New module: acme_certificate_revoke (#40995)

* First version (without revocation checking). * Adding check mode and OCSP revocation verification. * Fixing ACME v1 behavior. * Fixed superfluous space. * Fixing links. * Working around linter complaints. * Added docstring. * More defensive. * Disabling check mode for now. * Simplifying module by no longer checking OCSP, and removing check mode vestiges.
2025-07-23 21:30:22 -07:00 · 2018-06-25 08:09:18 +02:00 · 2018-06-25 08:09:18 +02:00 · 348f87d3f4
commit 348f87d3f4
parent 773c031d33
2 changed files with 224 additions and 12 deletions
--- a/lib/ansible/module_utils/acme.py
+++ b/lib/ansible/module_utils/acme.py
@ -215,14 +215,15 @@ class ACMEAccount(object):
                raise ModuleFailException("failed to create temporary content file: %s" % to_native(err), exception=traceback.format_exc())
            f.close()

-        error, self.key_data = self.parse_account_key(self.key)
-        if error:
-            raise ModuleFailException("error while parsing account key: %s" % error)
-        self.jwk = self.key_data['jwk']
-        self.jws_header = {
-            "alg": self.key_data['alg'],
-            "jwk": self.jwk,
-        }
+        if self.key is not None:
+            error, self.key_data = self.parse_account_key(self.key)
+            if error:
+                raise ModuleFailException("error while parsing account key: %s" % error)
+            self.jwk = self.key_data['jwk']
+            self.jws_header = {
+                "alg": self.key_data['alg'],
+                "jwk": self.jwk,
+            }

    def get_keyauthorization(self, token):
        '''
@ -355,22 +356,25 @@ class ACMEAccount(object):
            "signature": nopad_b64(to_bytes(out)),
        }

-    def send_signed_request(self, url, payload):
+    def send_signed_request(self, url, payload, key_data=None, key=None, jws_header=None):
        '''
        Sends a JWS signed HTTP POST request to the ACME server and returns
        the response as dictionary
        https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-6.2
        '''
+        key_data = key_data or self.key_data
+        key = key or self.key
+        jws_header = jws_header or self.jws_header
        failed_tries = 0
        while True:
-            protected = copy.deepcopy(self.jws_header)
+            protected = copy.deepcopy(jws_header)
            protected["nonce"] = self.directory.get_nonce()
            if self.version != 1:
                protected["url"] = url

-            data = self.sign_request(protected, payload, self.key_data, self.key)
+            data = self.sign_request(protected, payload, key_data, key)
            if self.version == 1:
-                data["header"] = self.jws_header
+                data["header"] = jws_header
            data = self.module.jsonify(data)

            headers = {