community.crypto/plugins/modules/openssl_csr_info.py

#!/usr/bin/python
# -*- coding: utf-8 -*-

# Copyright: (c) 2016-2017, Yanis Guenane <yanis+ansible@guenane.org>
# Copyright: (c) 2017, Markus Teufelberger <mteufelberger+ansible@mgit.at>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import absolute_import, division, print_function
__metaclass__ = type


DOCUMENTATION = r'''
---
module: openssl_csr_info
short_description: Provide information of OpenSSL Certificate Signing Requests (CSR)
description:
    - This module allows one to query information on OpenSSL Certificate Signing Requests (CSR).
    - In case the CSR signature cannot be validated, the module will fail. In this case, all return
      variables are still returned.
    - It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the
      cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements)
      cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with
      C(select_crypto_backend)). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9
      and will be removed in community.crypto 2.0.0.
requirements:
    - PyOpenSSL >= 0.15 or cryptography >= 1.3
author:
  - Felix Fontein (@felixfontein)
  - Yanis Guenane (@Spredzy)
options:
    path:
        description:
            - Remote absolute path where the CSR file is loaded from.
            - Either I(path) or I(content) must be specified, but not both.
        type: path
    content:
        description:
            - Content of the CSR file.
            - Either I(path) or I(content) must be specified, but not both.
        type: str
        version_added: "1.0.0"
    select_crypto_backend:
        description:
            - Determines which crypto backend to use.
            - The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl).
            - If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library.
            - If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
            - Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0.
              From that point on, only the C(cryptography) backend will be available.
        type: str
        default: auto
        choices: [ auto, cryptography, pyopenssl ]

seealso:
- module: community.crypto.openssl_csr
- module: community.crypto.openssl_csr_pipe
'''

EXAMPLES = r'''
- name: Generate an OpenSSL Certificate Signing Request
  community.crypto.openssl_csr:
    path: /etc/ssl/csr/www.ansible.com.csr
    privatekey_path: /etc/ssl/private/ansible.com.pem
    common_name: www.ansible.com

- name: Get information on the CSR
  community.crypto.openssl_csr_info:
    path: /etc/ssl/csr/www.ansible.com.csr
  register: result

- name: Dump information
  debug:
    var: result
'''

