community.crypto/plugins/module_utils/acme/backends.py

# -*- coding: utf-8 -*-

# Copyright (c) 2016 Michael Gruener <michael.gruener@chaosmoon.net>
# Copyright (c) 2021 Felix Fontein <felix@fontein.de>
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

from __future__ import absolute_import, division, print_function
__metaclass__ = type


import abc

from ansible.module_utils import six


@six.add_metaclass(abc.ABCMeta)
class CryptoBackend(object):
    def __init__(self, module):
        self.module = module

    @abc.abstractmethod
    def parse_key(self, key_file=None, key_content=None, passphrase=None):
        '''
        Parses an RSA or Elliptic Curve key file in PEM format and returns key_data.
        Raises KeyParsingError in case of errors.
        '''

    @abc.abstractmethod
    def sign(self, payload64, protected64, key_data):
        pass

    @abc.abstractmethod
    def create_mac_key(self, alg, key):
        '''Create a MAC key.'''

    @abc.abstractmethod
    def get_csr_identifiers(self, csr_filename=None, csr_content=None):
        '''
        Return a set of requested identifiers (CN and SANs) for the CSR.
        Each identifier is a pair (type, identifier), where type is either
        'dns' or 'ip'.
        '''

    @abc.abstractmethod
    def get_cert_days(self, cert_filename=None, cert_content=None, now=None):
        '''
        Return the days the certificate in cert_filename remains valid and -1
        if the file was not found. If cert_filename contains more than one
        certificate, only the first one will be considered.

        If now is not specified, datetime.datetime.now() is used.
        '''

    @abc.abstractmethod
    def create_chain_matcher(self, criterium):
        '''
        Given a Criterium object, creates a ChainMatcher object.
        '''
ACME modules refactor (#187) * Move acme.py to acme/__init__.py to prepare splitup. * Began moving generic code out. * Creating backends. * Update unit tests. * Move remaining new code out. * Use new interface. * Rewrite module init code. * Add changelog. * Add BackendException for crypto backend errors. * Improve / uniformize ACME error reporting. * Create ACMELegacyAccount for backwards compatibility. * Split up ACMEAccount into ACMEClient and ACMEAccount. * Move get_keyauthorization into module_utils.acme.challenges. * Improve error handling. * Move challenge and authorization handling code into module_utils. * Add split_identifier helper. * Move order code into module_utils. * Move ACME v2 certificate handling code to module_utils. * Fix/move ACME v1 certificate retrieval to module_utils as well. * Refactor alternate chain handling code by splitting it up into simpler functions. * Make chain matcher creation part of backend. 2021-03-21 08:40:25 +00:00			`# -- coding: utf-8 --`

Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml (#491) * Add SPDX license identifiers, mention all licenses in galaxy.yml. * Add default copyright headers. * Add headers for documents. * Fix/add more copyright statements. * Add copyright / license info for vendored code. * Add extra sanity test. * Add changelog fragment. * Comment PSF-2.0 license out in galaxy.yml for now. * Remove colon after 'Copyright'. * Avoid colon after 'Copyright' in lint script. * Mention correct filename. * Add BSD-3-Clause. * Improve lint script. * Update README. * Symlinks... 2022-07-21 05:27:26 +00:00			`# Copyright (c) 2016 Michael Gruener <michael.gruener@chaosmoon.net>`
			`# Copyright (c) 2021 Felix Fontein <felix@fontein.de>`
			`# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)`
			`# SPDX-License-Identifier: GPL-3.0-or-later`
ACME modules refactor (#187) * Move acme.py to acme/__init__.py to prepare splitup. * Began moving generic code out. * Creating backends. * Update unit tests. * Move remaining new code out. * Use new interface. * Rewrite module init code. * Add changelog. * Add BackendException for crypto backend errors. * Improve / uniformize ACME error reporting. * Create ACMELegacyAccount for backwards compatibility. * Split up ACMEAccount into ACMEClient and ACMEAccount. * Move get_keyauthorization into module_utils.acme.challenges. * Improve error handling. * Move challenge and authorization handling code into module_utils. * Add split_identifier helper. * Move order code into module_utils. * Move ACME v2 certificate handling code to module_utils. * Fix/move ACME v1 certificate retrieval to module_utils as well. * Refactor alternate chain handling code by splitting it up into simpler functions. * Make chain matcher creation part of backend. 2021-03-21 08:40:25 +00:00
			`from __future__ import absolute_import, division, print_function`
			`__metaclass__ = type`


