Add asn1_base64 option. (#592)
parent
ec354a8a91
commit
30756b12ea
|
@ -0,0 +1,2 @@
|
|||
minor_changes:
|
||||
- "get_certificate - add ``asn1_base64`` option to control whether the ASN.1 included in the ``extensions`` return value is binary data or Base64 encoded (https://github.com/ansible-collections/community.crypto/pull/592)."
|
|
@ -91,6 +91,15 @@ options:
|
|||
type: list
|
||||
elements: str
|
||||
version_added: 2.11.0
|
||||
asn1_base64:
|
||||
description:
|
||||
- Whether to encode the ASN.1 values in the C(extensions) return value with Base64 or not.
|
||||
- The documentation claimed for a long time that the values are Base64 encoded, but they
|
||||
never were. For compatibility this option is set to C(false), but that value will eventually
|
||||
be deprecated and changed to C(true).
|
||||
type: bool
|
||||
default: false
|
||||
version_added: 2.12.0
|
||||
|
||||
notes:
|
||||
- When using ca_cert on OS X it has been reported that in some conditions the validate will always succeed.
|
||||
|
@ -123,7 +132,12 @@ extensions:
|
|||
returned: success
|
||||
type: str
|
||||
description:
|
||||
- The Base64 encoded ASN.1 content of the extension.
|
||||
- The ASN.1 content of the extension.
|
||||
- If I(asn1_base64=true) this will be Base64 encoded, otherwise the raw
|
||||
binary value will be returned.
|
||||
- Please note that the raw binary value might not survive JSON serialization
|
||||
to the Ansible controller, and also might cause failures when displaying it.
|
||||
See U(https://github.com/ansible/ansible/issues/80258) for more information.
|
||||
- B(Note) that depending on the C(cryptography) version used, it is
|
||||
not possible to extract the ASN.1 content of the extension, but only
|
||||
to provide the re-encoded content of the extension in case it was
|
||||
|
@ -258,6 +272,7 @@ def main():
|
|||
select_crypto_backend=dict(type='str', choices=['auto', 'cryptography'], default='auto'),
|
||||
starttls=dict(type='str', choices=['mysql']),
|
||||
ciphers=dict(type='list', elements='str'),
|
||||
asn1_base64=dict(type='bool', default=False),
|
||||
),
|
||||
)
|
||||
|
||||
|
@ -270,6 +285,7 @@ def main():
|
|||
server_name = module.params.get('server_name')
|
||||
start_tls_server_type = module.params.get('starttls')
|
||||
ciphers = module.params.get('ciphers')
|
||||
asn1_base64 = module.params['asn1_base64']
|
||||
|
||||
backend = module.params.get('select_crypto_backend')
|
||||
if backend == 'auto':
|
||||
|
@ -366,11 +382,14 @@ def main():
|
|||
result['extensions'] = []
|
||||
for dotted_number, entry in cryptography_get_extensions_from_cert(x509).items():
|
||||
oid = cryptography.x509.oid.ObjectIdentifier(dotted_number)
|
||||
result['extensions'].append({
|
||||
ext = {
|
||||
'critical': entry['critical'],
|
||||
'asn1_data': base64.b64decode(entry['value']),
|
||||
'asn1_data': entry['value'],
|
||||
'name': cryptography_oid_to_name(oid, short=True),
|
||||
})
|
||||
}
|
||||
if not asn1_base64:
|
||||
ext['asn1_data'] = base64.b64decode(ext['asn1_data'])
|
||||
result['extensions'].append(ext)
|
||||
|
||||
result['issuer'] = {}
|
||||
for attribute in x509.issuer:
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
host: "{{ httpbin_host }}"
|
||||
port: 443
|
||||
server_name: "{{ sni_host }}"
|
||||
asn1_base64: true
|
||||
register: result
|
||||
|
||||
- debug: var=result
|
||||
|
@ -25,6 +26,7 @@
|
|||
host: "{{ sni_host }}"
|
||||
port: 443
|
||||
server_name: "{{ httpbin_host }}"
|
||||
asn1_base64: true
|
||||
register: result
|
||||
|
||||
- debug: var=result
|
||||
|
@ -42,6 +44,7 @@
|
|||
host: "{{ httpbin_host }}"
|
||||
port: 443
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
asn1_base64: true
|
||||
register: result
|
||||
|
||||
- debug: var=result
|
||||
|
@ -59,6 +62,7 @@
|
|||
host: "{{ httpbin_host }}"
|
||||
port: 80
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
asn1_base64: true
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
|
@ -75,6 +79,7 @@
|
|||
port: 1234
|
||||
timeout: 1
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
asn1_base64: true
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
|
@ -91,6 +96,7 @@
|
|||
port: 443
|
||||
ca_cert: dn.e
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
asn1_base64: true
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
|
@ -112,6 +118,7 @@
|
|||
host: "{{ httpbin_host }}"
|
||||
port: 443
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
asn1_base64: true
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
|
@ -150,6 +157,7 @@
|
|||
host: "{{ httpbin_host }}"
|
||||
port: 443
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
asn1_base64: true
|
||||
register: result
|
||||
ignore_errors: true
|
||||
|
||||
|
|
Loading…
Reference in New Issue