a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community.crypto/plugins/modules/openssl_signature.py

277 lines
9.0 KiB
Python
Raw Normal View History

Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
#!/usr/bin/python
# -*- coding: utf-8 -*-
Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml (#491) * Add SPDX license identifiers, mention all licenses in galaxy.yml. * Add default copyright headers. * Add headers for documents. * Fix/add more copyright statements. * Add copyright / license info for vendored code. * Add extra sanity test. * Add changelog fragment. * Comment PSF-2.0 license out in galaxy.yml for now. * Remove colon after 'Copyright'. * Avoid colon after 'Copyright' in lint script. * Mention correct filename. * Add BSD-3-Clause. * Improve lint script. * Update README. * Symlinks...
2022-07-21 05:27:26 +00:00
# Copyright (c) 2019, Patrick Pichler <ppichler+ansible@mgit.at>
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = r'''
---
module: openssl_signature
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
version_added: 1.1.0
short_description: Sign data with openssl
description:
- This module allows one to sign data using a private key.
Remove PyOpenSSL backends (except for openssl_pkcs12) (#273) * Remove Ubuntu 16.04 (Xenial Xerus) from CI. * Removing PyOpenSSL backend from everywhere but openssl_pkcs12. * Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12. * Add changelog fragment.
2021-09-28 15:46:35 +00:00
- The module uses the cryptography Python library.
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
requirements:
Remove PyOpenSSL backends (except for openssl_pkcs12) (#273) * Remove Ubuntu 16.04 (Xenial Xerus) from CI. * Removing PyOpenSSL backend from everywhere but openssl_pkcs12. * Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12. * Add changelog fragment.
2021-09-28 15:46:35 +00:00
- cryptography >= 1.4 (some key types require newer versions)
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
author:
- Patrick Pichler (@aveexy)
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
- Markus Teufelberger (@MarkusTeufelberger)
Document attributes (#526) * Add 'acme' action group attribute. * Compatibility with older ansible-core releases. * Fix typo. * Document standard attributes. * Improve docs. * Add shortcuts for common combinations.
2022-11-06 20:10:56 +00:00
extends_documentation_fragment:
- community.crypto.attributes
attributes:
check_mode:
support: full
details:
- This action does not modify state.
diff_mode:
support: none
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
options:
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
privatekey_path:
description:
- The path to the private key to use when signing.
- Either I(privatekey_path) or I(privatekey_content) must be specified, but not both.
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
type: path
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
privatekey_content:
description:
- The content of the private key to use when signing the certificate signing request.
- Either I(privatekey_path) or I(privatekey_content) must be specified, but not both.
type: str
privatekey_passphrase:
description:
- The passphrase for the private key.
- This is required if the private key is password protected.
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
type: str
path:
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
description:
- The file to sign.
- This file will only be read and not modified.
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
type: path
required: true
select_crypto_backend:
description:
- Determines which crypto backend to use.
Remove PyOpenSSL backends (except for openssl_pkcs12) (#273) * Remove Ubuntu 16.04 (Xenial Xerus) from CI. * Removing PyOpenSSL backend from everywhere but openssl_pkcs12. * Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12. * Add changelog fragment.
2021-09-28 15:46:35 +00:00
- The default choice is C(auto), which tries to use C(cryptography) if available.
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
- If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
type: str
default: auto
Remove PyOpenSSL backends (except for openssl_pkcs12) (#273) * Remove Ubuntu 16.04 (Xenial Xerus) from CI. * Removing PyOpenSSL backend from everywhere but openssl_pkcs12. * Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12. * Add changelog fragment.
2021-09-28 15:46:35 +00:00
choices: [ auto, cryptography ]
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
notes:
- |
When using the C(cryptography) backend, the following key types require at least the following C(cryptography) version:
RSA keys: C(cryptography) >= 1.4
DSA and ECDSA keys: C(cryptography) >= 1.5
ed448 and ed25519 keys: C(cryptography) >= 2.6
seealso:
- module: community.crypto.openssl_signature_info
- module: community.crypto.openssl_privatekey
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
'''
EXAMPLES = r'''
- name: Sign example file
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
community.crypto.openssl_signature:
privatekey_path: private.key
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
path: /tmp/example_file
register: sig
- name: Verify signature of example file
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
community.crypto.openssl_signature_info:
certificate_path: cert.pem
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
path: /tmp/example_file
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
signature: "{{ sig.signature }}"
register: verify
- name: Make sure the signature is valid
assert:
that:
- verify.valid
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
'''
RETURN = r'''
signature:
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
description: Base64 encoded signature.
returned: success
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
type: str
'''
import os
import traceback
import base64
Prepare for distutils.version being removed in Python 3.12 (#353) * Prepare for distutils.version being removed in Python 2.12. * Fix copy'n'paste error. * Re-add Loose prefix. * Fix Python version typo. * Improve formulation. * Move message into own line. * Fix casing, now that the object is no longer called Version.
