From 9ec86809365293d33bb47dc61f9242b4f999c65d Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sat, 27 Jan 2024 10:39:13 +0100 Subject: [PATCH] Emit warning when consistency cannot be checked. (#705) --- .../fragments/705-openssl_privatekey_info-consistency.yml | 2 ++ .../module_utils/crypto/module_backends/privatekey_info.py | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/705-openssl_privatekey_info-consistency.yml diff --git a/changelogs/fragments/705-openssl_privatekey_info-consistency.yml b/changelogs/fragments/705-openssl_privatekey_info-consistency.yml new file mode 100644 index 00000000..8c63aed2 --- /dev/null +++ b/changelogs/fragments/705-openssl_privatekey_info-consistency.yml @@ -0,0 +1,2 @@ +bugfixes: + - "openssl_privatekey_info - ``check_consistency=true`` now reports a warning if it cannot determine consistency (https://github.com/ansible-collections/community.crypto/pull/705)." diff --git a/plugins/module_utils/crypto/module_backends/privatekey_info.py b/plugins/module_utils/crypto/module_backends/privatekey_info.py index 7118cd9d..f44caaa7 100644 --- a/plugins/module_utils/crypto/module_backends/privatekey_info.py +++ b/plugins/module_utils/crypto/module_backends/privatekey_info.py @@ -105,7 +105,7 @@ def _check_dsa_consistency(key_public_data, key_private_data): return True -def _is_cryptography_key_consistent(key, key_public_data, key_private_data): +def _is_cryptography_key_consistent(key, key_public_data, key_private_data, warn_func=None): if isinstance(key, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey): # key._backend was removed in cryptography 42.0.0 backend = getattr(key, '_backend', None) @@ -160,6 +160,8 @@ def _is_cryptography_key_consistent(key, key_public_data, key_private_data): except cryptography.exceptions.InvalidSignature: return False # For X25519 and X448, there's no test yet. + if warn_func is not None: + warn_func('Cannot determine consistency for key of type %s' % type(key)) return None @@ -256,7 +258,7 @@ class PrivateKeyInfoRetrievalCryptography(PrivateKeyInfoRetrieval): return _get_cryptography_private_key_info(self.key, need_private_key_data=need_private_key_data) def _is_key_consistent(self, key_public_data, key_private_data): - return _is_cryptography_key_consistent(self.key, key_public_data, key_private_data) + return _is_cryptography_key_consistent(self.key, key_public_data, key_private_data, warn_func=self.module.warn) def get_privatekey_info(module, backend, content, passphrase=None, return_private_key_data=False, prefer_one_fingerprint=False):