RETURN = r'''
signature_valid:
    description:
        - Whether the CSR's signature is valid.
        - In case the check returns C(no), the module will fail.
    returned: success
    type: bool
basic_constraints:
    description: Entries in the C(basic_constraints) extension, or C(none) if extension is not present.
    returned: success
    type: list
    elements: str
    sample: "[CA:TRUE, pathlen:1]"
basic_constraints_critical:
    description: Whether the C(basic_constraints) extension is critical.
    returned: success
    type: bool
extended_key_usage:
    description: Entries in the C(extended_key_usage) extension, or C(none) if extension is not present.
    returned: success
    type: list
    elements: str
    sample: "[Biometric Info, DVCS, Time Stamping]"
extended_key_usage_critical:
    description: Whether the C(extended_key_usage) extension is critical.
    returned: success
    type: bool
extensions_by_oid:
    description: Returns a dictionary for every extension OID
    returned: success
    type: dict
    contains:
        critical:
            description: Whether the extension is critical.
            returned: success
            type: bool
        value:
            description: The Base64 encoded value (in DER format) of the extension
            returned: success
            type: str
            sample: "MAMCAQU="
    sample: '{"1.3.6.1.5.5.7.1.24": { "critical": false, "value": "MAMCAQU="}}'
key_usage:
    description: Entries in the C(key_usage) extension, or C(none) if extension is not present.
    returned: success
    type: str
    sample: "[Key Agreement, Data Encipherment]"
key_usage_critical:
    description: Whether the C(key_usage) extension is critical.
    returned: success
    type: bool
subject_alt_name:
    description: Entries in the C(subject_alt_name) extension, or C(none) if extension is not present.
    returned: success
    type: list
    elements: str
    sample: "[DNS:www.ansible.com, IP:1.2.3.4]"
subject_alt_name_critical:
    description: Whether the C(subject_alt_name) extension is critical.
    returned: success
    type: bool
ocsp_must_staple:
    description: C(yes) if the OCSP Must Staple extension is present, C(none) otherwise.
    returned: success
    type: bool
ocsp_must_staple_critical:
    description: Whether the C(ocsp_must_staple) extension is critical.
    returned: success
    type: bool
name_constraints_permitted:
    description: List of permitted subtrees to sign certificates for.
    returned: success
    type: list
    elements: str
    sample: ['email:.somedomain.com']
    version_added: 1.1.0
name_constraints_excluded:
    description:
        - List of excluded subtrees the CA cannot sign certificates for.
        - Is C(none) if extension is not present.
    returned: success
    type: list
    elements: str
    sample: ['email:.com']
    version_added: 1.1.0
name_constraints_critical:
    description:
        - Whether the C(name_constraints) extension is critical.
        - Is C(none) if extension is not present.
    returned: success
    type: bool
    version_added: 1.1.0
subject:
    description:
        - The CSR's subject as a dictionary.
        - Note that for repeated values, only the last one will be returned.
    returned: success
    type: dict
    sample: '{"commonName": "www.example.com", "emailAddress": "test@example.com"}'
subject_ordered:
    description: The CSR's subject as an ordered list of tuples.
    returned: success
    type: list
    elements: list
    sample: '[["commonName", "www.example.com"], ["emailAddress": "test@example.com"]]'
public_key:
    description: CSR's public key in PEM format
    returned: success
    type: str
    sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."
public_key_fingerprints:
    description:
        - Fingerprints of CSR's public key.
        - For every hash algorithm available, the fingerprint is computed.
    returned: success
    type: dict
    sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63',
              'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."
subject_key_identifier:
    description:
        - The CSR's subject key identifier.
        - The identifier is returned in hexadecimal, with C(:) used to separate bytes.
        - Is C(none) if the C(SubjectKeyIdentifier) extension is not present.
    returned: success and if the pyOpenSSL backend is I(not) used
    type: str
    sample: '00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33'
authority_key_identifier:
    description:
        - The CSR's authority key identifier.
        - The identifier is returned in hexadecimal, with C(:) used to separate bytes.
        - Is C(none) if the C(AuthorityKeyIdentifier) extension is not present.
    returned: success and if the pyOpenSSL backend is I(not) used
    type: str
    sample: '00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33'
authority_cert_issuer:
    description:
        - The CSR's authority cert issuer as a list of general names.
        - Is C(none) if the C(AuthorityKeyIdentifier) extension is not present.
    returned: success and if the pyOpenSSL backend is I(not) used
    type: list
    elements: str
    sample: "[DNS:www.ansible.com, IP:1.2.3.4]"
authority_cert_serial_number:
    description:
        - The CSR's authority cert serial number.
        - Is C(none) if the C(AuthorityKeyIdentifier) extension is not present.
    returned: success and if the pyOpenSSL backend is I(not) used
    type: int
    sample: '12345'
'''


from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_native

from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
    OpenSSLObjectError,
)

from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.csr_info import (
    select_backend,
)


def main():
    module = AnsibleModule(
        argument_spec=dict(
            path=dict(type='path'),
            content=dict(type='str'),
            select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'cryptography', 'pyopenssl']),
        ),
        required_one_of=(
            ['path', 'content'],
        ),
        mutually_exclusive=(
            ['path', 'content'],
        ),
        supports_check_mode=True,
    )

    if module.params['content'] is not None:
        data = module.params['content'].encode('utf-8')
    else:
        try:
            with open(module.params['path'], 'rb') as f:
                data = f.read()
        except (IOError, OSError) as e:
            module.fail_json(msg='Error while reading CSR file from disk: {0}'.format(e))

    backend, module_backend = select_backend(module, module.params['select_crypto_backend'], data, validate_signature=True)

    try:
        result = module_backend.get_info()
        module.exit_json(**result)
    except OpenSSLObjectError as exc:
        module.fail_json(msg=to_native(exc))


if __name__ == "__main__":
    main()
Initial commit 2020-03-09 13:11:34 +00:00			`#!/usr/bin/python`
			`# -- coding: utf-8 --`

