a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community.crypto/plugins/modules/openssl_pkcs12.py

490 lines
17 KiB
Python
Raw Normal View History

Initial commit
2020-03-09 13:11:34 +00:00
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2017, Guillaume Delpierre <gde@llew.me>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = r'''
---
module: openssl_pkcs12
author:
- Guillaume Delpierre (@gdelpierre)
short_description: Generate OpenSSL PKCS#12 archive
description:
- This module allows one to (re-)generate PKCS#12.
requirements:
- python-pyOpenSSL
options:
action:
description:
- C(export) or C(parse) a PKCS#12.
type: str
default: export
choices: [ export, parse ]
other_certificates:
description:
- List of other certificates to include. Pre 2.8 this parameter was called C(ca_certificates)
type: list
elements: path
aliases: [ ca_certificates ]
certificate_path:
description:
- The path to read certificates and private keys from.
- Must be in PEM format.
type: path
force:
description:
- Should the file be regenerated even if it already exists.
type: bool
default: no
friendly_name:
description:
- Specifies the friendly name for the certificate and private key.
type: str
aliases: [ name ]
iter_size:
description:
- Number of times to repeat the encryption step.
type: int
default: 2048
maciter_size:
description:
- Number of times to repeat the MAC step.
type: int
default: 1
passphrase:
description:
- The PKCS#12 password.
type: str
path:
description:
- Filename to write the PKCS#12 file to.
type: path
required: true
privatekey_passphrase:
description:
- Passphrase source to decrypt any input private keys with.
type: str
privatekey_path:
description:
- File to read private key from.
type: path
state:
description:
- Whether the file should exist or not.
All parameters except C(path) are ignored when state is C(absent).
choices: [ absent, present ]
default: present
type: str
src:
description:
- PKCS#12 file path to parse.
type: path
backup:
description:
- Create a backup file including a timestamp so you can get the original
output file back if you overwrote it with a new one by accident.
type: bool
default: no
return_content:
description:
- If set to C(yes), will return the (current or generated) PKCS#12's content as I(pkcs12).
type: bool
default: no
Add version_added: 1.0.0 for all new features. (#37)
2020-06-29 13:21:35 +00:00
version_added: "1.0.0"
Initial commit
2020-03-09 13:11:34 +00:00
extends_documentation_fragment:
- files
seealso:
Use fqcn for modules listed in M() and seealso. (#72)
2020-06-17 08:29:18 +00:00
- module: community.crypto.x509_certificate
- module: community.crypto.openssl_csr
- module: community.crypto.openssl_dhparam
- module: community.crypto.openssl_privatekey
- module: community.crypto.openssl_publickey
Initial commit
2020-03-09 13:11:34 +00:00
'''
EXAMPLES = r'''
- name: Generate PKCS#12 file
Use FQCN in examples. (#12)
2020-03-31 14:23:45 +00:00
community.crypto.openssl_pkcs12:
Initial commit
2020-03-09 13:11:34 +00:00
action: export
path: /opt/certs/ansible.p12
friendly_name: raclette
privatekey_path: /opt/certs/keys/key.pem
certificate_path: /opt/certs/cert.pem
other_certificates: /opt/certs/ca.pem
state: present
- name: Change PKCS#12 file permission
Use FQCN in examples. (#12)
2020-03-31 14:23:45 +00:00
community.crypto.openssl_pkcs12:
Initial commit
2020-03-09 13:11:34 +00:00
action: export
path: /opt/certs/ansible.p12
friendly_name: raclette
privatekey_path: /opt/certs/keys/key.pem
certificate_path: /opt/certs/cert.pem
other_certificates: /opt/certs/ca.pem
state: present
mode: '0600'
- name: Regen PKCS#12 file
Use FQCN in examples. (#12)
2020-03-31 14:23:45 +00:00
community.crypto.openssl_pkcs12:
Initial commit
2020-03-09 13:11:34 +00:00
action: export
src: /opt/certs/ansible.p12
path: /opt/certs/ansible.p12
friendly_name: raclette
privatekey_path: /opt/certs/keys/key.pem
certificate_path: /opt/certs/cert.pem
other_certificates: /opt/certs/ca.pem
state: present
mode: '0600'
force: yes
- name: Dump/Parse PKCS#12 file
Use FQCN in examples. (#12)
2020-03-31 14:23:45 +00:00
community.crypto.openssl_pkcs12:
Initial commit
2020-03-09 13:11:34 +00:00
action: parse
src: /opt/certs/ansible.p12
path: /opt/certs/ansible.pem
state: present
- name: Remove PKCS#12 file
Use FQCN in examples. (#12)
2020-03-31 14:23:45 +00:00
community.crypto.openssl_pkcs12:
Initial commit
2020-03-09 13:11:34 +00:00
path: /opt/certs/ansible.p12
state: absent
'''
RETURN = r'''
filename:
description: Path to the generate PKCS#12 file.