2021-12-24 10:28:14 +00:00
from ansible_collections.community.crypto.plugins.module_utils.version import LooseVersion
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
MINIMAL_CRYPTOGRAPHY_VERSION = '1.4'
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
CRYPTOGRAPHY_IMP_ERR = None
try:
import cryptography
import cryptography.hazmat.primitives.asymmetric.padding
import cryptography.hazmat.primitives.hashes
CRYPTOGRAPHY_VERSION = LooseVersion(cryptography.__version__)
except ImportError:
CRYPTOGRAPHY_IMP_ERR = traceback.format_exc()
CRYPTOGRAPHY_FOUND = False
else:
CRYPTOGRAPHY_FOUND = True
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
CRYPTOGRAPHY_HAS_DSA_SIGN,
CRYPTOGRAPHY_HAS_EC_SIGN,
CRYPTOGRAPHY_HAS_ED25519_SIGN,
CRYPTOGRAPHY_HAS_ED448_SIGN,
CRYPTOGRAPHY_HAS_RSA_SIGN,
OpenSSLObjectError,
)
from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
OpenSSLObject,
load_privatekey,
)
Fix main for new cryptography 37.0.0 release (#445) * Fix empty check for openssl_pkcs12 tests. * Remove unnecessary imports. * Prevent crash if PyOpenSSL cannot be imported because of an AttributeError. * Add changelog fragment. * Fix constraints file. * Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken). * Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
2022-04-26 20:18:37 +00:00
from ansible.module_utils.common.text.converters import to_native
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
class SignatureBase(OpenSSLObject):
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
def __init__(self, module, backend):
super(SignatureBase, self).__init__(
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
path=module.params['path'],
state='present',
force=False,
check_mode=module.check_mode
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
)
self.backend = backend
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
self.privatekey_path = module.params['privatekey_path']
self.privatekey_content = module.params['privatekey_content']
if self.privatekey_content is not None:
self.privatekey_content = self.privatekey_content.encode('utf-8')
self.privatekey_passphrase = module.params['privatekey_passphrase']
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
def generate(self):
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
# Empty method because OpenSSLObject wants this
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
pass
def dump(self):
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
# Empty method because OpenSSLObject wants this
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
pass
# Implementation with using cryptography
class SignatureCryptography(SignatureBase):
def __init__(self, module, backend):
super(SignatureCryptography, self).__init__(module, backend)
def run(self):
_padding = cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15()
_hash = cryptography.hazmat.primitives.hashes.SHA256()
result = dict()
try:
with open(self.path, "rb") as f:
_in = f.read()
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
private_key = load_privatekey(
path=self.privatekey_path,
content=self.privatekey_content,
passphrase=self.privatekey_passphrase,
backend=self.backend,
)
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
signature = None
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
if CRYPTOGRAPHY_HAS_DSA_SIGN:
if isinstance(private_key, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey):
signature = private_key.sign(_in, _hash)
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
if CRYPTOGRAPHY_HAS_EC_SIGN:
if isinstance(private_key, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey):
signature = private_key.sign(_in, cryptography.hazmat.primitives.asymmetric.ec.ECDSA(_hash))
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
if CRYPTOGRAPHY_HAS_ED25519_SIGN:
if isinstance(private_key, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey):
signature = private_key.sign(_in)
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
if CRYPTOGRAPHY_HAS_ED448_SIGN:
if isinstance(private_key, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey):
signature = private_key.sign(_in)
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
if CRYPTOGRAPHY_HAS_RSA_SIGN:
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
if isinstance(private_key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey):
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
signature = private_key.sign(_in, _padding, _hash)
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
if signature is None:
self.module.fail_json(
msg="Unsupported key type. Your cryptography version is {0}".format(CRYPTOGRAPHY_VERSION)
)
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
result['signature'] = base64.b64encode(signature)
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
return result
except Exception as e:
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
raise OpenSSLObjectError(e)
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
def main():
module = AnsibleModule(
argument_spec=dict(
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
privatekey_path=dict(type='path'),
CVE-2020-25646: no_log=True missing for private key content options (#125) * Mark private key content options as no_log (CVE-2020-25646.) * Mention no_log for openssl_privatekey's return_content option. * Add change PR's URL. * Plural.
