a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve language.

pull/830/head
Felix Fontein 2024-12-28 14:30:08 +01:00
parent 91504cda85
commit 2ed7f69b83
9 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/module_utils/acme/acme.py
View File

@ -491,7 +491,7 @@ def create_backend(module, needs_acme_v2):
# Create backend object # Create backend object
if backend == 'cryptography': if backend == 'cryptography':
if CRYPTOGRAPHY_ERROR is not None: if CRYPTOGRAPHY_ERROR is not None:
# Either we couldn't import cryptography at all, or there was an unexpected error # Either we could not import cryptography at all, or there was an unexpected error
if CRYPTOGRAPHY_VERSION is None: if CRYPTOGRAPHY_VERSION is None:
msg = missing_required_lib('cryptography') msg = missing_required_lib('cryptography')
else: else:

2
plugins/module_utils/acme/backend_openssl_cli.py
View File

@ -47,7 +47,7 @@ _OPENSSL_ENVIRONMENT_UPDATE = dict(LANG='C', LC_ALL='C', LC_MESSAGES='C', LC_CTY
def _extract_date(out_text, name, cert_filename_suffix=""): def _extract_date(out_text, name, cert_filename_suffix=""):
try: try:
date_str = re.search(r"\s+%s\s*:\s+(.*)" % name, out_text).group(1) date_str = re.search(r"\s+%s\s*:\s+(.*)" % name, out_text).group(1)
# For some reason Python's strptime() doesn't return any timezone information, # For some reason Python's strptime() does not return any timezone information,
# even though the information is there and a supported timezone for all supported # even though the information is there and a supported timezone for all supported
# Python implementations (GMT). So we have to modify the datetime object by # Python implementations (GMT). So we have to modify the datetime object by
# replacing it by UTC. # replacing it by UTC.

2
plugins/module_utils/acme/backends.py
View File

@ -74,7 +74,7 @@ def _parse_acme_timestamp(timestamp_str, with_timezone):
# RFC 3339 (https://www.rfc-editor.org/info/rfc3339) # RFC 3339 (https://www.rfc-editor.org/info/rfc3339)
timestamp_str = _reduce_fractional_digits(timestamp_str) timestamp_str = _reduce_fractional_digits(timestamp_str)
for format in ('%Y-%m-%dT%H:%M:%SZ', '%Y-%m-%dT%H:%M:%S.%fZ', '%Y-%m-%dT%H:%M:%S%z', '%Y-%m-%dT%H:%M:%S.%f%z'): for format in ('%Y-%m-%dT%H:%M:%SZ', '%Y-%m-%dT%H:%M:%S.%fZ', '%Y-%m-%dT%H:%M:%S%z', '%Y-%m-%dT%H:%M:%S.%f%z'):
# Note that %z won't work with Python 2... https://stackoverflow.com/a/27829491 # Note that %z will not work with Python 2... https://stackoverflow.com/a/27829491
try: try:
result = datetime.datetime.strptime(timestamp_str, format) result = datetime.datetime.strptime(timestamp_str, format)
except ValueError: except ValueError:

4
plugins/module_utils/crypto/cryptography_support.py
View File

@ -155,7 +155,7 @@ def cryptography_get_extensions_from_cert(cert):
except Exception: except Exception:
# In case the above method breaks, we likely have cryptography 36.0.0 or newer. # In case the above method breaks, we likely have cryptography 36.0.0 or newer.
# Use it's public_bytes() feature in that case. We will later switch this around # Use its public_bytes() feature in that case. We will later switch this around
# so that this code will be the default, but for now this will act as a fallback # so that this code will be the default, but for now this will act as a fallback
# since it will re-serialize de-serialized data, which can be different (if the # since it will re-serialize de-serialized data, which can be different (if the
# original data was not canonicalized) from what was contained in the certificate. # original data was not canonicalized) from what was contained in the certificate.
@ -215,7 +215,7 @@ def cryptography_get_extensions_from_csr(csr):
except Exception: except Exception:
# In case the above method breaks, we likely have cryptography 36.0.0 or newer. # In case the above method breaks, we likely have cryptography 36.0.0 or newer.
# Use it's public_bytes() feature in that case. We will later switch this around # Use its public_bytes() feature in that case. We will later switch this around
# so that this code will be the default, but for now this will act as a fallback # so that this code will be the default, but for now this will act as a fallback
# since it will re-serialize de-serialized data, which can be different (if the # since it will re-serialize de-serialized data, which can be different (if the
# original data was not canonicalized) from what was contained in the CSR. # original data was not canonicalized) from what was contained in the CSR.