returned: changed or success
type: str
sample: /opt/certs/ansible.p12
privatekey:
description: Path to the TLS/SSL private key the public key was generated from.
returned: changed or success
type: str
sample: /etc/ssl/private/ansible.com.pem
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
type: str
sample: /path/to/ansible.com.pem.2019-03-09@11:22~
pkcs12:
description: The (current or generated) PKCS#12's content Base64 encoded.
returned: if I(state) is C(present) and I(return_content) is C(yes)
type: str
Add version_added: 1.0.0 for all new features. (#37)
2020-06-29 13:21:35 +00:00
version_added: "1.0.0"
Initial commit
2020-03-09 13:11:34 +00:00
'''
import base64
import os
Remove dependency on ansible.netcommon collection (#2) * Get rid of ansible.netcommon requirement by integrating module_utils/compat/ipaddress.py. * Reorder imports. * Update ignore.txt for plugins/module_utils/compat/ipaddress.py. * Linting (flake8 / pep8). * Remove accidentally commited test for ansible/ansible#66920.
2020-03-24 19:20:19 +00:00
import stat
Initial commit
2020-03-09 13:11:34 +00:00
import traceback
Remove dependency on ansible.netcommon collection (#2) * Get rid of ansible.netcommon requirement by integrating module_utils/compat/ipaddress.py. * Reorder imports. * Update ignore.txt for plugins/module_utils/compat/ipaddress.py. * Linting (flake8 / pep8). * Remove accidentally commited test for ansible/ansible#66920.
2020-03-24 19:20:19 +00:00
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
from ansible.module_utils._text import to_bytes, to_native
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
from ansible_collections.community.crypto.plugins.module_utils.io import (
load_file_if_exists,
write_file,
)
from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
OpenSSLObjectError,
OpenSSLBadPassphraseError,
)
from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
OpenSSLObject,
load_privatekey,
load_certificate,
)
Remove dependency on ansible.netcommon collection (#2) * Get rid of ansible.netcommon requirement by integrating module_utils/compat/ipaddress.py. * Reorder imports. * Update ignore.txt for plugins/module_utils/compat/ipaddress.py. * Linting (flake8 / pep8). * Remove accidentally commited test for ansible/ansible#66920.
2020-03-24 19:20:19 +00:00
Initial commit
2020-03-09 13:11:34 +00:00
PYOPENSSL_IMP_ERR = None
try:
from OpenSSL import crypto
except ImportError:
PYOPENSSL_IMP_ERR = traceback.format_exc()
pyopenssl_found = False
else:
pyopenssl_found = True
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
class PkcsError(OpenSSLObjectError):
Initial commit
2020-03-09 13:11:34 +00:00
pass
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
class Pkcs(OpenSSLObject):
Initial commit
2020-03-09 13:11:34 +00:00
def __init__(self, module):
super(Pkcs, self).__init__(
module.params['path'],
module.params['state'],
module.params['force'],
module.check_mode
)
self.action = module.params['action']
self.other_certificates = module.params['other_certificates']
self.certificate_path = module.params['certificate_path']
self.friendly_name = module.params['friendly_name']
self.iter_size = module.params['iter_size']
self.maciter_size = module.params['maciter_size']
self.passphrase = module.params['passphrase']
self.pkcs12 = None
self.privatekey_passphrase = module.params['privatekey_passphrase']
self.privatekey_path = module.params['privatekey_path']
self.pkcs12_bytes = None
self.return_content = module.params['return_content']
self.src = module.params['src']
if module.params['mode'] is None:
module.params['mode'] = '0400'
self.backup = module.params['backup']
self.backup_file = None
def check(self, module, perms_required=True):
"""Ensure the resource is in its desired state."""
