openssl_* modules: private key errors (#54088)

* Improve error handling, in particular with respect to private key loading problems. * Add tests to validate that modules regenerate invalid input and don't crash. * Don't crash when input is invalid. * Create 'better' broken input. * Fix paths. * Simplifying pyOpenSSL error handling.
2025-05-31 13:29:08 -07:00 · 2019-03-30 14:28:10 +01:00 · 2019-03-30 14:28:10 +01:00 · 90c067e947
commit 90c067e947
parent 627c5e7f50
21 changed files with 327 additions and 228 deletions
--- a/lib/ansible/modules/crypto/openssl_publickey.py
+++ b/lib/ansible/modules/crypto/openssl_publickey.py
@ -235,7 +235,7 @@ class PublicKey(crypto_utils.OpenSSLObject):
                    crypto.FILETYPE_ASN1,
                    crypto.load_publickey(crypto.FILETYPE_PEM, publickey_content)
                )
-            except (crypto.Error, ValueError):
+            except Exception as dummy:
                return False

            try:
@ -293,34 +293,28 @@ def main():
            msg="The directory '%s' does not exist or the file is not a directory" % base_dir
        )

-    public_key = PublicKey(module)
+    try:
+        public_key = PublicKey(module)

-    if public_key.state == 'present':
+        if public_key.state == 'present':
+            if module.check_mode:
+                result = public_key.dump()
+                result['changed'] = module.params['force'] or not public_key.check(module)
+                module.exit_json(**result)

-        if module.check_mode:
-            result = public_key.dump()
-            result['changed'] = module.params['force'] or not public_key.check(module)
-            module.exit_json(**result)
-
-        try:
            public_key.generate(module)
-        except PublicKeyError as exc:
-            module.fail_json(msg=to_native(exc))
-    else:
+        else:
+            if module.check_mode:
+                result = public_key.dump()
+                result['changed'] = os.path.exists(module.params['path'])
+                module.exit_json(**result)

-        if module.check_mode:
-            result = public_key.dump()
-            result['changed'] = os.path.exists(module.params['path'])
-            module.exit_json(**result)
-
-        try:
            public_key.remove(module)
-        except PublicKeyError as exc:
-            module.fail_json(msg=to_native(exc))

-    result = public_key.dump()
-
-    module.exit_json(**result)
+        result = public_key.dump()
+        module.exit_json(**result)
+    except crypto_utils.OpenSSLObjectError as exc:
+        module.fail_json(msg=to_native(exc))


 if __name__ == '__main__':