2
plugins/module_utils/crypto/support.py
View File

@ -167,7 +167,7 @@ def load_privatekey(path, passphrase=None, check_passphrase=True, content=None,
if passphrase is None and len(e.args) > 0 and len(e.args[0]) > 0: if passphrase is None and len(e.args) > 0 and len(e.args[0]) > 0:
if e.args[0][0][2] in ('bad decrypt', 'bad password read'): if e.args[0][0][2] in ('bad decrypt', 'bad password read'):
# The key is obviously protected by the empty string. # The key is obviously protected by the empty string.
# Do not do this at home (if it's possible at all)... # Do not do this at home (if it is possible at all)...
raise OpenSSLBadPassphraseError('No passphrase provided, but private key is password-protected!') raise OpenSSLBadPassphraseError('No passphrase provided, but private key is password-protected!')
elif backend == 'cryptography': elif backend == 'cryptography':
try: try:

2
plugins/modules/certificate_complete_chain.py
View File

@ -356,7 +356,7 @@ def main():
completed = [] completed = []
occured_certificates = set([cert.cert for cert in chain]) occured_certificates = set([cert.cert for cert in chain])
if current.cert in roots.certificate_by_cert: if current.cert in roots.certificate_by_cert:
# Do not try to complete the chain when it's already ending with a root certificate # Do not try to complete the chain when it is already ending with a root certificate
current = None current = None
while current: while current:
root = roots.find_parent(current) root = roots.find_parent(current)

2
plugins/modules/ecs_certificate.py
View File

@ -419,7 +419,7 @@ EXAMPLES = r'''
entrust_api_client_cert_key_path: /etc/ssl/entrust/ecs-client.key entrust_api_client_cert_key_path: /etc/ssl/entrust/ecs-client.key
- name: Request a new certificate with an alternative client. Note that the - name: Request a new certificate with an alternative client. Note that the
issued certificate will have it's Subject Distinguished Name use the issued certificate will have its Subject Distinguished Name use the
organization details associated with that client, rather than what is organization details associated with that client, rather than what is
in the CSR. in the CSR.
community.crypto.ecs_certificate: community.crypto.ecs_certificate:

2
plugins/modules/get_certificate.py
View File

@ -502,7 +502,7 @@ def main():
if get_certificate_chain: if get_certificate_chain:
if sys.version_info < (3, 13): if sys.version_info < (3, 13):
# The official way to access this has been added in https://github.com/python/cpython/pull/109113/files. # The official way to access this has been added in https://github.com/python/cpython/pull/109113/files.
# We're basically doing the same for older Python versions. The internal API needed for this was added # We are basically doing the same for older Python versions. The internal API needed for this was added
# in https://github.com/python/cpython/commit/666991fc598bc312d72aff0078ecb553f0a968f1, which was first # in https://github.com/python/cpython/commit/666991fc598bc312d72aff0078ecb553f0a968f1, which was first
# released in Python 3.10.0. # released in Python 3.10.0.
def _convert_chain(chain): def _convert_chain(chain):

2
plugins/modules/x509_crl.py
View File

@ -704,7 +704,7 @@ class CRL(OpenSSLObject):
if entry['issuer'] is not None: if entry['issuer'] is not None:
# Normalize to IDNA. If this is used-provided, it was already converted to # Normalize to IDNA. If this is used-provided, it was already converted to
# IDNA (by cryptography_get_name) and thus the `idna` library is present. # IDNA (by cryptography_get_name) and thus the `idna` library is present.
# If this is coming from cryptography and isn't already in IDNA (i.e. ascii), # If this is coming from cryptography and is not already in IDNA (i.e. ascii),
# cryptography < 2.1 must be in use, which depends on `idna`. So this should # cryptography < 2.1 must be in use, which depends on `idna`. So this should
# not require `idna` except if it was already used by code earlier during # not require `idna` except if it was already used by code earlier during
# this invocation. # this invocation.