a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

openssl_pkcs12: Add a check for parsed pkcs12 files (#145) 

* openssl_pkcs12: Add a check for parsed pkcs12 files

Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>

* Add changelog fragment

Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>

* openssl_pkcs12: Report changed state when a pkcs12 file is dumped

Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>

* Add a basic test for dumping a pkcs12 file

Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>

* Update changelog fragment

Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>

* Add test for dumped pkcs12 file in check mode

Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
pull/154/head
Norman Ziegner 2020-11-23 09:14:45 +01:00 committed by GitHub
parent 94b23d62db
commit 86b39733e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/145-add-check-for-parsed-pkcs12-files.yml Normal file
View File

@ -0,0 +1,2 @@
bugfixes:
- openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).

12
plugins/modules/openssl_pkcs12.py
View File

@ -302,6 +302,17 @@ class Pkcs(OpenSSLObject):
return False return False
elif bool(self.pkcs12.get_friendlyname()) != bool(pkcs12_friendly_name): elif bool(self.pkcs12.get_friendlyname()) != bool(pkcs12_friendly_name):
return False return False
elif module.params['action'] == 'parse' and os.path.exists(self.src) and os.path.exists(self.path):
try:
pkey, cert, other_certs, friendly_name = self.parse()
except crypto.Error:
return False
expected_content = to_bytes(
''.join([to_native(pem) for pem in [pkey, cert] + other_certs if pem is not None])
)
dumped_content = load_file_if_exists(self.path, ignore_errors=True)
if expected_content != dumped_content:
return False
else: else:
return False return False
@ -448,6 +459,7 @@ def main():
pkey, cert, other_certs, friendly_name = pkcs12.parse() pkey, cert, other_certs, friendly_name = pkcs12.parse()
dump_content = ''.join([to_native(pem) for pem in [pkey, cert] + other_certs if pem is not None]) dump_content = ''.join([to_native(pem) for pem in [pkey, cert] + other_certs if pem is not None])
pkcs12.write(module, to_bytes(dump_content)) pkcs12.write(module, to_bytes(dump_content))
changed = True
file_args = module.load_file_common_arguments(module.params) file_args = module.load_file_common_arguments(module.params)
if module.set_fs_attributes_if_different(file_args, changed): if module.set_fs_attributes_if_different(file_args, changed):

16
tests/integration/targets/openssl_pkcs12/tasks/impl.yml
View File

@ -88,6 +88,22 @@
path: '{{ output_dir }}/ansible_parse.pem' path: '{{ output_dir }}/ansible_parse.pem'
action: parse action: parse
state: present state: present
register: p12_dumped
- name: Dump PKCS#12 file again, idempotency
openssl_pkcs12:
src: '{{ output_dir }}/ansible.p12'
path: '{{ output_dir }}/ansible_parse.pem'
action: parse
state: present
register: p12_dumped_idempotency
- name: Dump PKCS#12, check mode
openssl_pkcs12:
src: '{{ output_dir }}/ansible.p12'
path: '{{ output_dir }}/ansible_parse.pem'
action: parse
state: present
check_mode: true
register: p12_dumped_check_mode
- name: Generate PKCS#12 file with multiple certs - name: Generate PKCS#12 file with multiple certs
openssl_pkcs12: openssl_pkcs12:
path: '{{ output_dir }}/ansible_multi_certs.p12' path: '{{ output_dir }}/ansible_multi_certs.p12'

3
tests/integration/targets/openssl_pkcs12/tests/validate.yml
View File

@ -20,8 +20,11 @@
- p12_validate_no_pkey.stdout_lines[-1] == '-----END CERTIFICATE-----' - p12_validate_no_pkey.stdout_lines[-1] == '-----END CERTIFICATE-----'
- p12_force.changed - p12_force.changed
- p12_force_and_mode.mode == '0644' and p12_force_and_mode.changed - p12_force_and_mode.mode == '0644' and p12_force_and_mode.changed
- p12_dumped.changed
- not p12_standard_idempotency.changed - not p12_standard_idempotency.changed
- not p12_multiple_certs_idempotency.changed - not p12_multiple_certs_idempotency.changed
- not p12_dumped_idempotency.changed
- not p12_dumped_check_mode.changed
- "'www.' in p12_validate_multi_certs.stdout" - "'www.' in p12_validate_multi_certs.stdout"
- "'www2.' in p12_validate_multi_certs.stdout" - "'www2.' in p12_validate_multi_certs.stdout"
- "'www3.' in p12_validate_multi_certs.stdout" - "'www3.' in p12_validate_multi_certs.stdout"