fix #529 issuer_uri in x509_certificate_info (#530)

The issuer_uri is retrieved from the Authority Information Access field the same way as the OCSP responder URI is.
Handling is exactly the same since they reside in the same OID space and have the same data type.
Tests have also been added based on the integration test certificates.

Signed-off-by: benaryorg <binary@benary.org>

Signed-off-by: benaryorg <binary@benary.org>

plugins/module_utils/crypto/module_backends/certificate_info.py

@@ -139,6 +139,10 @@ class CertificateInfoRetrieval(object):
     def _get_ocsp_uri(self):
         pass
 
+    @abc.abstractmethod
+    def _get_issuer_uri(self):
+        pass
+
     def get_info(self, prefer_one_fingerprint=False):
         result = dict()
         self.cert = load_certificate(None, content=self.content, backend=self.backend)
@@ -200,6 +204,7 @@ class CertificateInfoRetrieval(object):
         result['serial_number'] = self._get_serial_number()
         result['extensions_by_oid'] = self._get_all_extensions()
         result['ocsp_uri'] = self._get_ocsp_uri()
+        result['issuer_uri'] = self._get_issuer_uri()
 
         return result
 
@@ -365,6 +370,17 @@ class CertificateInfoRetrievalCryptography(CertificateInfoRetrieval):
             pass
         return None
 
+    def _get_issuer_uri(self):
+        try:
+            ext = self.cert.extensions.get_extension_for_class(x509.AuthorityInformationAccess)
+            for desc in ext.value:
+                if desc.access_method == x509.oid.AuthorityInformationAccessOID.CA_ISSUERS:
+                    if isinstance(desc.access_location, x509.UniformResourceIdentifier):
+                        return desc.access_location.value
+        except x509.ExtensionNotFound as dummy:
+            pass
+        return None
+
 
 def get_certificate_info(module, backend, content, prefer_one_fingerprint=False):
     if backend == 'cryptography':