openssl_publickey: Do not fail on empty existing file (#33255)
Currently during the check phase, the code considers the file to be a public key if the file exist - which is not necessarily true. This commits aims to ensure that the file is actually a publickey else returns false for the check.
This commit is contained in:
parent
748107d369
commit
32635577a3
3 changed files with 33 additions and 4 deletions
|
@ -211,10 +211,13 @@ class PublicKey(crypto_utils.OpenSSLObject):
|
|||
if not os.path.exists(self.privatekey_path):
|
||||
return False
|
||||
|
||||
try:
|
||||
current_publickey = crypto.dump_publickey(
|
||||
crypto.FILETYPE_ASN1,
|
||||
crypto.load_publickey(crypto.FILETYPE_PEM, open(self.path, 'rb').read())
|
||||
)
|
||||
except crypto.Error:
|
||||
return False
|
||||
|
||||
desired_publickey = crypto.dump_publickey(
|
||||
crypto.FILETYPE_ASN1,
|
||||
|
|
|
@ -48,6 +48,16 @@
|
|||
privatekey_passphrase: ansible
|
||||
register: publickey3_idempotence
|
||||
|
||||
- name: Generate empty file that will hold a public key (issue 33072)
|
||||
file:
|
||||
path: '{{ output_dir }}/publickey4.pub'
|
||||
state: touch
|
||||
|
||||
- name: Generate publickey in empty existing file (issue 33072)
|
||||
openssl_publickey:
|
||||
path: '{{ output_dir }}/publickey4.pub'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: pyopenssl_version.stdout|version_compare('16.0.0', '>=')
|
||||
|
|
|
@ -59,3 +59,19 @@
|
|||
assert:
|
||||
that:
|
||||
- not publickey3_idempotence|changed
|
||||
|
||||
- name: Validate publickey4 (test - privatekey modulus)
|
||||
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
|
||||
register: privatekey4_modulus
|
||||
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
|
||||
|
||||
- name: Validate publickey4 (test - publickey modulus)
|
||||
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey4.pub | openssl md5'
|
||||
register: publickey4_modulus
|
||||
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
|
||||
|
||||
- name: Validate publickey4 (assert)
|
||||
assert:
|
||||
that:
|
||||
- publickey4_modulus.stdout == privatekey4_modulus.stdout
|
||||
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
|
||||
|
|
Loading…
Reference in a new issue