state_and_perms = super(Pkcs, self).check(module, perms_required)
def _check_pkey_passphrase():
if self.privatekey_passphrase:
try:
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
load_privatekey(self.privatekey_path, self.privatekey_passphrase)
Initial commit
2020-03-09 13:11:34 +00:00
except crypto.Error:
return False
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
except OpenSSLBadPassphraseError:
Initial commit
2020-03-09 13:11:34 +00:00
return False
return True
if not state_and_perms:
return state_and_perms
if os.path.exists(self.path) and module.params['action'] == 'export':
dummy = self.generate(module)
self.src = self.path
try:
pkcs12_privatekey, pkcs12_certificate, pkcs12_other_certificates, pkcs12_friendly_name = self.parse()
except crypto.Error:
return False
if (pkcs12_privatekey is not None) and (self.privatekey_path is not None):
expected_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,
self.pkcs12.get_privatekey())
if pkcs12_privatekey != expected_pkey:
return False
elif bool(pkcs12_privatekey) != bool(self.privatekey_path):
return False
if (pkcs12_certificate is not None) and (self.certificate_path is not None):
expected_cert = crypto.dump_certificate(crypto.FILETYPE_PEM,
self.pkcs12.get_certificate())
if pkcs12_certificate != expected_cert:
return False
elif bool(pkcs12_certificate) != bool(self.certificate_path):
return False
if (pkcs12_other_certificates is not None) and (self.other_certificates is not None):
expected_other_certs = [crypto.dump_certificate(crypto.FILETYPE_PEM,
other_cert) for other_cert in self.pkcs12.get_ca_certificates()]
if set(pkcs12_other_certificates) != set(expected_other_certs):
return False
elif bool(pkcs12_other_certificates) != bool(self.other_certificates):
return False
if pkcs12_privatekey:
# This check is required because pyOpenSSL will not return a friendly name
# if the private key is not set in the file
if ((self.pkcs12.get_friendlyname() is not None) and (pkcs12_friendly_name is not None)):
if self.pkcs12.get_friendlyname() != pkcs12_friendly_name:
return False
elif bool(self.pkcs12.get_friendlyname()) != bool(pkcs12_friendly_name):
return False
openssl_pkcs12: Add a check for parsed pkcs12 files (#145) * openssl_pkcs12: Add a check for parsed pkcs12 files Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * Add changelog fragment Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * openssl_pkcs12: Report changed state when a pkcs12 file is dumped Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * Add a basic test for dumping a pkcs12 file Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * Update changelog fragment Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * Add test for dumped pkcs12 file in check mode Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
2020-11-23 08:14:45 +00:00
elif module.params['action'] == 'parse' and os.path.exists(self.src) and os.path.exists(self.path):
try:
pkey, cert, other_certs, friendly_name = self.parse()
except crypto.Error:
return False
expected_content = to_bytes(
''.join([to_native(pem) for pem in [pkey, cert] + other_certs if pem is not None])
)
dumped_content = load_file_if_exists(self.path, ignore_errors=True)
if expected_content != dumped_content:
return False
Initial commit
2020-03-09 13:11:34 +00:00
else:
return False
return _check_pkey_passphrase()
def dump(self):
"""Serialize the object into a dictionary."""
result = {
'filename': self.path,
}
if self.privatekey_path:
result['privatekey_path'] = self.privatekey_path
if self.backup_file:
result['backup_file'] = self.backup_file
if self.return_content:
if self.pkcs12_bytes is None:
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
self.pkcs12_bytes = load_file_if_exists(self.path, ignore_errors=True)
Initial commit
2020-03-09 13:11:34 +00:00
result['pkcs12'] = base64.b64encode(self.pkcs12_bytes) if self.pkcs12_bytes else None
return result
def generate(self, module):
"""Generate PKCS#12 file archive."""
self.pkcs12 = crypto.PKCS12()
if self.other_certificates:
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
other_certs = [load_certificate(other_cert) for other_cert
Initial commit
2020-03-09 13:11:34 +00:00
in self.other_certificates]
self.pkcs12.set_ca_certificates(other_certs)
if self.certificate_path:
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
self.pkcs12.set_certificate(load_certificate(self.certificate_path))
Initial commit
2020-03-09 13:11:34 +00:00
if self.friendly_name:
self.pkcs12.set_friendlyname(to_bytes(self.friendly_name))
if self.privatekey_path:
try:
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
self.pkcs12.set_privatekey(load_privatekey(self.privatekey_path, self.privatekey_passphrase))
except OpenSSLBadPassphraseError as exc:
Initial commit
2020-03-09 13:11:34 +00:00
raise PkcsError(exc)
return self.pkcs12.export(self.passphrase, self.iter_size, self.maciter_size)
def remove(self, module):
if self.backup:
self.backup_file = module.backup_local(self.path)
super(Pkcs, self).remove(module)
def parse(self):
"""Read PKCS#12 file."""
try:
with open(self.src, 'rb') as pkcs12_fh:
pkcs12_content = pkcs12_fh.read()
p12 = crypto.load_pkcs12(pkcs12_content,
self.passphrase)
openssl_pkcs12: do not crash when there's no certificate and/or private key in existing PKCS#12 file (#109) * Do not crash when PKCS#12 file contains no private key and/or main certificate. * Add changelog fragment. * Call getters only once each, check explicitly for None. * Add test. * Also 'parse' correctly PKCS#12 file with no private key.
