caba47dd3f
* Add support for GSSAPI/Kerberos to urls.py * Test out changes with the latest test container * Get remote hosts working * Fix up httptester_krb5_password reader * Fix tests for opensuse and macOS * Hopefully last lot of testing changes * Dont do CBT on macOS * Fixes from review
98 lines
2.3 KiB
Python
98 lines
2.3 KiB
Python
#!/usr/bin/python
|
|
|
|
# Copyright: (c) 2020, Ansible Project
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
from __future__ import (absolute_import, division, print_function)
|
|
__metaclass__ = type
|
|
|
|
DOCUMENTATION = r'''
|
|
---
|
|
module: test_perrcert
|
|
short_description: Test getting the peer certificate of a HTTP response
|
|
description: Test getting the peer certificate of a HTTP response.
|
|
options:
|
|
url:
|
|
description: The endpoint to get the peer cert for
|
|
required: true
|
|
type: str
|
|
author:
|
|
- Ansible Project
|
|
'''
|
|
|
|
EXAMPLES = r'''
|
|
#
|
|
'''
|
|
|
|
RETURN = r'''
|
|
#
|
|
'''
|
|
|
|
import base64
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
from ansible.module_utils.common.text.converters import to_text
|
|
from ansible.module_utils.urls import getpeercert, Request
|
|
|
|
|
|
def get_x509_shorthand(name, value):
|
|
prefix = {
|
|
'countryName': 'C',
|
|
'stateOrProvinceName': 'ST',
|
|
'localityName': 'L',
|
|
'organizationName': 'O',
|
|
'commonName': 'CN',
|
|
'organizationalUnitName': 'OU',
|
|
}[name]
|
|
|
|
return '%s=%s' % (prefix, value)
|
|
|
|
|
|
def main():
|
|
module_args = dict(
|
|
url=dict(type='str', required=True),
|
|
)
|
|
module = AnsibleModule(
|
|
argument_spec=module_args,
|
|
supports_check_mode=True,
|
|
)
|
|
result = {
|
|
'changed': False,
|
|
'cert': None,
|
|
'raw_cert': None,
|
|
}
|
|
|
|
req = Request().get(module.params['url'])
|
|
try:
|
|
cert = getpeercert(req)
|
|
b_cert = getpeercert(req, binary_form=True)
|
|
|
|
finally:
|
|
req.close()
|
|
|
|
if cert:
|
|
processed_cert = {
|
|
'issuer': '',
|
|
'not_after': cert.get('notAfter', None),
|
|
'not_before': cert.get('notBefore', None),
|
|
'serial_number': cert.get('serialNumber', None),
|
|
'subject': '',
|
|
'version': cert.get('version', None),
|
|
}
|
|
|
|
for field in ['issuer', 'subject']:
|
|
field_values = []
|
|
for x509_part in cert.get(field, []):
|
|
field_values.append(get_x509_shorthand(x509_part[0][0], x509_part[0][1]))
|
|
|
|
processed_cert[field] = ",".join(field_values)
|
|
|
|
result['cert'] = processed_cert
|
|
|
|
if b_cert:
|
|
result['raw_cert'] = to_text(base64.b64encode(b_cert))
|
|
|
|
module.exit_json(**result)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|