* Initial commit
* Matching tests to overwritten permissions behavior with cryptography
* Ensuring key validation only occurs when state=present and accomodating CentOS6 restrictions
* Making ssh-keygen behavior explicit by version in tests
* Ensuring cyrptography not excluded in new conditions
* Adding changelog fragment
* Fixing sanity checks
* Improving readability
* Applying review suggestions
* addressing restore_on_failure conflict
* Initial commit
* Fixing unit tests
* More unit fixes
* Adding changelog fragment
* Minor refactor in Certificate.generate()
* Addressing option case-sensitivity and directive overrides
* Renaming idempotency to regenerate
* updating changelog
* Minor refactoring of default options
* Cleaning up with inline functions
* Fixing false failures when regenerate=fail and improving clarity
* Applying second round of review suggestions
* adding helper for safe atomic moves
Use of the confusingly-named _permissions_changed() on both
sides of an `or` was resulting in the second invocation not
being reached if the first invocation returned True, which it
does any time it applied custom attributes to the private key.
As a result, custom file attributes were only ever being
applied to the private key (except in one specific case)
This is fixed by explicitly updating attributes of both files
before checking if changes have been made.
Signed-off-by: Charlie Wheeler-Robinson <cwheeler@redhat.com>
* Initial commit
* Fixing units
* Adding changelog fragment
* Enhanced encapsulation of certificate data
* Avoiding failure when path is not parseable
* Diff refactor
* Applying initial review suggestions
* Initial commit
* Adding informational comments
* Adding changelog fragment
* Fixing CRLF changelog fragment
* Refactoring public number parsing and added chaining for writer methods
* Adding more descriptive error for invalid certificate data
* Fixing signature data parsing
* Correcting ed25519 signature type to binary
* Applying initial review suggestions and fixing option-list writer
* Applying review suggestions
* Making OpensshWriter private
* Refactoring openssh_keypair for multiple backends
* Fixing cryptography backend validations
* Simplifying conditionals and excess variable assignments
* Fixing docs and adding cleanup for integration tests
* Fixing docs and public key validation bugs in crypto backend
* Enhancing cryptogagraphy utils to raise OpenSSHErrors when file not found
* Adding missed copyright and cleanup for idempotency test keys
* Fixing doc style
* Readding crypto/openssh for backwards compatibility
* Adding changelog fragment and final simplifications of conditional statements
* Applied initial review suggestions
* Add diff support to openssl_privatekey.
* Add diff support to openssl_csr.
* Add diff support to x509_crl.
* Add diff support to x509_certificate.
* Add diff support to openssl_publickey.
* Add changelog fragment.
* Prefer one fingerprint for diff infos to reduce noise.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Began refactoring.
* Continue.
* Factor PyOpenSSL backend out.
* Add basic cryptography backend.
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Only run tests when new enough pyOpenSSL or cryptography is around.
* Reduce required pyOpenSSL version from 17.1.0 to 0.15.
I have no idea why 17.1.0 was there (in the tests), and not something smaller.
The module itself did not mention any version.
* Linting.
* Linting.
* Increase compatibility by selecting pyopenssl backend when iter_size or maciter_size is used.
* Improve docs, add changelog fragment.
* Move hackish code to cryptography_support.
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Streamline cert creation.
* Convert range to list.
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Return more public key information.
* Make sure bit size is converted to int first.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Remove no longer necessary code.
* Use correct return value's name.
* Add trailing commas.
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Add openssl_publickey_info module. Share code between openssl_privatekey_info and the new module, and improve documentation of it.
* Move public key loading to support module.
* Require pyOpenSSL 16.0.0 for public key loading.