			`import abc`

			`from ansible.module_utils import six`


			`@six.add_metaclass(abc.ABCMeta)`
			`class CryptoBackend(object):`
			`def __init__(self, module):`
			`self.module = module`

			`@abc.abstractmethod`
acme_* modules: support private key passprases (#207) * Support private key passprases. * Use c.c modules for key generation, add first passphrase tests. * Some more passphrase tests. 2021-03-21 16:53:20 +00:00			`def parse_key(self, key_file=None, key_content=None, passphrase=None):`
ACME modules refactor (#187) * Move acme.py to acme/__init__.py to prepare splitup. * Began moving generic code out. * Creating backends. * Update unit tests. * Move remaining new code out. * Use new interface. * Rewrite module init code. * Add changelog. * Add BackendException for crypto backend errors. * Improve / uniformize ACME error reporting. * Create ACMELegacyAccount for backwards compatibility. * Split up ACMEAccount into ACMEClient and ACMEAccount. * Move get_keyauthorization into module_utils.acme.challenges. * Improve error handling. * Move challenge and authorization handling code into module_utils. * Add split_identifier helper. * Move order code into module_utils. * Move ACME v2 certificate handling code to module_utils. * Fix/move ACME v1 certificate retrieval to module_utils as well. * Refactor alternate chain handling code by splitting it up into simpler functions. * Make chain matcher creation part of backend. 2021-03-21 08:40:25 +00:00			`'''`
acme: improve error handling in backend's parse_key() (#208) * Improve error handling in backend's parse_key(). * Adjust unit tests. 2021-03-22 06:30:06 +00:00			`Parses an RSA or Elliptic Curve key file in PEM format and returns key_data.`
			`Raises KeyParsingError in case of errors.`
ACME modules refactor (#187) * Move acme.py to acme/__init__.py to prepare splitup. * Began moving generic code out. * Creating backends. * Update unit tests. * Move remaining new code out. * Use new interface. * Rewrite module init code. * Add changelog. * Add BackendException for crypto backend errors. * Improve / uniformize ACME error reporting. * Create ACMELegacyAccount for backwards compatibility. * Split up ACMEAccount into ACMEClient and ACMEAccount. * Move get_keyauthorization into module_utils.acme.challenges. * Improve error handling. * Move challenge and authorization handling code into module_utils. * Add split_identifier helper. * Move order code into module_utils. * Move ACME v2 certificate handling code to module_utils. * Fix/move ACME v1 certificate retrieval to module_utils as well. * Refactor alternate chain handling code by splitting it up into simpler functions. * Make chain matcher creation part of backend. 2021-03-21 08:40:25 +00:00			`'''`

			`@abc.abstractmethod`
			`def sign(self, payload64, protected64, key_data):`
			`pass`

			`@abc.abstractmethod`
			`def create_mac_key(self, alg, key):`
			`'''Create a MAC key.'''`

			`@abc.abstractmethod`
			`def get_csr_identifiers(self, csr_filename=None, csr_content=None):`
			`'''`
			`Return a set of requested identifiers (CN and SANs) for the CSR.`
			`Each identifier is a pair (type, identifier), where type is either`
			`'dns' or 'ip'.`
			`'''`

			`@abc.abstractmethod`
			`def get_cert_days(self, cert_filename=None, cert_content=None, now=None):`
			`'''`
			`Return the days the certificate in cert_filename remains valid and -1`
			`if the file was not found. If cert_filename contains more than one`
			`certificate, only the first one will be considered.`

			`If now is not specified, datetime.datetime.now() is used.`
			`'''`

			`@abc.abstractmethod`
			`def create_chain_matcher(self, criterium):`
			`'''`
			`Given a Criterium object, creates a ChainMatcher object.`
			`'''`