# -*- coding: utf-8 -*- # Copyright (c) 2016 Michael Gruener # Copyright (c) 2021 Felix Fontein # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later from __future__ import absolute_import, division, print_function __metaclass__ = type import base64 import datetime import re import textwrap import traceback from ansible.module_utils.common.text.converters import to_native from ansible.module_utils.six.moves.urllib.parse import unquote from ansible_collections.community.crypto.plugins.module_utils.acme.errors import ModuleFailException from ansible_collections.community.crypto.plugins.module_utils.crypto.math import convert_int_to_bytes from ansible_collections.community.crypto.plugins.module_utils.time import get_now_datetime def nopad_b64(data): return base64.urlsafe_b64encode(data).decode('utf8').replace("=", "") def der_to_pem(der_cert): ''' Convert the DER format certificate in der_cert to a PEM format certificate and return it. ''' return """-----BEGIN CERTIFICATE-----\n{0}\n-----END CERTIFICATE-----\n""".format( "\n".join(textwrap.wrap(base64.b64encode(der_cert).decode('utf8'), 64))) def pem_to_der(pem_filename=None, pem_content=None): ''' Load PEM file, or use PEM file's content, and convert to DER. If PEM contains multiple entities, the first entity will be used. ''' certificate_lines = [] if pem_content is not None: lines = pem_content.splitlines() elif pem_filename is not None: try: with open(pem_filename, "rt") as f: lines = list(f) except Exception as err: raise ModuleFailException("cannot load PEM file {0}: {1}".format(pem_filename, to_native(err)), exception=traceback.format_exc()) else: raise ModuleFailException('One of pem_filename and pem_content must be provided') header_line_count = 0 for line in lines: if line.startswith('-----'): header_line_count += 1 if header_line_count == 2: # If certificate file contains other certs appended # (like intermediate certificates), ignore these. break continue certificate_lines.append(line.strip()) return base64.b64decode(''.join(certificate_lines)) def process_links(info, callback): ''' Process link header, calls callback for every link header with the URL and relation as options. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link ''' if 'link' in info: link = info['link'] for url, relation in re.findall(r'<([^>]+)>;\s*rel="(\w+)"', link): callback(unquote(url), relation) def parse_retry_after(value, relative_with_timezone=True, now=None): ''' Parse the value of a Retry-After header and return a timestamp. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After ''' # First try a number of seconds try: delta = datetime.timedelta(seconds=int(value)) if now is None: now = get_now_datetime(relative_with_timezone) return now + delta except ValueError: pass try: return datetime.datetime.strptime(value, '%a, %d %b %Y %H:%M:%S GMT') except ValueError: pass raise ValueError('Cannot parse Retry-After header value %s' % repr(value)) def compute_cert_id( backend, cert_info=None, cert_filename=None, cert_content=None, none_if_required_information_is_missing=False, ): # Obtain certificate info if not provided if cert_info is None: cert_info = backend.get_cert_information(cert_filename=cert_filename, cert_content=cert_content) # Convert Authority Key Identifier to string if cert_info.authority_key_identifier is None: if none_if_required_information_is_missing: return None raise ModuleFailException('Certificate has no Authority Key Identifier extension') aki = to_native(base64.urlsafe_b64encode(cert_info.authority_key_identifier)).replace('=', '') # Convert serial number to string serial_bytes = convert_int_to_bytes(cert_info.serial_number) if ord(serial_bytes[:1]) >= 128: serial_bytes = b'\x00' + serial_bytes serial = to_native(base64.urlsafe_b64encode(serial_bytes)).replace('=', '') # Compose cert ID return '{aki}.{serial}'.format(aki=aki, serial=serial)