ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-06-17 05:42:38 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

openssl_* modules: private key errors (#54088)

Browse source 
* Improve error handling, in particular with respect to private key loading problems.

* Add tests to validate that modules regenerate invalid input and don't crash.

* Don't crash when input is invalid.

* Create 'better' broken input.

* Fix paths.

* Simplifying pyOpenSSL error handling.
This commit is contained in:
Felix Fontein 2019-03-30 14:28:10 +01:00 committed by René Moser
parent 627c5e7f50
commit 90c067e947
21 changed files with 327 additions and 228 deletions
Download patch file Download diff file Expand all files Collapse all files

64
lib/ansible/modules/crypto/openssl_privatekey.py
View file

@ -373,9 +373,7 @@ class PrivateKeyPyOpenSSL(PrivateKeyBase):
try:
crypto_utils.load_privatekey(self.path, self.passphrase)
return True
except crypto.Error:
return False
except crypto_utils.OpenSSLBadPassphraseError as exc:
except Exception as dummy:
return False
def _check_size_and_type(self):
@ -535,12 +533,8 @@ class PrivateKeyCryptography(PrivateKeyBase):
backend=self.cryptography_backend
)
return True
except TypeError as e:
if 'Password' in str(e) and 'encrypted' in str(e):
return False
raise PrivateKeyError(e)
except Exception as e:
raise PrivateKeyError(e)
except Exception as dummy:
return False
def _check_size_and_type(self):
privatekey = self._load_privatekey()
@ -639,41 +633,35 @@ def main():
'cryptography (>= {0}) and pyOpenSSL (>= {1})').format(
MINIMAL_CRYPTOGRAPHY_VERSION,
MINIMAL_PYOPENSSL_VERSION))
if backend == 'pyopenssl':
if not PYOPENSSL_FOUND:
module.fail_json(msg=missing_required_lib('pyOpenSSL'), exception=PYOPENSSL_IMP_ERR)
private_key = PrivateKeyPyOpenSSL(module)
elif backend == 'cryptography':
if not CRYPTOGRAPHY_FOUND:
module.fail_json(msg=missing_required_lib('cryptography'), exception=CRYPTOGRAPHY_IMP_ERR)
private_key = PrivateKeyCryptography(module)
try:
if backend == 'pyopenssl':
if not PYOPENSSL_FOUND:
module.fail_json(msg=missing_required_lib('pyOpenSSL'), exception=PYOPENSSL_IMP_ERR)
private_key = PrivateKeyPyOpenSSL(module)
elif backend == 'cryptography':
if not CRYPTOGRAPHY_FOUND:
module.fail_json(msg=missing_required_lib('cryptography'), exception=CRYPTOGRAPHY_IMP_ERR)
private_key = PrivateKeyCryptography(module)
if private_key.state == 'present':
if private_key.state == 'present':
if module.check_mode:
result = private_key.dump()
result['changed'] = module.params['force'] or not private_key.check(module)
module.exit_json(**result)
if module.check_mode:
result = private_key.dump()
result['changed'] = module.params['force'] or not private_key.check(module)
module.exit_json(**result)
try:
private_key.generate(module)
except PrivateKeyError as exc:
module.fail_json(msg=to_native(exc))
else:
else:
if module.check_mode:
result = private_key.dump()
result['changed'] = os.path.exists(module.params['path'])
module.exit_json(**result)
if module.check_mode:
result = private_key.dump()
result['changed'] = os.path.exists(module.params['path'])
module.exit_json(**result)
try:
private_key.remove(module)
except PrivateKeyError as exc:
module.fail_json(msg=to_native(exc))
result = private_key.dump()
module.exit_json(**result)
result = private_key.dump()
module.exit_json(**result)
except crypto_utils.OpenSSLObjectError as exc:
module.fail_json(msg=to_native(exc))
if __name__ == '__main__':