cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

openssl_publickey: forgot to pass backend (#67036)

Browse source 
* Forgot to pass backend.

* Add changelog.

* Pass on backend from get_fingerprint.

* Handle cryptography backend in get_fingerprint.
This commit is contained in:
Felix Fontein 2020-02-03 06:18:19 +01:00 committed by GitHub
parent b1a8bded3f
commit a0e5e2e4c5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/67036-openssl_publickey-backend.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- "openssl_publickey - fix a module crash caused when pyOpenSSL is not installed (https://github.com/ansible/ansible/issues/67035)."

12
lib/ansible/module_utils/crypto.py
View file

@ -166,10 +166,12 @@ def get_fingerprint_of_bytes(source):
return fingerprint return fingerprint
def get_fingerprint(path, passphrase=None, content=None): def get_fingerprint(path, passphrase=None, content=None, backend='pyopenssl'):
"""Generate the fingerprint of the public key. """ """Generate the fingerprint of the public key. """
privatekey = load_privatekey(path, passphrase=passphrase, content=content, check_passphrase=False) privatekey = load_privatekey(path, passphrase=passphrase, content=content, check_passphrase=False, backend=backend)
if backend == 'pyopenssl':
try: try:
publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey) publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey)
except AttributeError: except AttributeError:
@ -184,6 +186,12 @@ def get_fingerprint(path, passphrase=None, content=None):
# By doing this we prevent the code from raising an error # By doing this we prevent the code from raising an error
# yet we return no value in the fingerprint hash. # yet we return no value in the fingerprint hash.
return None return None
elif backend == 'cryptography':
publickey = privatekey.public_key().public_bytes(
serialization.Encoding.DER,
serialization.PublicFormat.SubjectPublicKeyInfo
)
return get_fingerprint_of_bytes(publickey) return get_fingerprint_of_bytes(publickey)

3
lib/ansible/modules/crypto/openssl_publickey.py
View file

@ -299,7 +299,8 @@ class PublicKey(crypto_utils.OpenSSLObject):
self.fingerprint = crypto_utils.get_fingerprint( self.fingerprint = crypto_utils.get_fingerprint(
path=self.privatekey_path, path=self.privatekey_path,
content=self.privatekey_content, content=self.privatekey_content,
passphrase=self.privatekey_passphrase passphrase=self.privatekey_passphrase,
backend=self.backend,
) )
file_args = module.load_file_common_arguments(module.params) file_args = module.load_file_common_arguments(module.params)
if module.set_fs_attributes_if_different(file_args, False): if module.set_fs_attributes_if_different(file_args, False):