* Linting.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Integrating openssh module utils with openssh_keypair
* Added explicit PEM formatting for OpenSSH < 7.8
* Adding changelog fragment
* Adding OpenSSL/cryptography dependency for integration tests
* Adding private_key_format option and removing forced cryptography update for CI
* Fixed version check for bcrypt and key_format option name
* Setting no_log=False for private_key_format
* Docs correction and simplification of control flow for private_key_format
* Adding openssh utils and unit tests
* Adding changelog fragment and correcting RSA default size
* Adding changelog fragment
* Added passphrase update, test cases, and check for SSH private key loader
* corrected ecdsa type when loading
* Resolving inital review comments
* Fixed import in unit tests
* Cleaning up validation functions
* Separating private/public key related errors; Adding verify method
* Expressed generate/load functions as classmethods and cleaned up method comments
* Added support for loading asymmetric key pairs of PEM and DER formats
* Refactored loading/generation for Asym keypairs into classmethods
* Rescoped helper functions and classmethods for OpenSSH Keypair
* Corrected docstring for OpenSSH_Keypair.generate()
* Fixed import errors for sanity tests
* Improvements to comparison, key verification, and password validation
* Added comparison tests, simplified password validation, fixed Ed25519 load bug
* Adding additional equivalence tests with passphrases
* Fix wrong usages of ACMEProtocolException.
* Add changelog fragment.
* Fix error handling when content could not be decoded.
* Make sure that content_json is a dict or None.
* Improve acme_inspect's ACMEProtocolException handling.
* Improve error handling.
* Add tests.
* Fix challenge error.
* Add challenges tests.
* Provide content if available.
* Add some order tests.
* Linting.
* Move acme.py to acme/__init__.py to prepare splitup.
* Began moving generic code out.
* Creating backends.
* Update unit tests.
* Move remaining new code out.
* Use new interface.
* Rewrite module init code.
* Add changelog.
* Add BackendException for crypto backend errors.
* Improve / uniformize ACME error reporting.
* Create ACMELegacyAccount for backwards compatibility.
* Split up ACMEAccount into ACMEClient and ACMEAccount.
* Move get_keyauthorization into module_utils.acme.challenges.
* Improve error handling.
* Move challenge and authorization handling code into module_utils.
* Add split_identifier helper.
* Move order code into module_utils.
* Move ACME v2 certificate handling code to module_utils.
* Fix/move ACME v1 certificate retrieval to module_utils as well.
* Refactor alternate chain handling code by splitting it up into simpler functions.
* Make chain matcher creation part of backend.
* Use B(...) instead of RST formatting (which does not work for options).
* Improve the documentation on acme_directory.
It now mentions the ACME v1 deprecation for Let's Encrypt,
and mentions that ZeroSSL works.
* Improve ACME module documentation.
* Update plugins/doc_fragments/acme.py
* Rename identify.py to pem.py.
* Move split PEM list code to pem.py crypto module_utils.
* Extend and use global certificate splitting code in acme_certificate.
* openssl_pkcs12: allow to load multiple certificates from files mentioned in other_certificates.
* Add changelog and module_utils redirect.
* Remove old check.
* Fix typo.
* Apply suggestions from code review
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add example.
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Improve error messages for name decoding (not all names appear in SANs).
* Refactor DN parsing, add relative DN parsing code.
* Allow to specify CRL distribution points.
* Add changelog fragment.
* Fix typo.
* Make sure value argument to x509.NameAttribute is a text.
* Update changelogs/fragments/167-openssl_csr-crl-distribution-points.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add example.
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Allow to configure PBKDF.
* Also add PBKDF options to key add operation.
* Simplify code.
* Update plugins/modules/luks_device.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Fix indent.
* Use more of the options.
* Bump iteration count.
* Increase memory limit.
* Fall back to default PBKDF.
* Apply suggestions from code review
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Added sever name option to use for SNI
* cleanup code
Co-authored-by: Felix Fontein <felix@fontein.de>
* added module version for new parameter
Co-authored-by: Felix Fontein <felix@fontein.de>
* added SNI explanation
Co-authored-by: Felix Fontein <felix@fontein.de>
* added SNI link to module description
* linting
* cleanup code
* Update plugins/modules/get_certificate.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* integration test for SNI server_name option
Co-authored-by: Felix Fontein <felix@fontein.de>
Ajpantuso
Felix Fontein
Charlie Wheeler-Robinson
Ed Schaller
Orosz Dávid
NorthFuture
AutumnalAntlers
Andrew Klychkov