internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-07 05:43:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

x509_crl_info: allow to not enumerate revoked certificates (#232)

Browse Source 
* Allow to not enumerate revoked certificates.

* Forgot to remove one instance.

* Add example.
This commit is contained in:
Felix Fontein
2021-05-19 09:32:30 +02:00
committed by GitHub
parent 7298c1f49a
commit 69aeb2d86f
5 changed files with 64 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
plugins/module_utils/crypto/module_backends/crl_info.py
View File

@@ -46,10 +46,11 @@ else:
class CRLInfoRetrieval(object):
def __init__(self, module, content):
def __init__(self, module, content, list_revoked_certificates=True):
# content must be a bytes string
self.module = module
self.content = content
self.list_revoked_certificates = list_revoked_certificates
def get_info(self):
self.crl_pem = identify_pem_format(self.content)
@@ -69,7 +70,6 @@ class CRLInfoRetrieval(object):
'digest': None,
'issuer_ordered': None,
'issuer': None,
'revoked_certificates': [],
}
result['last_update'] = self.crl.last_update.strftime(TIMESTAMP_FORMAT)
@@ -82,18 +82,19 @@ class CRLInfoRetrieval(object):
result['issuer'] = {}
for k, v in issuer:
result['issuer'][k] = v
result['revoked_certificates'] = []
for cert in self.crl:
entry = cryptography_decode_revoked_certificate(cert)
result['revoked_certificates'].append(cryptography_dump_revoked(entry))
if self.list_revoked_certificates:
result['revoked_certificates'] = []
for cert in self.crl:
entry = cryptography_decode_revoked_certificate(cert)
result['revoked_certificates'].append(cryptography_dump_revoked(entry))
return result
def get_crl_info(module, content):
def get_crl_info(module, content, list_revoked_certificates=True):
if not CRYPTOGRAPHY_FOUND:
module.fail_json(msg=missing_required_lib('cryptography >= {0}'.format(MINIMAL_CRYPTOGRAPHY_VERSION)),
exception=CRYPTOGRAPHY_IMP_ERR)
info = CRLInfoRetrieval(module, content)
info = CRLInfoRetrieval(module, content, list_revoked_certificates=list_revoked_certificates)
return info.get_info()