			`# Copyright: (c) 2016-2017, Yanis Guenane <yanis+ansible@guenane.org>`
			`# Copyright: (c) 2017, Markus Teufelberger <mteufelberger+ansible@mgit.at>`
			`# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)`

			`from __future__ import absolute_import, division, print_function`
			`__metaclass__ = type`


			`DOCUMENTATION = r'''`
			`---`
			`module: openssl_csr_info`
			`short_description: Provide information of OpenSSL Certificate Signing Requests (CSR)`
			`description:`
			`- This module allows one to query information on OpenSSL Certificate Signing Requests (CSR).`
			`- In case the CSR signature cannot be validated, the module will fail. In this case, all return`
			`variables are still returned.`
			`- It uses the pyOpenSSL or cryptography python library to interact with OpenSSL. If both the`
			`cryptography and PyOpenSSL libraries are available (and meet the minimum version requirements)`
			`cryptography will be preferred as a backend over PyOpenSSL (unless the backend is forced with`
			`C(select_crypto_backend)). Please note that the PyOpenSSL backend was deprecated in Ansible 2.9`
Prepare release (#75) * Improve changelog generator config. * We don't have docs at that URL. * Require Ansible(-base) 2.9.10 or newer. Needed for deprecation syntax. * Update all deprecations from Ansible 2.1x to community.crypto 2.0.0. * Forgot to check in fixes. * Shorten lines. * Fix unit test requirements. * Fix YAML strings which only had a closing quote. * Galaxy neither likes uppercase nor spaces in tags. * General README improvements. * Add roadmap section to README. * Next release will be 1.0.0. * Extend using instructions. * Tags with dashes are also not allowed. * Fix changelog link. 2020-07-01 11:49:25 +00:00			`and will be removed in community.crypto 2.0.0.`
Initial commit 2020-03-09 13:11:34 +00:00			`requirements:`
			`- PyOpenSSL >= 0.15 or cryptography >= 1.3`
			`author:`
			`- Felix Fontein (@felixfontein)`
			`- Yanis Guenane (@Spredzy)`
			`options:`
			`path:`
			`description:`
			`- Remote absolute path where the CSR file is loaded from.`
			`- Either I(path) or I(content) must be specified, but not both.`
			`type: path`
			`content:`
			`description:`
			`- Content of the CSR file.`
			`- Either I(path) or I(content) must be specified, but not both.`
			`type: str`
Add version_added: 1.0.0 for all new features. (#37) 2020-06-29 13:21:35 +00:00			`version_added: "1.0.0"`
Initial commit 2020-03-09 13:11:34 +00:00			`select_crypto_backend:`
			`description:`
			`- Determines which crypto backend to use.`
			`- The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl).`
			`- If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library.`
			`- If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.`
Prepare release (#75) * Improve changelog generator config. * We don't have docs at that URL. * Require Ansible(-base) 2.9.10 or newer. Needed for deprecation syntax. * Update all deprecations from Ansible 2.1x to community.crypto 2.0.0. * Forgot to check in fixes. * Shorten lines. * Fix unit test requirements. * Fix YAML strings which only had a closing quote. * Galaxy neither likes uppercase nor spaces in tags. * General README improvements. * Add roadmap section to README. * Next release will be 1.0.0. * Extend using instructions. * Tags with dashes are also not allowed. * Fix changelog link. 2020-07-01 11:49:25 +00:00			`- Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in community.crypto 2.0.0.`
Initial commit 2020-03-09 13:11:34 +00:00			`From that point on, only the C(cryptography) backend will be available.`
			`type: str`
			`default: auto`
			`choices: [ auto, cryptography, pyopenssl ]`

