openssl_* modules: private key errors (#54088)

* Improve error handling, in particular with respect to private key loading problems. * Add tests to validate that modules regenerate invalid input and don't crash. * Don't crash when input is invalid. * Create 'better' broken input. * Fix paths. * Simplifying pyOpenSSL error handling.
2025-10-10 18:34:03 -07:00 · 2019-03-30 14:28:10 +01:00 · 2019-03-30 14:28:10 +01:00 · 90c067e947
commit 90c067e947
parent 627c5e7f50
21 changed files with 327 additions and 228 deletions
--- a/lib/ansible/modules/crypto/openssl_pkcs12.py
+++ b/lib/ansible/modules/crypto/openssl_pkcs12.py
@ -324,16 +324,16 @@ def main():
            msg="The directory '%s' does not exist or the path is not a directory" % base_dir
        )

-    pkcs12 = Pkcs(module)
-    changed = False
+    try:
+        pkcs12 = Pkcs(module)
+        changed = False

-    if module.params['state'] == 'present':
-        if module.check_mode:
-            result = pkcs12.dump()
-            result['changed'] = module.params['force'] or not pkcs12.check(module)
-            module.exit_json(**result)
+        if module.params['state'] == 'present':
+            if module.check_mode:
+                result = pkcs12.dump()
+                result['changed'] = module.params['force'] or not pkcs12.check(module)
+                module.exit_json(**result)

-        try:
            if not pkcs12.check(module, perms_required=False) or module.params['force']:
                if module.params['action'] == 'export':
                    if not module.params['friendly_name']:
@ -346,29 +346,25 @@ def main():
            file_args = module.load_file_common_arguments(module.params)
            if module.set_fs_attributes_if_different(file_args, changed):
                changed = True
+        else:
+            if module.check_mode:
+                result = pkcs12.dump()
+                result['changed'] = os.path.exists(module.params['path'])
+                module.exit_json(**result)

-        except PkcsError as exc:
-            module.fail_json(msg=to_native(exc))
-    else:
-        if module.check_mode:
-            result = pkcs12.dump()
-            result['changed'] = os.path.exists(module.params['path'])
-            module.exit_json(**result)
-
-        if os.path.exists(module.params['path']):
-            try:
+            if os.path.exists(module.params['path']):
                pkcs12.remove(module)
                changed = True
-            except PkcsError as exc:
-                module.fail_json(msg=to_native(exc))

-    result = pkcs12.dump()
-    result['changed'] = changed
-    if os.path.exists(module.params['path']):
-        file_mode = "%04o" % stat.S_IMODE(os.stat(module.params['path']).st_mode)
-        result['mode'] = file_mode
+        result = pkcs12.dump()
+        result['changed'] = changed
+        if os.path.exists(module.params['path']):
+            file_mode = "%04o" % stat.S_IMODE(os.stat(module.params['path']).st_mode)
+            result['mode'] = file_mode

-    module.exit_json(**result)
+        module.exit_json(**result)
+    except crypto_utils.OpenSSLObjectError as exc:
+        module.fail_json(msg=to_native(exc))


 if __name__ == '__main__':