2020-10-13 12:14:05 +00:00
privatekey_content=dict(type='str', no_log=True),
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
privatekey_passphrase=dict(type='str', no_log=True),
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
path=dict(type='path', required=True),
Remove PyOpenSSL backends (except for openssl_pkcs12) (#273) * Remove Ubuntu 16.04 (Xenial Xerus) from CI. * Removing PyOpenSSL backend from everywhere but openssl_pkcs12. * Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12. * Add changelog fragment.
2021-09-28 15:46:35 +00:00
select_crypto_backend=dict(type='str', choices=['auto', 'cryptography'], default='auto'),
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
),
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
mutually_exclusive=(
['privatekey_path', 'privatekey_content'],
),
required_one_of=(
['privatekey_path', 'privatekey_content'],
),
supports_check_mode=True,
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
)
if not os.path.isfile(module.params['path']):
module.fail_json(
name=module.params['path'],
msg='The file {0} does not exist'.format(module.params['path'])
)
backend = module.params['select_crypto_backend']
if backend == 'auto':
# Detection what is possible
can_use_cryptography = CRYPTOGRAPHY_FOUND and CRYPTOGRAPHY_VERSION >= LooseVersion(MINIMAL_CRYPTOGRAPHY_VERSION)
# Decision
if can_use_cryptography:
backend = 'cryptography'
# Success?
if backend == 'auto':
Small docs improvements (#374) * Small improvements. * Document behavior changes.
2022-01-10 12:05:09 +00:00
module.fail_json(msg=("Cannot detect the required Python library "
Remove PyOpenSSL backends (except for openssl_pkcs12) (#273) * Remove Ubuntu 16.04 (Xenial Xerus) from CI. * Removing PyOpenSSL backend from everywhere but openssl_pkcs12. * Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12. * Add changelog fragment.
2021-09-28 15:46:35 +00:00
"cryptography (>= {0})").format(MINIMAL_CRYPTOGRAPHY_VERSION))
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
try:
Remove PyOpenSSL backends (except for openssl_pkcs12) (#273) * Remove Ubuntu 16.04 (Xenial Xerus) from CI. * Removing PyOpenSSL backend from everywhere but openssl_pkcs12. * Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12. * Add changelog fragment.
2021-09-28 15:46:35 +00:00
if backend == 'cryptography':
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
if not CRYPTOGRAPHY_FOUND:
module.fail_json(msg=missing_required_lib('cryptography >= {0}'.format(MINIMAL_CRYPTOGRAPHY_VERSION)),
exception=CRYPTOGRAPHY_IMP_ERR)
_sign = SignatureCryptography(module, backend)
result = _sign.run()
module.exit_json(**result)
Update openssl_signature module (#63) * Use module_utils from collection, clean up code a bit * add DSA keys, because why not... * sign/verify was added in pyOpenSSL 0.11 apparently * Add signing capability detection to module_utils.crypto.basic * Rework feature detection of signature types. * Rename parameters to match other modules * Add initial version of integration tests * fix whitespace in tests * More whitespace fixes * small fixes for issues in testing * Organize integration tests as test matrix * another indentation fix to make pep8 happy * use openssl pkeyutl when possible, otherwise fall back to openssl dgst * More linter fixes * openssl pkeyutl -help can apparently return 1 * ignore errors on openssl call and another try at formatting * Remove the OpenSSL calls in tests * Add collection name to deprecation notice and deprecate at version 2.0.0 * Exclude Ed448/25519 tests on pyopenssl * revert the collection name in the deprecation notice (breaks 2.9) * limit test platforms even more * disable FreeBSD DSA and ECC tests * Add module name to README * rewrite and split into 2 modules instead * add module to README and fix whitespace issue * remove duplicated tests * address review remarks * resolve another comment
2020-06-06 09:20:00 +00:00
except OpenSSLObjectError as exc:
Add openssl_signature module (#63)
2020-06-06 08:23:29 +00:00
module.fail_json(msg=to_native(exc))
if __name__ == '__main__':
main()