			`seealso:`
Use fqcn for modules listed in M() and seealso. (#72) 2020-06-17 08:29:18 +00:00			`- module: community.crypto.openssl_csr`
Refactor x509_certificate module, add x509_certificate_pipe module (#135) * Move documentation to doc fragment. * Prepare module backends. * Linting. * Fix comments. * First shot at actually moving code. * Forgot SKI check. * Remove unused imports. * Improve check mode. * Fix 'returned'. * Move csr_* checks. * Explicitly specify parameter. * Add x509_certificate_pipe module. * Update other seealsos. * Forgot to remove doc fragment. * Adjust to work with macOS 10.15. * Update plugins/module_utils/crypto/module_backends/certificate_entrust.py Co-authored-by: Chris Trufan <31186388+ctrufan@users.noreply.github.com> * Add changelog fragments for entrust bugfix and module refactorings. * Restore old behavior of Entrust backend when existing certificate cannot be parsed. * Update plugins/modules/x509_certificate_pipe.py Co-authored-by: Chris Trufan <31186388+ctrufan@users.noreply.github.com> * Remove Entrust provider from x509_certificate_pipe for now. * Add own CA tests. * One more fix for Entrust provider, when csr_content is used. * Update plugins/modules/x509_certificate_pipe.py Co-authored-by: Chris Trufan <31186388+ctrufan@users.noreply.github.com> * Fix another broken example. * Revert "Remove Entrust provider from x509_certificate_pipe for now." This reverts commit 6ee5d7d4f99f0fe2218276a2d3f1f38b676c29b9. * ci_complete * Apply suggestions from code review Co-authored-by: MarkusTeufelberger <mteufelberger@mgit.at> * Improve example. * Improve readability of example, add another one. * Extend descriptions of csr_* for selfsigned. * Improve documentation. * Move deprecation message up. * Explain empty choices. Co-authored-by: Chris Trufan <31186388+ctrufan@users.noreply.github.com> Co-authored-by: MarkusTeufelberger <mteufelberger@mgit.at> 2020-11-24 16:21:52 +00:00			`- module: community.crypto.openssl_csr_pipe`
Initial commit 2020-03-09 13:11:34 +00:00			`'''`

			`EXAMPLES = r'''`
			`- name: Generate an OpenSSL Certificate Signing Request`
Use FQCN in examples. (#12) 2020-03-31 14:23:45 +00:00			`community.crypto.openssl_csr:`
Initial commit 2020-03-09 13:11:34 +00:00			`path: /etc/ssl/csr/www.ansible.com.csr`
			`privatekey_path: /etc/ssl/private/ansible.com.pem`
			`common_name: www.ansible.com`

			`- name: Get information on the CSR`
Use FQCN in examples. (#12) 2020-03-31 14:23:45 +00:00			`community.crypto.openssl_csr_info:`
Initial commit 2020-03-09 13:11:34 +00:00			`path: /etc/ssl/csr/www.ansible.com.csr`
			`register: result`

