openssl_certificate_info: add ocsp_uri return value (#60393)
* Add ocsp_uri return value. * Add changelog. * Add integration test. * Fix rebase error.
This commit is contained in:
Felix Fontein
GitHub
parent
a567a3fae0
commit
14974f5fc2
4 changed files with 94 additions and 0 deletions
|
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- "openssl_certificate_info - add ``ocsp_uri`` return value."
|
||||||
|
|
@ -272,6 +272,12 @@ authority_cert_serial_number:
|
||||||
type: int
|
type: int
|
||||||
sample: '12345'
|
sample: '12345'
|
||||||
version_added: "2.9"
|
version_added: "2.9"
|
||||||
|
ocsp_uri:
|
||||||
|
description: The OCSP responder URI, if included in the certificate. Will be
|
||||||
|
C(none) if no OCSP responder URI is included.
|
||||||
|
returned: success
|
||||||
|
type: str
|
||||||
|
version_added: "2.9"
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -279,6 +285,7 @@ import abc
|
||||||
import binascii
|
import binascii
|
||||||
import datetime
|
import datetime
|
||||||
import os
|
import os
|
||||||
|
import re
|
||||||
import traceback
|
import traceback
|
||||||
from distutils.version import LooseVersion
|
from distutils.version import LooseVersion
|
||||||
|
|
||||||
|
|
@ -443,6 +450,10 @@ class CertificateInfo(crypto_utils.OpenSSLObject):
|
||||||
def _get_all_extensions(self):
|
def _get_all_extensions(self):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def _get_ocsp_uri(self):
|
||||||
|
pass
|
||||||
|
|
||||||
def get_info(self):
|
def get_info(self):
|
||||||
result = dict()
|
result = dict()
|
||||||
self.cert = crypto_utils.load_certificate(self.path, backend=self.backend)
|
self.cert = crypto_utils.load_certificate(self.path, backend=self.backend)
|
||||||
|
|
@ -497,6 +508,7 @@ class CertificateInfo(crypto_utils.OpenSSLObject):
|
||||||
|
|
||||||
result['serial_number'] = self._get_serial_number()
|
result['serial_number'] = self._get_serial_number()
|
||||||
result['extensions_by_oid'] = self._get_all_extensions()
|
result['extensions_by_oid'] = self._get_all_extensions()
|
||||||
|
result['ocsp_uri'] = self._get_ocsp_uri()
|
||||||
|
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
|
@ -644,6 +656,17 @@ class CertificateInfoCryptography(CertificateInfo):
|
||||||
def _get_all_extensions(self):
|
def _get_all_extensions(self):
|
||||||
return crypto_utils.cryptography_get_extensions_from_cert(self.cert)
|
return crypto_utils.cryptography_get_extensions_from_cert(self.cert)
|
||||||
|
|
||||||
|
def _get_ocsp_uri(self):
|
||||||
|
try:
|
||||||
|
ext = self.cert.extensions.get_extension_for_class(x509.AuthorityInformationAccess)
|
||||||
|
for desc in ext.value:
|
||||||
|
if desc.access_method == x509.oid.AuthorityInformationAccessOID.OCSP:
|
||||||
|
if isinstance(desc.access_location, x509.UniformResourceIdentifier):
|
||||||
|
return desc.access_location.value
|
||||||
|
except x509.ExtensionNotFound as dummy:
|
||||||
|
pass
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
class CertificateInfoPyOpenSSL(CertificateInfo):
|
class CertificateInfoPyOpenSSL(CertificateInfo):
|
||||||
"""validate the supplied certificate."""
|
"""validate the supplied certificate."""
|
||||||
|
|
@ -764,6 +787,16 @@ class CertificateInfoPyOpenSSL(CertificateInfo):
|
||||||
def _get_all_extensions(self):
|
def _get_all_extensions(self):
|
||||||
return crypto_utils.pyopenssl_get_extensions_from_cert(self.cert)
|
return crypto_utils.pyopenssl_get_extensions_from_cert(self.cert)
|
||||||
|
|
||||||
|
def _get_ocsp_uri(self):
|
||||||
|
for i in range(self.cert.get_extension_count()):
|
||||||
|
ext = self.cert.get_extension(i)
|
||||||
|
if ext.get_short_name() == b'authorityInfoAccess':
|
||||||
|
v = str(ext)
|
||||||
|
m = re.search('^OCSP - URI:(.*)$', v, flags=re.MULTILINE)
|
||||||
|
if m:
|
||||||
|
return m.group(1)
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,45 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIH5jCCBs6gAwIBAgISA2gSCm/BtvCR2e2bIap5YbXaMA0GCSqGSIb3DQEBCwUA
|
||||||
|
