diff options
author | Felix Fontein <felix@fontein.de> | 2020-02-03 06:18:19 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-03 06:18:19 +0100 |
commit | a0e5e2e4c597c8cf0fdd39c2df45fe33fd38eedb (patch) | |
tree | f5f865d7d23c453f26b7b97f8ed237652a350a9f | |
parent | b1a8bded3fe769244b16525dadcd19c2007b80c7 (diff) | |
download | ansible-a0e5e2e4c597c8cf0fdd39c2df45fe33fd38eedb.tar.gz |
openssl_publickey: forgot to pass backend (#67036)
* Forgot to pass backend.
* Add changelog.
* Pass on backend from get_fingerprint.
* Handle cryptography backend in get_fingerprint.
-rw-r--r-- | changelogs/fragments/67036-openssl_publickey-backend.yml | 2 | ||||
-rw-r--r-- | lib/ansible/module_utils/crypto.py | 36 | ||||
-rw-r--r-- | lib/ansible/modules/crypto/openssl_publickey.py | 3 |
3 files changed, 26 insertions, 15 deletions
diff --git a/changelogs/fragments/67036-openssl_publickey-backend.yml b/changelogs/fragments/67036-openssl_publickey-backend.yml new file mode 100644 index 0000000000..97093c2086 --- /dev/null +++ b/changelogs/fragments/67036-openssl_publickey-backend.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_publickey - fix a module crash caused when pyOpenSSL is not installed (https://github.com/ansible/ansible/issues/67035)." diff --git a/lib/ansible/module_utils/crypto.py b/lib/ansible/module_utils/crypto.py index 6d4f8aac78..fef01f1ab2 100644 --- a/lib/ansible/module_utils/crypto.py +++ b/lib/ansible/module_utils/crypto.py @@ -166,24 +166,32 @@ def get_fingerprint_of_bytes(source): return fingerprint -def get_fingerprint(path, passphrase=None, content=None): +def get_fingerprint(path, passphrase=None, content=None, backend='pyopenssl'): """Generate the fingerprint of the public key. """ - privatekey = load_privatekey(path, passphrase=passphrase, content=content, check_passphrase=False) - try: - publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey) - except AttributeError: - # If PyOpenSSL < 16.0 crypto.dump_publickey() will fail. + privatekey = load_privatekey(path, passphrase=passphrase, content=content, check_passphrase=False, backend=backend) + + if backend == 'pyopenssl': try: - bio = crypto._new_mem_buf() - rc = crypto._lib.i2d_PUBKEY_bio(bio, privatekey._pkey) - if rc != 1: - crypto._raise_current_error() - publickey = crypto._bio_to_string(bio) + publickey = crypto.dump_publickey(crypto.FILETYPE_ASN1, privatekey) except AttributeError: - # By doing this we prevent the code from raising an error - # yet we return no value in the fingerprint hash. - return None + # If PyOpenSSL < 16.0 crypto.dump_publickey() will fail. + try: + bio = crypto._new_mem_buf() + rc = crypto._lib.i2d_PUBKEY_bio(bio, privatekey._pkey) + if rc != 1: + crypto._raise_current_error() + publickey = crypto._bio_to_string(bio) + except AttributeError: + # By doing this we prevent the code from raising an error + # yet we return no value in the fingerprint hash. + return None + elif backend == 'cryptography': + publickey = privatekey.public_key().public_bytes( + serialization.Encoding.DER, + serialization.PublicFormat.SubjectPublicKeyInfo + ) + return get_fingerprint_of_bytes(publickey) diff --git a/lib/ansible/modules/crypto/openssl_publickey.py b/lib/ansible/modules/crypto/openssl_publickey.py index 687490a2e5..6526b6fe93 100644 --- a/lib/ansible/modules/crypto/openssl_publickey.py +++ b/lib/ansible/modules/crypto/openssl_publickey.py @@ -299,7 +299,8 @@ class PublicKey(crypto_utils.OpenSSLObject): self.fingerprint = crypto_utils.get_fingerprint( path=self.privatekey_path, content=self.privatekey_content, - passphrase=self.privatekey_passphrase + passphrase=self.privatekey_passphrase, + backend=self.backend, ) file_args = module.load_file_common_arguments(module.params) if module.set_fs_attributes_if_different(file_args, False): |