openssl_* module_utils/crypto.py: add full list of OIDs known to current OpenSSL (#54943)

* Add full list of OIDs known to current OpenSSL.

* Remove hardcoded OIDs.

* UID -> x500UniqueIdentifier

* Reference actual version used.

* Don't normalize to lower-case.

* Change test back.

* Fix typo.

* Apply changes suggested by RedHat legal.

lib/ansible/modules/crypto/openssl_certificate.py

@@ -1437,14 +1437,14 @@ class AssertOnlyCertificateCryptography(AssertOnlyCertificateBase):
             return self.cert.signature_algorithm_oid._name
 
     def _validate_subject(self):
-        expected_subject = Name([NameAttribute(oid=crypto_utils.cryptography_get_name_oid(sub[0]), value=to_text(sub[1]))
+        expected_subject = Name([NameAttribute(oid=crypto_utils.cryptography_name_to_oid(sub[0]), value=to_text(sub[1]))
                                  for sub in self.subject])
         cert_subject = self.cert.subject
         if not compare_sets(expected_subject, cert_subject, self.subject_strict):
             return expected_subject, cert_subject
 
     def _validate_issuer(self):
-        expected_issuer = Name([NameAttribute(oid=crypto_utils.cryptography_get_name_oid(iss[0]), value=to_text(iss[1]))
+        expected_issuer = Name([NameAttribute(oid=crypto_utils.cryptography_name_to_oid(iss[0]), value=to_text(iss[1]))
                                 for iss in self.issuer])
         cert_issuer = self.cert.issuer
         if not compare_sets(expected_issuer, cert_issuer, self.issuer_strict):
@@ -1494,7 +1494,7 @@ class AssertOnlyCertificateCryptography(AssertOnlyCertificateBase):
     def _validate_extended_key_usage(self):
         try:
             current_ext_keyusage = self.cert.extensions.get_extension_for_class(x509.ExtendedKeyUsage).value
-            usages = [crypto_utils.cryptography_get_ext_keyusage(usage) for usage in self.extended_key_usage]
+            usages = [crypto_utils.cryptography_name_to_oid(usage) for usage in self.extended_key_usage]
             expected_ext_keyusage = x509.ExtendedKeyUsage(usages)
             if not compare_sets(expected_ext_keyusage, current_ext_keyusage, self.extended_key_usage_strict):
                 return [eku.value for eku in expected_ext_keyusage], [eku.value for eku in current_ext_keyusage]

lib/ansible/modules/crypto/openssl_certificate_info.py

@@ -425,18 +425,18 @@ class CertificateInfoCryptography(CertificateInfo):
         super(CertificateInfoCryptography, self).__init__(module, 'cryptography')
 
     def _get_signature_algorithm(self):
-        return crypto_utils.crpytography_oid_to_name(self.cert.signature_algorithm_oid)
+        return crypto_utils.cryptography_oid_to_name(self.cert.signature_algorithm_oid)
 
     def _get_subject(self):
         result = dict()
         for attribute in self.cert.subject:
-            result[crypto_utils.crpytography_oid_to_name(attribute.oid)] = attribute.value
+            result[crypto_utils.cryptography_oid_to_name(attribute.oid)] = attribute.value
         return result
 
     def _get_issuer(self):
         result = dict()
         for attribute in self.cert.issuer:
-            result[crypto_utils.crpytography_oid_to_name(attribute.oid)] = attribute.value
+            result[crypto_utils.cryptography_oid_to_name(attribute.oid)] = attribute.value
         return result
 
     def _get_version(self):
@@ -488,7 +488,7 @@ class CertificateInfoCryptography(CertificateInfo):
         try:
             ext_keyusage_ext = self.cert.extensions.get_extension_for_class(x509.ExtendedKeyUsage)
             return sorted([
-                crypto_utils.crpytography_oid_to_name(eku) for eku in ext_keyusage_ext.value
+                crypto_utils.cryptography_oid_to_name(eku) for eku in ext_keyusage_ext.value
             ]), ext_keyusage_ext.critical
         except cryptography.x509.ExtensionNotFound:
             return None, False

lib/ansible/modules/crypto/openssl_csr.py

@@ -649,7 +649,7 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
         csr = cryptography.x509.CertificateSigningRequestBuilder()
         try:
             csr = csr.subject_name(cryptography.x509.Name([
-                cryptography.x509.NameAttribute(crypto_utils.cryptography_get_name_oid(entry[0]), to_text(entry[1])) for entry in self.subject
+                cryptography.x509.NameAttribute(crypto_utils.cryptography_name_to_oid(entry[0]), to_text(entry[1])) for entry in self.subject
             ]))
         except ValueError as e:
             raise CertificateSigningRequestError(e)
@@ -664,7 +664,7 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
             csr = csr.add_extension(cryptography.x509.KeyUsage(**params), critical=self.keyUsage_critical)
 
         if self.extendedKeyUsage:
-            usages = [crypto_utils.cryptography_get_ext_keyusage(usage) for usage in self.extendedKeyUsage]
+            usages = [crypto_utils.cryptography_name_to_oid(usage) for usage in self.extendedKeyUsage]
             csr = csr.add_extension(cryptography.x509.ExtendedKeyUsage(usages), critical=self.extendedKeyUsage_critical)
 
         if self.basicConstraints:
@@ -713,7 +713,7 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
 
     def _check_csr(self):
         def _check_subject(csr):
-            subject = [(crypto_utils.cryptography_get_name_oid(entry[0]), entry[1]) for entry in self.subject]
+            subject = [(crypto_utils.cryptography_name_to_oid(entry[0]), entry[1]) for entry in self.subject]
             current_subject = [(sub.oid, sub.value) for sub in csr.subject]
             return set(subject) == set(current_subject)
 
@@ -751,7 +751,7 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
         def _check_extenededKeyUsage(extensions):
             current_usages_ext = _find_extension(extensions, cryptography.x509.ExtendedKeyUsage)
             current_usages = [str(usage) for usage in current_usages_ext.value] if current_usages_ext else []
-            usages = [str(crypto_utils.cryptography_get_ext_keyusage(usage)) for usage in self.extendedKeyUsage] if self.extendedKeyUsage else []
+            usages = [str(crypto_utils.cryptography_name_to_oid(usage)) for usage in self.extendedKeyUsage] if self.extendedKeyUsage else []
             if set(current_usages) != set(usages):
                 return False
             if usages:

lib/ansible/modules/crypto/openssl_csr_info.py

@@ -294,7 +294,7 @@ class CertificateSigningRequestInfoCryptography(CertificateSigningRequestInfo):
     def _get_subject(self):
         result = dict()
         for attribute in self.csr.subject:
-            result[crypto_utils.crpytography_oid_to_name(attribute.oid)] = attribute.value
+            result[crypto_utils.cryptography_oid_to_name(attribute.oid)] = attribute.value
         return result
 
     def _get_key_usage(self):
@@ -339,7 +339,7 @@ class CertificateSigningRequestInfoCryptography(CertificateSigningRequestInfo):
         try:
             ext_keyusage_ext = self.csr.extensions.get_extension_for_class(x509.ExtendedKeyUsage)
             return sorted([
-                crypto_utils.crpytography_oid_to_name(eku) for eku in ext_keyusage_ext.value
+                crypto_utils.cryptography_oid_to_name(eku) for eku in ext_keyusage_ext.value
             ]), ext_keyusage_ext.critical
         except cryptography.x509.ExtensionNotFound:
             return None, False