			`- name: Dump information`
			`debug:`
			`var: result`
			`'''`

			`RETURN = r'''`
			`signature_valid:`
			`description:`
			`- Whether the CSR's signature is valid.`
			`- In case the check returns C(no), the module will fail.`
			`returned: success`
			`type: bool`
			`basic_constraints:`
			`description: Entries in the C(basic_constraints) extension, or C(none) if extension is not present.`
			`returned: success`
			`type: list`
			`elements: str`
			`sample: "[CA:TRUE, pathlen:1]"`
			`basic_constraints_critical:`
			`description: Whether the C(basic_constraints) extension is critical.`
			`returned: success`
			`type: bool`
			`extended_key_usage:`
			`description: Entries in the C(extended_key_usage) extension, or C(none) if extension is not present.`
			`returned: success`
			`type: list`
			`elements: str`
			`sample: "[Biometric Info, DVCS, Time Stamping]"`
			`extended_key_usage_critical:`
			`description: Whether the C(extended_key_usage) extension is critical.`
			`returned: success`
			`type: bool`
			`extensions_by_oid:`
			`description: Returns a dictionary for every extension OID`
			`returned: success`
			`type: dict`
			`contains:`
			`critical:`
			`description: Whether the extension is critical.`
			`returned: success`
			`type: bool`
			`value:`
			`description: The Base64 encoded value (in DER format) of the extension`
			`returned: success`
			`type: str`
			`sample: "MAMCAQU="`
			`sample: '{"1.3.6.1.5.5.7.1.24": { "critical": false, "value": "MAMCAQU="}}'`
			`key_usage:`
			`description: Entries in the C(key_usage) extension, or C(none) if extension is not present.`
			`returned: success`
			`type: str`
			`sample: "[Key Agreement, Data Encipherment]"`
			`key_usage_critical:`
			`description: Whether the C(key_usage) extension is critical.`
			`returned: success`
			`type: bool`
			`subject_alt_name:`
			`description: Entries in the C(subject_alt_name) extension, or C(none) if extension is not present.`
			`returned: success`
			`type: list`
			`elements: str`
			`sample: "[DNS:www.ansible.com, IP:1.2.3.4]"`
			`subject_alt_name_critical:`
			`description: Whether the C(subject_alt_name) extension is critical.`
			`returned: success`
			`type: bool`
			`ocsp_must_staple:`
			`description: C(yes) if the OCSP Must Staple extension is present, C(none) otherwise.`
			`returned: success`
			`type: bool`
			`ocsp_must_staple_critical:`
			`description: Whether the C(ocsp_must_staple) extension is critical.`
			`returned: success`
			`type: bool`
openssl_csr: add support for name constraints extension (#92) * Add support for name constraints extension to openssl_csr. * Linting. * Add tests. * Fix IP address general name handling. 2020-08-18 10:23:37 +00:00			`name_constraints_permitted:`
			`description: List of permitted subtrees to sign certificates for.`
			`returned: success`
			`type: list`
			`elements: str`
			`sample: ['email:.somedomain.com']`
			`version_added: 1.1.0`
			`name_constraints_excluded:`
			`description:`
			`- List of excluded subtrees the CA cannot sign certificates for.`
			`- Is C(none) if extension is not present.`
			`returned: success`
			`type: list`
			`elements: str`
			`sample: ['email:.com']`
			`version_added: 1.1.0`
			`name_constraints_critical:`
			`description:`
			`- Whether the C(name_constraints) extension is critical.`
			`- Is C(none) if extension is not present.`
			`returned: success`
			`type: bool`
			`version_added: 1.1.0`
Initial commit 2020-03-09 13:11:34 +00:00			`subject:`
			`description:`
			`- The CSR's subject as a dictionary.`
			`- Note that for repeated values, only the last one will be returned.`
			`returned: success`
			`type: dict`
			`sample: '{"commonName": "www.example.com", "emailAddress": "test@example.com"}'`
			`subject_ordered:`
			`description: The CSR's subject as an ordered list of tuples.`
			`returned: success`
			`type: list`
			`elements: list`
			`sample: '[["commonName", "www.example.com"], ["emailAddress": "test@example.com"]]'`
			`public_key:`
			`description: CSR's public key in PEM format`
			`returned: success`
			`type: str`
			`sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..."`
			`public_key_fingerprints:`
			`description:`
			`- Fingerprints of CSR's public key.`
			`- For every hash algorithm available, the fingerprint is computed.`
			`returned: success`
			`type: dict`
			`sample: "{'sha256': 'd4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63',`
			`'sha512': 'f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1..."`
			`subject_key_identifier:`
			`description:`
			`- The CSR's subject key identifier.`
			`- The identifier is returned in hexadecimal, with C(:) used to separate bytes.`
			`- Is C(none) if the C(SubjectKeyIdentifier) extension is not present.`
			`returned: success and if the pyOpenSSL backend is I(not) used`
			`type: str`
			`sample: '00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33'`
			`authority_key_identifier:`
			`description:`
			`- The CSR's authority key identifier.`
			`- The identifier is returned in hexadecimal, with C(:) used to separate bytes.`
			`- Is C(none) if the C(AuthorityKeyIdentifier) extension is not present.`
			`returned: success and if the pyOpenSSL backend is I(not) used`
			`type: str`
			`sample: '00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33'`
			`authority_cert_issuer:`
			`description:`
			`- The CSR's authority cert issuer as a list of general names.`
			`- Is C(none) if the C(AuthorityKeyIdentifier) extension is not present.`
			`returned: success and if the pyOpenSSL backend is I(not) used`
			`type: list`
			`elements: str`
			`sample: "[DNS:www.ansible.com, IP:1.2.3.4]"`
			`authority_cert_serial_number:`
			`description:`
			`- The CSR's authority cert serial number.`
			`- Is C(none) if the C(AuthorityKeyIdentifier) extension is not present.`
			`returned: success and if the pyOpenSSL backend is I(not) used`
			`type: int`
			`sample: '12345'`
			`'''`


