * New cryptography backend for openssl_certificate load_* functions in module_utils/crypto.py now have a backend paramter which when set to 'cryptography' will return cryptography objects so they can be used for both pyopenssl and cryptography backends. Added a select_message_digest function too returning a cryptography digest hash from `cryptography.hazmat.primitives.hashes` Added new classes for Cryptography backend * Run test with various backends. * Prefixing tests. * Make sure we have the correct backend available. * Linting (flake8). * Moved cryptography import to separate try/except * Make sure certificate is actually valid at some time in the past. * Improve error handling. * Trying to fix validation for cryptography backend. * Fixed issue with keyUsage test in assertonly * Fixed CI/Lint issues * Fix private key problem for OwnCA. * Cryptography backend doesn't support v2 certs. * issue an expired cert with command when using cryptography backend * Added warning when backend is auto and v2 cert is requested * Bumped min cryptography version to 1.6 * Correctly check for failure when backend is cryptography and cert is v2 * Use self.backend where possible * Use secp521r1 EC when testing on CentOS6 * Fixed pylint issue * AcmeCertificate support for both backends * Review fixes * Fixed missing '(' when raising error * Fixed date_fmt loop * Updated docs and requirements with cryptography * Add openssl_certificate to changelog.	6 years ago
Felix Fontein	caf7fd2245	openssl_: improve passphrase handling for private keys in PyOpenSSL (#53489 ) Raise OpenSSLBadPassphraseError if passphrase is wrong. * Improve handling of passphrase errors. Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail. Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate. * Add changelog. * Add tests. * Adjustments for some versions of PyOpenSSL. * Update lib/ansible/modules/crypto/openssl_certificate.py Improve text. Co-Authored-By: felixfontein <felix@fontein.de>	6 years ago
Felix Fontein	e1218ca10f	Elliptic curve tests for crypto modules (#50109 ) * Add openssl_csr ECC test. * Add openssl_publickey ECC test. * Add openssl_certificate ECC test.	6 years ago
s3lph	5b1c68579d	Type error in openssl_certificate (#47508 ) * Fixed #47505: Type error in openssl_certificate * Use to_bytes instead of str.encode in SelfSignedCertificate. Updates #47508 * Use to_bytes instead of str.encode in OwnCACertificate * Added integration tests for openssl_certificate: selfsigned_not_before/after and ownca_not_before/after	6 years ago
Jordan Borean	9ba33f6ac1	test: openssl 1.1.x compatibility (#47112 )	6 years ago
Loïc	b61b113fb9	new provider: ownca (#35840 )	6 years ago
Matt Clay	534e9e142b	Fix openssl_certificate test for newer openssl.	7 years ago
Yanis Guenane	a2b00e9b52	openssl_certificate: Ensure issuer field is set (#34982 ) Ensure the Issuer field of the certificate is set when using the selfsigned backend. Fixes: https://github.com/ansible/ansible/issues/34963	7 years ago
Yanis Guenane	a724b8e722	openssl_certificate: Return self.cert.get_VALUES() (#33970 ) Currently when we make up the return value, we take values based of the parameters rather than the generated openssl_certificate itself. This commits returns the actual certificate values making it all time accurate.	7 years ago
MarkusTeufelberger	9ea1b18ff7	Allow multiple values per key in name fields in openssl_certificate/csr (#30338 ) * allow multiple values per key in name fields in openssl_certificate * check correct side of comparison * trigger only on lists * add subject parameter to openssl_csr * fix key: value mapping not skipping None elements * temporary fix for undefined "subject" field * fix iteration over subject entries * fix docs * quote sample string * allow csr with only subject defined * fix integration test * look up NIDs before comparing, add hidden _strict params * deal with empty issuer/subject fields * adapt integration tests * also normalize output from pyopenssl * fix issue with _sanitize_inputs * don't convert empty lists * workaround for pyopenssl limitations * properly encode the input to the txt2nid function * another to_bytes fix * make subject, commonname and subjecAltName completely optional * don't compare hashes of keys in openssl_csr integration tests * add integration test for old API in openssl_csr * compare keys directly in certificate and publickey integration tests * fix typo	7 years ago
Yanis Guenane	3e4a306a42	openssl_certificate: Correctly set the version (#30314 ) Current openssl_certificate is mistakenly taking its derivating its version number from the csr version number. Thos two fields are completly unrelated and hence the version number of the certificate should be able to be directly specified (via selfsigned_version parameter).	7 years ago
MarkusTeufelberger	2186b04934	Add simple integration test for openssl_certificate (#29038 ) * openssl_certificate: Fix parameter assertion in Python3 Parameter assertion in Python3 is broken. pyOpenSSL get_X() functions returns b'' type string and tries to compare it with '' string, leading to failure. The error mentionned above has been fixed by sanitizing the inputs from a user to the assert only backend. Also, this error was hidden by the fact that the improper check method was called in the generate() functions. * Add simple integration test for openssl_certificate * remove subject == issuer assertion * run integration tests only on supported hosts * change min supported version to 0.15.x * Add test for more CSR fields * also convert dict members to bytes * fix version_compare * openssl_{csr, certificate}: Fail if pyOpenSSL <= 0.15 Previous 0.13 pyOpenSSL was a C-binding, and required the parameter passed to add_extention to be in ASN.1. This has changed with the move to 0.14 and it is now all pythong and string based. Previous the 0.15 release, the `get_extensions()` method didn't exist, since the modules rely heavily on it we ensure pyOpenSSL version is at last 0.15.0. * check pyopenssl version in openssl_csr integration test	7 years ago

14 Commits (11c63d6c1e52ac7e1eae4de17a2fa47ad32bc7b6)