2020-09-16 09:25:24 +00:00
pkey = p12.get_privatekey()
if pkey is not None:
pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
crt = p12.get_certificate()
if crt is not None:
crt = crypto.dump_certificate(crypto.FILETYPE_PEM, crt)
Initial commit
2020-03-09 13:11:34 +00:00
other_certs = []
if p12.get_ca_certificates() is not None:
other_certs = [crypto.dump_certificate(crypto.FILETYPE_PEM,
other_cert) for other_cert in p12.get_ca_certificates()]
friendly_name = p12.get_friendlyname()
return (pkey, crt, other_certs, friendly_name)
except IOError as exc:
raise PkcsError(exc)
def write(self, module, content, mode=None):
"""Write the PKCS#12 file."""
if self.backup:
self.backup_file = module.backup_local(self.path)
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
write_file(module, content, mode)
Initial commit
2020-03-09 13:11:34 +00:00
if self.return_content:
self.pkcs12_bytes = content
def main():
argument_spec = dict(
action=dict(type='str', default='export', choices=['export', 'parse']),
other_certificates=dict(type='list', elements='path', aliases=['ca_certificates']),
certificate_path=dict(type='path'),
force=dict(type='bool', default=False),
friendly_name=dict(type='str', aliases=['name']),
iter_size=dict(type='int', default=2048),
maciter_size=dict(type='int', default=1),
passphrase=dict(type='str', no_log=True),
path=dict(type='path', required=True),
privatekey_passphrase=dict(type='str', no_log=True),
privatekey_path=dict(type='path'),
state=dict(type='str', default='present', choices=['absent', 'present']),
src=dict(type='path'),
backup=dict(type='bool', default=False),
return_content=dict(type='bool', default=False),
)
required_if = [
['action', 'parse', ['src']],
]
module = AnsibleModule(
add_file_common_args=True,
argument_spec=argument_spec,
required_if=required_if,
supports_check_mode=True,
)
if not pyopenssl_found:
module.fail_json(msg=missing_required_lib('pyOpenSSL'), exception=PYOPENSSL_IMP_ERR)
base_dir = os.path.dirname(module.params['path']) or '.'
if not os.path.isdir(base_dir):
module.fail_json(
name=base_dir,
msg="The directory '%s' does not exist or the path is not a directory" % base_dir
)
try:
pkcs12 = Pkcs(module)
changed = False
if module.params['state'] == 'present':
if module.check_mode:
result = pkcs12.dump()
result['changed'] = module.params['force'] or not pkcs12.check(module)
module.exit_json(**result)
if not pkcs12.check(module, perms_required=False) or module.params['force']:
if module.params['action'] == 'export':
if not module.params['friendly_name']:
module.fail_json(msg='Friendly_name is required')
pkcs12_content = pkcs12.generate(module)
pkcs12.write(module, pkcs12_content, 0o600)
changed = True
else:
pkey, cert, other_certs, friendly_name = pkcs12.parse()
openssl_pkcs12: do not crash when there's no certificate and/or private key in existing PKCS#12 file (#109) * Do not crash when PKCS#12 file contains no private key and/or main certificate. * Add changelog fragment. * Call getters only once each, check explicitly for None. * Add test. * Also 'parse' correctly PKCS#12 file with no private key.
2020-09-16 09:25:24 +00:00
dump_content = ''.join([to_native(pem) for pem in [pkey, cert] + other_certs if pem is not None])
Initial commit
2020-03-09 13:11:34 +00:00
pkcs12.write(module, to_bytes(dump_content))
openssl_pkcs12: Add a check for parsed pkcs12 files (#145) * openssl_pkcs12: Add a check for parsed pkcs12 files Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * Add changelog fragment Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * openssl_pkcs12: Report changed state when a pkcs12 file is dumped Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * Add a basic test for dumping a pkcs12 file Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * Update changelog fragment Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de> * Add test for dumped pkcs12 file in check mode Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
2020-11-23 08:14:45 +00:00
changed = True
Initial commit
2020-03-09 13:11:34 +00:00
file_args = module.load_file_common_arguments(module.params)
if module.set_fs_attributes_if_different(file_args, changed):
changed = True
else:
if module.check_mode:
result = pkcs12.dump()
result['changed'] = os.path.exists(module.params['path'])
module.exit_json(**result)
if os.path.exists(module.params['path']):
pkcs12.remove(module)
changed = True
result = pkcs12.dump()
result['changed'] = changed
if os.path.exists(module.params['path']):
file_mode = "%04o" % stat.S_IMODE(os.stat(module.params['path']).st_mode)
result['mode'] = file_mode
module.exit_json(**result)
Refactor module_utils/crypto.py (#27) * Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2020-05-12 09:19:42 +00:00
except OpenSSLObjectError as exc:
Initial commit
2020-03-09 13:11:34 +00:00
module.fail_json(msg=to_native(exc))
if __name__ == '__main__':
main()