openssl_csr_info: move main code to module_utils to allow easier implementation of diff mode (#204) * Move openssl_csr_info code to module_utils. * Add changelog fragment. * Apply suggestions from code review Co-authored-by: Ajpantuso <ajpantuso@gmail.com> Co-authored-by: Ajpantuso <ajpantuso@gmail.com> 2021-05-13 20:08:28 +00:00			`from ansible.module_utils.basic import AnsibleModule`
			`from ansible.module_utils._text import to_native`
Remove dependency on ansible.netcommon collection (#2) * Get rid of ansible.netcommon requirement by integrating module_utils/compat/ipaddress.py. * Reorder imports. * Update ignore.txt for plugins/module_utils/compat/ipaddress.py. * Linting (flake8 / pep8). * Remove accidentally commited test for ansible/ansible#66920. 2020-03-24 19:20:19 +00:00
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__. 2020-05-12 09:19:42 +00:00			`from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (`
			`OpenSSLObjectError,`
			`)`

openssl_csr_info: move main code to module_utils to allow easier implementation of diff mode (#204) * Move openssl_csr_info code to module_utils. * Add changelog fragment. * Apply suggestions from code review Co-authored-by: Ajpantuso <ajpantuso@gmail.com> Co-authored-by: Ajpantuso <ajpantuso@gmail.com> 2021-05-13 20:08:28 +00:00			`from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.csr_info import (`
			`select_backend,`
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__. 2020-05-12 09:19:42 +00:00			`)`

Initial commit 2020-03-09 13:11:34 +00:00
			`def main():`
			`module = AnsibleModule(`
			`argument_spec=dict(`
			`path=dict(type='path'),`
			`content=dict(type='str'),`
			`select_crypto_backend=dict(type='str', default='auto', choices=['auto', 'cryptography', 'pyopenssl']),`
			`),`
			`required_one_of=(`
			`['path', 'content'],`
			`),`
			`mutually_exclusive=(`
			`['path', 'content'],`
			`),`
			`supports_check_mode=True,`
			`)`

openssl_csr_info: move main code to module_utils to allow easier implementation of diff mode (#204) * Move openssl_csr_info code to module_utils. * Add changelog fragment. * Apply suggestions from code review Co-authored-by: Ajpantuso <ajpantuso@gmail.com> Co-authored-by: Ajpantuso <ajpantuso@gmail.com> 2021-05-13 20:08:28 +00:00			`if module.params['content'] is not None:`
			`data = module.params['content'].encode('utf-8')`
			`else:`
			`try:`
			`with open(module.params['path'], 'rb') as f:`
			`data = f.read()`
			`except (IOError, OSError) as e:`
			`module.fail_json(msg='Error while reading CSR file from disk: {0}'.format(e))`
Initial commit 2020-03-09 13:11:34 +00:00
openssl_csr_info: move main code to module_utils to allow easier implementation of diff mode (#204) * Move openssl_csr_info code to module_utils. * Add changelog fragment. * Apply suggestions from code review Co-authored-by: Ajpantuso <ajpantuso@gmail.com> Co-authored-by: Ajpantuso <ajpantuso@gmail.com> 2021-05-13 20:08:28 +00:00			`backend, module_backend = select_backend(module, module.params['select_crypto_backend'], data, validate_signature=True)`
Initial commit 2020-03-09 13:11:34 +00:00
openssl_csr_info: move main code to module_utils to allow easier implementation of diff mode (#204) * Move openssl_csr_info code to module_utils. * Add changelog fragment. * Apply suggestions from code review Co-authored-by: Ajpantuso <ajpantuso@gmail.com> Co-authored-by: Ajpantuso <ajpantuso@gmail.com> 2021-05-13 20:08:28 +00:00			`try:`
			`result = module_backend.get_info()`
Initial commit 2020-03-09 13:11:34 +00:00			`module.exit_json(**result)`
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__. 2020-05-12 09:19:42 +00:00			`except OpenSSLObjectError as exc:`
Initial commit 2020-03-09 13:11:34 +00:00			`module.fail_json(msg=to_native(exc))`


			`if __name__ == "__main__":`
			`main()`