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
|
||||||
|
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA3MjcxNzMxMjdaFw0x
|
||||||
|
ODEwMjUxNzMxMjdaMB4xHDAaBgNVBAMTE3d3dy5sZXRzZW5jcnlwdC5vcmcwggEi
|
||||||
|
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpL8ZjVL0MUkUAIbYO9+ZCni+c
|
||||||
|
ghGd9WhM2Ztaay6Wyh6lNoCdltdqTwUhE4O+d7UFModjM3G/KMyfuujr06c5iGKL
|
||||||
|
3saPmIzLaRPIEOUlB2rKgasKhe8mDRyRLzQSXXgnsaKcTBBuhIHvtP51ZMr05nJJ
|
||||||
|
sX/5FGjj96w+KJel6E/Ux1a1ZDOFkAYNSIrJJhA5jjIvUPr+Ri6Oc6UlhF9oueKI
|
||||||
|
uWBILxQpC778tBWdHoZeBCNTHA1VvtwC53OeuHvdZm1jB/e30Mgf5DtVizYpFXVD
|
||||||
|
mztkrd6z/3B6ZwPyfCE4KgzSf70/byOz971OJxNKTUVWedKHHDlrMxfsPclbAgMB
|
||||||
|
AAGjggTwMIIE7DAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
|
||||||
|
CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFG1w4j/KDrYSFu7m9DPE
|
||||||
|
xRR0E5gzMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUF
|
||||||
|
BwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNy
|
||||||
|
eXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNy
|
||||||
|
eXB0Lm9yZy8wggHxBgNVHREEggHoMIIB5IIbY2VydC5pbnQteDEubGV0c2VuY3J5
|
||||||
|
cHQub3JnghtjZXJ0LmludC14Mi5sZXRzZW5jcnlwdC5vcmeCG2NlcnQuaW50LXgz
|
||||||
|
LmxldHNlbmNyeXB0Lm9yZ4IbY2VydC5pbnQteDQubGV0c2VuY3J5cHQub3Jnghxj
|
||||||
|
ZXJ0LnJvb3QteDEubGV0c2VuY3J5cHQub3Jngh9jZXJ0LnN0YWdpbmcteDEubGV0
|
||||||
|
c2VuY3J5cHQub3Jngh9jZXJ0LnN0Zy1pbnQteDEubGV0c2VuY3J5cHQub3JngiBj
|
||||||
|
ZXJ0LnN0Zy1yb290LXgxLmxldHNlbmNyeXB0Lm9yZ4ISY3AubGV0c2VuY3J5cHQu
|
||||||
|
b3JnghpjcC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZ4ITY3BzLmxldHNlbmNyeXB0
|
||||||
|
Lm9yZ4IbY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3Jnghtjcmwucm9vdC14MS5s
|
||||||
|
ZXRzZW5jcnlwdC5vcmeCD2xldHNlbmNyeXB0Lm9yZ4IWb3JpZ2luLmxldHNlbmNy
|
||||||
|
eXB0Lm9yZ4IXb3JpZ2luMi5sZXRzZW5jcnlwdC5vcmeCFnN0YXR1cy5sZXRzZW5j
|
||||||
|
cnlwdC5vcmeCE3d3dy5sZXRzZW5jcnlwdC5vcmcwgf4GA1UdIASB9jCB8zAIBgZn
|
||||||
|
gQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
|
||||||
|
LmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmlj
|
||||||
|
YXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBh
|
||||||
|
bmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGlj
|
||||||
|
eSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzCC
|
||||||
|
AQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AMEWSuCnctLUOS3ICsEHcNTwxJvemRpI
|
||||||
|
QMH6B1Fk9jNgAAABZN0ChToAAAQDAEcwRQIgblal8oXnfoopr1+dWVhvBx+sqHT0
|
||||||
|
eLYxJHBTaRp3j1QCIQDhFQqMk6DDXUgcU12K36zLVFwJTdAJI4RBisnX+g+W0AB2
|
||||||
|
ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABZN0Chz4AAAQDAEcw
|
||||||
|
RQIhAImOjvkritUNKJZB7dcUtjoyIbfNwdCspvRiEzXuvVQoAiAZryoyg3TcMun5
|
||||||
|
Gb2dEn1cttMnPW9u670/JdRjvjU/wTANBgkqhkiG9w0BAQsFAAOCAQEAGepCmckP
|
||||||
|
Tn9Sz268FEwkdD+6wWaPfeYlh+9nacFh90nQ35EYQMOK8a+X7ixHGbRz19On3Wt4
|
||||||
|
1fcbPa9SefocTjAintMwwreCxpRTmwGACYojd7vRWEmA6q7+/HO2BfZahWzclOjw
|
||||||
|
mSDBycDEm8R0ZK52vYjzVno8x0mrsmSO0403S/6syYB/guH6P17kIBw+Tgx6/i/c
|
||||||
|
I1C6MoFkuaAKUUcZmgGGBgE+L/7cWtWjbkVXyA3ZQQy9G7rcBT+N/RrDfBh4iZDq
|
||||||
|
jAN5UIIYL8upBhjiMYVuoJrH2nklzEwr5SWKcccJX5eWkGLUwlcY9LGAA8+17l2I
|
||||||
|
l1Ou20Dm9TxnNw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -93,3 +93,17 @@
|
||||||
- name: Update result list
|
- name: Update result list
|
||||||
set_fact:
|
set_fact:
|
||||||
info_results: "{{ info_results + [result] }}"
|
info_results: "{{ info_results + [result] }}"
|
||||||
|
|
||||||
|
- name: ({{select_crypto_backend}}) Get certificate info for packaged cert 1
|
||||||
|
openssl_certificate_info:
|
||||||
|
path: '{{ role_path }}/files/cert1.pem'
|
||||||
|
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||||
|
register: result
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- "'ocsp_uri' in result"
|
||||||
|
- "result.ocsp_uri == 'http://ocsp.int-x3.letsencrypt.org'"
|
||||||
|
|
||||||
|
- name: Update result list
|
||||||
|
set_fact:
|
||||||
|
info_results: "{{ info_results + [result] }}"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue