From 7fa75552fbacb08179bce353817aee62e2b18d8d Mon Sep 17 00:00:00 2001 From: felixfontein Date: Sat, 24 Jun 2023 08:32:47 +0000 Subject: [PATCH] deploy: 8fa4dc75c9190c03588abb03ed7386af7600906d --- .../_sphinx_javascript_frameworks_compat.js | 123 ++++++++++++ pr/600/_static/css/ansible.css | 5 +- pr/600/_static/css/theme.css | 2 +- pr/600/_static/jquery.js | 2 + pr/600/acme_account_facts_module.html | 4 +- pr/600/acme_account_info_module.html | 57 +++--- pr/600/acme_account_module.html | 54 +++--- pr/600/acme_certificate_module.html | 124 ++++++------ pr/600/acme_certificate_revoke_module.html | 32 ++-- pr/600/acme_challenge_cert_helper_module.html | 19 +- pr/600/acme_inspect_module.html | 42 ++-- pr/600/certificate_complete_chain_module.html | 10 +- pr/600/crypto_info_module.html | 10 +- pr/600/docsite/guide_ownca.html | 2 + pr/600/docsite/guide_selfsigned.html | 10 +- pr/600/ecs_certificate_module.html | 126 ++++++------ pr/600/ecs_domain_module.html | 78 ++++---- pr/600/environment_variables.html | 2 + pr/600/get_certificate_module.html | 24 +-- pr/600/index.html | 4 +- pr/600/luks_device_module.html | 56 +++--- pr/600/openssh_cert_module.html | 74 +++---- pr/600/openssh_keypair_module.html | 46 ++--- pr/600/openssl_certificate_info_module.html | 4 +- pr/600/openssl_certificate_module.html | 4 +- pr/600/openssl_csr_info_filter.html | 74 +++---- pr/600/openssl_csr_info_module.html | 88 ++++----- pr/600/openssl_csr_module.html | 64 ++++--- pr/600/openssl_csr_pipe_module.html | 59 +++--- pr/600/openssl_dhparam_module.html | 20 +- pr/600/openssl_pkcs12_module.html | 42 ++-- pr/600/openssl_privatekey_convert_module.html | 14 +- pr/600/openssl_privatekey_info_filter.html | 46 ++--- pr/600/openssl_privatekey_info_module.html | 52 ++--- pr/600/openssl_privatekey_module.html | 56 +++--- pr/600/openssl_privatekey_pipe_module.html | 64 ++++--- pr/600/openssl_publickey_info_filter.html | 32 ++-- pr/600/openssl_publickey_info_module.html | 40 ++-- pr/600/openssl_publickey_module.html | 22 ++- pr/600/openssl_signature_info_module.html | 16 +- pr/600/openssl_signature_module.html | 14 +- pr/600/search.html | 2 + pr/600/searchindex.js | 2 +- pr/600/split_pem_filter.html | 4 +- pr/600/x509_certificate_info_filter.html | 72 +++---- pr/600/x509_certificate_info_module.html | 93 ++++----- pr/600/x509_certificate_module.html | 181 +++++++++--------- pr/600/x509_certificate_pipe_module.html | 153 +++++++-------- pr/600/x509_crl_info_filter.html | 43 +++-- pr/600/x509_crl_info_module.html | 49 +++-- pr/600/x509_crl_module.html | 109 ++++++----- 51 files changed, 1306 insertions(+), 1019 deletions(-) create mode 100644 pr/600/_static/_sphinx_javascript_frameworks_compat.js create mode 100644 pr/600/_static/jquery.js diff --git a/pr/600/_static/_sphinx_javascript_frameworks_compat.js b/pr/600/_static/_sphinx_javascript_frameworks_compat.js new file mode 100644 index 00000000..81415803 --- /dev/null +++ b/pr/600/_static/_sphinx_javascript_frameworks_compat.js @@ -0,0 +1,123 @@ +/* Compatability shim for jQuery and underscores.js. + * + * Copyright Sphinx contributors + * Released under the two clause BSD licence + */ + +/** + * small helper function to urldecode strings + * + * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL + */ +jQuery.urldecode = function(x) { + if (!x) { + return x + } + return decodeURIComponent(x.replace(/\+/g, ' ')); +}; + +/** + * small helper function to urlencode strings + */ +jQuery.urlencode = encodeURIComponent; + +/** + * This function returns the parsed url parameters of the + * current request. Multiple values per key are supported, + * it will always return arrays of strings for the value parts. + */ +jQuery.getQueryParameters = function(s) { + if (typeof s === 'undefined') + s = document.location.search; + var parts = s.substr(s.indexOf('?') + 1).split('&'); + var result = {}; + for (var i = 0; i < parts.length; i++) { + var tmp = parts[i].split('=', 2); + var key = jQuery.urldecode(tmp[0]); + var value = jQuery.urldecode(tmp[1]); + if (key in result) + result[key].push(value); + else + result[key] = [value]; + } + return result; +}; + +/** + * highlight a given string on a jquery object by wrapping it in + * span elements with the given class name. + */ +jQuery.fn.highlightText = function(text, className) { + function highlight(node, addItems) { + if (node.nodeType === 3) { + var val = node.nodeValue; + var pos = val.toLowerCase().indexOf(text); + if (pos >= 0 && + !jQuery(node.parentNode).hasClass(className) && + !jQuery(node.parentNode).hasClass("nohighlight")) { + var span; + var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg"); + if (isInSVG) { + span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); + } else { + span = document.createElement("span"); + span.className = className; + } + span.appendChild(document.createTextNode(val.substr(pos, text.length))); + node.parentNode.insertBefore(span, node.parentNode.insertBefore( + document.createTextNode(val.substr(pos + text.length)), + node.nextSibling)); + node.nodeValue = val.substr(0, pos); + if (isInSVG) { + var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect"); + var bbox = node.parentElement.getBBox(); + rect.x.baseVal.value = bbox.x; + rect.y.baseVal.value = bbox.y; + rect.width.baseVal.value = bbox.width; + rect.height.baseVal.value = bbox.height; + rect.setAttribute('class', className); + addItems.push({ + "parent": node.parentNode, + "target": rect}); + } + } + } + else if (!jQuery(node).is("button, select, textarea")) { + jQuery.each(node.childNodes, function() { + highlight(this, addItems); + }); + } + } + var addItems = []; + var result = this.each(function() { + highlight(this, addItems); + }); + for (var i = 0; i < addItems.length; ++i) { + jQuery(addItems[i].parent).before(addItems[i].target); + } + return result; +}; + +/* + * backward compatibility for jQuery.browser + * This will be supported until firefox bug is fixed. + */ +if (!jQuery.browser) { + jQuery.uaMatch = function(ua) { + ua = ua.toLowerCase(); + + var match = /(chrome)[ \/]([\w.]+)/.exec(ua) || + /(webkit)[ \/]([\w.]+)/.exec(ua) || + /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) || + /(msie) ([\w.]+)/.exec(ua) || + ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) || + []; + + return { + browser: match[ 1 ] || "", + version: match[ 2 ] || "0" + }; + }; + jQuery.browser = {}; + jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true; +} diff --git a/pr/600/_static/css/ansible.css b/pr/600/_static/css/ansible.css index bf839ba4..cb62348b 100644 --- a/pr/600/_static/css/ansible.css +++ b/pr/600/_static/css/ansible.css @@ -471,9 +471,10 @@ tr .ansibleOptionLink { } /* * Without this, - * for example most links in the page's TOC aren't usable anymore + * for example most links in the page's TOC aren't usable anymore, and tables + * sometimes overlap the text above * */ - section a[id] { + section a[id], section table[id] { padding-top: 0; margin-top: 0; } diff --git a/pr/600/_static/css/theme.css b/pr/600/_static/css/theme.css index c03c88f0..19a446a0 100644 --- a/pr/600/_static/css/theme.css +++ b/pr/600/_static/css/theme.css @@ -1,4 +1,4 @@ html{box-sizing:border-box}*,:after,:before{box-sizing:inherit}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}[hidden],audio:not([controls]){display:none}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}blockquote{margin:0}dfn{font-style:italic}ins{background:#ff9;text-decoration:none}ins,mark{color:#000}mark{background:#ff0;font-style:italic;font-weight:700}.rst-content code,.rst-content tt,code,kbd,pre,samp{font-family:monospace,serif;_font-family:courier new,monospace;font-size:1em}pre{white-space:pre}q{quotes:none}q:after,q:before{content:"";content:none}small{font-size:85%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}dl,ol,ul{margin:0;padding:0;list-style:none;list-style-image:none}li{list-style:none}dd{margin:0}img{border:0;-ms-interpolation-mode:bicubic;vertical-align:middle;max-width:100%}svg:not(:root){overflow:hidden}figure,form{margin:0}label{cursor:pointer}button,input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}button,input{line-height:normal}button,input[type=button],input[type=reset],input[type=submit]{cursor:pointer;-webkit-appearance:button;*overflow:visible}button[disabled],input[disabled]{cursor:default}input[type=search]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}textarea{resize:vertical}table{border-collapse:collapse;border-spacing:0}td{vertical-align:top}.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}.ir{display:block;border:0;text-indent:-999em;overflow:hidden;background-color:transparent;background-repeat:no-repeat;text-align:left;direction:ltr;*line-height:0}.ir br{display:none}.hidden{display:none!important;visibility:hidden}.visuallyhidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.visuallyhidden.focusable:active,.visuallyhidden.focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}.invisible{visibility:hidden}.relative{position:relative}big,small{font-size:100%}@media print{body,html,section{background:none!important}*{box-shadow:none!important;text-shadow:none!important;filter:none!important;-ms-filter:none!important}a,a:visited{text-decoration:underline}.ir a:after,a[href^="#"]:after,a[href^="javascript:"]:after{content:""}blockquote,pre{page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}.rst-content .toctree-wrapper>p.caption,h2,h3,p{orphans:3;widows:3}.rst-content .toctree-wrapper>p.caption,h2,h3{page-break-after:avoid}}.btn,.fa:before,.icon:before,.rst-content .admonition,.rst-content .admonition-title:before,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .code-block-caption .headerlink:before,.rst-content .danger,.rst-content .eqno .headerlink:before,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-alert,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before,input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week],select,textarea{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}/*! * Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) - */@font-face{font-family:FontAwesome;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713);src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix&v=4.7.0) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#fontawesomeregular) format("svg");font-weight:400;font-style:normal}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14286em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14286em;width:2.14286em;top:.14286em;text-align:center}.fa-li.fa-lg{left:-1.85714em}.fa-border{padding:.2em .25em .15em;border:.08em solid #eee;border-radius:.1em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa-pull-left.icon,.fa.fa-pull-left,.rst-content .code-block-caption .fa-pull-left.headerlink,.rst-content .eqno .fa-pull-left.headerlink,.rst-content .fa-pull-left.admonition-title,.rst-content code.download span.fa-pull-left:first-child,.rst-content dl dt .fa-pull-left.headerlink,.rst-content h1 .fa-pull-left.headerlink,.rst-content h2 .fa-pull-left.headerlink,.rst-content h3 .fa-pull-left.headerlink,.rst-content h4 .fa-pull-left.headerlink,.rst-content h5 .fa-pull-left.headerlink,.rst-content h6 .fa-pull-left.headerlink,.rst-content p .fa-pull-left.headerlink,.rst-content table>caption .fa-pull-left.headerlink,.rst-content tt.download span.fa-pull-left:first-child,.wy-menu-vertical li.current>a button.fa-pull-left.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-left.toctree-expand,.wy-menu-vertical li button.fa-pull-left.toctree-expand{margin-right:.3em}.fa-pull-right.icon,.fa.fa-pull-right,.rst-content .code-block-caption .fa-pull-right.headerlink,.rst-content .eqno .fa-pull-right.headerlink,.rst-content .fa-pull-right.admonition-title,.rst-content code.download span.fa-pull-right:first-child,.rst-content dl dt .fa-pull-right.headerlink,.rst-content h1 .fa-pull-right.headerlink,.rst-content h2 .fa-pull-right.headerlink,.rst-content h3 .fa-pull-right.headerlink,.rst-content h4 .fa-pull-right.headerlink,.rst-content h5 .fa-pull-right.headerlink,.rst-content h6 .fa-pull-right.headerlink,.rst-content p .fa-pull-right.headerlink,.rst-content table>caption .fa-pull-right.headerlink,.rst-content tt.download span.fa-pull-right:first-child,.wy-menu-vertical li.current>a button.fa-pull-right.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-right.toctree-expand,.wy-menu-vertical li button.fa-pull-right.toctree-expand{margin-left:.3em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left,.pull-left.icon,.rst-content .code-block-caption .pull-left.headerlink,.rst-content .eqno .pull-left.headerlink,.rst-content .pull-left.admonition-title,.rst-content code.download span.pull-left:first-child,.rst-content dl dt .pull-left.headerlink,.rst-content h1 .pull-left.headerlink,.rst-content h2 .pull-left.headerlink,.rst-content h3 .pull-left.headerlink,.rst-content h4 .pull-left.headerlink,.rst-content h5 .pull-left.headerlink,.rst-content h6 .pull-left.headerlink,.rst-content p .pull-left.headerlink,.rst-content table>caption .pull-left.headerlink,.rst-content tt.download span.pull-left:first-child,.wy-menu-vertical li.current>a button.pull-left.toctree-expand,.wy-menu-vertical li.on a button.pull-left.toctree-expand,.wy-menu-vertical li button.pull-left.toctree-expand{margin-right:.3em}.fa.pull-right,.pull-right.icon,.rst-content .code-block-caption .pull-right.headerlink,.rst-content .eqno .pull-right.headerlink,.rst-content .pull-right.admonition-title,.rst-content code.download span.pull-right:first-child,.rst-content dl dt .pull-right.headerlink,.rst-content h1 .pull-right.headerlink,.rst-content h2 .pull-right.headerlink,.rst-content h3 .pull-right.headerlink,.rst-content h4 .pull-right.headerlink,.rst-content h5 .pull-right.headerlink,.rst-content h6 .pull-right.headerlink,.rst-content p .pull-right.headerlink,.rst-content table>caption .pull-right.headerlink,.rst-content tt.download span.pull-right:first-child,.wy-menu-vertical li.current>a button.pull-right.toctree-expand,.wy-menu-vertical li.on a button.pull-right.toctree-expand,.wy-menu-vertical li button.pull-right.toctree-expand{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);-ms-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);-ms-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";-webkit-transform:scaleY(-1);-ms-transform:scaleY(-1);transform:scaleY(-1)}:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{filter:none}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:""}.fa-music:before{content:""}.fa-search:before,.icon-search:before{content:""}.fa-envelope-o:before{content:""}.fa-heart:before{content:""}.fa-star:before{content:""}.fa-star-o:before{content:""}.fa-user:before{content:""}.fa-film:before{content:""}.fa-th-large:before{content:""}.fa-th:before{content:""}.fa-th-list:before{content:""}.fa-check:before{content:""}.fa-close:before,.fa-remove:before,.fa-times:before{content:""}.fa-search-plus:before{content:""}.fa-search-minus:before{content:""}.fa-power-off:before{content:""}.fa-signal:before{content:""}.fa-cog:before,.fa-gear:before{content:""}.fa-trash-o:before{content:""}.fa-home:before,.icon-home:before{content:""}.fa-file-o:before{content:""}.fa-clock-o:before{content:""}.fa-road:before{content:""}.fa-download:before,.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{content:""}.fa-arrow-circle-o-down:before{content:""}.fa-arrow-circle-o-up:before{content:""}.fa-inbox:before{content:""}.fa-play-circle-o:before{content:""}.fa-repeat:before,.fa-rotate-right:before{content:""}.fa-refresh:before{content:""}.fa-list-alt:before{content:""}.fa-lock:before{content:""}.fa-flag:before{content:""}.fa-headphones:before{content:""}.fa-volume-off:before{content:""}.fa-volume-down:before{content:""}.fa-volume-up:before{content:""}.fa-qrcode:before{content:""}.fa-barcode:before{content:""}.fa-tag:before{content:""}.fa-tags:before{content:""}.fa-book:before,.icon-book:before{content:""}.fa-bookmark:before{content:""}.fa-print:before{content:""}.fa-camera:before{content:""}.fa-font:before{content:""}.fa-bold:before{content:""}.fa-italic:before{content:""}.fa-text-height:before{content:""}.fa-text-width:before{content:""}.fa-align-left:before{content:""}.fa-align-center:before{content:""}.fa-align-right:before{content:""}.fa-align-justify:before{content:""}.fa-list:before{content:""}.fa-dedent:before,.fa-outdent:before{content:""}.fa-indent:before{content:""}.fa-video-camera:before{content:""}.fa-image:before,.fa-photo:before,.fa-picture-o:before{content:""}.fa-pencil:before{content:""}.fa-map-marker:before{content:""}.fa-adjust:before{content:""}.fa-tint:before{content:""}.fa-edit:before,.fa-pencil-square-o:before{content:""}.fa-share-square-o:before{content:""}.fa-check-square-o:before{content:""}.fa-arrows:before{content:""}.fa-step-backward:before{content:""}.fa-fast-backward:before{content:""}.fa-backward:before{content:""}.fa-play:before{content:""}.fa-pause:before{content:""}.fa-stop:before{content:""}.fa-forward:before{content:""}.fa-fast-forward:before{content:""}.fa-step-forward:before{content:""}.fa-eject:before{content:""}.fa-chevron-left:before{content:""}.fa-chevron-right:before{content:""}.fa-plus-circle:before{content:""}.fa-minus-circle:before{content:""}.fa-times-circle:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before{content:""}.fa-check-circle:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before{content:""}.fa-question-circle:before{content:""}.fa-info-circle:before{content:""}.fa-crosshairs:before{content:""}.fa-times-circle-o:before{content:""}.fa-check-circle-o:before{content:""}.fa-ban:before{content:""}.fa-arrow-left:before{content:""}.fa-arrow-right:before{content:""}.fa-arrow-up:before{content:""}.fa-arrow-down:before{content:""}.fa-mail-forward:before,.fa-share:before{content:""}.fa-expand:before{content:""}.fa-compress:before{content:""}.fa-plus:before{content:""}.fa-minus:before{content:""}.fa-asterisk:before{content:""}.fa-exclamation-circle:before,.rst-content .admonition-title:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before{content:""}.fa-gift:before{content:""}.fa-leaf:before{content:""}.fa-fire:before,.icon-fire:before{content:""}.fa-eye:before{content:""}.fa-eye-slash:before{content:""}.fa-exclamation-triangle:before,.fa-warning:before{content:""}.fa-plane:before{content:""}.fa-calendar:before{content:""}.fa-random:before{content:""}.fa-comment:before{content:""}.fa-magnet:before{content:""}.fa-chevron-up:before{content:""}.fa-chevron-down:before{content:""}.fa-retweet:before{content:""}.fa-shopping-cart:before{content:""}.fa-folder:before{content:""}.fa-folder-open:before{content:""}.fa-arrows-v:before{content:""}.fa-arrows-h:before{content:""}.fa-bar-chart-o:before,.fa-bar-chart:before{content:""}.fa-twitter-square:before{content:""}.fa-facebook-square:before{content:""}.fa-camera-retro:before{content:""}.fa-key:before{content:""}.fa-cogs:before,.fa-gears:before{content:""}.fa-comments:before{content:""}.fa-thumbs-o-up:before{content:""}.fa-thumbs-o-down:before{content:""}.fa-star-half:before{content:""}.fa-heart-o:before{content:""}.fa-sign-out:before{content:""}.fa-linkedin-square:before{content:""}.fa-thumb-tack:before{content:""}.fa-external-link:before{content:""}.fa-sign-in:before{content:""}.fa-trophy:before{content:""}.fa-github-square:before{content:""}.fa-upload:before{content:""}.fa-lemon-o:before{content:""}.fa-phone:before{content:""}.fa-square-o:before{content:""}.fa-bookmark-o:before{content:""}.fa-phone-square:before{content:""}.fa-twitter:before{content:""}.fa-facebook-f:before,.fa-facebook:before{content:""}.fa-github:before,.icon-github:before{content:""}.fa-unlock:before{content:""}.fa-credit-card:before{content:""}.fa-feed:before,.fa-rss:before{content:""}.fa-hdd-o:before{content:""}.fa-bullhorn:before{content:""}.fa-bell:before{content:""}.fa-certificate:before{content:""}.fa-hand-o-right:before{content:""}.fa-hand-o-left:before{content:""}.fa-hand-o-up:before{content:""}.fa-hand-o-down:before{content:""}.fa-arrow-circle-left:before,.icon-circle-arrow-left:before{content:""}.fa-arrow-circle-right:before,.icon-circle-arrow-right:before{content:""}.fa-arrow-circle-up:before{content:""}.fa-arrow-circle-down:before{content:""}.fa-globe:before{content:""}.fa-wrench:before{content:""}.fa-tasks:before{content:""}.fa-filter:before{content:""}.fa-briefcase:before{content:""}.fa-arrows-alt:before{content:""}.fa-group:before,.fa-users:before{content:""}.fa-chain:before,.fa-link:before,.icon-link:before{content:""}.fa-cloud:before{content:""}.fa-flask:before{content:""}.fa-cut:before,.fa-scissors:before{content:""}.fa-copy:before,.fa-files-o:before{content:""}.fa-paperclip:before{content:""}.fa-floppy-o:before,.fa-save:before{content:""}.fa-square:before{content:""}.fa-bars:before,.fa-navicon:before,.fa-reorder:before{content:""}.fa-list-ul:before{content:""}.fa-list-ol:before{content:""}.fa-strikethrough:before{content:""}.fa-underline:before{content:""}.fa-table:before{content:""}.fa-magic:before{content:""}.fa-truck:before{content:""}.fa-pinterest:before{content:""}.fa-pinterest-square:before{content:""}.fa-google-plus-square:before{content:""}.fa-google-plus:before{content:""}.fa-money:before{content:""}.fa-caret-down:before,.icon-caret-down:before,.wy-dropdown .caret:before{content:""}.fa-caret-up:before{content:""}.fa-caret-left:before{content:""}.fa-caret-right:before{content:""}.fa-columns:before{content:""}.fa-sort:before,.fa-unsorted:before{content:""}.fa-sort-desc:before,.fa-sort-down:before{content:""}.fa-sort-asc:before,.fa-sort-up:before{content:""}.fa-envelope:before{content:""}.fa-linkedin:before{content:""}.fa-rotate-left:before,.fa-undo:before{content:""}.fa-gavel:before,.fa-legal:before{content:""}.fa-dashboard:before,.fa-tachometer:before{content:""}.fa-comment-o:before{content:""}.fa-comments-o:before{content:""}.fa-bolt:before,.fa-flash:before{content:""}.fa-sitemap:before{content:""}.fa-umbrella:before{content:""}.fa-clipboard:before,.fa-paste:before{content:""}.fa-lightbulb-o:before{content:""}.fa-exchange:before{content:""}.fa-cloud-download:before{content:""}.fa-cloud-upload:before{content:""}.fa-user-md:before{content:""}.fa-stethoscope:before{content:""}.fa-suitcase:before{content:""}.fa-bell-o:before{content:""}.fa-coffee:before{content:""}.fa-cutlery:before{content:""}.fa-file-text-o:before{content:""}.fa-building-o:before{content:""}.fa-hospital-o:before{content:""}.fa-ambulance:before{content:""}.fa-medkit:before{content:""}.fa-fighter-jet:before{content:""}.fa-beer:before{content:""}.fa-h-square:before{content:""}.fa-plus-square:before{content:""}.fa-angle-double-left:before{content:""}.fa-angle-double-right:before{content:""}.fa-angle-double-up:before{content:""}.fa-angle-double-down:before{content:""}.fa-angle-left:before{content:""}.fa-angle-right:before{content:""}.fa-angle-up:before{content:""}.fa-angle-down:before{content:""}.fa-desktop:before{content:""}.fa-laptop:before{content:""}.fa-tablet:before{content:""}.fa-mobile-phone:before,.fa-mobile:before{content:""}.fa-circle-o:before{content:""}.fa-quote-left:before{content:""}.fa-quote-right:before{content:""}.fa-spinner:before{content:""}.fa-circle:before{content:""}.fa-mail-reply:before,.fa-reply:before{content:""}.fa-github-alt:before{content:""}.fa-folder-o:before{content:""}.fa-folder-open-o:before{content:""}.fa-smile-o:before{content:""}.fa-frown-o:before{content:""}.fa-meh-o:before{content:""}.fa-gamepad:before{content:""}.fa-keyboard-o:before{content:""}.fa-flag-o:before{content:""}.fa-flag-checkered:before{content:""}.fa-terminal:before{content:""}.fa-code:before{content:""}.fa-mail-reply-all:before,.fa-reply-all:before{content:""}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:""}.fa-location-arrow:before{content:""}.fa-crop:before{content:""}.fa-code-fork:before{content:""}.fa-chain-broken:before,.fa-unlink:before{content:""}.fa-question:before{content:""}.fa-info:before{content:""}.fa-exclamation:before{content:""}.fa-superscript:before{content:""}.fa-subscript:before{content:""}.fa-eraser:before{content:""}.fa-puzzle-piece:before{content:""}.fa-microphone:before{content:""}.fa-microphone-slash:before{content:""}.fa-shield:before{content:""}.fa-calendar-o:before{content:""}.fa-fire-extinguisher:before{content:""}.fa-rocket:before{content:""}.fa-maxcdn:before{content:""}.fa-chevron-circle-left:before{content:""}.fa-chevron-circle-right:before{content:""}.fa-chevron-circle-up:before{content:""}.fa-chevron-circle-down:before{content:""}.fa-html5:before{content:""}.fa-css3:before{content:""}.fa-anchor:before{content:""}.fa-unlock-alt:before{content:""}.fa-bullseye:before{content:""}.fa-ellipsis-h:before{content:""}.fa-ellipsis-v:before{content:""}.fa-rss-square:before{content:""}.fa-play-circle:before{content:""}.fa-ticket:before{content:""}.fa-minus-square:before{content:""}.fa-minus-square-o:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before{content:""}.fa-level-up:before{content:""}.fa-level-down:before{content:""}.fa-check-square:before{content:""}.fa-pencil-square:before{content:""}.fa-external-link-square:before{content:""}.fa-share-square:before{content:""}.fa-compass:before{content:""}.fa-caret-square-o-down:before,.fa-toggle-down:before{content:""}.fa-caret-square-o-up:before,.fa-toggle-up:before{content:""}.fa-caret-square-o-right:before,.fa-toggle-right:before{content:""}.fa-eur:before,.fa-euro:before{content:""}.fa-gbp:before{content:""}.fa-dollar:before,.fa-usd:before{content:""}.fa-inr:before,.fa-rupee:before{content:""}.fa-cny:before,.fa-jpy:before,.fa-rmb:before,.fa-yen:before{content:""}.fa-rouble:before,.fa-rub:before,.fa-ruble:before{content:""}.fa-krw:before,.fa-won:before{content:""}.fa-bitcoin:before,.fa-btc:before{content:""}.fa-file:before{content:""}.fa-file-text:before{content:""}.fa-sort-alpha-asc:before{content:""}.fa-sort-alpha-desc:before{content:""}.fa-sort-amount-asc:before{content:""}.fa-sort-amount-desc:before{content:""}.fa-sort-numeric-asc:before{content:""}.fa-sort-numeric-desc:before{content:""}.fa-thumbs-up:before{content:""}.fa-thumbs-down:before{content:""}.fa-youtube-square:before{content:""}.fa-youtube:before{content:""}.fa-xing:before{content:""}.fa-xing-square:before{content:""}.fa-youtube-play:before{content:""}.fa-dropbox:before{content:""}.fa-stack-overflow:before{content:""}.fa-instagram:before{content:""}.fa-flickr:before{content:""}.fa-adn:before{content:""}.fa-bitbucket:before,.icon-bitbucket:before{content:""}.fa-bitbucket-square:before{content:""}.fa-tumblr:before{content:""}.fa-tumblr-square:before{content:""}.fa-long-arrow-down:before{content:""}.fa-long-arrow-up:before{content:""}.fa-long-arrow-left:before{content:""}.fa-long-arrow-right:before{content:""}.fa-apple:before{content:""}.fa-windows:before{content:""}.fa-android:before{content:""}.fa-linux:before{content:""}.fa-dribbble:before{content:""}.fa-skype:before{content:""}.fa-foursquare:before{content:""}.fa-trello:before{content:""}.fa-female:before{content:""}.fa-male:before{content:""}.fa-gittip:before,.fa-gratipay:before{content:""}.fa-sun-o:before{content:""}.fa-moon-o:before{content:""}.fa-archive:before{content:""}.fa-bug:before{content:""}.fa-vk:before{content:""}.fa-weibo:before{content:""}.fa-renren:before{content:""}.fa-pagelines:before{content:""}.fa-stack-exchange:before{content:""}.fa-arrow-circle-o-right:before{content:""}.fa-arrow-circle-o-left:before{content:""}.fa-caret-square-o-left:before,.fa-toggle-left:before{content:""}.fa-dot-circle-o:before{content:""}.fa-wheelchair:before{content:""}.fa-vimeo-square:before{content:""}.fa-try:before,.fa-turkish-lira:before{content:""}.fa-plus-square-o:before,.wy-menu-vertical li button.toctree-expand:before{content:""}.fa-space-shuttle:before{content:""}.fa-slack:before{content:""}.fa-envelope-square:before{content:""}.fa-wordpress:before{content:""}.fa-openid:before{content:""}.fa-bank:before,.fa-institution:before,.fa-university:before{content:""}.fa-graduation-cap:before,.fa-mortar-board:before{content:""}.fa-yahoo:before{content:""}.fa-google:before{content:""}.fa-reddit:before{content:""}.fa-reddit-square:before{content:""}.fa-stumbleupon-circle:before{content:""}.fa-stumbleupon:before{content:""}.fa-delicious:before{content:""}.fa-digg:before{content:""}.fa-pied-piper-pp:before{content:""}.fa-pied-piper-alt:before{content:""}.fa-drupal:before{content:""}.fa-joomla:before{content:""}.fa-language:before{content:""}.fa-fax:before{content:""}.fa-building:before{content:""}.fa-child:before{content:""}.fa-paw:before{content:""}.fa-spoon:before{content:""}.fa-cube:before{content:""}.fa-cubes:before{content:""}.fa-behance:before{content:""}.fa-behance-square:before{content:""}.fa-steam:before{content:""}.fa-steam-square:before{content:""}.fa-recycle:before{content:""}.fa-automobile:before,.fa-car:before{content:""}.fa-cab:before,.fa-taxi:before{content:""}.fa-tree:before{content:""}.fa-spotify:before{content:""}.fa-deviantart:before{content:""}.fa-soundcloud:before{content:""}.fa-database:before{content:""}.fa-file-pdf-o:before{content:""}.fa-file-word-o:before{content:""}.fa-file-excel-o:before{content:""}.fa-file-powerpoint-o:before{content:""}.fa-file-image-o:before,.fa-file-photo-o:before,.fa-file-picture-o:before{content:""}.fa-file-archive-o:before,.fa-file-zip-o:before{content:""}.fa-file-audio-o:before,.fa-file-sound-o:before{content:""}.fa-file-movie-o:before,.fa-file-video-o:before{content:""}.fa-file-code-o:before{content:""}.fa-vine:before{content:""}.fa-codepen:before{content:""}.fa-jsfiddle:before{content:""}.fa-life-bouy:before,.fa-life-buoy:before,.fa-life-ring:before,.fa-life-saver:before,.fa-support:before{content:""}.fa-circle-o-notch:before{content:""}.fa-ra:before,.fa-rebel:before,.fa-resistance:before{content:""}.fa-empire:before,.fa-ge:before{content:""}.fa-git-square:before{content:""}.fa-git:before{content:""}.fa-hacker-news:before,.fa-y-combinator-square:before,.fa-yc-square:before{content:""}.fa-tencent-weibo:before{content:""}.fa-qq:before{content:""}.fa-wechat:before,.fa-weixin:before{content:""}.fa-paper-plane:before,.fa-send:before{content:""}.fa-paper-plane-o:before,.fa-send-o:before{content:""}.fa-history:before{content:""}.fa-circle-thin:before{content:""}.fa-header:before{content:""}.fa-paragraph:before{content:""}.fa-sliders:before{content:""}.fa-share-alt:before{content:""}.fa-share-alt-square:before{content:""}.fa-bomb:before{content:""}.fa-futbol-o:before,.fa-soccer-ball-o:before{content:""}.fa-tty:before{content:""}.fa-binoculars:before{content:""}.fa-plug:before{content:""}.fa-slideshare:before{content:""}.fa-twitch:before{content:""}.fa-yelp:before{content:""}.fa-newspaper-o:before{content:""}.fa-wifi:before{content:""}.fa-calculator:before{content:""}.fa-paypal:before{content:""}.fa-google-wallet:before{content:""}.fa-cc-visa:before{content:""}.fa-cc-mastercard:before{content:""}.fa-cc-discover:before{content:""}.fa-cc-amex:before{content:""}.fa-cc-paypal:before{content:""}.fa-cc-stripe:before{content:""}.fa-bell-slash:before{content:""}.fa-bell-slash-o:before{content:""}.fa-trash:before{content:""}.fa-copyright:before{content:""}.fa-at:before{content:""}.fa-eyedropper:before{content:""}.fa-paint-brush:before{content:""}.fa-birthday-cake:before{content:""}.fa-area-chart:before{content:""}.fa-pie-chart:before{content:""}.fa-line-chart:before{content:""}.fa-lastfm:before{content:""}.fa-lastfm-square:before{content:""}.fa-toggle-off:before{content:""}.fa-toggle-on:before{content:""}.fa-bicycle:before{content:""}.fa-bus:before{content:""}.fa-ioxhost:before{content:""}.fa-angellist:before{content:""}.fa-cc:before{content:""}.fa-ils:before,.fa-shekel:before,.fa-sheqel:before{content:""}.fa-meanpath:before{content:""}.fa-buysellads:before{content:""}.fa-connectdevelop:before{content:""}.fa-dashcube:before{content:""}.fa-forumbee:before{content:""}.fa-leanpub:before{content:""}.fa-sellsy:before{content:""}.fa-shirtsinbulk:before{content:""}.fa-simplybuilt:before{content:""}.fa-skyatlas:before{content:""}.fa-cart-plus:before{content:""}.fa-cart-arrow-down:before{content:""}.fa-diamond:before{content:""}.fa-ship:before{content:""}.fa-user-secret:before{content:""}.fa-motorcycle:before{content:""}.fa-street-view:before{content:""}.fa-heartbeat:before{content:""}.fa-venus:before{content:""}.fa-mars:before{content:""}.fa-mercury:before{content:""}.fa-intersex:before,.fa-transgender:before{content:""}.fa-transgender-alt:before{content:""}.fa-venus-double:before{content:""}.fa-mars-double:before{content:""}.fa-venus-mars:before{content:""}.fa-mars-stroke:before{content:""}.fa-mars-stroke-v:before{content:""}.fa-mars-stroke-h:before{content:""}.fa-neuter:before{content:""}.fa-genderless:before{content:""}.fa-facebook-official:before{content:""}.fa-pinterest-p:before{content:""}.fa-whatsapp:before{content:""}.fa-server:before{content:""}.fa-user-plus:before{content:""}.fa-user-times:before{content:""}.fa-bed:before,.fa-hotel:before{content:""}.fa-viacoin:before{content:""}.fa-train:before{content:""}.fa-subway:before{content:""}.fa-medium:before{content:""}.fa-y-combinator:before,.fa-yc:before{content:""}.fa-optin-monster:before{content:""}.fa-opencart:before{content:""}.fa-expeditedssl:before{content:""}.fa-battery-4:before,.fa-battery-full:before,.fa-battery:before{content:""}.fa-battery-3:before,.fa-battery-three-quarters:before{content:""}.fa-battery-2:before,.fa-battery-half:before{content:""}.fa-battery-1:before,.fa-battery-quarter:before{content:""}.fa-battery-0:before,.fa-battery-empty:before{content:""}.fa-mouse-pointer:before{content:""}.fa-i-cursor:before{content:""}.fa-object-group:before{content:""}.fa-object-ungroup:before{content:""}.fa-sticky-note:before{content:""}.fa-sticky-note-o:before{content:""}.fa-cc-jcb:before{content:""}.fa-cc-diners-club:before{content:""}.fa-clone:before{content:""}.fa-balance-scale:before{content:""}.fa-hourglass-o:before{content:""}.fa-hourglass-1:before,.fa-hourglass-start:before{content:""}.fa-hourglass-2:before,.fa-hourglass-half:before{content:""}.fa-hourglass-3:before,.fa-hourglass-end:before{content:""}.fa-hourglass:before{content:""}.fa-hand-grab-o:before,.fa-hand-rock-o:before{content:""}.fa-hand-paper-o:before,.fa-hand-stop-o:before{content:""}.fa-hand-scissors-o:before{content:""}.fa-hand-lizard-o:before{content:""}.fa-hand-spock-o:before{content:""}.fa-hand-pointer-o:before{content:""}.fa-hand-peace-o:before{content:""}.fa-trademark:before{content:""}.fa-registered:before{content:""}.fa-creative-commons:before{content:""}.fa-gg:before{content:""}.fa-gg-circle:before{content:""}.fa-tripadvisor:before{content:""}.fa-odnoklassniki:before{content:""}.fa-odnoklassniki-square:before{content:""}.fa-get-pocket:before{content:""}.fa-wikipedia-w:before{content:""}.fa-safari:before{content:""}.fa-chrome:before{content:""}.fa-firefox:before{content:""}.fa-opera:before{content:""}.fa-internet-explorer:before{content:""}.fa-television:before,.fa-tv:before{content:""}.fa-contao:before{content:""}.fa-500px:before{content:""}.fa-amazon:before{content:""}.fa-calendar-plus-o:before{content:""}.fa-calendar-minus-o:before{content:""}.fa-calendar-times-o:before{content:""}.fa-calendar-check-o:before{content:""}.fa-industry:before{content:""}.fa-map-pin:before{content:""}.fa-map-signs:before{content:""}.fa-map-o:before{content:""}.fa-map:before{content:""}.fa-commenting:before{content:""}.fa-commenting-o:before{content:""}.fa-houzz:before{content:""}.fa-vimeo:before{content:""}.fa-black-tie:before{content:""}.fa-fonticons:before{content:""}.fa-reddit-alien:before{content:""}.fa-edge:before{content:""}.fa-credit-card-alt:before{content:""}.fa-codiepie:before{content:""}.fa-modx:before{content:""}.fa-fort-awesome:before{content:""}.fa-usb:before{content:""}.fa-product-hunt:before{content:""}.fa-mixcloud:before{content:""}.fa-scribd:before{content:""}.fa-pause-circle:before{content:""}.fa-pause-circle-o:before{content:""}.fa-stop-circle:before{content:""}.fa-stop-circle-o:before{content:""}.fa-shopping-bag:before{content:""}.fa-shopping-basket:before{content:""}.fa-hashtag:before{content:""}.fa-bluetooth:before{content:""}.fa-bluetooth-b:before{content:""}.fa-percent:before{content:""}.fa-gitlab:before,.icon-gitlab:before{content:""}.fa-wpbeginner:before{content:""}.fa-wpforms:before{content:""}.fa-envira:before{content:""}.fa-universal-access:before{content:""}.fa-wheelchair-alt:before{content:""}.fa-question-circle-o:before{content:""}.fa-blind:before{content:""}.fa-audio-description:before{content:""}.fa-volume-control-phone:before{content:""}.fa-braille:before{content:""}.fa-assistive-listening-systems:before{content:""}.fa-american-sign-language-interpreting:before,.fa-asl-interpreting:before{content:""}.fa-deaf:before,.fa-deafness:before,.fa-hard-of-hearing:before{content:""}.fa-glide:before{content:""}.fa-glide-g:before{content:""}.fa-sign-language:before,.fa-signing:before{content:""}.fa-low-vision:before{content:""}.fa-viadeo:before{content:""}.fa-viadeo-square:before{content:""}.fa-snapchat:before{content:""}.fa-snapchat-ghost:before{content:""}.fa-snapchat-square:before{content:""}.fa-pied-piper:before{content:""}.fa-first-order:before{content:""}.fa-yoast:before{content:""}.fa-themeisle:before{content:""}.fa-google-plus-circle:before,.fa-google-plus-official:before{content:""}.fa-fa:before,.fa-font-awesome:before{content:""}.fa-handshake-o:before{content:""}.fa-envelope-open:before{content:""}.fa-envelope-open-o:before{content:""}.fa-linode:before{content:""}.fa-address-book:before{content:""}.fa-address-book-o:before{content:""}.fa-address-card:before,.fa-vcard:before{content:""}.fa-address-card-o:before,.fa-vcard-o:before{content:""}.fa-user-circle:before{content:""}.fa-user-circle-o:before{content:""}.fa-user-o:before{content:""}.fa-id-badge:before{content:""}.fa-drivers-license:before,.fa-id-card:before{content:""}.fa-drivers-license-o:before,.fa-id-card-o:before{content:""}.fa-quora:before{content:""}.fa-free-code-camp:before{content:""}.fa-telegram:before{content:""}.fa-thermometer-4:before,.fa-thermometer-full:before,.fa-thermometer:before{content:""}.fa-thermometer-3:before,.fa-thermometer-three-quarters:before{content:""}.fa-thermometer-2:before,.fa-thermometer-half:before{content:""}.fa-thermometer-1:before,.fa-thermometer-quarter:before{content:""}.fa-thermometer-0:before,.fa-thermometer-empty:before{content:""}.fa-shower:before{content:""}.fa-bath:before,.fa-bathtub:before,.fa-s15:before{content:""}.fa-podcast:before{content:""}.fa-window-maximize:before{content:""}.fa-window-minimize:before{content:""}.fa-window-restore:before{content:""}.fa-times-rectangle:before,.fa-window-close:before{content:""}.fa-times-rectangle-o:before,.fa-window-close-o:before{content:""}.fa-bandcamp:before{content:""}.fa-grav:before{content:""}.fa-etsy:before{content:""}.fa-imdb:before{content:""}.fa-ravelry:before{content:""}.fa-eercast:before{content:""}.fa-microchip:before{content:""}.fa-snowflake-o:before{content:""}.fa-superpowers:before{content:""}.fa-wpexplorer:before{content:""}.fa-meetup:before{content:""}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-dropdown .caret,.wy-inline-validate.wy-inline-validate-danger .wy-input-context,.wy-inline-validate.wy-inline-validate-info .wy-input-context,.wy-inline-validate.wy-inline-validate-success .wy-input-context,.wy-inline-validate.wy-inline-validate-warning .wy-input-context,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{font-family:inherit}.fa:before,.icon:before,.rst-content .admonition-title:before,.rst-content .code-block-caption .headerlink:before,.rst-content .eqno .headerlink:before,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before{font-family:FontAwesome;display:inline-block;font-style:normal;font-weight:400;line-height:1;text-decoration:inherit}.rst-content .code-block-caption a .headerlink,.rst-content .eqno a .headerlink,.rst-content a .admonition-title,.rst-content code.download a span:first-child,.rst-content dl dt a .headerlink,.rst-content h1 a .headerlink,.rst-content h2 a .headerlink,.rst-content h3 a .headerlink,.rst-content h4 a .headerlink,.rst-content h5 a .headerlink,.rst-content h6 a .headerlink,.rst-content p.caption a .headerlink,.rst-content p a .headerlink,.rst-content table>caption a .headerlink,.rst-content tt.download a span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li a button.toctree-expand,a .fa,a .icon,a .rst-content .admonition-title,a .rst-content .code-block-caption .headerlink,a .rst-content .eqno .headerlink,a .rst-content code.download span:first-child,a .rst-content dl dt .headerlink,a .rst-content h1 .headerlink,a .rst-content h2 .headerlink,a .rst-content h3 .headerlink,a .rst-content h4 .headerlink,a .rst-content h5 .headerlink,a .rst-content h6 .headerlink,a .rst-content p.caption .headerlink,a .rst-content p .headerlink,a .rst-content table>caption .headerlink,a .rst-content tt.download span:first-child,a .wy-menu-vertical li button.toctree-expand{display:inline-block;text-decoration:inherit}.btn .fa,.btn .icon,.btn .rst-content .admonition-title,.btn .rst-content .code-block-caption .headerlink,.btn .rst-content .eqno .headerlink,.btn .rst-content code.download span:first-child,.btn .rst-content dl dt .headerlink,.btn .rst-content h1 .headerlink,.btn .rst-content h2 .headerlink,.btn .rst-content h3 .headerlink,.btn .rst-content h4 .headerlink,.btn .rst-content h5 .headerlink,.btn .rst-content h6 .headerlink,.btn .rst-content p .headerlink,.btn .rst-content table>caption .headerlink,.btn .rst-content tt.download span:first-child,.btn .wy-menu-vertical li.current>a button.toctree-expand,.btn .wy-menu-vertical li.on a button.toctree-expand,.btn .wy-menu-vertical li button.toctree-expand,.nav .fa,.nav .icon,.nav .rst-content .admonition-title,.nav .rst-content .code-block-caption .headerlink,.nav .rst-content .eqno .headerlink,.nav .rst-content code.download span:first-child,.nav .rst-content dl dt .headerlink,.nav .rst-content h1 .headerlink,.nav .rst-content h2 .headerlink,.nav .rst-content h3 .headerlink,.nav .rst-content h4 .headerlink,.nav .rst-content h5 .headerlink,.nav .rst-content h6 .headerlink,.nav .rst-content p .headerlink,.nav .rst-content table>caption .headerlink,.nav .rst-content tt.download span:first-child,.nav .wy-menu-vertical li.current>a button.toctree-expand,.nav .wy-menu-vertical li.on a button.toctree-expand,.nav .wy-menu-vertical li button.toctree-expand,.rst-content .btn .admonition-title,.rst-content .code-block-caption .btn .headerlink,.rst-content .code-block-caption .nav .headerlink,.rst-content .eqno .btn .headerlink,.rst-content .eqno .nav .headerlink,.rst-content .nav .admonition-title,.rst-content code.download .btn span:first-child,.rst-content code.download .nav span:first-child,.rst-content dl dt .btn .headerlink,.rst-content dl dt .nav .headerlink,.rst-content h1 .btn .headerlink,.rst-content h1 .nav .headerlink,.rst-content h2 .btn .headerlink,.rst-content h2 .nav .headerlink,.rst-content h3 .btn .headerlink,.rst-content h3 .nav .headerlink,.rst-content h4 .btn .headerlink,.rst-content h4 .nav .headerlink,.rst-content h5 .btn .headerlink,.rst-content h5 .nav .headerlink,.rst-content h6 .btn .headerlink,.rst-content h6 .nav .headerlink,.rst-content p .btn .headerlink,.rst-content p .nav .headerlink,.rst-content table>caption .btn .headerlink,.rst-content table>caption .nav .headerlink,.rst-content tt.download .btn span:first-child,.rst-content tt.download .nav span:first-child,.wy-menu-vertical li .btn button.toctree-expand,.wy-menu-vertical li.current>a .btn button.toctree-expand,.wy-menu-vertical li.current>a .nav button.toctree-expand,.wy-menu-vertical li .nav button.toctree-expand,.wy-menu-vertical li.on a .btn button.toctree-expand,.wy-menu-vertical li.on a .nav button.toctree-expand{display:inline}.btn .fa-large.icon,.btn .fa.fa-large,.btn .rst-content .code-block-caption .fa-large.headerlink,.btn .rst-content .eqno .fa-large.headerlink,.btn .rst-content .fa-large.admonition-title,.btn .rst-content code.download span.fa-large:first-child,.btn .rst-content dl dt .fa-large.headerlink,.btn .rst-content h1 .fa-large.headerlink,.btn .rst-content h2 .fa-large.headerlink,.btn .rst-content h3 .fa-large.headerlink,.btn .rst-content h4 .fa-large.headerlink,.btn .rst-content h5 .fa-large.headerlink,.btn .rst-content h6 .fa-large.headerlink,.btn .rst-content p .fa-large.headerlink,.btn .rst-content table>caption .fa-large.headerlink,.btn .rst-content tt.download span.fa-large:first-child,.btn .wy-menu-vertical li button.fa-large.toctree-expand,.nav .fa-large.icon,.nav .fa.fa-large,.nav .rst-content .code-block-caption .fa-large.headerlink,.nav .rst-content .eqno .fa-large.headerlink,.nav .rst-content .fa-large.admonition-title,.nav .rst-content code.download span.fa-large:first-child,.nav .rst-content dl dt .fa-large.headerlink,.nav .rst-content h1 .fa-large.headerlink,.nav .rst-content h2 .fa-large.headerlink,.nav .rst-content h3 .fa-large.headerlink,.nav .rst-content h4 .fa-large.headerlink,.nav .rst-content h5 .fa-large.headerlink,.nav .rst-content h6 .fa-large.headerlink,.nav .rst-content p .fa-large.headerlink,.nav .rst-content table>caption .fa-large.headerlink,.nav .rst-content tt.download span.fa-large:first-child,.nav .wy-menu-vertical li button.fa-large.toctree-expand,.rst-content .btn .fa-large.admonition-title,.rst-content .code-block-caption .btn .fa-large.headerlink,.rst-content .code-block-caption .nav .fa-large.headerlink,.rst-content .eqno .btn .fa-large.headerlink,.rst-content .eqno .nav .fa-large.headerlink,.rst-content .nav .fa-large.admonition-title,.rst-content code.download .btn span.fa-large:first-child,.rst-content code.download .nav span.fa-large:first-child,.rst-content dl dt .btn .fa-large.headerlink,.rst-content dl dt .nav .fa-large.headerlink,.rst-content h1 .btn .fa-large.headerlink,.rst-content h1 .nav .fa-large.headerlink,.rst-content h2 .btn .fa-large.headerlink,.rst-content h2 .nav .fa-large.headerlink,.rst-content h3 .btn .fa-large.headerlink,.rst-content h3 .nav .fa-large.headerlink,.rst-content h4 .btn .fa-large.headerlink,.rst-content h4 .nav .fa-large.headerlink,.rst-content h5 .btn .fa-large.headerlink,.rst-content h5 .nav .fa-large.headerlink,.rst-content h6 .btn .fa-large.headerlink,.rst-content h6 .nav .fa-large.headerlink,.rst-content p .btn .fa-large.headerlink,.rst-content p .nav .fa-large.headerlink,.rst-content table>caption .btn .fa-large.headerlink,.rst-content table>caption .nav .fa-large.headerlink,.rst-content tt.download .btn span.fa-large:first-child,.rst-content tt.download .nav span.fa-large:first-child,.wy-menu-vertical li .btn button.fa-large.toctree-expand,.wy-menu-vertical li .nav button.fa-large.toctree-expand{line-height:.9em}.btn .fa-spin.icon,.btn .fa.fa-spin,.btn .rst-content .code-block-caption .fa-spin.headerlink,.btn .rst-content .eqno .fa-spin.headerlink,.btn .rst-content .fa-spin.admonition-title,.btn .rst-content code.download span.fa-spin:first-child,.btn .rst-content dl dt .fa-spin.headerlink,.btn .rst-content h1 .fa-spin.headerlink,.btn .rst-content h2 .fa-spin.headerlink,.btn .rst-content h3 .fa-spin.headerlink,.btn .rst-content h4 .fa-spin.headerlink,.btn .rst-content h5 .fa-spin.headerlink,.btn .rst-content h6 .fa-spin.headerlink,.btn .rst-content p .fa-spin.headerlink,.btn .rst-content table>caption .fa-spin.headerlink,.btn .rst-content tt.download span.fa-spin:first-child,.btn .wy-menu-vertical li button.fa-spin.toctree-expand,.nav .fa-spin.icon,.nav .fa.fa-spin,.nav .rst-content .code-block-caption .fa-spin.headerlink,.nav .rst-content .eqno .fa-spin.headerlink,.nav .rst-content .fa-spin.admonition-title,.nav .rst-content code.download span.fa-spin:first-child,.nav .rst-content dl dt .fa-spin.headerlink,.nav .rst-content h1 .fa-spin.headerlink,.nav .rst-content h2 .fa-spin.headerlink,.nav .rst-content h3 .fa-spin.headerlink,.nav .rst-content h4 .fa-spin.headerlink,.nav .rst-content h5 .fa-spin.headerlink,.nav .rst-content h6 .fa-spin.headerlink,.nav .rst-content p .fa-spin.headerlink,.nav .rst-content table>caption .fa-spin.headerlink,.nav .rst-content tt.download span.fa-spin:first-child,.nav .wy-menu-vertical li button.fa-spin.toctree-expand,.rst-content .btn .fa-spin.admonition-title,.rst-content .code-block-caption .btn .fa-spin.headerlink,.rst-content .code-block-caption .nav .fa-spin.headerlink,.rst-content .eqno .btn .fa-spin.headerlink,.rst-content .eqno .nav .fa-spin.headerlink,.rst-content .nav .fa-spin.admonition-title,.rst-content code.download .btn span.fa-spin:first-child,.rst-content code.download .nav span.fa-spin:first-child,.rst-content dl dt .btn .fa-spin.headerlink,.rst-content dl dt .nav .fa-spin.headerlink,.rst-content h1 .btn .fa-spin.headerlink,.rst-content h1 .nav .fa-spin.headerlink,.rst-content h2 .btn .fa-spin.headerlink,.rst-content h2 .nav .fa-spin.headerlink,.rst-content h3 .btn .fa-spin.headerlink,.rst-content h3 .nav .fa-spin.headerlink,.rst-content h4 .btn .fa-spin.headerlink,.rst-content h4 .nav .fa-spin.headerlink,.rst-content h5 .btn .fa-spin.headerlink,.rst-content h5 .nav .fa-spin.headerlink,.rst-content h6 .btn .fa-spin.headerlink,.rst-content h6 .nav .fa-spin.headerlink,.rst-content p .btn .fa-spin.headerlink,.rst-content p .nav .fa-spin.headerlink,.rst-content table>caption .btn .fa-spin.headerlink,.rst-content table>caption .nav .fa-spin.headerlink,.rst-content tt.download .btn span.fa-spin:first-child,.rst-content tt.download .nav span.fa-spin:first-child,.wy-menu-vertical li .btn button.fa-spin.toctree-expand,.wy-menu-vertical li .nav button.fa-spin.toctree-expand{display:inline-block}.btn.fa:before,.btn.icon:before,.rst-content .btn.admonition-title:before,.rst-content .code-block-caption .btn.headerlink:before,.rst-content .eqno .btn.headerlink:before,.rst-content code.download span.btn:first-child:before,.rst-content dl dt .btn.headerlink:before,.rst-content h1 .btn.headerlink:before,.rst-content h2 .btn.headerlink:before,.rst-content h3 .btn.headerlink:before,.rst-content h4 .btn.headerlink:before,.rst-content h5 .btn.headerlink:before,.rst-content h6 .btn.headerlink:before,.rst-content p .btn.headerlink:before,.rst-content table>caption .btn.headerlink:before,.rst-content tt.download span.btn:first-child:before,.wy-menu-vertical li button.btn.toctree-expand:before{opacity:.5;-webkit-transition:opacity .05s ease-in;-moz-transition:opacity .05s ease-in;transition:opacity .05s ease-in}.btn.fa:hover:before,.btn.icon:hover:before,.rst-content .btn.admonition-title:hover:before,.rst-content .code-block-caption .btn.headerlink:hover:before,.rst-content .eqno .btn.headerlink:hover:before,.rst-content code.download span.btn:first-child:hover:before,.rst-content dl dt .btn.headerlink:hover:before,.rst-content h1 .btn.headerlink:hover:before,.rst-content h2 .btn.headerlink:hover:before,.rst-content h3 .btn.headerlink:hover:before,.rst-content h4 .btn.headerlink:hover:before,.rst-content h5 .btn.headerlink:hover:before,.rst-content h6 .btn.headerlink:hover:before,.rst-content p .btn.headerlink:hover:before,.rst-content table>caption .btn.headerlink:hover:before,.rst-content tt.download span.btn:first-child:hover:before,.wy-menu-vertical li button.btn.toctree-expand:hover:before{opacity:1}.btn-mini .fa:before,.btn-mini .icon:before,.btn-mini .rst-content .admonition-title:before,.btn-mini .rst-content .code-block-caption .headerlink:before,.btn-mini .rst-content .eqno .headerlink:before,.btn-mini .rst-content code.download span:first-child:before,.btn-mini .rst-content dl dt .headerlink:before,.btn-mini .rst-content h1 .headerlink:before,.btn-mini .rst-content h2 .headerlink:before,.btn-mini .rst-content h3 .headerlink:before,.btn-mini .rst-content h4 .headerlink:before,.btn-mini .rst-content h5 .headerlink:before,.btn-mini .rst-content h6 .headerlink:before,.btn-mini .rst-content p .headerlink:before,.btn-mini .rst-content table>caption .headerlink:before,.btn-mini .rst-content tt.download span:first-child:before,.btn-mini .wy-menu-vertical li button.toctree-expand:before,.rst-content .btn-mini .admonition-title:before,.rst-content .code-block-caption .btn-mini .headerlink:before,.rst-content .eqno .btn-mini .headerlink:before,.rst-content code.download .btn-mini span:first-child:before,.rst-content dl dt .btn-mini .headerlink:before,.rst-content h1 .btn-mini .headerlink:before,.rst-content h2 .btn-mini .headerlink:before,.rst-content h3 .btn-mini .headerlink:before,.rst-content h4 .btn-mini .headerlink:before,.rst-content h5 .btn-mini .headerlink:before,.rst-content h6 .btn-mini .headerlink:before,.rst-content p .btn-mini .headerlink:before,.rst-content table>caption .btn-mini .headerlink:before,.rst-content tt.download .btn-mini span:first-child:before,.wy-menu-vertical li .btn-mini button.toctree-expand:before{font-size:14px;vertical-align:-15%}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.wy-alert{padding:12px;line-height:24px;margin-bottom:24px;background:#e7f2fa}.rst-content .admonition-title,.wy-alert-title{font-weight:700;display:block;color:#fff;background:#6ab0de;padding:6px 12px;margin:-12px -12px 12px}.rst-content .danger,.rst-content .error,.rst-content .wy-alert-danger.admonition,.rst-content .wy-alert-danger.admonition-todo,.rst-content .wy-alert-danger.attention,.rst-content .wy-alert-danger.caution,.rst-content .wy-alert-danger.hint,.rst-content .wy-alert-danger.important,.rst-content .wy-alert-danger.note,.rst-content .wy-alert-danger.seealso,.rst-content .wy-alert-danger.tip,.rst-content .wy-alert-danger.warning,.wy-alert.wy-alert-danger{background:#fdf3f2}.rst-content .danger .admonition-title,.rst-content .danger .wy-alert-title,.rst-content .error .admonition-title,.rst-content .error .wy-alert-title,.rst-content .wy-alert-danger.admonition-todo .admonition-title,.rst-content .wy-alert-danger.admonition-todo .wy-alert-title,.rst-content .wy-alert-danger.admonition .admonition-title,.rst-content .wy-alert-danger.admonition .wy-alert-title,.rst-content .wy-alert-danger.attention .admonition-title,.rst-content .wy-alert-danger.attention .wy-alert-title,.rst-content .wy-alert-danger.caution .admonition-title,.rst-content .wy-alert-danger.caution .wy-alert-title,.rst-content .wy-alert-danger.hint .admonition-title,.rst-content .wy-alert-danger.hint .wy-alert-title,.rst-content .wy-alert-danger.important .admonition-title,.rst-content .wy-alert-danger.important .wy-alert-title,.rst-content .wy-alert-danger.note .admonition-title,.rst-content .wy-alert-danger.note .wy-alert-title,.rst-content .wy-alert-danger.seealso .admonition-title,.rst-content .wy-alert-danger.seealso .wy-alert-title,.rst-content .wy-alert-danger.tip .admonition-title,.rst-content .wy-alert-danger.tip .wy-alert-title,.rst-content .wy-alert-danger.warning .admonition-title,.rst-content .wy-alert-danger.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-danger .admonition-title,.wy-alert.wy-alert-danger .rst-content .admonition-title,.wy-alert.wy-alert-danger .wy-alert-title{background:#f29f97}.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .warning,.rst-content .wy-alert-warning.admonition,.rst-content .wy-alert-warning.danger,.rst-content .wy-alert-warning.error,.rst-content .wy-alert-warning.hint,.rst-content .wy-alert-warning.important,.rst-content .wy-alert-warning.note,.rst-content .wy-alert-warning.seealso,.rst-content .wy-alert-warning.tip,.wy-alert.wy-alert-warning{background:#ffedcc}.rst-content .admonition-todo .admonition-title,.rst-content .admonition-todo .wy-alert-title,.rst-content .attention .admonition-title,.rst-content .attention .wy-alert-title,.rst-content .caution .admonition-title,.rst-content .caution .wy-alert-title,.rst-content .warning .admonition-title,.rst-content .warning .wy-alert-title,.rst-content .wy-alert-warning.admonition .admonition-title,.rst-content .wy-alert-warning.admonition .wy-alert-title,.rst-content .wy-alert-warning.danger .admonition-title,.rst-content .wy-alert-warning.danger .wy-alert-title,.rst-content .wy-alert-warning.error .admonition-title,.rst-content .wy-alert-warning.error .wy-alert-title,.rst-content .wy-alert-warning.hint .admonition-title,.rst-content .wy-alert-warning.hint .wy-alert-title,.rst-content .wy-alert-warning.important .admonition-title,.rst-content .wy-alert-warning.important .wy-alert-title,.rst-content .wy-alert-warning.note .admonition-title,.rst-content .wy-alert-warning.note .wy-alert-title,.rst-content .wy-alert-warning.seealso .admonition-title,.rst-content .wy-alert-warning.seealso .wy-alert-title,.rst-content .wy-alert-warning.tip .admonition-title,.rst-content .wy-alert-warning.tip .wy-alert-title,.rst-content .wy-alert.wy-alert-warning .admonition-title,.wy-alert.wy-alert-warning .rst-content .admonition-title,.wy-alert.wy-alert-warning .wy-alert-title{background:#f0b37e}.rst-content .note,.rst-content .seealso,.rst-content .wy-alert-info.admonition,.rst-content .wy-alert-info.admonition-todo,.rst-content .wy-alert-info.attention,.rst-content .wy-alert-info.caution,.rst-content .wy-alert-info.danger,.rst-content .wy-alert-info.error,.rst-content .wy-alert-info.hint,.rst-content .wy-alert-info.important,.rst-content .wy-alert-info.tip,.rst-content .wy-alert-info.warning,.wy-alert.wy-alert-info{background:#e7f2fa}.rst-content .note .admonition-title,.rst-content .note .wy-alert-title,.rst-content .seealso .admonition-title,.rst-content .seealso .wy-alert-title,.rst-content .wy-alert-info.admonition-todo .admonition-title,.rst-content .wy-alert-info.admonition-todo .wy-alert-title,.rst-content .wy-alert-info.admonition .admonition-title,.rst-content .wy-alert-info.admonition .wy-alert-title,.rst-content .wy-alert-info.attention .admonition-title,.rst-content .wy-alert-info.attention .wy-alert-title,.rst-content .wy-alert-info.caution .admonition-title,.rst-content .wy-alert-info.caution .wy-alert-title,.rst-content .wy-alert-info.danger .admonition-title,.rst-content .wy-alert-info.danger .wy-alert-title,.rst-content .wy-alert-info.error .admonition-title,.rst-content .wy-alert-info.error .wy-alert-title,.rst-content .wy-alert-info.hint .admonition-title,.rst-content .wy-alert-info.hint .wy-alert-title,.rst-content .wy-alert-info.important .admonition-title,.rst-content .wy-alert-info.important .wy-alert-title,.rst-content .wy-alert-info.tip .admonition-title,.rst-content .wy-alert-info.tip .wy-alert-title,.rst-content .wy-alert-info.warning .admonition-title,.rst-content .wy-alert-info.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-info .admonition-title,.wy-alert.wy-alert-info .rst-content .admonition-title,.wy-alert.wy-alert-info .wy-alert-title{background:#6ab0de}.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .wy-alert-success.admonition,.rst-content .wy-alert-success.admonition-todo,.rst-content .wy-alert-success.attention,.rst-content .wy-alert-success.caution,.rst-content .wy-alert-success.danger,.rst-content .wy-alert-success.error,.rst-content .wy-alert-success.note,.rst-content .wy-alert-success.seealso,.rst-content .wy-alert-success.warning,.wy-alert.wy-alert-success{background:#dbfaf4}.rst-content .hint .admonition-title,.rst-content .hint .wy-alert-title,.rst-content .important .admonition-title,.rst-content .important .wy-alert-title,.rst-content .tip .admonition-title,.rst-content .tip .wy-alert-title,.rst-content .wy-alert-success.admonition-todo .admonition-title,.rst-content .wy-alert-success.admonition-todo .wy-alert-title,.rst-content .wy-alert-success.admonition .admonition-title,.rst-content .wy-alert-success.admonition .wy-alert-title,.rst-content .wy-alert-success.attention .admonition-title,.rst-content .wy-alert-success.attention .wy-alert-title,.rst-content .wy-alert-success.caution .admonition-title,.rst-content .wy-alert-success.caution .wy-alert-title,.rst-content .wy-alert-success.danger .admonition-title,.rst-content .wy-alert-success.danger .wy-alert-title,.rst-content .wy-alert-success.error .admonition-title,.rst-content .wy-alert-success.error .wy-alert-title,.rst-content .wy-alert-success.note .admonition-title,.rst-content .wy-alert-success.note .wy-alert-title,.rst-content .wy-alert-success.seealso .admonition-title,.rst-content .wy-alert-success.seealso .wy-alert-title,.rst-content .wy-alert-success.warning .admonition-title,.rst-content .wy-alert-success.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-success .admonition-title,.wy-alert.wy-alert-success .rst-content .admonition-title,.wy-alert.wy-alert-success .wy-alert-title{background:#1abc9c}.rst-content .wy-alert-neutral.admonition,.rst-content .wy-alert-neutral.admonition-todo,.rst-content .wy-alert-neutral.attention,.rst-content .wy-alert-neutral.caution,.rst-content .wy-alert-neutral.danger,.rst-content .wy-alert-neutral.error,.rst-content .wy-alert-neutral.hint,.rst-content .wy-alert-neutral.important,.rst-content .wy-alert-neutral.note,.rst-content .wy-alert-neutral.seealso,.rst-content .wy-alert-neutral.tip,.rst-content .wy-alert-neutral.warning,.wy-alert.wy-alert-neutral{background:#f3f6f6}.rst-content .wy-alert-neutral.admonition-todo .admonition-title,.rst-content .wy-alert-neutral.admonition-todo .wy-alert-title,.rst-content .wy-alert-neutral.admonition .admonition-title,.rst-content .wy-alert-neutral.admonition .wy-alert-title,.rst-content .wy-alert-neutral.attention .admonition-title,.rst-content .wy-alert-neutral.attention .wy-alert-title,.rst-content .wy-alert-neutral.caution .admonition-title,.rst-content .wy-alert-neutral.caution .wy-alert-title,.rst-content .wy-alert-neutral.danger .admonition-title,.rst-content .wy-alert-neutral.danger .wy-alert-title,.rst-content .wy-alert-neutral.error .admonition-title,.rst-content .wy-alert-neutral.error .wy-alert-title,.rst-content .wy-alert-neutral.hint .admonition-title,.rst-content .wy-alert-neutral.hint .wy-alert-title,.rst-content .wy-alert-neutral.important .admonition-title,.rst-content .wy-alert-neutral.important .wy-alert-title,.rst-content .wy-alert-neutral.note .admonition-title,.rst-content .wy-alert-neutral.note .wy-alert-title,.rst-content .wy-alert-neutral.seealso .admonition-title,.rst-content .wy-alert-neutral.seealso .wy-alert-title,.rst-content .wy-alert-neutral.tip .admonition-title,.rst-content .wy-alert-neutral.tip .wy-alert-title,.rst-content .wy-alert-neutral.warning .admonition-title,.rst-content .wy-alert-neutral.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-neutral .admonition-title,.wy-alert.wy-alert-neutral .rst-content .admonition-title,.wy-alert.wy-alert-neutral .wy-alert-title{color:#404040;background:#e1e4e5}.rst-content .wy-alert-neutral.admonition-todo a,.rst-content .wy-alert-neutral.admonition a,.rst-content .wy-alert-neutral.attention a,.rst-content .wy-alert-neutral.caution a,.rst-content .wy-alert-neutral.danger a,.rst-content .wy-alert-neutral.error a,.rst-content .wy-alert-neutral.hint a,.rst-content .wy-alert-neutral.important a,.rst-content .wy-alert-neutral.note a,.rst-content .wy-alert-neutral.seealso a,.rst-content .wy-alert-neutral.tip a,.rst-content .wy-alert-neutral.warning a,.wy-alert.wy-alert-neutral a{color:#2980b9}.rst-content .admonition-todo p:last-child,.rst-content .admonition p:last-child,.rst-content .attention p:last-child,.rst-content .caution p:last-child,.rst-content .danger p:last-child,.rst-content .error p:last-child,.rst-content .hint p:last-child,.rst-content .important p:last-child,.rst-content .note p:last-child,.rst-content .seealso p:last-child,.rst-content .tip p:last-child,.rst-content .warning p:last-child,.wy-alert p:last-child{margin-bottom:0}.wy-tray-container{position:fixed;bottom:0;left:0;z-index:600}.wy-tray-container li{display:block;width:300px;background:transparent;color:#fff;text-align:center;box-shadow:0 5px 5px 0 rgba(0,0,0,.1);padding:0 24px;min-width:20%;opacity:0;height:0;line-height:56px;overflow:hidden;-webkit-transition:all .3s ease-in;-moz-transition:all .3s ease-in;transition:all .3s ease-in}.wy-tray-container li.wy-tray-item-success{background:#27ae60}.wy-tray-container li.wy-tray-item-info{background:#2980b9}.wy-tray-container li.wy-tray-item-warning{background:#e67e22}.wy-tray-container li.wy-tray-item-danger{background:#e74c3c}.wy-tray-container li.on{opacity:1;height:56px}@media screen and (max-width:768px){.wy-tray-container{bottom:auto;top:0;width:100%}.wy-tray-container li{width:100%}}button{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle;cursor:pointer;line-height:normal;-webkit-appearance:button;*overflow:visible}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}button[disabled]{cursor:default}.btn{display:inline-block;border-radius:2px;line-height:normal;white-space:nowrap;text-align:center;cursor:pointer;font-size:100%;padding:6px 12px 8px;color:#fff;border:1px solid rgba(0,0,0,.1);background-color:#27ae60;text-decoration:none;font-weight:400;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 2px -1px hsla(0,0%,100%,.5),inset 0 -2px 0 0 rgba(0,0,0,.1);outline-none:false;vertical-align:middle;*display:inline;zoom:1;-webkit-user-drag:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-transition:all .1s linear;-moz-transition:all .1s linear;transition:all .1s linear}.btn-hover{background:#2e8ece;color:#fff}.btn:hover{background:#2cc36b;color:#fff}.btn:focus{background:#2cc36b;outline:0}.btn:active{box-shadow:inset 0 -1px 0 0 rgba(0,0,0,.05),inset 0 2px 0 0 rgba(0,0,0,.1);padding:8px 12px 6px}.btn:visited{color:#fff}.btn-disabled,.btn-disabled:active,.btn-disabled:focus,.btn-disabled:hover,.btn:disabled{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:.4;cursor:not-allowed;box-shadow:none}.btn::-moz-focus-inner{padding:0;border:0}.btn-small{font-size:80%}.btn-info{background-color:#2980b9!important}.btn-info:hover{background-color:#2e8ece!important}.btn-neutral{background-color:#f3f6f6!important;color:#404040!important}.btn-neutral:hover{background-color:#e5ebeb!important;color:#404040}.btn-neutral:visited{color:#404040!important}.btn-success{background-color:#27ae60!important}.btn-success:hover{background-color:#295!important}.btn-danger{background-color:#e74c3c!important}.btn-danger:hover{background-color:#ea6153!important}.btn-warning{background-color:#e67e22!important}.btn-warning:hover{background-color:#e98b39!important}.btn-invert{background-color:#222}.btn-invert:hover{background-color:#2f2f2f!important}.btn-link{background-color:transparent!important;color:#2980b9;box-shadow:none;border-color:transparent!important}.btn-link:active,.btn-link:hover{background-color:transparent!important;color:#409ad5!important;box-shadow:none}.btn-link:visited{color:#9b59b6}.wy-btn-group .btn,.wy-control .btn{vertical-align:middle}.wy-btn-group{margin-bottom:24px;*zoom:1}.wy-btn-group:after,.wy-btn-group:before{display:table;content:""}.wy-btn-group:after{clear:both}.wy-dropdown{position:relative;display:inline-block}.wy-dropdown-active .wy-dropdown-menu{display:block}.wy-dropdown-menu{position:absolute;left:0;display:none;float:left;top:100%;min-width:100%;background:#fcfcfc;z-index:100;border:1px solid #cfd7dd;box-shadow:0 2px 2px 0 rgba(0,0,0,.1);padding:12px}.wy-dropdown-menu>dd>a{display:block;clear:both;color:#404040;white-space:nowrap;font-size:90%;padding:0 12px;cursor:pointer}.wy-dropdown-menu>dd>a:hover{background:#2980b9;color:#fff}.wy-dropdown-menu>dd.divider{border-top:1px solid #cfd7dd;margin:6px 0}.wy-dropdown-menu>dd.search{padding-bottom:12px}.wy-dropdown-menu>dd.search input[type=search]{width:100%}.wy-dropdown-menu>dd.call-to-action{background:#e3e3e3;text-transform:uppercase;font-weight:500;font-size:80%}.wy-dropdown-menu>dd.call-to-action:hover{background:#e3e3e3}.wy-dropdown-menu>dd.call-to-action .btn{color:#fff}.wy-dropdown.wy-dropdown-up .wy-dropdown-menu{bottom:100%;top:auto;left:auto;right:0}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu{background:#fcfcfc;margin-top:2px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a{padding:6px 12px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a:hover{background:#2980b9;color:#fff}.wy-dropdown.wy-dropdown-left .wy-dropdown-menu{right:0;left:auto;text-align:right}.wy-dropdown-arrow:before{content:" ";border-bottom:5px solid #f5f5f5;border-left:5px solid transparent;border-right:5px solid transparent;position:absolute;display:block;top:-4px;left:50%;margin-left:-3px}.wy-dropdown-arrow.wy-dropdown-arrow-left:before{left:11px}.wy-form-stacked select{display:block}.wy-form-aligned .wy-help-inline,.wy-form-aligned input,.wy-form-aligned label,.wy-form-aligned select,.wy-form-aligned textarea{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-form-aligned .wy-control-group>label{display:inline-block;vertical-align:middle;width:10em;margin:6px 12px 0 0;float:left}.wy-form-aligned .wy-control{float:left}.wy-form-aligned .wy-control label{display:block}.wy-form-aligned .wy-control select{margin-top:6px}fieldset{margin:0}fieldset,legend{border:0;padding:0}legend{width:100%;white-space:normal;margin-bottom:24px;font-size:150%;*margin-left:-7px}label,legend{display:block}label{margin:0 0 .3125em;color:#333;font-size:90%}input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}.wy-control-group{margin-bottom:24px;max-width:1200px;margin-left:auto;margin-right:auto;*zoom:1}.wy-control-group:after,.wy-control-group:before{display:table;content:""}.wy-control-group:after{clear:both}.wy-control-group.wy-control-group-required>label:after{content:" *";color:#e74c3c}.wy-control-group .wy-form-full,.wy-control-group .wy-form-halves,.wy-control-group .wy-form-thirds{padding-bottom:12px}.wy-control-group .wy-form-full input[type=color],.wy-control-group .wy-form-full input[type=date],.wy-control-group .wy-form-full input[type=datetime-local],.wy-control-group .wy-form-full input[type=datetime],.wy-control-group .wy-form-full input[type=email],.wy-control-group .wy-form-full input[type=month],.wy-control-group .wy-form-full input[type=number],.wy-control-group .wy-form-full input[type=password],.wy-control-group .wy-form-full input[type=search],.wy-control-group .wy-form-full input[type=tel],.wy-control-group .wy-form-full input[type=text],.wy-control-group .wy-form-full input[type=time],.wy-control-group .wy-form-full input[type=url],.wy-control-group .wy-form-full input[type=week],.wy-control-group .wy-form-full select,.wy-control-group .wy-form-halves input[type=color],.wy-control-group .wy-form-halves input[type=date],.wy-control-group .wy-form-halves input[type=datetime-local],.wy-control-group .wy-form-halves input[type=datetime],.wy-control-group .wy-form-halves input[type=email],.wy-control-group .wy-form-halves input[type=month],.wy-control-group .wy-form-halves input[type=number],.wy-control-group .wy-form-halves input[type=password],.wy-control-group .wy-form-halves input[type=search],.wy-control-group .wy-form-halves input[type=tel],.wy-control-group .wy-form-halves input[type=text],.wy-control-group .wy-form-halves input[type=time],.wy-control-group .wy-form-halves input[type=url],.wy-control-group .wy-form-halves input[type=week],.wy-control-group .wy-form-halves select,.wy-control-group .wy-form-thirds input[type=color],.wy-control-group .wy-form-thirds input[type=date],.wy-control-group .wy-form-thirds input[type=datetime-local],.wy-control-group .wy-form-thirds input[type=datetime],.wy-control-group .wy-form-thirds input[type=email],.wy-control-group .wy-form-thirds input[type=month],.wy-control-group .wy-form-thirds input[type=number],.wy-control-group .wy-form-thirds input[type=password],.wy-control-group .wy-form-thirds input[type=search],.wy-control-group .wy-form-thirds input[type=tel],.wy-control-group .wy-form-thirds input[type=text],.wy-control-group .wy-form-thirds input[type=time],.wy-control-group .wy-form-thirds input[type=url],.wy-control-group .wy-form-thirds input[type=week],.wy-control-group .wy-form-thirds select{width:100%}.wy-control-group .wy-form-full{float:left;display:block;width:100%;margin-right:0}.wy-control-group .wy-form-full:last-child{margin-right:0}.wy-control-group .wy-form-halves{float:left;display:block;margin-right:2.35765%;width:48.82117%}.wy-control-group .wy-form-halves:last-child,.wy-control-group .wy-form-halves:nth-of-type(2n){margin-right:0}.wy-control-group .wy-form-halves:nth-of-type(odd){clear:left}.wy-control-group .wy-form-thirds{float:left;display:block;margin-right:2.35765%;width:31.76157%}.wy-control-group .wy-form-thirds:last-child,.wy-control-group .wy-form-thirds:nth-of-type(3n){margin-right:0}.wy-control-group .wy-form-thirds:nth-of-type(3n+1){clear:left}.wy-control-group.wy-control-group-no-input .wy-control,.wy-control-no-input{margin:6px 0 0;font-size:90%}.wy-control-no-input{display:inline-block}.wy-control-group.fluid-input input[type=color],.wy-control-group.fluid-input input[type=date],.wy-control-group.fluid-input input[type=datetime-local],.wy-control-group.fluid-input input[type=datetime],.wy-control-group.fluid-input input[type=email],.wy-control-group.fluid-input input[type=month],.wy-control-group.fluid-input input[type=number],.wy-control-group.fluid-input input[type=password],.wy-control-group.fluid-input input[type=search],.wy-control-group.fluid-input input[type=tel],.wy-control-group.fluid-input input[type=text],.wy-control-group.fluid-input input[type=time],.wy-control-group.fluid-input input[type=url],.wy-control-group.fluid-input input[type=week]{width:100%}.wy-form-message-inline{padding-left:.3em;color:#666;font-size:90%}.wy-form-message{display:block;color:#999;font-size:70%;margin-top:.3125em;font-style:italic}.wy-form-message p{font-size:inherit;font-style:italic;margin-bottom:6px}.wy-form-message p:last-child{margin-bottom:0}input{line-height:normal}input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;*overflow:visible}input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week]{-webkit-appearance:none;padding:6px;display:inline-block;border:1px solid #ccc;font-size:80%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 3px #ddd;border-radius:0;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}input[type=datetime-local]{padding:.34375em .625em}input[disabled]{cursor:default}input[type=checkbox],input[type=radio]{padding:0;margin-right:.3125em;*height:13px;*width:13px}input[type=checkbox],input[type=radio],input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input[type=color]:focus,input[type=date]:focus,input[type=datetime-local]:focus,input[type=datetime]:focus,input[type=email]:focus,input[type=month]:focus,input[type=number]:focus,input[type=password]:focus,input[type=search]:focus,input[type=tel]:focus,input[type=text]:focus,input[type=time]:focus,input[type=url]:focus,input[type=week]:focus{outline:0;outline:thin dotted\9;border-color:#333}input.no-focus:focus{border-color:#ccc!important}input[type=checkbox]:focus,input[type=file]:focus,input[type=radio]:focus{outline:thin dotted #333;outline:1px auto #129fea}input[type=color][disabled],input[type=date][disabled],input[type=datetime-local][disabled],input[type=datetime][disabled],input[type=email][disabled],input[type=month][disabled],input[type=number][disabled],input[type=password][disabled],input[type=search][disabled],input[type=tel][disabled],input[type=text][disabled],input[type=time][disabled],input[type=url][disabled],input[type=week][disabled]{cursor:not-allowed;background-color:#fafafa}input:focus:invalid,select:focus:invalid,textarea:focus:invalid{color:#e74c3c;border:1px solid #e74c3c}input:focus:invalid:focus,select:focus:invalid:focus,textarea:focus:invalid:focus{border-color:#e74c3c}input[type=checkbox]:focus:invalid:focus,input[type=file]:focus:invalid:focus,input[type=radio]:focus:invalid:focus{outline-color:#e74c3c}input.wy-input-large{padding:12px;font-size:100%}textarea{overflow:auto;vertical-align:top;width:100%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif}select,textarea{padding:.5em .625em;display:inline-block;border:1px solid #ccc;font-size:80%;box-shadow:inset 0 1px 3px #ddd;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}select{border:1px solid #ccc;background-color:#fff}select[multiple]{height:auto}select:focus,textarea:focus{outline:0}input[readonly],select[disabled],select[readonly],textarea[disabled],textarea[readonly]{cursor:not-allowed;background-color:#fafafa}input[type=checkbox][disabled],input[type=radio][disabled]{cursor:not-allowed}.wy-checkbox,.wy-radio{margin:6px 0;color:#404040;display:block}.wy-checkbox input,.wy-radio input{vertical-align:baseline}.wy-form-message-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-input-prefix,.wy-input-suffix{white-space:nowrap;padding:6px}.wy-input-prefix .wy-input-context,.wy-input-suffix .wy-input-context{line-height:27px;padding:0 8px;display:inline-block;font-size:80%;background-color:#f3f6f6;border:1px solid #ccc;color:#999}.wy-input-suffix .wy-input-context{border-left:0}.wy-input-prefix .wy-input-context{border-right:0}.wy-switch{position:relative;display:block;height:24px;margin-top:12px;cursor:pointer}.wy-switch:before{left:0;top:0;width:36px;height:12px;background:#ccc}.wy-switch:after,.wy-switch:before{position:absolute;content:"";display:block;border-radius:4px;-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.wy-switch:after{width:18px;height:18px;background:#999;left:-3px;top:-3px}.wy-switch span{position:absolute;left:48px;display:block;font-size:12px;color:#ccc;line-height:1}.wy-switch.active:before{background:#1e8449}.wy-switch.active:after{left:24px;background:#27ae60}.wy-switch.disabled{cursor:not-allowed;opacity:.8}.wy-control-group.wy-control-group-error .wy-form-message,.wy-control-group.wy-control-group-error>label{color:#e74c3c}.wy-control-group.wy-control-group-error input[type=color],.wy-control-group.wy-control-group-error input[type=date],.wy-control-group.wy-control-group-error input[type=datetime-local],.wy-control-group.wy-control-group-error input[type=datetime],.wy-control-group.wy-control-group-error input[type=email],.wy-control-group.wy-control-group-error input[type=month],.wy-control-group.wy-control-group-error input[type=number],.wy-control-group.wy-control-group-error input[type=password],.wy-control-group.wy-control-group-error input[type=search],.wy-control-group.wy-control-group-error input[type=tel],.wy-control-group.wy-control-group-error input[type=text],.wy-control-group.wy-control-group-error input[type=time],.wy-control-group.wy-control-group-error input[type=url],.wy-control-group.wy-control-group-error input[type=week],.wy-control-group.wy-control-group-error textarea{border:1px solid #e74c3c}.wy-inline-validate{white-space:nowrap}.wy-inline-validate .wy-input-context{padding:.5em .625em;display:inline-block;font-size:80%}.wy-inline-validate.wy-inline-validate-success .wy-input-context{color:#27ae60}.wy-inline-validate.wy-inline-validate-danger .wy-input-context{color:#e74c3c}.wy-inline-validate.wy-inline-validate-warning .wy-input-context{color:#e67e22}.wy-inline-validate.wy-inline-validate-info .wy-input-context{color:#2980b9}.rotate-90{-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.rotate-180{-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.rotate-270{-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.mirror{-webkit-transform:scaleX(-1);-moz-transform:scaleX(-1);-ms-transform:scaleX(-1);-o-transform:scaleX(-1);transform:scaleX(-1)}.mirror.rotate-90{-webkit-transform:scaleX(-1) rotate(90deg);-moz-transform:scaleX(-1) rotate(90deg);-ms-transform:scaleX(-1) rotate(90deg);-o-transform:scaleX(-1) rotate(90deg);transform:scaleX(-1) rotate(90deg)}.mirror.rotate-180{-webkit-transform:scaleX(-1) rotate(180deg);-moz-transform:scaleX(-1) rotate(180deg);-ms-transform:scaleX(-1) rotate(180deg);-o-transform:scaleX(-1) rotate(180deg);transform:scaleX(-1) rotate(180deg)}.mirror.rotate-270{-webkit-transform:scaleX(-1) rotate(270deg);-moz-transform:scaleX(-1) rotate(270deg);-ms-transform:scaleX(-1) rotate(270deg);-o-transform:scaleX(-1) rotate(270deg);transform:scaleX(-1) rotate(270deg)}@media only screen and (max-width:480px){.wy-form button[type=submit]{margin:.7em 0 0}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=text],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week],.wy-form label{margin-bottom:.3em;display:block}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week]{margin-bottom:0}.wy-form-aligned .wy-control-group label{margin-bottom:.3em;text-align:left;display:block;width:100%}.wy-form-aligned .wy-control{margin:1.5em 0 0}.wy-form-message,.wy-form-message-inline,.wy-form .wy-help-inline{display:block;font-size:80%;padding:6px 0}}@media screen and (max-width:768px){.tablet-hide{display:none}}@media screen and (max-width:480px){.mobile-hide{display:none}}.float-left{float:left}.float-right{float:right}.full-width{width:100%}.rst-content table.docutils,.rst-content table.field-list,.wy-table{border-collapse:collapse;border-spacing:0;empty-cells:show;margin-bottom:24px}.rst-content table.docutils caption,.rst-content table.field-list caption,.wy-table caption{color:#000;font:italic 85%/1 arial,sans-serif;padding:1em 0;text-align:center}.rst-content table.docutils td,.rst-content table.docutils th,.rst-content table.field-list td,.rst-content table.field-list th,.wy-table td,.wy-table th{font-size:90%;margin:0;overflow:visible;padding:8px 16px}.rst-content table.docutils td:first-child,.rst-content table.docutils th:first-child,.rst-content table.field-list td:first-child,.rst-content table.field-list th:first-child,.wy-table td:first-child,.wy-table th:first-child{border-left-width:0}.rst-content table.docutils thead,.rst-content table.field-list thead,.wy-table thead{color:#000;text-align:left;vertical-align:bottom;white-space:nowrap}.rst-content table.docutils thead th,.rst-content table.field-list thead th,.wy-table thead th{font-weight:700;border-bottom:2px solid #e1e4e5}.rst-content table.docutils td,.rst-content table.field-list td,.wy-table td{background-color:transparent;vertical-align:middle}.rst-content table.docutils td p,.rst-content table.field-list td p,.wy-table td p{line-height:18px}.rst-content table.docutils td p:last-child,.rst-content table.field-list td p:last-child,.wy-table td p:last-child{margin-bottom:0}.rst-content table.docutils .wy-table-cell-min,.rst-content table.field-list .wy-table-cell-min,.wy-table .wy-table-cell-min{width:1%;padding-right:0}.rst-content table.docutils .wy-table-cell-min input[type=checkbox],.rst-content table.field-list .wy-table-cell-min input[type=checkbox],.wy-table .wy-table-cell-min input[type=checkbox]{margin:0}.wy-table-secondary{color:grey;font-size:90%}.wy-table-tertiary{color:grey;font-size:80%}.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td,.wy-table-backed,.wy-table-odd td,.wy-table-striped tr:nth-child(2n-1) td{background-color:#f3f6f6}.rst-content table.docutils,.wy-table-bordered-all{border:1px solid #e1e4e5}.rst-content table.docutils td,.wy-table-bordered-all td{border-bottom:1px solid #e1e4e5;border-left:1px solid #e1e4e5}.rst-content table.docutils tbody>tr:last-child td,.wy-table-bordered-all tbody>tr:last-child td{border-bottom-width:0}.wy-table-bordered{border:1px solid #e1e4e5}.wy-table-bordered-rows td{border-bottom:1px solid #e1e4e5}.wy-table-bordered-rows tbody>tr:last-child td{border-bottom-width:0}.wy-table-horizontal td,.wy-table-horizontal th{border-width:0 0 1px;border-bottom:1px solid #e1e4e5}.wy-table-horizontal tbody>tr:last-child td{border-bottom-width:0}.wy-table-responsive{margin-bottom:24px;max-width:100%;overflow:auto}.wy-table-responsive table{margin-bottom:0!important}.wy-table-responsive table td,.wy-table-responsive table th{white-space:nowrap}a{color:#2980b9;text-decoration:none;cursor:pointer}a:hover{color:#3091d1}a:visited{color:#9b59b6}html{height:100%}body,html{overflow-x:hidden}body{font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;font-weight:400;color:#404040;min-height:100%;background:#edf0f2}.wy-text-left{text-align:left}.wy-text-center{text-align:center}.wy-text-right{text-align:right}.wy-text-large{font-size:120%}.wy-text-normal{font-size:100%}.wy-text-small,small{font-size:80%}.wy-text-strike{text-decoration:line-through}.wy-text-warning{color:#e67e22!important}a.wy-text-warning:hover{color:#eb9950!important}.wy-text-info{color:#2980b9!important}a.wy-text-info:hover{color:#409ad5!important}.wy-text-success{color:#27ae60!important}a.wy-text-success:hover{color:#36d278!important}.wy-text-danger{color:#e74c3c!important}a.wy-text-danger:hover{color:#ed7669!important}.wy-text-neutral{color:#404040!important}a.wy-text-neutral:hover{color:#595959!important}.rst-content .toctree-wrapper>p.caption,h1,h2,h3,h4,h5,h6,legend{margin-top:0;font-weight:700;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif}p{line-height:24px;font-size:16px;margin:0 0 24px}h1{font-size:175%}.rst-content .toctree-wrapper>p.caption,h2{font-size:150%}h3{font-size:125%}h4{font-size:115%}h5{font-size:110%}h6{font-size:100%}hr{display:block;height:1px;border:0;border-top:1px solid #e1e4e5;margin:24px 0;padding:0}.rst-content code,.rst-content tt,code{white-space:nowrap;max-width:100%;background:#fff;border:1px solid #e1e4e5;font-size:75%;padding:0 5px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#e74c3c;overflow-x:auto}.rst-content tt.code-large,code.code-large{font-size:90%}.rst-content .section ul,.rst-content .toctree-wrapper ul,.rst-content section ul,.wy-plain-list-disc,article ul{list-style:disc;line-height:24px;margin-bottom:24px}.rst-content .section ul li,.rst-content .toctree-wrapper ul li,.rst-content section ul li,.wy-plain-list-disc li,article ul li{list-style:disc;margin-left:24px}.rst-content .section ul li p:last-child,.rst-content .section ul li ul,.rst-content .toctree-wrapper ul li p:last-child,.rst-content .toctree-wrapper ul li ul,.rst-content section ul li p:last-child,.rst-content section ul li ul,.wy-plain-list-disc li p:last-child,.wy-plain-list-disc li ul,article ul li p:last-child,article ul li ul{margin-bottom:0}.rst-content .section ul li li,.rst-content .toctree-wrapper ul li li,.rst-content section ul li li,.wy-plain-list-disc li li,article ul li li{list-style:circle}.rst-content .section ul li li li,.rst-content .toctree-wrapper ul li li li,.rst-content section ul li li li,.wy-plain-list-disc li li li,article ul li li li{list-style:square}.rst-content .section ul li ol li,.rst-content .toctree-wrapper ul li ol li,.rst-content section ul li ol li,.wy-plain-list-disc li ol li,article ul li ol li{list-style:decimal}.rst-content .section ol,.rst-content .section ol.arabic,.rst-content .toctree-wrapper ol,.rst-content .toctree-wrapper ol.arabic,.rst-content section ol,.rst-content section ol.arabic,.wy-plain-list-decimal,article ol{list-style:decimal;line-height:24px;margin-bottom:24px}.rst-content .section ol.arabic li,.rst-content .section ol li,.rst-content .toctree-wrapper ol.arabic li,.rst-content .toctree-wrapper ol li,.rst-content section ol.arabic li,.rst-content section ol li,.wy-plain-list-decimal li,article ol li{list-style:decimal;margin-left:24px}.rst-content .section ol.arabic li ul,.rst-content .section ol li p:last-child,.rst-content .section ol li ul,.rst-content .toctree-wrapper ol.arabic li ul,.rst-content .toctree-wrapper ol li p:last-child,.rst-content .toctree-wrapper ol li ul,.rst-content section ol.arabic li ul,.rst-content section ol li p:last-child,.rst-content section ol li ul,.wy-plain-list-decimal li p:last-child,.wy-plain-list-decimal li ul,article ol li p:last-child,article ol li ul{margin-bottom:0}.rst-content .section ol.arabic li ul li,.rst-content .section ol li ul li,.rst-content .toctree-wrapper ol.arabic li ul li,.rst-content .toctree-wrapper ol li ul li,.rst-content section ol.arabic li ul li,.rst-content section ol li ul li,.wy-plain-list-decimal li ul li,article ol li ul li{list-style:disc}.wy-breadcrumbs{*zoom:1}.wy-breadcrumbs:after,.wy-breadcrumbs:before{display:table;content:""}.wy-breadcrumbs:after{clear:both}.wy-breadcrumbs>li{display:inline-block;padding-top:5px}.wy-breadcrumbs>li.wy-breadcrumbs-aside{float:right}.rst-content .wy-breadcrumbs>li code,.rst-content .wy-breadcrumbs>li tt,.wy-breadcrumbs>li .rst-content tt,.wy-breadcrumbs>li code{all:inherit;color:inherit}.breadcrumb-item:before{content:"/";color:#bbb;font-size:13px;padding:0 6px 0 3px}.wy-breadcrumbs-extra{margin-bottom:0;color:#b3b3b3;font-size:80%;display:inline-block}@media screen and (max-width:480px){.wy-breadcrumbs-extra,.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}@media print{.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}html{font-size:16px}.wy-affix{position:fixed;top:1.618em}.wy-menu a:hover{text-decoration:none}.wy-menu-horiz{*zoom:1}.wy-menu-horiz:after,.wy-menu-horiz:before{display:table;content:""}.wy-menu-horiz:after{clear:both}.wy-menu-horiz li,.wy-menu-horiz ul{display:inline-block}.wy-menu-horiz li:hover{background:hsla(0,0%,100%,.1)}.wy-menu-horiz li.divide-left{border-left:1px solid #404040}.wy-menu-horiz li.divide-right{border-right:1px solid #404040}.wy-menu-horiz a{height:32px;display:inline-block;line-height:32px;padding:0 16px}.wy-menu-vertical{width:300px}.wy-menu-vertical header,.wy-menu-vertical p.caption{color:#55a5d9;height:32px;line-height:32px;padding:0 1.618em;margin:12px 0 0;display:block;font-weight:700;text-transform:uppercase;font-size:85%;white-space:nowrap}.wy-menu-vertical ul{margin-bottom:0}.wy-menu-vertical li.divide-top{border-top:1px solid #404040}.wy-menu-vertical li.divide-bottom{border-bottom:1px solid #404040}.wy-menu-vertical li.current{background:#e3e3e3}.wy-menu-vertical li.current a{color:grey;border-right:1px solid #c9c9c9;padding:.4045em 2.427em}.wy-menu-vertical li.current a:hover{background:#d6d6d6}.rst-content .wy-menu-vertical li tt,.wy-menu-vertical li .rst-content tt,.wy-menu-vertical li code{border:none;background:inherit;color:inherit;padding-left:0;padding-right:0}.wy-menu-vertical li button.toctree-expand{display:block;float:left;margin-left:-1.2em;line-height:18px;color:#4d4d4d;border:none;background:none;padding:0}.wy-menu-vertical li.current>a,.wy-menu-vertical li.on a{color:#404040;font-weight:700;position:relative;background:#fcfcfc;border:none;padding:.4045em 1.618em}.wy-menu-vertical li.current>a:hover,.wy-menu-vertical li.on a:hover{background:#fcfcfc}.wy-menu-vertical li.current>a:hover button.toctree-expand,.wy-menu-vertical li.on a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand{display:block;line-height:18px;color:#333}.wy-menu-vertical li.toctree-l1.current>a{border-bottom:1px solid #c9c9c9;border-top:1px solid #c9c9c9}.wy-menu-vertical .toctree-l1.current .toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .toctree-l11>ul{display:none}.wy-menu-vertical .toctree-l1.current .current.toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .current.toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .current.toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .current.toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .current.toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .current.toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .current.toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .current.toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .current.toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .current.toctree-l11>ul{display:block}.wy-menu-vertical li.toctree-l3,.wy-menu-vertical li.toctree-l4{font-size:.9em}.wy-menu-vertical li.toctree-l2 a,.wy-menu-vertical li.toctree-l3 a,.wy-menu-vertical li.toctree-l4 a,.wy-menu-vertical li.toctree-l5 a,.wy-menu-vertical li.toctree-l6 a,.wy-menu-vertical li.toctree-l7 a,.wy-menu-vertical li.toctree-l8 a,.wy-menu-vertical li.toctree-l9 a,.wy-menu-vertical li.toctree-l10 a{color:#404040}.wy-menu-vertical li.toctree-l2 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l3 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l4 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l5 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l6 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l7 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l8 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l9 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l10 a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a,.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a,.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a,.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a,.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a,.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a,.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a,.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{display:block}.wy-menu-vertical li.toctree-l2.current>a{padding:.4045em 2.427em}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{padding:.4045em 1.618em .4045em 4.045em}.wy-menu-vertical li.toctree-l3.current>a{padding:.4045em 4.045em}.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{padding:.4045em 1.618em .4045em 5.663em}.wy-menu-vertical li.toctree-l4.current>a{padding:.4045em 5.663em}.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a{padding:.4045em 1.618em .4045em 7.281em}.wy-menu-vertical li.toctree-l5.current>a{padding:.4045em 7.281em}.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a{padding:.4045em 1.618em .4045em 8.899em}.wy-menu-vertical li.toctree-l6.current>a{padding:.4045em 8.899em}.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a{padding:.4045em 1.618em .4045em 10.517em}.wy-menu-vertical li.toctree-l7.current>a{padding:.4045em 10.517em}.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a{padding:.4045em 1.618em .4045em 12.135em}.wy-menu-vertical li.toctree-l8.current>a{padding:.4045em 12.135em}.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a{padding:.4045em 1.618em .4045em 13.753em}.wy-menu-vertical li.toctree-l9.current>a{padding:.4045em 13.753em}.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a{padding:.4045em 1.618em .4045em 15.371em}.wy-menu-vertical li.toctree-l10.current>a{padding:.4045em 15.371em}.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{padding:.4045em 1.618em .4045em 16.989em}.wy-menu-vertical li.toctree-l2.current>a,.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{background:#c9c9c9}.wy-menu-vertical li.toctree-l2 button.toctree-expand{color:#a3a3a3}.wy-menu-vertical li.toctree-l3.current>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{background:#bdbdbd}.wy-menu-vertical li.toctree-l3 button.toctree-expand{color:#969696}.wy-menu-vertical li.current ul{display:block}.wy-menu-vertical li ul{margin-bottom:0;display:none}.wy-menu-vertical li ul li a{margin-bottom:0;color:#d9d9d9;font-weight:400}.wy-menu-vertical a{line-height:18px;padding:.4045em 1.618em;display:block;position:relative;font-size:90%;color:#d9d9d9}.wy-menu-vertical a:hover{background-color:#4e4a4a;cursor:pointer}.wy-menu-vertical a:hover button.toctree-expand{color:#d9d9d9}.wy-menu-vertical a:active{background-color:#2980b9;cursor:pointer;color:#fff}.wy-menu-vertical a:active button.toctree-expand{color:#fff}.wy-side-nav-search{display:block;width:300px;padding:.809em;margin-bottom:.809em;z-index:200;background-color:#2980b9;text-align:center;color:#fcfcfc}.wy-side-nav-search input[type=text]{width:100%;border-radius:50px;padding:6px 12px;border-color:#2472a4}.wy-side-nav-search img{display:block;margin:auto auto .809em;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-side-nav-search .wy-dropdown>a,.wy-side-nav-search>a{color:#fcfcfc;font-size:100%;font-weight:700;display:inline-block;padding:4px 6px;margin-bottom:.809em;max-width:100%}.wy-side-nav-search .wy-dropdown>a:hover,.wy-side-nav-search>a:hover{background:hsla(0,0%,100%,.1)}.wy-side-nav-search .wy-dropdown>a img.logo,.wy-side-nav-search>a img.logo{display:block;margin:0 auto;height:auto;width:auto;border-radius:0;max-width:100%;background:transparent}.wy-side-nav-search .wy-dropdown>a.icon img.logo,.wy-side-nav-search>a.icon img.logo{margin-top:.85em}.wy-side-nav-search>div.version{margin-top:-.4045em;margin-bottom:.809em;font-weight:400;color:hsla(0,0%,100%,.3)}.wy-nav .wy-menu-vertical header{color:#2980b9}.wy-nav .wy-menu-vertical a{color:#b3b3b3}.wy-nav .wy-menu-vertical a:hover{background-color:#2980b9;color:#fff}[data-menu-wrap]{-webkit-transition:all .2s ease-in;-moz-transition:all .2s ease-in;transition:all .2s ease-in;position:absolute;opacity:1;width:100%;opacity:0}[data-menu-wrap].move-center{left:0;right:auto;opacity:1}[data-menu-wrap].move-left{right:auto;left:-100%;opacity:0}[data-menu-wrap].move-right{right:-100%;left:auto;opacity:0}.wy-body-for-nav{background:#fcfcfc}.wy-grid-for-nav{position:absolute;width:100%;height:100%}.wy-nav-side{position:fixed;top:0;bottom:0;left:0;padding-bottom:2em;width:300px;overflow-x:hidden;overflow-y:hidden;min-height:100%;color:#9b9b9b;background:#343131;z-index:200}.wy-side-scroll{width:320px;position:relative;overflow-x:hidden;overflow-y:scroll;height:100%}.wy-nav-top{display:none;background:#2980b9;color:#fff;padding:.4045em .809em;position:relative;line-height:50px;text-align:center;font-size:100%;*zoom:1}.wy-nav-top:after,.wy-nav-top:before{display:table;content:""}.wy-nav-top:after{clear:both}.wy-nav-top a{color:#fff;font-weight:700}.wy-nav-top img{margin-right:12px;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-nav-top i{font-size:30px;float:left;cursor:pointer;padding-top:inherit}.wy-nav-content-wrap{margin-left:300px;background:#fcfcfc;min-height:100%}.wy-nav-content{padding:1.618em 3.236em;height:100%;max-width:800px;margin:auto}.wy-body-mask{position:fixed;width:100%;height:100%;background:rgba(0,0,0,.2);display:none;z-index:499}.wy-body-mask.on{display:block}footer{color:grey}footer p{margin-bottom:12px}.rst-content footer span.commit tt,footer span.commit .rst-content tt,footer span.commit code{padding:0;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:1em;background:none;border:none;color:grey}.rst-footer-buttons{*zoom:1}.rst-footer-buttons:after,.rst-footer-buttons:before{width:100%;display:table;content:""}.rst-footer-buttons:after{clear:both}.rst-breadcrumbs-buttons{margin-top:12px;*zoom:1}.rst-breadcrumbs-buttons:after,.rst-breadcrumbs-buttons:before{display:table;content:""}.rst-breadcrumbs-buttons:after{clear:both}#search-results .search li{margin-bottom:24px;border-bottom:1px solid #e1e4e5;padding-bottom:24px}#search-results .search li:first-child{border-top:1px solid #e1e4e5;padding-top:24px}#search-results .search li a{font-size:120%;margin-bottom:12px;display:inline-block}#search-results .context{color:grey;font-size:90%}.genindextable li>ul{margin-left:24px}@media screen and (max-width:768px){.wy-body-for-nav{background:#fcfcfc}.wy-nav-top{display:block}.wy-nav-side{left:-300px}.wy-nav-side.shift{width:85%;left:0}.wy-menu.wy-menu-vertical,.wy-side-nav-search,.wy-side-scroll{width:auto}.wy-nav-content-wrap{margin-left:0}.wy-nav-content-wrap .wy-nav-content{padding:1.618em}.wy-nav-content-wrap.shift{position:fixed;min-width:100%;left:85%;top:0;height:100%;overflow:hidden}}@media screen and (min-width:1100px){.wy-nav-content-wrap{background:rgba(0,0,0,.05)}.wy-nav-content{margin:0;background:#fcfcfc}}@media print{.rst-versions,.wy-nav-side,footer{display:none}.wy-nav-content-wrap{margin-left:0}}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60;*zoom:1}.rst-versions .rst-current-version:after,.rst-versions .rst-current-version:before{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-content .code-block-caption .rst-versions .rst-current-version .headerlink,.rst-content .eqno .rst-versions .rst-current-version .headerlink,.rst-content .rst-versions .rst-current-version .admonition-title,.rst-content code.download .rst-versions .rst-current-version span:first-child,.rst-content dl dt .rst-versions .rst-current-version .headerlink,.rst-content h1 .rst-versions .rst-current-version .headerlink,.rst-content h2 .rst-versions .rst-current-version .headerlink,.rst-content h3 .rst-versions .rst-current-version .headerlink,.rst-content h4 .rst-versions .rst-current-version .headerlink,.rst-content h5 .rst-versions .rst-current-version .headerlink,.rst-content h6 .rst-versions .rst-current-version .headerlink,.rst-content p .rst-versions .rst-current-version .headerlink,.rst-content table>caption .rst-versions .rst-current-version .headerlink,.rst-content tt.download .rst-versions .rst-current-version span:first-child,.rst-versions .rst-current-version .fa,.rst-versions .rst-current-version .icon,.rst-versions .rst-current-version .rst-content .admonition-title,.rst-versions .rst-current-version .rst-content .code-block-caption .headerlink,.rst-versions .rst-current-version .rst-content .eqno .headerlink,.rst-versions .rst-current-version .rst-content code.download span:first-child,.rst-versions .rst-current-version .rst-content dl dt .headerlink,.rst-versions .rst-current-version .rst-content h1 .headerlink,.rst-versions .rst-current-version .rst-content h2 .headerlink,.rst-versions .rst-current-version .rst-content h3 .headerlink,.rst-versions .rst-current-version .rst-content h4 .headerlink,.rst-versions .rst-current-version .rst-content h5 .headerlink,.rst-versions .rst-current-version .rst-content h6 .headerlink,.rst-versions .rst-current-version .rst-content p .headerlink,.rst-versions .rst-current-version .rst-content table>caption .headerlink,.rst-versions .rst-current-version .rst-content tt.download span:first-child,.rst-versions .rst-current-version .wy-menu-vertical li button.toctree-expand,.wy-menu-vertical li .rst-versions .rst-current-version button.toctree-expand{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}.rst-content .toctree-wrapper>p.caption,.rst-content h1,.rst-content h2,.rst-content h3,.rst-content h4,.rst-content h5,.rst-content h6{margin-bottom:24px}.rst-content img{max-width:100%;height:auto}.rst-content div.figure,.rst-content figure{margin-bottom:24px}.rst-content div.figure .caption-text,.rst-content figure .caption-text{font-style:italic}.rst-content div.figure p:last-child.caption,.rst-content figure p:last-child.caption{margin-bottom:0}.rst-content div.figure.align-center,.rst-content figure.align-center{text-align:center}.rst-content .section>a>img,.rst-content .section>img,.rst-content section>a>img,.rst-content section>img{margin-bottom:24px}.rst-content abbr[title]{text-decoration:none}.rst-content.style-external-links a.reference.external:after{font-family:FontAwesome;content:"\f08e";color:#b3b3b3;vertical-align:super;font-size:60%;margin:0 .2em}.rst-content blockquote{margin-left:24px;line-height:24px;margin-bottom:24px}.rst-content pre.literal-block{white-space:pre;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;display:block;overflow:auto}.rst-content div[class^=highlight],.rst-content pre.literal-block{border:1px solid #e1e4e5;overflow-x:auto;margin:1px 0 24px}.rst-content div[class^=highlight] div[class^=highlight],.rst-content pre.literal-block div[class^=highlight]{padding:0;border:none;margin:0}.rst-content div[class^=highlight] td.code{width:100%}.rst-content .linenodiv pre{border-right:1px solid #e6e9ea;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;user-select:none;pointer-events:none}.rst-content div[class^=highlight] pre{white-space:pre;margin:0;padding:12px;display:block;overflow:auto}.rst-content div[class^=highlight] pre .hll{display:block;margin:0 -12px;padding:0 12px}.rst-content .linenodiv pre,.rst-content div[class^=highlight] pre,.rst-content pre.literal-block{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:12px;line-height:1.4}.rst-content div.highlight .gp,.rst-content div.highlight span.linenos{user-select:none;pointer-events:none}.rst-content div.highlight span.linenos{display:inline-block;padding-left:0;padding-right:12px;margin-right:12px;border-right:1px solid #e6e9ea}.rst-content .code-block-caption{font-style:italic;font-size:85%;line-height:1;padding:1em 0;text-align:center}@media print{.rst-content .codeblock,.rst-content div[class^=highlight],.rst-content div[class^=highlight] pre{white-space:pre-wrap}}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning{clear:both}.rst-content .admonition-todo .last,.rst-content .admonition-todo>:last-child,.rst-content .admonition .last,.rst-content .admonition>:last-child,.rst-content .attention .last,.rst-content .attention>:last-child,.rst-content .caution .last,.rst-content .caution>:last-child,.rst-content .danger .last,.rst-content .danger>:last-child,.rst-content .error .last,.rst-content .error>:last-child,.rst-content .hint .last,.rst-content .hint>:last-child,.rst-content .important .last,.rst-content .important>:last-child,.rst-content .note .last,.rst-content .note>:last-child,.rst-content .seealso .last,.rst-content .seealso>:last-child,.rst-content .tip .last,.rst-content .tip>:last-child,.rst-content .warning .last,.rst-content .warning>:last-child{margin-bottom:0}.rst-content .admonition-title:before{margin-right:4px}.rst-content .admonition table{border-color:rgba(0,0,0,.1)}.rst-content .admonition table td,.rst-content .admonition table th{background:transparent!important;border-color:rgba(0,0,0,.1)!important}.rst-content .section ol.loweralpha,.rst-content .section ol.loweralpha>li,.rst-content .toctree-wrapper ol.loweralpha,.rst-content .toctree-wrapper ol.loweralpha>li,.rst-content section ol.loweralpha,.rst-content section ol.loweralpha>li{list-style:lower-alpha}.rst-content .section ol.upperalpha,.rst-content .section ol.upperalpha>li,.rst-content .toctree-wrapper ol.upperalpha,.rst-content .toctree-wrapper ol.upperalpha>li,.rst-content section ol.upperalpha,.rst-content section ol.upperalpha>li{list-style:upper-alpha}.rst-content .section ol li>*,.rst-content .section ul li>*,.rst-content .toctree-wrapper ol li>*,.rst-content .toctree-wrapper ul li>*,.rst-content section ol li>*,.rst-content section ul li>*{margin-top:12px;margin-bottom:12px}.rst-content .section ol li>:first-child,.rst-content .section ul li>:first-child,.rst-content .toctree-wrapper ol li>:first-child,.rst-content .toctree-wrapper ul li>:first-child,.rst-content section ol li>:first-child,.rst-content section ul li>:first-child{margin-top:0}.rst-content .section ol li>p,.rst-content .section ol li>p:last-child,.rst-content .section ul li>p,.rst-content .section ul li>p:last-child,.rst-content .toctree-wrapper ol li>p,.rst-content .toctree-wrapper ol li>p:last-child,.rst-content .toctree-wrapper ul li>p,.rst-content .toctree-wrapper ul li>p:last-child,.rst-content section ol li>p,.rst-content section ol li>p:last-child,.rst-content section ul li>p,.rst-content section ul li>p:last-child{margin-bottom:12px}.rst-content .section ol li>p:only-child,.rst-content .section ol li>p:only-child:last-child,.rst-content .section ul li>p:only-child,.rst-content .section ul li>p:only-child:last-child,.rst-content .toctree-wrapper ol li>p:only-child,.rst-content .toctree-wrapper ol li>p:only-child:last-child,.rst-content .toctree-wrapper ul li>p:only-child,.rst-content .toctree-wrapper ul li>p:only-child:last-child,.rst-content section ol li>p:only-child,.rst-content section ol li>p:only-child:last-child,.rst-content section ul li>p:only-child,.rst-content section ul li>p:only-child:last-child{margin-bottom:0}.rst-content .section ol li>ol,.rst-content .section ol li>ul,.rst-content .section ul li>ol,.rst-content .section ul li>ul,.rst-content .toctree-wrapper ol li>ol,.rst-content .toctree-wrapper ol li>ul,.rst-content .toctree-wrapper ul li>ol,.rst-content .toctree-wrapper ul li>ul,.rst-content section ol li>ol,.rst-content section ol li>ul,.rst-content section ul li>ol,.rst-content section ul li>ul{margin-bottom:12px}.rst-content .section ol.simple li>*,.rst-content .section ol.simple li ol,.rst-content .section ol.simple li ul,.rst-content .section ul.simple li>*,.rst-content .section ul.simple li ol,.rst-content .section ul.simple li ul,.rst-content .toctree-wrapper ol.simple li>*,.rst-content .toctree-wrapper ol.simple li ol,.rst-content .toctree-wrapper ol.simple li ul,.rst-content .toctree-wrapper ul.simple li>*,.rst-content .toctree-wrapper ul.simple li ol,.rst-content .toctree-wrapper ul.simple li ul,.rst-content section ol.simple li>*,.rst-content section ol.simple li ol,.rst-content section ol.simple li ul,.rst-content section ul.simple li>*,.rst-content section ul.simple li ol,.rst-content section ul.simple li ul{margin-top:0;margin-bottom:0}.rst-content .line-block{margin-left:0;margin-bottom:24px;line-height:24px}.rst-content .line-block .line-block{margin-left:24px;margin-bottom:0}.rst-content .topic-title{font-weight:700;margin-bottom:12px}.rst-content .toc-backref{color:#404040}.rst-content .align-right{float:right;margin:0 0 24px 24px}.rst-content .align-left{float:left;margin:0 24px 24px 0}.rst-content .align-center{margin:auto}.rst-content .align-center:not(table){display:block}.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink{opacity:0;font-size:14px;font-family:FontAwesome;margin-left:.5em}.rst-content .code-block-caption .headerlink:focus,.rst-content .code-block-caption:hover .headerlink,.rst-content .eqno .headerlink:focus,.rst-content .eqno:hover .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink:focus,.rst-content .toctree-wrapper>p.caption:hover .headerlink,.rst-content dl dt .headerlink:focus,.rst-content dl dt:hover .headerlink,.rst-content h1 .headerlink:focus,.rst-content h1:hover .headerlink,.rst-content h2 .headerlink:focus,.rst-content h2:hover .headerlink,.rst-content h3 .headerlink:focus,.rst-content h3:hover .headerlink,.rst-content h4 .headerlink:focus,.rst-content h4:hover .headerlink,.rst-content h5 .headerlink:focus,.rst-content h5:hover .headerlink,.rst-content h6 .headerlink:focus,.rst-content h6:hover .headerlink,.rst-content p.caption .headerlink:focus,.rst-content p.caption:hover .headerlink,.rst-content p .headerlink:focus,.rst-content p:hover .headerlink,.rst-content table>caption .headerlink:focus,.rst-content table>caption:hover .headerlink{opacity:1}.rst-content p a{overflow-wrap:anywhere}.rst-content .wy-table td p,.rst-content .wy-table td ul,.rst-content .wy-table th p,.rst-content .wy-table th ul,.rst-content table.docutils td p,.rst-content table.docutils td ul,.rst-content table.docutils th p,.rst-content table.docutils th ul,.rst-content table.field-list td p,.rst-content table.field-list td ul,.rst-content table.field-list th p,.rst-content table.field-list th ul{font-size:inherit}.rst-content .btn:focus{outline:2px solid}.rst-content table>caption .headerlink:after{font-size:12px}.rst-content .centered{text-align:center}.rst-content .sidebar{float:right;width:40%;display:block;margin:0 0 24px 24px;padding:24px;background:#f3f6f6;border:1px solid #e1e4e5}.rst-content .sidebar dl,.rst-content .sidebar p,.rst-content .sidebar ul{font-size:90%}.rst-content .sidebar .last,.rst-content .sidebar>:last-child{margin-bottom:0}.rst-content .sidebar .sidebar-title{display:block;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif;font-weight:700;background:#e1e4e5;padding:6px 12px;margin:-24px -24px 24px;font-size:100%}.rst-content .highlighted{background:#f1c40f;box-shadow:0 0 0 2px #f1c40f;display:inline;font-weight:700}.rst-content .citation-reference,.rst-content .footnote-reference{vertical-align:baseline;position:relative;top:-.4em;line-height:0;font-size:90%}.rst-content .citation-reference>span.fn-bracket,.rst-content .footnote-reference>span.fn-bracket{display:none}.rst-content .hlist{width:100%}.rst-content dl dt span.classifier:before{content:" : "}.rst-content dl dt span.classifier-delimiter{display:none!important}html.writer-html4 .rst-content table.docutils.citation,html.writer-html4 .rst-content table.docutils.footnote{background:none;border:none}html.writer-html4 .rst-content table.docutils.citation td,html.writer-html4 .rst-content table.docutils.citation tr,html.writer-html4 .rst-content table.docutils.footnote td,html.writer-html4 .rst-content table.docutils.footnote tr{border:none;background-color:transparent!important;white-space:normal}html.writer-html4 .rst-content table.docutils.citation td.label,html.writer-html4 .rst-content table.docutils.footnote td.label{padding-left:0;padding-right:0;vertical-align:top}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{display:grid;grid-template-columns:auto minmax(80%,95%)}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{display:inline-grid;grid-template-columns:max-content auto}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{display:grid;grid-template-columns:auto auto minmax(.65rem,auto) minmax(40%,95%)}html.writer-html5 .rst-content aside.citation>span.label,html.writer-html5 .rst-content aside.footnote>span.label,html.writer-html5 .rst-content div.citation>span.label{grid-column-start:1;grid-column-end:2}html.writer-html5 .rst-content aside.citation>span.backrefs,html.writer-html5 .rst-content aside.footnote>span.backrefs,html.writer-html5 .rst-content div.citation>span.backrefs{grid-column-start:2;grid-column-end:3;grid-row-start:1;grid-row-end:3}html.writer-html5 .rst-content aside.citation>p,html.writer-html5 .rst-content aside.footnote>p,html.writer-html5 .rst-content div.citation>p{grid-column-start:4;grid-column-end:5}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{margin-bottom:24px}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{padding-left:1rem}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dd,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dd,html.writer-html5 .rst-content dl.footnote>dt{margin-bottom:0}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{font-size:.9rem}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.footnote>dt{margin:0 .5rem .5rem 0;line-height:1.2rem;word-break:break-all;font-weight:400}html.writer-html5 .rst-content dl.citation>dt>span.brackets:before,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:before{content:"["}html.writer-html5 .rst-content dl.citation>dt>span.brackets:after,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:after{content:"]"}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a{word-break:keep-all}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a:not(:first-child):before,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.footnote>dd{margin:0 0 .5rem;line-height:1.2rem}html.writer-html5 .rst-content dl.citation>dd p,html.writer-html5 .rst-content dl.footnote>dd p{font-size:.9rem}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{padding-left:1rem;padding-right:1rem;font-size:.9rem;line-height:1.2rem}html.writer-html5 .rst-content aside.citation p,html.writer-html5 .rst-content aside.footnote p,html.writer-html5 .rst-content div.citation p{font-size:.9rem;line-height:1.2rem;margin-bottom:12px}html.writer-html5 .rst-content aside.citation span.backrefs,html.writer-html5 .rst-content aside.footnote span.backrefs,html.writer-html5 .rst-content div.citation span.backrefs{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content aside.citation span.backrefs>a,html.writer-html5 .rst-content aside.footnote span.backrefs>a,html.writer-html5 .rst-content div.citation span.backrefs>a{word-break:keep-all}html.writer-html5 .rst-content aside.citation span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content aside.footnote span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content div.citation span.backrefs>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content aside.citation span.label,html.writer-html5 .rst-content aside.footnote span.label,html.writer-html5 .rst-content div.citation span.label{line-height:1.2rem}html.writer-html5 .rst-content aside.citation-list,html.writer-html5 .rst-content aside.footnote-list,html.writer-html5 .rst-content div.citation-list{margin-bottom:24px}html.writer-html5 .rst-content dl.option-list kbd{font-size:.9rem}.rst-content table.docutils.footnote,html.writer-html4 .rst-content table.docutils.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content aside.footnote-list aside.footnote,html.writer-html5 .rst-content div.citation-list>div.citation,html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{color:grey}.rst-content table.docutils.footnote code,.rst-content table.docutils.footnote tt,html.writer-html4 .rst-content table.docutils.citation code,html.writer-html4 .rst-content table.docutils.citation tt,html.writer-html5 .rst-content aside.footnote-list aside.footnote code,html.writer-html5 .rst-content aside.footnote-list aside.footnote tt,html.writer-html5 .rst-content aside.footnote code,html.writer-html5 .rst-content aside.footnote tt,html.writer-html5 .rst-content div.citation-list>div.citation code,html.writer-html5 .rst-content div.citation-list>div.citation tt,html.writer-html5 .rst-content dl.citation code,html.writer-html5 .rst-content dl.citation tt,html.writer-html5 .rst-content dl.footnote code,html.writer-html5 .rst-content dl.footnote tt{color:#555}.rst-content .wy-table-responsive.citation,.rst-content .wy-table-responsive.footnote{margin-bottom:0}.rst-content .wy-table-responsive.citation+:not(.citation),.rst-content .wy-table-responsive.footnote+:not(.footnote){margin-top:24px}.rst-content .wy-table-responsive.citation:last-child,.rst-content .wy-table-responsive.footnote:last-child{margin-bottom:24px}.rst-content table.docutils th{border-color:#e1e4e5}html.writer-html5 .rst-content table.docutils th{border:1px solid #e1e4e5}html.writer-html5 .rst-content table.docutils td>p,html.writer-html5 .rst-content table.docutils th>p{line-height:1rem;margin-bottom:0;font-size:.9rem}.rst-content table.docutils td .last,.rst-content table.docutils td .last>:last-child{margin-bottom:0}.rst-content table.field-list,.rst-content table.field-list td{border:none}.rst-content table.field-list td p{line-height:inherit}.rst-content table.field-list td>strong{display:inline-block}.rst-content table.field-list .field-name{padding-right:10px;text-align:left;white-space:nowrap}.rst-content table.field-list .field-body{text-align:left}.rst-content code,.rst-content tt{color:#000;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;padding:2px 5px}.rst-content code big,.rst-content code em,.rst-content tt big,.rst-content tt em{font-size:100%!important;line-height:normal}.rst-content code.literal,.rst-content tt.literal{color:#e74c3c;white-space:normal}.rst-content code.xref,.rst-content tt.xref,a .rst-content code,a .rst-content tt{font-weight:700;color:#404040;overflow-wrap:normal}.rst-content kbd,.rst-content pre,.rst-content samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace}.rst-content a code,.rst-content a tt{color:#2980b9}.rst-content dl{margin-bottom:24px}.rst-content dl dt{font-weight:700;margin-bottom:12px}.rst-content dl ol,.rst-content dl p,.rst-content dl table,.rst-content dl ul{margin-bottom:12px}.rst-content dl dd{margin:0 0 12px 24px;line-height:24px}.rst-content dl dd>ol:last-child,.rst-content dl dd>p:last-child,.rst-content dl dd>table:last-child,.rst-content dl dd>ul:last-child{margin-bottom:0}html.writer-html4 .rst-content dl:not(.docutils),html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple){margin-bottom:24px}html.writer-html4 .rst-content dl:not(.docutils)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{display:table;margin:6px 0;font-size:90%;line-height:normal;background:#e7f2fa;color:#2980b9;border-top:3px solid #6ab0de;padding:6px;position:relative}html.writer-html4 .rst-content dl:not(.docutils)>dt:before,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:before{color:#6ab0de}html.writer-html4 .rst-content dl:not(.docutils)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{margin-bottom:6px;border:none;border-left:3px solid #ccc;background:#f0f0f0;color:#555}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils)>dt:first-child,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:first-child{margin-top:0}html.writer-html4 .rst-content dl:not(.docutils) code.descclassname,html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descclassname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{background-color:transparent;border:none;padding:0;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .optional,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .optional{display:inline-block;padding:0 4px;color:#000;font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .property,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .property{display:inline-block;padding-right:8px;max-width:100%}html.writer-html4 .rst-content dl:not(.docutils) .k,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .k{font-style:italic}html.writer-html4 .rst-content dl:not(.docutils) .descclassname,html.writer-html4 .rst-content dl:not(.docutils) .descname,html.writer-html4 .rst-content dl:not(.docutils) .sig-name,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .sig-name{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#000}.rst-content .viewcode-back,.rst-content .viewcode-link{display:inline-block;color:#27ae60;font-size:80%;padding-left:24px}.rst-content .viewcode-back{display:block;float:right}.rst-content p.rubric{margin-bottom:12px;font-weight:700}.rst-content code.download,.rst-content tt.download{background:inherit;padding:inherit;font-weight:400;font-family:inherit;font-size:inherit;color:inherit;border:inherit;white-space:inherit}.rst-content code.download span:first-child,.rst-content tt.download span:first-child{-webkit-font-smoothing:subpixel-antialiased}.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{margin-right:4px}.rst-content .guilabel{border:1px solid #7fbbe3;background:#e7f2fa;font-size:80%;font-weight:700;border-radius:4px;padding:2.4px 6px;margin:auto 2px}.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>.kbd,.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>kbd{color:inherit;font-size:80%;background-color:#fff;border:1px solid #a6a6a6;border-radius:4px;box-shadow:0 2px grey;padding:2.4px 6px;margin:auto 0}.rst-content .versionmodified{font-style:italic}@media screen and (max-width:480px){.rst-content .sidebar{width:100%}}span[id*=MathJax-Span]{color:#404040}.math{text-align:center}@font-face{font-family:Lato;src:url(fonts/lato-normal.woff2?bd03a2cc277bbbc338d464e679fe9942) format("woff2"),url(fonts/lato-normal.woff?27bd77b9162d388cb8d4c4217c7c5e2a) format("woff");font-weight:400;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold.woff2?cccb897485813c7c256901dbca54ecf2) format("woff2"),url(fonts/lato-bold.woff?d878b6c29b10beca227e9eef4246111b) format("woff");font-weight:700;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold-italic.woff2?0b6bb6725576b072c5d0b02ecdd1900d) format("woff2"),url(fonts/lato-bold-italic.woff?9c7e4e9eb485b4a121c760e61bc3707c) format("woff");font-weight:700;font-style:italic;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-normal-italic.woff2?4eb103b4d12be57cb1d040ed5e162e9d) format("woff2"),url(fonts/lato-normal-italic.woff?f28f2d6482446544ef1ea1ccc6dd5892) format("woff");font-weight:400;font-style:italic;font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:400;src:url(fonts/Roboto-Slab-Regular.woff2?7abf5b8d04d26a2cafea937019bca958) format("woff2"),url(fonts/Roboto-Slab-Regular.woff?c1be9284088d487c5e3ff0a10a92e58c) format("woff");font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:700;src:url(fonts/Roboto-Slab-Bold.woff2?9984f4a9bda09be08e83f2506954adbe) format("woff2"),url(fonts/Roboto-Slab-Bold.woff?bed5564a116b05148e3b3bea6fb1162a) format("woff");font-display:block} \ No newline at end of file + */@font-face{font-family:FontAwesome;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713);src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix&v=4.7.0) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#fontawesomeregular) format("svg");font-weight:400;font-style:normal}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14286em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14286em;width:2.14286em;top:.14286em;text-align:center}.fa-li.fa-lg{left:-1.85714em}.fa-border{padding:.2em .25em .15em;border:.08em solid #eee;border-radius:.1em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa-pull-left.icon,.fa.fa-pull-left,.rst-content .code-block-caption .fa-pull-left.headerlink,.rst-content .eqno .fa-pull-left.headerlink,.rst-content .fa-pull-left.admonition-title,.rst-content code.download span.fa-pull-left:first-child,.rst-content dl dt .fa-pull-left.headerlink,.rst-content h1 .fa-pull-left.headerlink,.rst-content h2 .fa-pull-left.headerlink,.rst-content h3 .fa-pull-left.headerlink,.rst-content h4 .fa-pull-left.headerlink,.rst-content h5 .fa-pull-left.headerlink,.rst-content h6 .fa-pull-left.headerlink,.rst-content p .fa-pull-left.headerlink,.rst-content table>caption .fa-pull-left.headerlink,.rst-content tt.download span.fa-pull-left:first-child,.wy-menu-vertical li.current>a button.fa-pull-left.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-left.toctree-expand,.wy-menu-vertical li button.fa-pull-left.toctree-expand{margin-right:.3em}.fa-pull-right.icon,.fa.fa-pull-right,.rst-content .code-block-caption .fa-pull-right.headerlink,.rst-content .eqno .fa-pull-right.headerlink,.rst-content .fa-pull-right.admonition-title,.rst-content code.download span.fa-pull-right:first-child,.rst-content dl dt .fa-pull-right.headerlink,.rst-content h1 .fa-pull-right.headerlink,.rst-content h2 .fa-pull-right.headerlink,.rst-content h3 .fa-pull-right.headerlink,.rst-content h4 .fa-pull-right.headerlink,.rst-content h5 .fa-pull-right.headerlink,.rst-content h6 .fa-pull-right.headerlink,.rst-content p .fa-pull-right.headerlink,.rst-content table>caption .fa-pull-right.headerlink,.rst-content tt.download span.fa-pull-right:first-child,.wy-menu-vertical li.current>a button.fa-pull-right.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-right.toctree-expand,.wy-menu-vertical li button.fa-pull-right.toctree-expand{margin-left:.3em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left,.pull-left.icon,.rst-content .code-block-caption .pull-left.headerlink,.rst-content .eqno .pull-left.headerlink,.rst-content .pull-left.admonition-title,.rst-content code.download span.pull-left:first-child,.rst-content dl dt .pull-left.headerlink,.rst-content h1 .pull-left.headerlink,.rst-content h2 .pull-left.headerlink,.rst-content h3 .pull-left.headerlink,.rst-content h4 .pull-left.headerlink,.rst-content h5 .pull-left.headerlink,.rst-content h6 .pull-left.headerlink,.rst-content p .pull-left.headerlink,.rst-content table>caption .pull-left.headerlink,.rst-content tt.download span.pull-left:first-child,.wy-menu-vertical li.current>a button.pull-left.toctree-expand,.wy-menu-vertical li.on a button.pull-left.toctree-expand,.wy-menu-vertical li button.pull-left.toctree-expand{margin-right:.3em}.fa.pull-right,.pull-right.icon,.rst-content .code-block-caption .pull-right.headerlink,.rst-content .eqno .pull-right.headerlink,.rst-content .pull-right.admonition-title,.rst-content code.download span.pull-right:first-child,.rst-content dl dt .pull-right.headerlink,.rst-content h1 .pull-right.headerlink,.rst-content h2 .pull-right.headerlink,.rst-content h3 .pull-right.headerlink,.rst-content h4 .pull-right.headerlink,.rst-content h5 .pull-right.headerlink,.rst-content h6 .pull-right.headerlink,.rst-content p .pull-right.headerlink,.rst-content table>caption .pull-right.headerlink,.rst-content tt.download span.pull-right:first-child,.wy-menu-vertical li.current>a button.pull-right.toctree-expand,.wy-menu-vertical li.on a button.pull-right.toctree-expand,.wy-menu-vertical li button.pull-right.toctree-expand{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);-ms-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);-ms-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";-webkit-transform:scaleY(-1);-ms-transform:scaleY(-1);transform:scaleY(-1)}:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{filter:none}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:""}.fa-music:before{content:""}.fa-search:before,.icon-search:before{content:""}.fa-envelope-o:before{content:""}.fa-heart:before{content:""}.fa-star:before{content:""}.fa-star-o:before{content:""}.fa-user:before{content:""}.fa-film:before{content:""}.fa-th-large:before{content:""}.fa-th:before{content:""}.fa-th-list:before{content:""}.fa-check:before{content:""}.fa-close:before,.fa-remove:before,.fa-times:before{content:""}.fa-search-plus:before{content:""}.fa-search-minus:before{content:""}.fa-power-off:before{content:""}.fa-signal:before{content:""}.fa-cog:before,.fa-gear:before{content:""}.fa-trash-o:before{content:""}.fa-home:before,.icon-home:before{content:""}.fa-file-o:before{content:""}.fa-clock-o:before{content:""}.fa-road:before{content:""}.fa-download:before,.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{content:""}.fa-arrow-circle-o-down:before{content:""}.fa-arrow-circle-o-up:before{content:""}.fa-inbox:before{content:""}.fa-play-circle-o:before{content:""}.fa-repeat:before,.fa-rotate-right:before{content:""}.fa-refresh:before{content:""}.fa-list-alt:before{content:""}.fa-lock:before{content:""}.fa-flag:before{content:""}.fa-headphones:before{content:""}.fa-volume-off:before{content:""}.fa-volume-down:before{content:""}.fa-volume-up:before{content:""}.fa-qrcode:before{content:""}.fa-barcode:before{content:""}.fa-tag:before{content:""}.fa-tags:before{content:""}.fa-book:before,.icon-book:before{content:""}.fa-bookmark:before{content:""}.fa-print:before{content:""}.fa-camera:before{content:""}.fa-font:before{content:""}.fa-bold:before{content:""}.fa-italic:before{content:""}.fa-text-height:before{content:""}.fa-text-width:before{content:""}.fa-align-left:before{content:""}.fa-align-center:before{content:""}.fa-align-right:before{content:""}.fa-align-justify:before{content:""}.fa-list:before{content:""}.fa-dedent:before,.fa-outdent:before{content:""}.fa-indent:before{content:""}.fa-video-camera:before{content:""}.fa-image:before,.fa-photo:before,.fa-picture-o:before{content:""}.fa-pencil:before{content:""}.fa-map-marker:before{content:""}.fa-adjust:before{content:""}.fa-tint:before{content:""}.fa-edit:before,.fa-pencil-square-o:before{content:""}.fa-share-square-o:before{content:""}.fa-check-square-o:before{content:""}.fa-arrows:before{content:""}.fa-step-backward:before{content:""}.fa-fast-backward:before{content:""}.fa-backward:before{content:""}.fa-play:before{content:""}.fa-pause:before{content:""}.fa-stop:before{content:""}.fa-forward:before{content:""}.fa-fast-forward:before{content:""}.fa-step-forward:before{content:""}.fa-eject:before{content:""}.fa-chevron-left:before{content:""}.fa-chevron-right:before{content:""}.fa-plus-circle:before{content:""}.fa-minus-circle:before{content:""}.fa-times-circle:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before{content:""}.fa-check-circle:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before{content:""}.fa-question-circle:before{content:""}.fa-info-circle:before{content:""}.fa-crosshairs:before{content:""}.fa-times-circle-o:before{content:""}.fa-check-circle-o:before{content:""}.fa-ban:before{content:""}.fa-arrow-left:before{content:""}.fa-arrow-right:before{content:""}.fa-arrow-up:before{content:""}.fa-arrow-down:before{content:""}.fa-mail-forward:before,.fa-share:before{content:""}.fa-expand:before{content:""}.fa-compress:before{content:""}.fa-plus:before{content:""}.fa-minus:before{content:""}.fa-asterisk:before{content:""}.fa-exclamation-circle:before,.rst-content .admonition-title:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before{content:""}.fa-gift:before{content:""}.fa-leaf:before{content:""}.fa-fire:before,.icon-fire:before{content:""}.fa-eye:before{content:""}.fa-eye-slash:before{content:""}.fa-exclamation-triangle:before,.fa-warning:before{content:""}.fa-plane:before{content:""}.fa-calendar:before{content:""}.fa-random:before{content:""}.fa-comment:before{content:""}.fa-magnet:before{content:""}.fa-chevron-up:before{content:""}.fa-chevron-down:before{content:""}.fa-retweet:before{content:""}.fa-shopping-cart:before{content:""}.fa-folder:before{content:""}.fa-folder-open:before{content:""}.fa-arrows-v:before{content:""}.fa-arrows-h:before{content:""}.fa-bar-chart-o:before,.fa-bar-chart:before{content:""}.fa-twitter-square:before{content:""}.fa-facebook-square:before{content:""}.fa-camera-retro:before{content:""}.fa-key:before{content:""}.fa-cogs:before,.fa-gears:before{content:""}.fa-comments:before{content:""}.fa-thumbs-o-up:before{content:""}.fa-thumbs-o-down:before{content:""}.fa-star-half:before{content:""}.fa-heart-o:before{content:""}.fa-sign-out:before{content:""}.fa-linkedin-square:before{content:""}.fa-thumb-tack:before{content:""}.fa-external-link:before{content:""}.fa-sign-in:before{content:""}.fa-trophy:before{content:""}.fa-github-square:before{content:""}.fa-upload:before{content:""}.fa-lemon-o:before{content:""}.fa-phone:before{content:""}.fa-square-o:before{content:""}.fa-bookmark-o:before{content:""}.fa-phone-square:before{content:""}.fa-twitter:before{content:""}.fa-facebook-f:before,.fa-facebook:before{content:""}.fa-github:before,.icon-github:before{content:""}.fa-unlock:before{content:""}.fa-credit-card:before{content:""}.fa-feed:before,.fa-rss:before{content:""}.fa-hdd-o:before{content:""}.fa-bullhorn:before{content:""}.fa-bell:before{content:""}.fa-certificate:before{content:""}.fa-hand-o-right:before{content:""}.fa-hand-o-left:before{content:""}.fa-hand-o-up:before{content:""}.fa-hand-o-down:before{content:""}.fa-arrow-circle-left:before,.icon-circle-arrow-left:before{content:""}.fa-arrow-circle-right:before,.icon-circle-arrow-right:before{content:""}.fa-arrow-circle-up:before{content:""}.fa-arrow-circle-down:before{content:""}.fa-globe:before{content:""}.fa-wrench:before{content:""}.fa-tasks:before{content:""}.fa-filter:before{content:""}.fa-briefcase:before{content:""}.fa-arrows-alt:before{content:""}.fa-group:before,.fa-users:before{content:""}.fa-chain:before,.fa-link:before,.icon-link:before{content:""}.fa-cloud:before{content:""}.fa-flask:before{content:""}.fa-cut:before,.fa-scissors:before{content:""}.fa-copy:before,.fa-files-o:before{content:""}.fa-paperclip:before{content:""}.fa-floppy-o:before,.fa-save:before{content:""}.fa-square:before{content:""}.fa-bars:before,.fa-navicon:before,.fa-reorder:before{content:""}.fa-list-ul:before{content:""}.fa-list-ol:before{content:""}.fa-strikethrough:before{content:""}.fa-underline:before{content:""}.fa-table:before{content:""}.fa-magic:before{content:""}.fa-truck:before{content:""}.fa-pinterest:before{content:""}.fa-pinterest-square:before{content:""}.fa-google-plus-square:before{content:""}.fa-google-plus:before{content:""}.fa-money:before{content:""}.fa-caret-down:before,.icon-caret-down:before,.wy-dropdown .caret:before{content:""}.fa-caret-up:before{content:""}.fa-caret-left:before{content:""}.fa-caret-right:before{content:""}.fa-columns:before{content:""}.fa-sort:before,.fa-unsorted:before{content:""}.fa-sort-desc:before,.fa-sort-down:before{content:""}.fa-sort-asc:before,.fa-sort-up:before{content:""}.fa-envelope:before{content:""}.fa-linkedin:before{content:""}.fa-rotate-left:before,.fa-undo:before{content:""}.fa-gavel:before,.fa-legal:before{content:""}.fa-dashboard:before,.fa-tachometer:before{content:""}.fa-comment-o:before{content:""}.fa-comments-o:before{content:""}.fa-bolt:before,.fa-flash:before{content:""}.fa-sitemap:before{content:""}.fa-umbrella:before{content:""}.fa-clipboard:before,.fa-paste:before{content:""}.fa-lightbulb-o:before{content:""}.fa-exchange:before{content:""}.fa-cloud-download:before{content:""}.fa-cloud-upload:before{content:""}.fa-user-md:before{content:""}.fa-stethoscope:before{content:""}.fa-suitcase:before{content:""}.fa-bell-o:before{content:""}.fa-coffee:before{content:""}.fa-cutlery:before{content:""}.fa-file-text-o:before{content:""}.fa-building-o:before{content:""}.fa-hospital-o:before{content:""}.fa-ambulance:before{content:""}.fa-medkit:before{content:""}.fa-fighter-jet:before{content:""}.fa-beer:before{content:""}.fa-h-square:before{content:""}.fa-plus-square:before{content:""}.fa-angle-double-left:before{content:""}.fa-angle-double-right:before{content:""}.fa-angle-double-up:before{content:""}.fa-angle-double-down:before{content:""}.fa-angle-left:before{content:""}.fa-angle-right:before{content:""}.fa-angle-up:before{content:""}.fa-angle-down:before{content:""}.fa-desktop:before{content:""}.fa-laptop:before{content:""}.fa-tablet:before{content:""}.fa-mobile-phone:before,.fa-mobile:before{content:""}.fa-circle-o:before{content:""}.fa-quote-left:before{content:""}.fa-quote-right:before{content:""}.fa-spinner:before{content:""}.fa-circle:before{content:""}.fa-mail-reply:before,.fa-reply:before{content:""}.fa-github-alt:before{content:""}.fa-folder-o:before{content:""}.fa-folder-open-o:before{content:""}.fa-smile-o:before{content:""}.fa-frown-o:before{content:""}.fa-meh-o:before{content:""}.fa-gamepad:before{content:""}.fa-keyboard-o:before{content:""}.fa-flag-o:before{content:""}.fa-flag-checkered:before{content:""}.fa-terminal:before{content:""}.fa-code:before{content:""}.fa-mail-reply-all:before,.fa-reply-all:before{content:""}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:""}.fa-location-arrow:before{content:""}.fa-crop:before{content:""}.fa-code-fork:before{content:""}.fa-chain-broken:before,.fa-unlink:before{content:""}.fa-question:before{content:""}.fa-info:before{content:""}.fa-exclamation:before{content:""}.fa-superscript:before{content:""}.fa-subscript:before{content:""}.fa-eraser:before{content:""}.fa-puzzle-piece:before{content:""}.fa-microphone:before{content:""}.fa-microphone-slash:before{content:""}.fa-shield:before{content:""}.fa-calendar-o:before{content:""}.fa-fire-extinguisher:before{content:""}.fa-rocket:before{content:""}.fa-maxcdn:before{content:""}.fa-chevron-circle-left:before{content:""}.fa-chevron-circle-right:before{content:""}.fa-chevron-circle-up:before{content:""}.fa-chevron-circle-down:before{content:""}.fa-html5:before{content:""}.fa-css3:before{content:""}.fa-anchor:before{content:""}.fa-unlock-alt:before{content:""}.fa-bullseye:before{content:""}.fa-ellipsis-h:before{content:""}.fa-ellipsis-v:before{content:""}.fa-rss-square:before{content:""}.fa-play-circle:before{content:""}.fa-ticket:before{content:""}.fa-minus-square:before{content:""}.fa-minus-square-o:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before{content:""}.fa-level-up:before{content:""}.fa-level-down:before{content:""}.fa-check-square:before{content:""}.fa-pencil-square:before{content:""}.fa-external-link-square:before{content:""}.fa-share-square:before{content:""}.fa-compass:before{content:""}.fa-caret-square-o-down:before,.fa-toggle-down:before{content:""}.fa-caret-square-o-up:before,.fa-toggle-up:before{content:""}.fa-caret-square-o-right:before,.fa-toggle-right:before{content:""}.fa-eur:before,.fa-euro:before{content:""}.fa-gbp:before{content:""}.fa-dollar:before,.fa-usd:before{content:""}.fa-inr:before,.fa-rupee:before{content:""}.fa-cny:before,.fa-jpy:before,.fa-rmb:before,.fa-yen:before{content:""}.fa-rouble:before,.fa-rub:before,.fa-ruble:before{content:""}.fa-krw:before,.fa-won:before{content:""}.fa-bitcoin:before,.fa-btc:before{content:""}.fa-file:before{content:""}.fa-file-text:before{content:""}.fa-sort-alpha-asc:before{content:""}.fa-sort-alpha-desc:before{content:""}.fa-sort-amount-asc:before{content:""}.fa-sort-amount-desc:before{content:""}.fa-sort-numeric-asc:before{content:""}.fa-sort-numeric-desc:before{content:""}.fa-thumbs-up:before{content:""}.fa-thumbs-down:before{content:""}.fa-youtube-square:before{content:""}.fa-youtube:before{content:""}.fa-xing:before{content:""}.fa-xing-square:before{content:""}.fa-youtube-play:before{content:""}.fa-dropbox:before{content:""}.fa-stack-overflow:before{content:""}.fa-instagram:before{content:""}.fa-flickr:before{content:""}.fa-adn:before{content:""}.fa-bitbucket:before,.icon-bitbucket:before{content:""}.fa-bitbucket-square:before{content:""}.fa-tumblr:before{content:""}.fa-tumblr-square:before{content:""}.fa-long-arrow-down:before{content:""}.fa-long-arrow-up:before{content:""}.fa-long-arrow-left:before{content:""}.fa-long-arrow-right:before{content:""}.fa-apple:before{content:""}.fa-windows:before{content:""}.fa-android:before{content:""}.fa-linux:before{content:""}.fa-dribbble:before{content:""}.fa-skype:before{content:""}.fa-foursquare:before{content:""}.fa-trello:before{content:""}.fa-female:before{content:""}.fa-male:before{content:""}.fa-gittip:before,.fa-gratipay:before{content:""}.fa-sun-o:before{content:""}.fa-moon-o:before{content:""}.fa-archive:before{content:""}.fa-bug:before{content:""}.fa-vk:before{content:""}.fa-weibo:before{content:""}.fa-renren:before{content:""}.fa-pagelines:before{content:""}.fa-stack-exchange:before{content:""}.fa-arrow-circle-o-right:before{content:""}.fa-arrow-circle-o-left:before{content:""}.fa-caret-square-o-left:before,.fa-toggle-left:before{content:""}.fa-dot-circle-o:before{content:""}.fa-wheelchair:before{content:""}.fa-vimeo-square:before{content:""}.fa-try:before,.fa-turkish-lira:before{content:""}.fa-plus-square-o:before,.wy-menu-vertical li button.toctree-expand:before{content:""}.fa-space-shuttle:before{content:""}.fa-slack:before{content:""}.fa-envelope-square:before{content:""}.fa-wordpress:before{content:""}.fa-openid:before{content:""}.fa-bank:before,.fa-institution:before,.fa-university:before{content:""}.fa-graduation-cap:before,.fa-mortar-board:before{content:""}.fa-yahoo:before{content:""}.fa-google:before{content:""}.fa-reddit:before{content:""}.fa-reddit-square:before{content:""}.fa-stumbleupon-circle:before{content:""}.fa-stumbleupon:before{content:""}.fa-delicious:before{content:""}.fa-digg:before{content:""}.fa-pied-piper-pp:before{content:""}.fa-pied-piper-alt:before{content:""}.fa-drupal:before{content:""}.fa-joomla:before{content:""}.fa-language:before{content:""}.fa-fax:before{content:""}.fa-building:before{content:""}.fa-child:before{content:""}.fa-paw:before{content:""}.fa-spoon:before{content:""}.fa-cube:before{content:""}.fa-cubes:before{content:""}.fa-behance:before{content:""}.fa-behance-square:before{content:""}.fa-steam:before{content:""}.fa-steam-square:before{content:""}.fa-recycle:before{content:""}.fa-automobile:before,.fa-car:before{content:""}.fa-cab:before,.fa-taxi:before{content:""}.fa-tree:before{content:""}.fa-spotify:before{content:""}.fa-deviantart:before{content:""}.fa-soundcloud:before{content:""}.fa-database:before{content:""}.fa-file-pdf-o:before{content:""}.fa-file-word-o:before{content:""}.fa-file-excel-o:before{content:""}.fa-file-powerpoint-o:before{content:""}.fa-file-image-o:before,.fa-file-photo-o:before,.fa-file-picture-o:before{content:""}.fa-file-archive-o:before,.fa-file-zip-o:before{content:""}.fa-file-audio-o:before,.fa-file-sound-o:before{content:""}.fa-file-movie-o:before,.fa-file-video-o:before{content:""}.fa-file-code-o:before{content:""}.fa-vine:before{content:""}.fa-codepen:before{content:""}.fa-jsfiddle:before{content:""}.fa-life-bouy:before,.fa-life-buoy:before,.fa-life-ring:before,.fa-life-saver:before,.fa-support:before{content:""}.fa-circle-o-notch:before{content:""}.fa-ra:before,.fa-rebel:before,.fa-resistance:before{content:""}.fa-empire:before,.fa-ge:before{content:""}.fa-git-square:before{content:""}.fa-git:before{content:""}.fa-hacker-news:before,.fa-y-combinator-square:before,.fa-yc-square:before{content:""}.fa-tencent-weibo:before{content:""}.fa-qq:before{content:""}.fa-wechat:before,.fa-weixin:before{content:""}.fa-paper-plane:before,.fa-send:before{content:""}.fa-paper-plane-o:before,.fa-send-o:before{content:""}.fa-history:before{content:""}.fa-circle-thin:before{content:""}.fa-header:before{content:""}.fa-paragraph:before{content:""}.fa-sliders:before{content:""}.fa-share-alt:before{content:""}.fa-share-alt-square:before{content:""}.fa-bomb:before{content:""}.fa-futbol-o:before,.fa-soccer-ball-o:before{content:""}.fa-tty:before{content:""}.fa-binoculars:before{content:""}.fa-plug:before{content:""}.fa-slideshare:before{content:""}.fa-twitch:before{content:""}.fa-yelp:before{content:""}.fa-newspaper-o:before{content:""}.fa-wifi:before{content:""}.fa-calculator:before{content:""}.fa-paypal:before{content:""}.fa-google-wallet:before{content:""}.fa-cc-visa:before{content:""}.fa-cc-mastercard:before{content:""}.fa-cc-discover:before{content:""}.fa-cc-amex:before{content:""}.fa-cc-paypal:before{content:""}.fa-cc-stripe:before{content:""}.fa-bell-slash:before{content:""}.fa-bell-slash-o:before{content:""}.fa-trash:before{content:""}.fa-copyright:before{content:""}.fa-at:before{content:""}.fa-eyedropper:before{content:""}.fa-paint-brush:before{content:""}.fa-birthday-cake:before{content:""}.fa-area-chart:before{content:""}.fa-pie-chart:before{content:""}.fa-line-chart:before{content:""}.fa-lastfm:before{content:""}.fa-lastfm-square:before{content:""}.fa-toggle-off:before{content:""}.fa-toggle-on:before{content:""}.fa-bicycle:before{content:""}.fa-bus:before{content:""}.fa-ioxhost:before{content:""}.fa-angellist:before{content:""}.fa-cc:before{content:""}.fa-ils:before,.fa-shekel:before,.fa-sheqel:before{content:""}.fa-meanpath:before{content:""}.fa-buysellads:before{content:""}.fa-connectdevelop:before{content:""}.fa-dashcube:before{content:""}.fa-forumbee:before{content:""}.fa-leanpub:before{content:""}.fa-sellsy:before{content:""}.fa-shirtsinbulk:before{content:""}.fa-simplybuilt:before{content:""}.fa-skyatlas:before{content:""}.fa-cart-plus:before{content:""}.fa-cart-arrow-down:before{content:""}.fa-diamond:before{content:""}.fa-ship:before{content:""}.fa-user-secret:before{content:""}.fa-motorcycle:before{content:""}.fa-street-view:before{content:""}.fa-heartbeat:before{content:""}.fa-venus:before{content:""}.fa-mars:before{content:""}.fa-mercury:before{content:""}.fa-intersex:before,.fa-transgender:before{content:""}.fa-transgender-alt:before{content:""}.fa-venus-double:before{content:""}.fa-mars-double:before{content:""}.fa-venus-mars:before{content:""}.fa-mars-stroke:before{content:""}.fa-mars-stroke-v:before{content:""}.fa-mars-stroke-h:before{content:""}.fa-neuter:before{content:""}.fa-genderless:before{content:""}.fa-facebook-official:before{content:""}.fa-pinterest-p:before{content:""}.fa-whatsapp:before{content:""}.fa-server:before{content:""}.fa-user-plus:before{content:""}.fa-user-times:before{content:""}.fa-bed:before,.fa-hotel:before{content:""}.fa-viacoin:before{content:""}.fa-train:before{content:""}.fa-subway:before{content:""}.fa-medium:before{content:""}.fa-y-combinator:before,.fa-yc:before{content:""}.fa-optin-monster:before{content:""}.fa-opencart:before{content:""}.fa-expeditedssl:before{content:""}.fa-battery-4:before,.fa-battery-full:before,.fa-battery:before{content:""}.fa-battery-3:before,.fa-battery-three-quarters:before{content:""}.fa-battery-2:before,.fa-battery-half:before{content:""}.fa-battery-1:before,.fa-battery-quarter:before{content:""}.fa-battery-0:before,.fa-battery-empty:before{content:""}.fa-mouse-pointer:before{content:""}.fa-i-cursor:before{content:""}.fa-object-group:before{content:""}.fa-object-ungroup:before{content:""}.fa-sticky-note:before{content:""}.fa-sticky-note-o:before{content:""}.fa-cc-jcb:before{content:""}.fa-cc-diners-club:before{content:""}.fa-clone:before{content:""}.fa-balance-scale:before{content:""}.fa-hourglass-o:before{content:""}.fa-hourglass-1:before,.fa-hourglass-start:before{content:""}.fa-hourglass-2:before,.fa-hourglass-half:before{content:""}.fa-hourglass-3:before,.fa-hourglass-end:before{content:""}.fa-hourglass:before{content:""}.fa-hand-grab-o:before,.fa-hand-rock-o:before{content:""}.fa-hand-paper-o:before,.fa-hand-stop-o:before{content:""}.fa-hand-scissors-o:before{content:""}.fa-hand-lizard-o:before{content:""}.fa-hand-spock-o:before{content:""}.fa-hand-pointer-o:before{content:""}.fa-hand-peace-o:before{content:""}.fa-trademark:before{content:""}.fa-registered:before{content:""}.fa-creative-commons:before{content:""}.fa-gg:before{content:""}.fa-gg-circle:before{content:""}.fa-tripadvisor:before{content:""}.fa-odnoklassniki:before{content:""}.fa-odnoklassniki-square:before{content:""}.fa-get-pocket:before{content:""}.fa-wikipedia-w:before{content:""}.fa-safari:before{content:""}.fa-chrome:before{content:""}.fa-firefox:before{content:""}.fa-opera:before{content:""}.fa-internet-explorer:before{content:""}.fa-television:before,.fa-tv:before{content:""}.fa-contao:before{content:""}.fa-500px:before{content:""}.fa-amazon:before{content:""}.fa-calendar-plus-o:before{content:""}.fa-calendar-minus-o:before{content:""}.fa-calendar-times-o:before{content:""}.fa-calendar-check-o:before{content:""}.fa-industry:before{content:""}.fa-map-pin:before{content:""}.fa-map-signs:before{content:""}.fa-map-o:before{content:""}.fa-map:before{content:""}.fa-commenting:before{content:""}.fa-commenting-o:before{content:""}.fa-houzz:before{content:""}.fa-vimeo:before{content:""}.fa-black-tie:before{content:""}.fa-fonticons:before{content:""}.fa-reddit-alien:before{content:""}.fa-edge:before{content:""}.fa-credit-card-alt:before{content:""}.fa-codiepie:before{content:""}.fa-modx:before{content:""}.fa-fort-awesome:before{content:""}.fa-usb:before{content:""}.fa-product-hunt:before{content:""}.fa-mixcloud:before{content:""}.fa-scribd:before{content:""}.fa-pause-circle:before{content:""}.fa-pause-circle-o:before{content:""}.fa-stop-circle:before{content:""}.fa-stop-circle-o:before{content:""}.fa-shopping-bag:before{content:""}.fa-shopping-basket:before{content:""}.fa-hashtag:before{content:""}.fa-bluetooth:before{content:""}.fa-bluetooth-b:before{content:""}.fa-percent:before{content:""}.fa-gitlab:before,.icon-gitlab:before{content:""}.fa-wpbeginner:before{content:""}.fa-wpforms:before{content:""}.fa-envira:before{content:""}.fa-universal-access:before{content:""}.fa-wheelchair-alt:before{content:""}.fa-question-circle-o:before{content:""}.fa-blind:before{content:""}.fa-audio-description:before{content:""}.fa-volume-control-phone:before{content:""}.fa-braille:before{content:""}.fa-assistive-listening-systems:before{content:""}.fa-american-sign-language-interpreting:before,.fa-asl-interpreting:before{content:""}.fa-deaf:before,.fa-deafness:before,.fa-hard-of-hearing:before{content:""}.fa-glide:before{content:""}.fa-glide-g:before{content:""}.fa-sign-language:before,.fa-signing:before{content:""}.fa-low-vision:before{content:""}.fa-viadeo:before{content:""}.fa-viadeo-square:before{content:""}.fa-snapchat:before{content:""}.fa-snapchat-ghost:before{content:""}.fa-snapchat-square:before{content:""}.fa-pied-piper:before{content:""}.fa-first-order:before{content:""}.fa-yoast:before{content:""}.fa-themeisle:before{content:""}.fa-google-plus-circle:before,.fa-google-plus-official:before{content:""}.fa-fa:before,.fa-font-awesome:before{content:""}.fa-handshake-o:before{content:""}.fa-envelope-open:before{content:""}.fa-envelope-open-o:before{content:""}.fa-linode:before{content:""}.fa-address-book:before{content:""}.fa-address-book-o:before{content:""}.fa-address-card:before,.fa-vcard:before{content:""}.fa-address-card-o:before,.fa-vcard-o:before{content:""}.fa-user-circle:before{content:""}.fa-user-circle-o:before{content:""}.fa-user-o:before{content:""}.fa-id-badge:before{content:""}.fa-drivers-license:before,.fa-id-card:before{content:""}.fa-drivers-license-o:before,.fa-id-card-o:before{content:""}.fa-quora:before{content:""}.fa-free-code-camp:before{content:""}.fa-telegram:before{content:""}.fa-thermometer-4:before,.fa-thermometer-full:before,.fa-thermometer:before{content:""}.fa-thermometer-3:before,.fa-thermometer-three-quarters:before{content:""}.fa-thermometer-2:before,.fa-thermometer-half:before{content:""}.fa-thermometer-1:before,.fa-thermometer-quarter:before{content:""}.fa-thermometer-0:before,.fa-thermometer-empty:before{content:""}.fa-shower:before{content:""}.fa-bath:before,.fa-bathtub:before,.fa-s15:before{content:""}.fa-podcast:before{content:""}.fa-window-maximize:before{content:""}.fa-window-minimize:before{content:""}.fa-window-restore:before{content:""}.fa-times-rectangle:before,.fa-window-close:before{content:""}.fa-times-rectangle-o:before,.fa-window-close-o:before{content:""}.fa-bandcamp:before{content:""}.fa-grav:before{content:""}.fa-etsy:before{content:""}.fa-imdb:before{content:""}.fa-ravelry:before{content:""}.fa-eercast:before{content:""}.fa-microchip:before{content:""}.fa-snowflake-o:before{content:""}.fa-superpowers:before{content:""}.fa-wpexplorer:before{content:""}.fa-meetup:before{content:""}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-dropdown .caret,.wy-inline-validate.wy-inline-validate-danger .wy-input-context,.wy-inline-validate.wy-inline-validate-info .wy-input-context,.wy-inline-validate.wy-inline-validate-success .wy-input-context,.wy-inline-validate.wy-inline-validate-warning .wy-input-context,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{font-family:inherit}.fa:before,.icon:before,.rst-content .admonition-title:before,.rst-content .code-block-caption .headerlink:before,.rst-content .eqno .headerlink:before,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before{font-family:FontAwesome;display:inline-block;font-style:normal;font-weight:400;line-height:1;text-decoration:inherit}.rst-content .code-block-caption a .headerlink,.rst-content .eqno a .headerlink,.rst-content a .admonition-title,.rst-content code.download a span:first-child,.rst-content dl dt a .headerlink,.rst-content h1 a .headerlink,.rst-content h2 a .headerlink,.rst-content h3 a .headerlink,.rst-content h4 a .headerlink,.rst-content h5 a .headerlink,.rst-content h6 a .headerlink,.rst-content p.caption a .headerlink,.rst-content p a .headerlink,.rst-content table>caption a .headerlink,.rst-content tt.download a span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li a button.toctree-expand,a .fa,a .icon,a .rst-content .admonition-title,a .rst-content .code-block-caption .headerlink,a .rst-content .eqno .headerlink,a .rst-content code.download span:first-child,a .rst-content dl dt .headerlink,a .rst-content h1 .headerlink,a .rst-content h2 .headerlink,a .rst-content h3 .headerlink,a .rst-content h4 .headerlink,a .rst-content h5 .headerlink,a .rst-content h6 .headerlink,a .rst-content p.caption .headerlink,a .rst-content p .headerlink,a .rst-content table>caption .headerlink,a .rst-content tt.download span:first-child,a .wy-menu-vertical li button.toctree-expand{display:inline-block;text-decoration:inherit}.btn .fa,.btn .icon,.btn .rst-content .admonition-title,.btn .rst-content .code-block-caption .headerlink,.btn .rst-content .eqno .headerlink,.btn .rst-content code.download span:first-child,.btn .rst-content dl dt .headerlink,.btn .rst-content h1 .headerlink,.btn .rst-content h2 .headerlink,.btn .rst-content h3 .headerlink,.btn .rst-content h4 .headerlink,.btn .rst-content h5 .headerlink,.btn .rst-content h6 .headerlink,.btn .rst-content p .headerlink,.btn .rst-content table>caption .headerlink,.btn .rst-content tt.download span:first-child,.btn .wy-menu-vertical li.current>a button.toctree-expand,.btn .wy-menu-vertical li.on a button.toctree-expand,.btn .wy-menu-vertical li button.toctree-expand,.nav .fa,.nav .icon,.nav .rst-content .admonition-title,.nav .rst-content .code-block-caption .headerlink,.nav .rst-content .eqno .headerlink,.nav .rst-content code.download span:first-child,.nav .rst-content dl dt .headerlink,.nav .rst-content h1 .headerlink,.nav .rst-content h2 .headerlink,.nav .rst-content h3 .headerlink,.nav .rst-content h4 .headerlink,.nav .rst-content h5 .headerlink,.nav .rst-content h6 .headerlink,.nav .rst-content p .headerlink,.nav .rst-content table>caption .headerlink,.nav .rst-content tt.download span:first-child,.nav .wy-menu-vertical li.current>a button.toctree-expand,.nav .wy-menu-vertical li.on a button.toctree-expand,.nav .wy-menu-vertical li button.toctree-expand,.rst-content .btn .admonition-title,.rst-content .code-block-caption .btn .headerlink,.rst-content .code-block-caption .nav .headerlink,.rst-content .eqno .btn .headerlink,.rst-content .eqno .nav .headerlink,.rst-content .nav .admonition-title,.rst-content code.download .btn span:first-child,.rst-content code.download .nav span:first-child,.rst-content dl dt .btn .headerlink,.rst-content dl dt .nav .headerlink,.rst-content h1 .btn .headerlink,.rst-content h1 .nav .headerlink,.rst-content h2 .btn .headerlink,.rst-content h2 .nav .headerlink,.rst-content h3 .btn .headerlink,.rst-content h3 .nav .headerlink,.rst-content h4 .btn .headerlink,.rst-content h4 .nav .headerlink,.rst-content h5 .btn .headerlink,.rst-content h5 .nav .headerlink,.rst-content h6 .btn .headerlink,.rst-content h6 .nav .headerlink,.rst-content p .btn .headerlink,.rst-content p .nav .headerlink,.rst-content table>caption .btn .headerlink,.rst-content table>caption .nav .headerlink,.rst-content tt.download .btn span:first-child,.rst-content tt.download .nav span:first-child,.wy-menu-vertical li .btn button.toctree-expand,.wy-menu-vertical li.current>a .btn button.toctree-expand,.wy-menu-vertical li.current>a .nav button.toctree-expand,.wy-menu-vertical li .nav button.toctree-expand,.wy-menu-vertical li.on a .btn button.toctree-expand,.wy-menu-vertical li.on a .nav button.toctree-expand{display:inline}.btn .fa-large.icon,.btn .fa.fa-large,.btn .rst-content .code-block-caption .fa-large.headerlink,.btn .rst-content .eqno .fa-large.headerlink,.btn .rst-content .fa-large.admonition-title,.btn .rst-content code.download span.fa-large:first-child,.btn .rst-content dl dt .fa-large.headerlink,.btn .rst-content h1 .fa-large.headerlink,.btn .rst-content h2 .fa-large.headerlink,.btn .rst-content h3 .fa-large.headerlink,.btn .rst-content h4 .fa-large.headerlink,.btn .rst-content h5 .fa-large.headerlink,.btn .rst-content h6 .fa-large.headerlink,.btn .rst-content p .fa-large.headerlink,.btn .rst-content table>caption .fa-large.headerlink,.btn .rst-content tt.download span.fa-large:first-child,.btn .wy-menu-vertical li button.fa-large.toctree-expand,.nav .fa-large.icon,.nav .fa.fa-large,.nav .rst-content .code-block-caption .fa-large.headerlink,.nav .rst-content .eqno .fa-large.headerlink,.nav .rst-content .fa-large.admonition-title,.nav .rst-content code.download span.fa-large:first-child,.nav .rst-content dl dt .fa-large.headerlink,.nav .rst-content h1 .fa-large.headerlink,.nav .rst-content h2 .fa-large.headerlink,.nav .rst-content h3 .fa-large.headerlink,.nav .rst-content h4 .fa-large.headerlink,.nav .rst-content h5 .fa-large.headerlink,.nav .rst-content h6 .fa-large.headerlink,.nav .rst-content p .fa-large.headerlink,.nav .rst-content table>caption .fa-large.headerlink,.nav .rst-content tt.download span.fa-large:first-child,.nav .wy-menu-vertical li button.fa-large.toctree-expand,.rst-content .btn .fa-large.admonition-title,.rst-content .code-block-caption .btn .fa-large.headerlink,.rst-content .code-block-caption .nav .fa-large.headerlink,.rst-content .eqno .btn .fa-large.headerlink,.rst-content .eqno .nav .fa-large.headerlink,.rst-content .nav .fa-large.admonition-title,.rst-content code.download .btn span.fa-large:first-child,.rst-content code.download .nav span.fa-large:first-child,.rst-content dl dt .btn .fa-large.headerlink,.rst-content dl dt .nav .fa-large.headerlink,.rst-content h1 .btn .fa-large.headerlink,.rst-content h1 .nav .fa-large.headerlink,.rst-content h2 .btn .fa-large.headerlink,.rst-content h2 .nav .fa-large.headerlink,.rst-content h3 .btn .fa-large.headerlink,.rst-content h3 .nav .fa-large.headerlink,.rst-content h4 .btn .fa-large.headerlink,.rst-content h4 .nav .fa-large.headerlink,.rst-content h5 .btn .fa-large.headerlink,.rst-content h5 .nav .fa-large.headerlink,.rst-content h6 .btn .fa-large.headerlink,.rst-content h6 .nav .fa-large.headerlink,.rst-content p .btn .fa-large.headerlink,.rst-content p .nav .fa-large.headerlink,.rst-content table>caption .btn .fa-large.headerlink,.rst-content table>caption .nav .fa-large.headerlink,.rst-content tt.download .btn span.fa-large:first-child,.rst-content tt.download .nav span.fa-large:first-child,.wy-menu-vertical li .btn button.fa-large.toctree-expand,.wy-menu-vertical li .nav button.fa-large.toctree-expand{line-height:.9em}.btn .fa-spin.icon,.btn .fa.fa-spin,.btn .rst-content .code-block-caption .fa-spin.headerlink,.btn .rst-content .eqno .fa-spin.headerlink,.btn .rst-content .fa-spin.admonition-title,.btn .rst-content code.download span.fa-spin:first-child,.btn .rst-content dl dt .fa-spin.headerlink,.btn .rst-content h1 .fa-spin.headerlink,.btn .rst-content h2 .fa-spin.headerlink,.btn .rst-content h3 .fa-spin.headerlink,.btn .rst-content h4 .fa-spin.headerlink,.btn .rst-content h5 .fa-spin.headerlink,.btn .rst-content h6 .fa-spin.headerlink,.btn .rst-content p .fa-spin.headerlink,.btn .rst-content table>caption .fa-spin.headerlink,.btn .rst-content tt.download span.fa-spin:first-child,.btn .wy-menu-vertical li button.fa-spin.toctree-expand,.nav .fa-spin.icon,.nav .fa.fa-spin,.nav .rst-content .code-block-caption .fa-spin.headerlink,.nav .rst-content .eqno .fa-spin.headerlink,.nav .rst-content .fa-spin.admonition-title,.nav .rst-content code.download span.fa-spin:first-child,.nav .rst-content dl dt .fa-spin.headerlink,.nav .rst-content h1 .fa-spin.headerlink,.nav .rst-content h2 .fa-spin.headerlink,.nav .rst-content h3 .fa-spin.headerlink,.nav .rst-content h4 .fa-spin.headerlink,.nav .rst-content h5 .fa-spin.headerlink,.nav .rst-content h6 .fa-spin.headerlink,.nav .rst-content p .fa-spin.headerlink,.nav .rst-content table>caption .fa-spin.headerlink,.nav .rst-content tt.download span.fa-spin:first-child,.nav .wy-menu-vertical li button.fa-spin.toctree-expand,.rst-content .btn .fa-spin.admonition-title,.rst-content .code-block-caption .btn .fa-spin.headerlink,.rst-content .code-block-caption .nav .fa-spin.headerlink,.rst-content .eqno .btn .fa-spin.headerlink,.rst-content .eqno .nav .fa-spin.headerlink,.rst-content .nav .fa-spin.admonition-title,.rst-content code.download .btn span.fa-spin:first-child,.rst-content code.download .nav span.fa-spin:first-child,.rst-content dl dt .btn .fa-spin.headerlink,.rst-content dl dt .nav .fa-spin.headerlink,.rst-content h1 .btn .fa-spin.headerlink,.rst-content h1 .nav .fa-spin.headerlink,.rst-content h2 .btn .fa-spin.headerlink,.rst-content h2 .nav .fa-spin.headerlink,.rst-content h3 .btn .fa-spin.headerlink,.rst-content h3 .nav .fa-spin.headerlink,.rst-content h4 .btn .fa-spin.headerlink,.rst-content h4 .nav .fa-spin.headerlink,.rst-content h5 .btn .fa-spin.headerlink,.rst-content h5 .nav .fa-spin.headerlink,.rst-content h6 .btn .fa-spin.headerlink,.rst-content h6 .nav .fa-spin.headerlink,.rst-content p .btn .fa-spin.headerlink,.rst-content p .nav .fa-spin.headerlink,.rst-content table>caption .btn .fa-spin.headerlink,.rst-content table>caption .nav .fa-spin.headerlink,.rst-content tt.download .btn span.fa-spin:first-child,.rst-content tt.download .nav span.fa-spin:first-child,.wy-menu-vertical li .btn button.fa-spin.toctree-expand,.wy-menu-vertical li .nav button.fa-spin.toctree-expand{display:inline-block}.btn.fa:before,.btn.icon:before,.rst-content .btn.admonition-title:before,.rst-content .code-block-caption .btn.headerlink:before,.rst-content .eqno .btn.headerlink:before,.rst-content code.download span.btn:first-child:before,.rst-content dl dt .btn.headerlink:before,.rst-content h1 .btn.headerlink:before,.rst-content h2 .btn.headerlink:before,.rst-content h3 .btn.headerlink:before,.rst-content h4 .btn.headerlink:before,.rst-content h5 .btn.headerlink:before,.rst-content h6 .btn.headerlink:before,.rst-content p .btn.headerlink:before,.rst-content table>caption .btn.headerlink:before,.rst-content tt.download span.btn:first-child:before,.wy-menu-vertical li button.btn.toctree-expand:before{opacity:.5;-webkit-transition:opacity .05s ease-in;-moz-transition:opacity .05s ease-in;transition:opacity .05s ease-in}.btn.fa:hover:before,.btn.icon:hover:before,.rst-content .btn.admonition-title:hover:before,.rst-content .code-block-caption .btn.headerlink:hover:before,.rst-content .eqno .btn.headerlink:hover:before,.rst-content code.download span.btn:first-child:hover:before,.rst-content dl dt .btn.headerlink:hover:before,.rst-content h1 .btn.headerlink:hover:before,.rst-content h2 .btn.headerlink:hover:before,.rst-content h3 .btn.headerlink:hover:before,.rst-content h4 .btn.headerlink:hover:before,.rst-content h5 .btn.headerlink:hover:before,.rst-content h6 .btn.headerlink:hover:before,.rst-content p .btn.headerlink:hover:before,.rst-content table>caption .btn.headerlink:hover:before,.rst-content tt.download span.btn:first-child:hover:before,.wy-menu-vertical li button.btn.toctree-expand:hover:before{opacity:1}.btn-mini .fa:before,.btn-mini .icon:before,.btn-mini .rst-content .admonition-title:before,.btn-mini .rst-content .code-block-caption .headerlink:before,.btn-mini .rst-content .eqno .headerlink:before,.btn-mini .rst-content code.download span:first-child:before,.btn-mini .rst-content dl dt .headerlink:before,.btn-mini .rst-content h1 .headerlink:before,.btn-mini .rst-content h2 .headerlink:before,.btn-mini .rst-content h3 .headerlink:before,.btn-mini .rst-content h4 .headerlink:before,.btn-mini .rst-content h5 .headerlink:before,.btn-mini .rst-content h6 .headerlink:before,.btn-mini .rst-content p .headerlink:before,.btn-mini .rst-content table>caption .headerlink:before,.btn-mini .rst-content tt.download span:first-child:before,.btn-mini .wy-menu-vertical li button.toctree-expand:before,.rst-content .btn-mini .admonition-title:before,.rst-content .code-block-caption .btn-mini .headerlink:before,.rst-content .eqno .btn-mini .headerlink:before,.rst-content code.download .btn-mini span:first-child:before,.rst-content dl dt .btn-mini .headerlink:before,.rst-content h1 .btn-mini .headerlink:before,.rst-content h2 .btn-mini .headerlink:before,.rst-content h3 .btn-mini .headerlink:before,.rst-content h4 .btn-mini .headerlink:before,.rst-content h5 .btn-mini .headerlink:before,.rst-content h6 .btn-mini .headerlink:before,.rst-content p .btn-mini .headerlink:before,.rst-content table>caption .btn-mini .headerlink:before,.rst-content tt.download .btn-mini span:first-child:before,.wy-menu-vertical li .btn-mini button.toctree-expand:before{font-size:14px;vertical-align:-15%}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.wy-alert{padding:12px;line-height:24px;margin-bottom:24px;background:#e7f2fa}.rst-content .admonition-title,.wy-alert-title{font-weight:700;display:block;color:#fff;background:#6ab0de;padding:6px 12px;margin:-12px -12px 12px}.rst-content .danger,.rst-content .error,.rst-content .wy-alert-danger.admonition,.rst-content .wy-alert-danger.admonition-todo,.rst-content .wy-alert-danger.attention,.rst-content .wy-alert-danger.caution,.rst-content .wy-alert-danger.hint,.rst-content .wy-alert-danger.important,.rst-content .wy-alert-danger.note,.rst-content .wy-alert-danger.seealso,.rst-content .wy-alert-danger.tip,.rst-content .wy-alert-danger.warning,.wy-alert.wy-alert-danger{background:#fdf3f2}.rst-content .danger .admonition-title,.rst-content .danger .wy-alert-title,.rst-content .error .admonition-title,.rst-content .error .wy-alert-title,.rst-content .wy-alert-danger.admonition-todo .admonition-title,.rst-content .wy-alert-danger.admonition-todo .wy-alert-title,.rst-content .wy-alert-danger.admonition .admonition-title,.rst-content .wy-alert-danger.admonition .wy-alert-title,.rst-content .wy-alert-danger.attention .admonition-title,.rst-content .wy-alert-danger.attention .wy-alert-title,.rst-content .wy-alert-danger.caution .admonition-title,.rst-content .wy-alert-danger.caution .wy-alert-title,.rst-content .wy-alert-danger.hint .admonition-title,.rst-content .wy-alert-danger.hint .wy-alert-title,.rst-content .wy-alert-danger.important .admonition-title,.rst-content .wy-alert-danger.important .wy-alert-title,.rst-content .wy-alert-danger.note .admonition-title,.rst-content .wy-alert-danger.note .wy-alert-title,.rst-content .wy-alert-danger.seealso .admonition-title,.rst-content .wy-alert-danger.seealso .wy-alert-title,.rst-content .wy-alert-danger.tip .admonition-title,.rst-content .wy-alert-danger.tip .wy-alert-title,.rst-content .wy-alert-danger.warning .admonition-title,.rst-content .wy-alert-danger.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-danger .admonition-title,.wy-alert.wy-alert-danger .rst-content .admonition-title,.wy-alert.wy-alert-danger .wy-alert-title{background:#f29f97}.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .warning,.rst-content .wy-alert-warning.admonition,.rst-content .wy-alert-warning.danger,.rst-content .wy-alert-warning.error,.rst-content .wy-alert-warning.hint,.rst-content .wy-alert-warning.important,.rst-content .wy-alert-warning.note,.rst-content .wy-alert-warning.seealso,.rst-content .wy-alert-warning.tip,.wy-alert.wy-alert-warning{background:#ffedcc}.rst-content .admonition-todo .admonition-title,.rst-content .admonition-todo .wy-alert-title,.rst-content .attention .admonition-title,.rst-content .attention .wy-alert-title,.rst-content .caution .admonition-title,.rst-content .caution .wy-alert-title,.rst-content .warning .admonition-title,.rst-content .warning .wy-alert-title,.rst-content .wy-alert-warning.admonition .admonition-title,.rst-content .wy-alert-warning.admonition .wy-alert-title,.rst-content .wy-alert-warning.danger .admonition-title,.rst-content .wy-alert-warning.danger .wy-alert-title,.rst-content .wy-alert-warning.error .admonition-title,.rst-content .wy-alert-warning.error .wy-alert-title,.rst-content .wy-alert-warning.hint .admonition-title,.rst-content .wy-alert-warning.hint .wy-alert-title,.rst-content .wy-alert-warning.important .admonition-title,.rst-content .wy-alert-warning.important .wy-alert-title,.rst-content .wy-alert-warning.note .admonition-title,.rst-content .wy-alert-warning.note .wy-alert-title,.rst-content .wy-alert-warning.seealso .admonition-title,.rst-content .wy-alert-warning.seealso .wy-alert-title,.rst-content .wy-alert-warning.tip .admonition-title,.rst-content .wy-alert-warning.tip .wy-alert-title,.rst-content .wy-alert.wy-alert-warning .admonition-title,.wy-alert.wy-alert-warning .rst-content .admonition-title,.wy-alert.wy-alert-warning .wy-alert-title{background:#f0b37e}.rst-content .note,.rst-content .seealso,.rst-content .wy-alert-info.admonition,.rst-content .wy-alert-info.admonition-todo,.rst-content .wy-alert-info.attention,.rst-content .wy-alert-info.caution,.rst-content .wy-alert-info.danger,.rst-content .wy-alert-info.error,.rst-content .wy-alert-info.hint,.rst-content .wy-alert-info.important,.rst-content .wy-alert-info.tip,.rst-content .wy-alert-info.warning,.wy-alert.wy-alert-info{background:#e7f2fa}.rst-content .note .admonition-title,.rst-content .note .wy-alert-title,.rst-content .seealso .admonition-title,.rst-content .seealso .wy-alert-title,.rst-content .wy-alert-info.admonition-todo .admonition-title,.rst-content .wy-alert-info.admonition-todo .wy-alert-title,.rst-content .wy-alert-info.admonition .admonition-title,.rst-content .wy-alert-info.admonition .wy-alert-title,.rst-content .wy-alert-info.attention .admonition-title,.rst-content .wy-alert-info.attention .wy-alert-title,.rst-content .wy-alert-info.caution .admonition-title,.rst-content .wy-alert-info.caution .wy-alert-title,.rst-content .wy-alert-info.danger .admonition-title,.rst-content .wy-alert-info.danger .wy-alert-title,.rst-content .wy-alert-info.error .admonition-title,.rst-content .wy-alert-info.error .wy-alert-title,.rst-content .wy-alert-info.hint .admonition-title,.rst-content .wy-alert-info.hint .wy-alert-title,.rst-content .wy-alert-info.important .admonition-title,.rst-content .wy-alert-info.important .wy-alert-title,.rst-content .wy-alert-info.tip .admonition-title,.rst-content .wy-alert-info.tip .wy-alert-title,.rst-content .wy-alert-info.warning .admonition-title,.rst-content .wy-alert-info.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-info .admonition-title,.wy-alert.wy-alert-info .rst-content .admonition-title,.wy-alert.wy-alert-info .wy-alert-title{background:#6ab0de}.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .wy-alert-success.admonition,.rst-content .wy-alert-success.admonition-todo,.rst-content .wy-alert-success.attention,.rst-content .wy-alert-success.caution,.rst-content .wy-alert-success.danger,.rst-content .wy-alert-success.error,.rst-content .wy-alert-success.note,.rst-content .wy-alert-success.seealso,.rst-content .wy-alert-success.warning,.wy-alert.wy-alert-success{background:#dbfaf4}.rst-content .hint .admonition-title,.rst-content .hint .wy-alert-title,.rst-content .important .admonition-title,.rst-content .important .wy-alert-title,.rst-content .tip .admonition-title,.rst-content .tip .wy-alert-title,.rst-content .wy-alert-success.admonition-todo .admonition-title,.rst-content .wy-alert-success.admonition-todo .wy-alert-title,.rst-content .wy-alert-success.admonition .admonition-title,.rst-content .wy-alert-success.admonition .wy-alert-title,.rst-content .wy-alert-success.attention .admonition-title,.rst-content .wy-alert-success.attention .wy-alert-title,.rst-content .wy-alert-success.caution .admonition-title,.rst-content .wy-alert-success.caution .wy-alert-title,.rst-content .wy-alert-success.danger .admonition-title,.rst-content .wy-alert-success.danger .wy-alert-title,.rst-content .wy-alert-success.error .admonition-title,.rst-content .wy-alert-success.error .wy-alert-title,.rst-content .wy-alert-success.note .admonition-title,.rst-content .wy-alert-success.note .wy-alert-title,.rst-content .wy-alert-success.seealso .admonition-title,.rst-content .wy-alert-success.seealso .wy-alert-title,.rst-content .wy-alert-success.warning .admonition-title,.rst-content .wy-alert-success.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-success .admonition-title,.wy-alert.wy-alert-success .rst-content .admonition-title,.wy-alert.wy-alert-success .wy-alert-title{background:#1abc9c}.rst-content .wy-alert-neutral.admonition,.rst-content .wy-alert-neutral.admonition-todo,.rst-content .wy-alert-neutral.attention,.rst-content .wy-alert-neutral.caution,.rst-content .wy-alert-neutral.danger,.rst-content .wy-alert-neutral.error,.rst-content .wy-alert-neutral.hint,.rst-content .wy-alert-neutral.important,.rst-content .wy-alert-neutral.note,.rst-content .wy-alert-neutral.seealso,.rst-content .wy-alert-neutral.tip,.rst-content .wy-alert-neutral.warning,.wy-alert.wy-alert-neutral{background:#f3f6f6}.rst-content .wy-alert-neutral.admonition-todo .admonition-title,.rst-content .wy-alert-neutral.admonition-todo .wy-alert-title,.rst-content .wy-alert-neutral.admonition .admonition-title,.rst-content .wy-alert-neutral.admonition .wy-alert-title,.rst-content .wy-alert-neutral.attention .admonition-title,.rst-content .wy-alert-neutral.attention .wy-alert-title,.rst-content .wy-alert-neutral.caution .admonition-title,.rst-content .wy-alert-neutral.caution .wy-alert-title,.rst-content .wy-alert-neutral.danger .admonition-title,.rst-content .wy-alert-neutral.danger .wy-alert-title,.rst-content .wy-alert-neutral.error .admonition-title,.rst-content .wy-alert-neutral.error .wy-alert-title,.rst-content .wy-alert-neutral.hint .admonition-title,.rst-content .wy-alert-neutral.hint .wy-alert-title,.rst-content .wy-alert-neutral.important .admonition-title,.rst-content .wy-alert-neutral.important .wy-alert-title,.rst-content .wy-alert-neutral.note .admonition-title,.rst-content .wy-alert-neutral.note .wy-alert-title,.rst-content .wy-alert-neutral.seealso .admonition-title,.rst-content .wy-alert-neutral.seealso .wy-alert-title,.rst-content .wy-alert-neutral.tip .admonition-title,.rst-content .wy-alert-neutral.tip .wy-alert-title,.rst-content .wy-alert-neutral.warning .admonition-title,.rst-content .wy-alert-neutral.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-neutral .admonition-title,.wy-alert.wy-alert-neutral .rst-content .admonition-title,.wy-alert.wy-alert-neutral .wy-alert-title{color:#404040;background:#e1e4e5}.rst-content .wy-alert-neutral.admonition-todo a,.rst-content .wy-alert-neutral.admonition a,.rst-content .wy-alert-neutral.attention a,.rst-content .wy-alert-neutral.caution a,.rst-content .wy-alert-neutral.danger a,.rst-content .wy-alert-neutral.error a,.rst-content .wy-alert-neutral.hint a,.rst-content .wy-alert-neutral.important a,.rst-content .wy-alert-neutral.note a,.rst-content .wy-alert-neutral.seealso a,.rst-content .wy-alert-neutral.tip a,.rst-content .wy-alert-neutral.warning a,.wy-alert.wy-alert-neutral a{color:#2980b9}.rst-content .admonition-todo p:last-child,.rst-content .admonition p:last-child,.rst-content .attention p:last-child,.rst-content .caution p:last-child,.rst-content .danger p:last-child,.rst-content .error p:last-child,.rst-content .hint p:last-child,.rst-content .important p:last-child,.rst-content .note p:last-child,.rst-content .seealso p:last-child,.rst-content .tip p:last-child,.rst-content .warning p:last-child,.wy-alert p:last-child{margin-bottom:0}.wy-tray-container{position:fixed;bottom:0;left:0;z-index:600}.wy-tray-container li{display:block;width:300px;background:transparent;color:#fff;text-align:center;box-shadow:0 5px 5px 0 rgba(0,0,0,.1);padding:0 24px;min-width:20%;opacity:0;height:0;line-height:56px;overflow:hidden;-webkit-transition:all .3s ease-in;-moz-transition:all .3s ease-in;transition:all .3s ease-in}.wy-tray-container li.wy-tray-item-success{background:#27ae60}.wy-tray-container li.wy-tray-item-info{background:#2980b9}.wy-tray-container li.wy-tray-item-warning{background:#e67e22}.wy-tray-container li.wy-tray-item-danger{background:#e74c3c}.wy-tray-container li.on{opacity:1;height:56px}@media screen and (max-width:768px){.wy-tray-container{bottom:auto;top:0;width:100%}.wy-tray-container li{width:100%}}button{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle;cursor:pointer;line-height:normal;-webkit-appearance:button;*overflow:visible}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}button[disabled]{cursor:default}.btn{display:inline-block;border-radius:2px;line-height:normal;white-space:nowrap;text-align:center;cursor:pointer;font-size:100%;padding:6px 12px 8px;color:#fff;border:1px solid rgba(0,0,0,.1);background-color:#27ae60;text-decoration:none;font-weight:400;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 2px -1px hsla(0,0%,100%,.5),inset 0 -2px 0 0 rgba(0,0,0,.1);outline-none:false;vertical-align:middle;*display:inline;zoom:1;-webkit-user-drag:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-transition:all .1s linear;-moz-transition:all .1s linear;transition:all .1s linear}.btn-hover{background:#2e8ece;color:#fff}.btn:hover{background:#2cc36b;color:#fff}.btn:focus{background:#2cc36b;outline:0}.btn:active{box-shadow:inset 0 -1px 0 0 rgba(0,0,0,.05),inset 0 2px 0 0 rgba(0,0,0,.1);padding:8px 12px 6px}.btn:visited{color:#fff}.btn-disabled,.btn-disabled:active,.btn-disabled:focus,.btn-disabled:hover,.btn:disabled{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:.4;cursor:not-allowed;box-shadow:none}.btn::-moz-focus-inner{padding:0;border:0}.btn-small{font-size:80%}.btn-info{background-color:#2980b9!important}.btn-info:hover{background-color:#2e8ece!important}.btn-neutral{background-color:#f3f6f6!important;color:#404040!important}.btn-neutral:hover{background-color:#e5ebeb!important;color:#404040}.btn-neutral:visited{color:#404040!important}.btn-success{background-color:#27ae60!important}.btn-success:hover{background-color:#295!important}.btn-danger{background-color:#e74c3c!important}.btn-danger:hover{background-color:#ea6153!important}.btn-warning{background-color:#e67e22!important}.btn-warning:hover{background-color:#e98b39!important}.btn-invert{background-color:#222}.btn-invert:hover{background-color:#2f2f2f!important}.btn-link{background-color:transparent!important;color:#2980b9;box-shadow:none;border-color:transparent!important}.btn-link:active,.btn-link:hover{background-color:transparent!important;color:#409ad5!important;box-shadow:none}.btn-link:visited{color:#9b59b6}.wy-btn-group .btn,.wy-control .btn{vertical-align:middle}.wy-btn-group{margin-bottom:24px;*zoom:1}.wy-btn-group:after,.wy-btn-group:before{display:table;content:""}.wy-btn-group:after{clear:both}.wy-dropdown{position:relative;display:inline-block}.wy-dropdown-active .wy-dropdown-menu{display:block}.wy-dropdown-menu{position:absolute;left:0;display:none;float:left;top:100%;min-width:100%;background:#fcfcfc;z-index:100;border:1px solid #cfd7dd;box-shadow:0 2px 2px 0 rgba(0,0,0,.1);padding:12px}.wy-dropdown-menu>dd>a{display:block;clear:both;color:#404040;white-space:nowrap;font-size:90%;padding:0 12px;cursor:pointer}.wy-dropdown-menu>dd>a:hover{background:#2980b9;color:#fff}.wy-dropdown-menu>dd.divider{border-top:1px solid #cfd7dd;margin:6px 0}.wy-dropdown-menu>dd.search{padding-bottom:12px}.wy-dropdown-menu>dd.search input[type=search]{width:100%}.wy-dropdown-menu>dd.call-to-action{background:#e3e3e3;text-transform:uppercase;font-weight:500;font-size:80%}.wy-dropdown-menu>dd.call-to-action:hover{background:#e3e3e3}.wy-dropdown-menu>dd.call-to-action .btn{color:#fff}.wy-dropdown.wy-dropdown-up .wy-dropdown-menu{bottom:100%;top:auto;left:auto;right:0}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu{background:#fcfcfc;margin-top:2px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a{padding:6px 12px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a:hover{background:#2980b9;color:#fff}.wy-dropdown.wy-dropdown-left .wy-dropdown-menu{right:0;left:auto;text-align:right}.wy-dropdown-arrow:before{content:" ";border-bottom:5px solid #f5f5f5;border-left:5px solid transparent;border-right:5px solid transparent;position:absolute;display:block;top:-4px;left:50%;margin-left:-3px}.wy-dropdown-arrow.wy-dropdown-arrow-left:before{left:11px}.wy-form-stacked select{display:block}.wy-form-aligned .wy-help-inline,.wy-form-aligned input,.wy-form-aligned label,.wy-form-aligned select,.wy-form-aligned textarea{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-form-aligned .wy-control-group>label{display:inline-block;vertical-align:middle;width:10em;margin:6px 12px 0 0;float:left}.wy-form-aligned .wy-control{float:left}.wy-form-aligned .wy-control label{display:block}.wy-form-aligned .wy-control select{margin-top:6px}fieldset{margin:0}fieldset,legend{border:0;padding:0}legend{width:100%;white-space:normal;margin-bottom:24px;font-size:150%;*margin-left:-7px}label,legend{display:block}label{margin:0 0 .3125em;color:#333;font-size:90%}input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}.wy-control-group{margin-bottom:24px;max-width:1200px;margin-left:auto;margin-right:auto;*zoom:1}.wy-control-group:after,.wy-control-group:before{display:table;content:""}.wy-control-group:after{clear:both}.wy-control-group.wy-control-group-required>label:after{content:" *";color:#e74c3c}.wy-control-group .wy-form-full,.wy-control-group .wy-form-halves,.wy-control-group .wy-form-thirds{padding-bottom:12px}.wy-control-group .wy-form-full input[type=color],.wy-control-group .wy-form-full input[type=date],.wy-control-group .wy-form-full input[type=datetime-local],.wy-control-group .wy-form-full input[type=datetime],.wy-control-group .wy-form-full input[type=email],.wy-control-group .wy-form-full input[type=month],.wy-control-group .wy-form-full input[type=number],.wy-control-group .wy-form-full input[type=password],.wy-control-group .wy-form-full input[type=search],.wy-control-group .wy-form-full input[type=tel],.wy-control-group .wy-form-full input[type=text],.wy-control-group .wy-form-full input[type=time],.wy-control-group .wy-form-full input[type=url],.wy-control-group .wy-form-full input[type=week],.wy-control-group .wy-form-full select,.wy-control-group .wy-form-halves input[type=color],.wy-control-group .wy-form-halves input[type=date],.wy-control-group .wy-form-halves input[type=datetime-local],.wy-control-group .wy-form-halves input[type=datetime],.wy-control-group .wy-form-halves input[type=email],.wy-control-group .wy-form-halves input[type=month],.wy-control-group .wy-form-halves input[type=number],.wy-control-group .wy-form-halves input[type=password],.wy-control-group .wy-form-halves input[type=search],.wy-control-group .wy-form-halves input[type=tel],.wy-control-group .wy-form-halves input[type=text],.wy-control-group .wy-form-halves input[type=time],.wy-control-group .wy-form-halves input[type=url],.wy-control-group .wy-form-halves input[type=week],.wy-control-group .wy-form-halves select,.wy-control-group .wy-form-thirds input[type=color],.wy-control-group .wy-form-thirds input[type=date],.wy-control-group .wy-form-thirds input[type=datetime-local],.wy-control-group .wy-form-thirds input[type=datetime],.wy-control-group .wy-form-thirds input[type=email],.wy-control-group .wy-form-thirds input[type=month],.wy-control-group .wy-form-thirds input[type=number],.wy-control-group .wy-form-thirds input[type=password],.wy-control-group .wy-form-thirds input[type=search],.wy-control-group .wy-form-thirds input[type=tel],.wy-control-group .wy-form-thirds input[type=text],.wy-control-group .wy-form-thirds input[type=time],.wy-control-group .wy-form-thirds input[type=url],.wy-control-group .wy-form-thirds input[type=week],.wy-control-group .wy-form-thirds select{width:100%}.wy-control-group .wy-form-full{float:left;display:block;width:100%;margin-right:0}.wy-control-group .wy-form-full:last-child{margin-right:0}.wy-control-group .wy-form-halves{float:left;display:block;margin-right:2.35765%;width:48.82117%}.wy-control-group .wy-form-halves:last-child,.wy-control-group .wy-form-halves:nth-of-type(2n){margin-right:0}.wy-control-group .wy-form-halves:nth-of-type(odd){clear:left}.wy-control-group .wy-form-thirds{float:left;display:block;margin-right:2.35765%;width:31.76157%}.wy-control-group .wy-form-thirds:last-child,.wy-control-group .wy-form-thirds:nth-of-type(3n){margin-right:0}.wy-control-group .wy-form-thirds:nth-of-type(3n+1){clear:left}.wy-control-group.wy-control-group-no-input .wy-control,.wy-control-no-input{margin:6px 0 0;font-size:90%}.wy-control-no-input{display:inline-block}.wy-control-group.fluid-input input[type=color],.wy-control-group.fluid-input input[type=date],.wy-control-group.fluid-input input[type=datetime-local],.wy-control-group.fluid-input input[type=datetime],.wy-control-group.fluid-input input[type=email],.wy-control-group.fluid-input input[type=month],.wy-control-group.fluid-input input[type=number],.wy-control-group.fluid-input input[type=password],.wy-control-group.fluid-input input[type=search],.wy-control-group.fluid-input input[type=tel],.wy-control-group.fluid-input input[type=text],.wy-control-group.fluid-input input[type=time],.wy-control-group.fluid-input input[type=url],.wy-control-group.fluid-input input[type=week]{width:100%}.wy-form-message-inline{padding-left:.3em;color:#666;font-size:90%}.wy-form-message{display:block;color:#999;font-size:70%;margin-top:.3125em;font-style:italic}.wy-form-message p{font-size:inherit;font-style:italic;margin-bottom:6px}.wy-form-message p:last-child{margin-bottom:0}input{line-height:normal}input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;*overflow:visible}input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week]{-webkit-appearance:none;padding:6px;display:inline-block;border:1px solid #ccc;font-size:80%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 3px #ddd;border-radius:0;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}input[type=datetime-local]{padding:.34375em .625em}input[disabled]{cursor:default}input[type=checkbox],input[type=radio]{padding:0;margin-right:.3125em;*height:13px;*width:13px}input[type=checkbox],input[type=radio],input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input[type=color]:focus,input[type=date]:focus,input[type=datetime-local]:focus,input[type=datetime]:focus,input[type=email]:focus,input[type=month]:focus,input[type=number]:focus,input[type=password]:focus,input[type=search]:focus,input[type=tel]:focus,input[type=text]:focus,input[type=time]:focus,input[type=url]:focus,input[type=week]:focus{outline:0;outline:thin dotted\9;border-color:#333}input.no-focus:focus{border-color:#ccc!important}input[type=checkbox]:focus,input[type=file]:focus,input[type=radio]:focus{outline:thin dotted #333;outline:1px auto #129fea}input[type=color][disabled],input[type=date][disabled],input[type=datetime-local][disabled],input[type=datetime][disabled],input[type=email][disabled],input[type=month][disabled],input[type=number][disabled],input[type=password][disabled],input[type=search][disabled],input[type=tel][disabled],input[type=text][disabled],input[type=time][disabled],input[type=url][disabled],input[type=week][disabled]{cursor:not-allowed;background-color:#fafafa}input:focus:invalid,select:focus:invalid,textarea:focus:invalid{color:#e74c3c;border:1px solid #e74c3c}input:focus:invalid:focus,select:focus:invalid:focus,textarea:focus:invalid:focus{border-color:#e74c3c}input[type=checkbox]:focus:invalid:focus,input[type=file]:focus:invalid:focus,input[type=radio]:focus:invalid:focus{outline-color:#e74c3c}input.wy-input-large{padding:12px;font-size:100%}textarea{overflow:auto;vertical-align:top;width:100%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif}select,textarea{padding:.5em .625em;display:inline-block;border:1px solid #ccc;font-size:80%;box-shadow:inset 0 1px 3px #ddd;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}select{border:1px solid #ccc;background-color:#fff}select[multiple]{height:auto}select:focus,textarea:focus{outline:0}input[readonly],select[disabled],select[readonly],textarea[disabled],textarea[readonly]{cursor:not-allowed;background-color:#fafafa}input[type=checkbox][disabled],input[type=radio][disabled]{cursor:not-allowed}.wy-checkbox,.wy-radio{margin:6px 0;color:#404040;display:block}.wy-checkbox input,.wy-radio input{vertical-align:baseline}.wy-form-message-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-input-prefix,.wy-input-suffix{white-space:nowrap;padding:6px}.wy-input-prefix .wy-input-context,.wy-input-suffix .wy-input-context{line-height:27px;padding:0 8px;display:inline-block;font-size:80%;background-color:#f3f6f6;border:1px solid #ccc;color:#999}.wy-input-suffix .wy-input-context{border-left:0}.wy-input-prefix .wy-input-context{border-right:0}.wy-switch{position:relative;display:block;height:24px;margin-top:12px;cursor:pointer}.wy-switch:before{left:0;top:0;width:36px;height:12px;background:#ccc}.wy-switch:after,.wy-switch:before{position:absolute;content:"";display:block;border-radius:4px;-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.wy-switch:after{width:18px;height:18px;background:#999;left:-3px;top:-3px}.wy-switch span{position:absolute;left:48px;display:block;font-size:12px;color:#ccc;line-height:1}.wy-switch.active:before{background:#1e8449}.wy-switch.active:after{left:24px;background:#27ae60}.wy-switch.disabled{cursor:not-allowed;opacity:.8}.wy-control-group.wy-control-group-error .wy-form-message,.wy-control-group.wy-control-group-error>label{color:#e74c3c}.wy-control-group.wy-control-group-error input[type=color],.wy-control-group.wy-control-group-error input[type=date],.wy-control-group.wy-control-group-error input[type=datetime-local],.wy-control-group.wy-control-group-error input[type=datetime],.wy-control-group.wy-control-group-error input[type=email],.wy-control-group.wy-control-group-error input[type=month],.wy-control-group.wy-control-group-error input[type=number],.wy-control-group.wy-control-group-error input[type=password],.wy-control-group.wy-control-group-error input[type=search],.wy-control-group.wy-control-group-error input[type=tel],.wy-control-group.wy-control-group-error input[type=text],.wy-control-group.wy-control-group-error input[type=time],.wy-control-group.wy-control-group-error input[type=url],.wy-control-group.wy-control-group-error input[type=week],.wy-control-group.wy-control-group-error textarea{border:1px solid #e74c3c}.wy-inline-validate{white-space:nowrap}.wy-inline-validate .wy-input-context{padding:.5em .625em;display:inline-block;font-size:80%}.wy-inline-validate.wy-inline-validate-success .wy-input-context{color:#27ae60}.wy-inline-validate.wy-inline-validate-danger .wy-input-context{color:#e74c3c}.wy-inline-validate.wy-inline-validate-warning .wy-input-context{color:#e67e22}.wy-inline-validate.wy-inline-validate-info .wy-input-context{color:#2980b9}.rotate-90{-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.rotate-180{-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.rotate-270{-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.mirror{-webkit-transform:scaleX(-1);-moz-transform:scaleX(-1);-ms-transform:scaleX(-1);-o-transform:scaleX(-1);transform:scaleX(-1)}.mirror.rotate-90{-webkit-transform:scaleX(-1) rotate(90deg);-moz-transform:scaleX(-1) rotate(90deg);-ms-transform:scaleX(-1) rotate(90deg);-o-transform:scaleX(-1) rotate(90deg);transform:scaleX(-1) rotate(90deg)}.mirror.rotate-180{-webkit-transform:scaleX(-1) rotate(180deg);-moz-transform:scaleX(-1) rotate(180deg);-ms-transform:scaleX(-1) rotate(180deg);-o-transform:scaleX(-1) rotate(180deg);transform:scaleX(-1) rotate(180deg)}.mirror.rotate-270{-webkit-transform:scaleX(-1) rotate(270deg);-moz-transform:scaleX(-1) rotate(270deg);-ms-transform:scaleX(-1) rotate(270deg);-o-transform:scaleX(-1) rotate(270deg);transform:scaleX(-1) rotate(270deg)}@media only screen and (max-width:480px){.wy-form button[type=submit]{margin:.7em 0 0}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=text],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week],.wy-form label{margin-bottom:.3em;display:block}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week]{margin-bottom:0}.wy-form-aligned .wy-control-group label{margin-bottom:.3em;text-align:left;display:block;width:100%}.wy-form-aligned .wy-control{margin:1.5em 0 0}.wy-form-message,.wy-form-message-inline,.wy-form .wy-help-inline{display:block;font-size:80%;padding:6px 0}}@media screen and (max-width:768px){.tablet-hide{display:none}}@media screen and (max-width:480px){.mobile-hide{display:none}}.float-left{float:left}.float-right{float:right}.full-width{width:100%}.rst-content table.docutils,.rst-content table.field-list,.wy-table{border-collapse:collapse;border-spacing:0;empty-cells:show;margin-bottom:24px}.rst-content table.docutils caption,.rst-content table.field-list caption,.wy-table caption{color:#000;font:italic 85%/1 arial,sans-serif;padding:1em 0;text-align:center}.rst-content table.docutils td,.rst-content table.docutils th,.rst-content table.field-list td,.rst-content table.field-list th,.wy-table td,.wy-table th{font-size:90%;margin:0;overflow:visible;padding:8px 16px}.rst-content table.docutils td:first-child,.rst-content table.docutils th:first-child,.rst-content table.field-list td:first-child,.rst-content table.field-list th:first-child,.wy-table td:first-child,.wy-table th:first-child{border-left-width:0}.rst-content table.docutils thead,.rst-content table.field-list thead,.wy-table thead{color:#000;text-align:left;vertical-align:bottom;white-space:nowrap}.rst-content table.docutils thead th,.rst-content table.field-list thead th,.wy-table thead th{font-weight:700;border-bottom:2px solid #e1e4e5}.rst-content table.docutils td,.rst-content table.field-list td,.wy-table td{background-color:transparent;vertical-align:middle}.rst-content table.docutils td p,.rst-content table.field-list td p,.wy-table td p{line-height:18px}.rst-content table.docutils td p:last-child,.rst-content table.field-list td p:last-child,.wy-table td p:last-child{margin-bottom:0}.rst-content table.docutils .wy-table-cell-min,.rst-content table.field-list .wy-table-cell-min,.wy-table .wy-table-cell-min{width:1%;padding-right:0}.rst-content table.docutils .wy-table-cell-min input[type=checkbox],.rst-content table.field-list .wy-table-cell-min input[type=checkbox],.wy-table .wy-table-cell-min input[type=checkbox]{margin:0}.wy-table-secondary{color:grey;font-size:90%}.wy-table-tertiary{color:grey;font-size:80%}.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td,.wy-table-backed,.wy-table-odd td,.wy-table-striped tr:nth-child(2n-1) td{background-color:#f3f6f6}.rst-content table.docutils,.wy-table-bordered-all{border:1px solid #e1e4e5}.rst-content table.docutils td,.wy-table-bordered-all td{border-bottom:1px solid #e1e4e5;border-left:1px solid #e1e4e5}.rst-content table.docutils tbody>tr:last-child td,.wy-table-bordered-all tbody>tr:last-child td{border-bottom-width:0}.wy-table-bordered{border:1px solid #e1e4e5}.wy-table-bordered-rows td{border-bottom:1px solid #e1e4e5}.wy-table-bordered-rows tbody>tr:last-child td{border-bottom-width:0}.wy-table-horizontal td,.wy-table-horizontal th{border-width:0 0 1px;border-bottom:1px solid #e1e4e5}.wy-table-horizontal tbody>tr:last-child td{border-bottom-width:0}.wy-table-responsive{margin-bottom:24px;max-width:100%;overflow:auto}.wy-table-responsive table{margin-bottom:0!important}.wy-table-responsive table td,.wy-table-responsive table th{white-space:nowrap}a{color:#2980b9;text-decoration:none;cursor:pointer}a:hover{color:#3091d1}a:visited{color:#9b59b6}html{height:100%}body,html{overflow-x:hidden}body{font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;font-weight:400;color:#404040;min-height:100%;background:#edf0f2}.wy-text-left{text-align:left}.wy-text-center{text-align:center}.wy-text-right{text-align:right}.wy-text-large{font-size:120%}.wy-text-normal{font-size:100%}.wy-text-small,small{font-size:80%}.wy-text-strike{text-decoration:line-through}.wy-text-warning{color:#e67e22!important}a.wy-text-warning:hover{color:#eb9950!important}.wy-text-info{color:#2980b9!important}a.wy-text-info:hover{color:#409ad5!important}.wy-text-success{color:#27ae60!important}a.wy-text-success:hover{color:#36d278!important}.wy-text-danger{color:#e74c3c!important}a.wy-text-danger:hover{color:#ed7669!important}.wy-text-neutral{color:#404040!important}a.wy-text-neutral:hover{color:#595959!important}.rst-content .toctree-wrapper>p.caption,h1,h2,h3,h4,h5,h6,legend{margin-top:0;font-weight:700;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif}p{line-height:24px;font-size:16px;margin:0 0 24px}h1{font-size:175%}.rst-content .toctree-wrapper>p.caption,h2{font-size:150%}h3{font-size:125%}h4{font-size:115%}h5{font-size:110%}h6{font-size:100%}hr{display:block;height:1px;border:0;border-top:1px solid #e1e4e5;margin:24px 0;padding:0}.rst-content code,.rst-content tt,code{white-space:nowrap;max-width:100%;background:#fff;border:1px solid #e1e4e5;font-size:75%;padding:0 5px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#e74c3c;overflow-x:auto}.rst-content tt.code-large,code.code-large{font-size:90%}.rst-content .section ul,.rst-content .toctree-wrapper ul,.rst-content section ul,.wy-plain-list-disc,article ul{list-style:disc;line-height:24px;margin-bottom:24px}.rst-content .section ul li,.rst-content .toctree-wrapper ul li,.rst-content section ul li,.wy-plain-list-disc li,article ul li{list-style:disc;margin-left:24px}.rst-content .section ul li p:last-child,.rst-content .section ul li ul,.rst-content .toctree-wrapper ul li p:last-child,.rst-content .toctree-wrapper ul li ul,.rst-content section ul li p:last-child,.rst-content section ul li ul,.wy-plain-list-disc li p:last-child,.wy-plain-list-disc li ul,article ul li p:last-child,article ul li ul{margin-bottom:0}.rst-content .section ul li li,.rst-content .toctree-wrapper ul li li,.rst-content section ul li li,.wy-plain-list-disc li li,article ul li li{list-style:circle}.rst-content .section ul li li li,.rst-content .toctree-wrapper ul li li li,.rst-content section ul li li li,.wy-plain-list-disc li li li,article ul li li li{list-style:square}.rst-content .section ul li ol li,.rst-content .toctree-wrapper ul li ol li,.rst-content section ul li ol li,.wy-plain-list-disc li ol li,article ul li ol li{list-style:decimal}.rst-content .section ol,.rst-content .section ol.arabic,.rst-content .toctree-wrapper ol,.rst-content .toctree-wrapper ol.arabic,.rst-content section ol,.rst-content section ol.arabic,.wy-plain-list-decimal,article ol{list-style:decimal;line-height:24px;margin-bottom:24px}.rst-content .section ol.arabic li,.rst-content .section ol li,.rst-content .toctree-wrapper ol.arabic li,.rst-content .toctree-wrapper ol li,.rst-content section ol.arabic li,.rst-content section ol li,.wy-plain-list-decimal li,article ol li{list-style:decimal;margin-left:24px}.rst-content .section ol.arabic li ul,.rst-content .section ol li p:last-child,.rst-content .section ol li ul,.rst-content .toctree-wrapper ol.arabic li ul,.rst-content .toctree-wrapper ol li p:last-child,.rst-content .toctree-wrapper ol li ul,.rst-content section ol.arabic li ul,.rst-content section ol li p:last-child,.rst-content section ol li ul,.wy-plain-list-decimal li p:last-child,.wy-plain-list-decimal li ul,article ol li p:last-child,article ol li ul{margin-bottom:0}.rst-content .section ol.arabic li ul li,.rst-content .section ol li ul li,.rst-content .toctree-wrapper ol.arabic li ul li,.rst-content .toctree-wrapper ol li ul li,.rst-content section ol.arabic li ul li,.rst-content section ol li ul li,.wy-plain-list-decimal li ul li,article ol li ul li{list-style:disc}.wy-breadcrumbs{*zoom:1}.wy-breadcrumbs:after,.wy-breadcrumbs:before{display:table;content:""}.wy-breadcrumbs:after{clear:both}.wy-breadcrumbs>li{display:inline-block;padding-top:5px}.wy-breadcrumbs>li.wy-breadcrumbs-aside{float:right}.rst-content .wy-breadcrumbs>li code,.rst-content .wy-breadcrumbs>li tt,.wy-breadcrumbs>li .rst-content tt,.wy-breadcrumbs>li code{all:inherit;color:inherit}.breadcrumb-item:before{content:"/";color:#bbb;font-size:13px;padding:0 6px 0 3px}.wy-breadcrumbs-extra{margin-bottom:0;color:#b3b3b3;font-size:80%;display:inline-block}@media screen and (max-width:480px){.wy-breadcrumbs-extra,.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}@media print{.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}html{font-size:16px}.wy-affix{position:fixed;top:1.618em}.wy-menu a:hover{text-decoration:none}.wy-menu-horiz{*zoom:1}.wy-menu-horiz:after,.wy-menu-horiz:before{display:table;content:""}.wy-menu-horiz:after{clear:both}.wy-menu-horiz li,.wy-menu-horiz ul{display:inline-block}.wy-menu-horiz li:hover{background:hsla(0,0%,100%,.1)}.wy-menu-horiz li.divide-left{border-left:1px solid #404040}.wy-menu-horiz li.divide-right{border-right:1px solid #404040}.wy-menu-horiz a{height:32px;display:inline-block;line-height:32px;padding:0 16px}.wy-menu-vertical{width:300px}.wy-menu-vertical header,.wy-menu-vertical p.caption{color:#55a5d9;height:32px;line-height:32px;padding:0 1.618em;margin:12px 0 0;display:block;font-weight:700;text-transform:uppercase;font-size:85%;white-space:nowrap}.wy-menu-vertical ul{margin-bottom:0}.wy-menu-vertical li.divide-top{border-top:1px solid #404040}.wy-menu-vertical li.divide-bottom{border-bottom:1px solid #404040}.wy-menu-vertical li.current{background:#e3e3e3}.wy-menu-vertical li.current a{color:grey;border-right:1px solid #c9c9c9;padding:.4045em 2.427em}.wy-menu-vertical li.current a:hover{background:#d6d6d6}.rst-content .wy-menu-vertical li tt,.wy-menu-vertical li .rst-content tt,.wy-menu-vertical li code{border:none;background:inherit;color:inherit;padding-left:0;padding-right:0}.wy-menu-vertical li button.toctree-expand{display:block;float:left;margin-left:-1.2em;line-height:18px;color:#4d4d4d;border:none;background:none;padding:0}.wy-menu-vertical li.current>a,.wy-menu-vertical li.on a{color:#404040;font-weight:700;position:relative;background:#fcfcfc;border:none;padding:.4045em 1.618em}.wy-menu-vertical li.current>a:hover,.wy-menu-vertical li.on a:hover{background:#fcfcfc}.wy-menu-vertical li.current>a:hover button.toctree-expand,.wy-menu-vertical li.on a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand{display:block;line-height:18px;color:#333}.wy-menu-vertical li.toctree-l1.current>a{border-bottom:1px solid #c9c9c9;border-top:1px solid #c9c9c9}.wy-menu-vertical .toctree-l1.current .toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .toctree-l11>ul{display:none}.wy-menu-vertical .toctree-l1.current .current.toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .current.toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .current.toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .current.toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .current.toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .current.toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .current.toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .current.toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .current.toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .current.toctree-l11>ul{display:block}.wy-menu-vertical li.toctree-l3,.wy-menu-vertical li.toctree-l4{font-size:.9em}.wy-menu-vertical li.toctree-l2 a,.wy-menu-vertical li.toctree-l3 a,.wy-menu-vertical li.toctree-l4 a,.wy-menu-vertical li.toctree-l5 a,.wy-menu-vertical li.toctree-l6 a,.wy-menu-vertical li.toctree-l7 a,.wy-menu-vertical li.toctree-l8 a,.wy-menu-vertical li.toctree-l9 a,.wy-menu-vertical li.toctree-l10 a{color:#404040}.wy-menu-vertical li.toctree-l2 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l3 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l4 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l5 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l6 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l7 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l8 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l9 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l10 a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a,.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a,.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a,.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a,.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a,.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a,.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a,.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{display:block}.wy-menu-vertical li.toctree-l2.current>a{padding:.4045em 2.427em}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{padding:.4045em 1.618em .4045em 4.045em}.wy-menu-vertical li.toctree-l3.current>a{padding:.4045em 4.045em}.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{padding:.4045em 1.618em .4045em 5.663em}.wy-menu-vertical li.toctree-l4.current>a{padding:.4045em 5.663em}.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a{padding:.4045em 1.618em .4045em 7.281em}.wy-menu-vertical li.toctree-l5.current>a{padding:.4045em 7.281em}.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a{padding:.4045em 1.618em .4045em 8.899em}.wy-menu-vertical li.toctree-l6.current>a{padding:.4045em 8.899em}.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a{padding:.4045em 1.618em .4045em 10.517em}.wy-menu-vertical li.toctree-l7.current>a{padding:.4045em 10.517em}.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a{padding:.4045em 1.618em .4045em 12.135em}.wy-menu-vertical li.toctree-l8.current>a{padding:.4045em 12.135em}.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a{padding:.4045em 1.618em .4045em 13.753em}.wy-menu-vertical li.toctree-l9.current>a{padding:.4045em 13.753em}.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a{padding:.4045em 1.618em .4045em 15.371em}.wy-menu-vertical li.toctree-l10.current>a{padding:.4045em 15.371em}.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{padding:.4045em 1.618em .4045em 16.989em}.wy-menu-vertical li.toctree-l2.current>a,.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{background:#c9c9c9}.wy-menu-vertical li.toctree-l2 button.toctree-expand{color:#a3a3a3}.wy-menu-vertical li.toctree-l3.current>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{background:#bdbdbd}.wy-menu-vertical li.toctree-l3 button.toctree-expand{color:#969696}.wy-menu-vertical li.current ul{display:block}.wy-menu-vertical li ul{margin-bottom:0;display:none}.wy-menu-vertical li ul li a{margin-bottom:0;color:#d9d9d9;font-weight:400}.wy-menu-vertical a{line-height:18px;padding:.4045em 1.618em;display:block;position:relative;font-size:90%;color:#d9d9d9}.wy-menu-vertical a:hover{background-color:#4e4a4a;cursor:pointer}.wy-menu-vertical a:hover button.toctree-expand{color:#d9d9d9}.wy-menu-vertical a:active{background-color:#2980b9;cursor:pointer;color:#fff}.wy-menu-vertical a:active button.toctree-expand{color:#fff}.wy-side-nav-search{display:block;width:300px;padding:.809em;margin-bottom:.809em;z-index:200;background-color:#2980b9;text-align:center;color:#fcfcfc}.wy-side-nav-search input[type=text]{width:100%;border-radius:50px;padding:6px 12px;border-color:#2472a4}.wy-side-nav-search img{display:block;margin:auto auto .809em;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-side-nav-search .wy-dropdown>a,.wy-side-nav-search>a{color:#fcfcfc;font-size:100%;font-weight:700;display:inline-block;padding:4px 6px;margin-bottom:.809em;max-width:100%}.wy-side-nav-search .wy-dropdown>a:hover,.wy-side-nav-search>a:hover{background:hsla(0,0%,100%,.1)}.wy-side-nav-search .wy-dropdown>a img.logo,.wy-side-nav-search>a img.logo{display:block;margin:0 auto;height:auto;width:auto;border-radius:0;max-width:100%;background:transparent}.wy-side-nav-search .wy-dropdown>a.icon img.logo,.wy-side-nav-search>a.icon img.logo{margin-top:.85em}.wy-side-nav-search>div.version{margin-top:-.4045em;margin-bottom:.809em;font-weight:400;color:hsla(0,0%,100%,.3)}.wy-nav .wy-menu-vertical header{color:#2980b9}.wy-nav .wy-menu-vertical a{color:#b3b3b3}.wy-nav .wy-menu-vertical a:hover{background-color:#2980b9;color:#fff}[data-menu-wrap]{-webkit-transition:all .2s ease-in;-moz-transition:all .2s ease-in;transition:all .2s ease-in;position:absolute;opacity:1;width:100%;opacity:0}[data-menu-wrap].move-center{left:0;right:auto;opacity:1}[data-menu-wrap].move-left{right:auto;left:-100%;opacity:0}[data-menu-wrap].move-right{right:-100%;left:auto;opacity:0}.wy-body-for-nav{background:#fcfcfc}.wy-grid-for-nav{position:absolute;width:100%;height:100%}.wy-nav-side{position:fixed;top:0;bottom:0;left:0;padding-bottom:2em;width:300px;overflow-x:hidden;overflow-y:hidden;min-height:100%;color:#9b9b9b;background:#343131;z-index:200}.wy-side-scroll{width:320px;position:relative;overflow-x:hidden;overflow-y:scroll;height:100%}.wy-nav-top{display:none;background:#2980b9;color:#fff;padding:.4045em .809em;position:relative;line-height:50px;text-align:center;font-size:100%;*zoom:1}.wy-nav-top:after,.wy-nav-top:before{display:table;content:""}.wy-nav-top:after{clear:both}.wy-nav-top a{color:#fff;font-weight:700}.wy-nav-top img{margin-right:12px;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-nav-top i{font-size:30px;float:left;cursor:pointer;padding-top:inherit}.wy-nav-content-wrap{margin-left:300px;background:#fcfcfc;min-height:100%}.wy-nav-content{padding:1.618em 3.236em;height:100%;max-width:800px;margin:auto}.wy-body-mask{position:fixed;width:100%;height:100%;background:rgba(0,0,0,.2);display:none;z-index:499}.wy-body-mask.on{display:block}footer{color:grey}footer p{margin-bottom:12px}.rst-content footer span.commit tt,footer span.commit .rst-content tt,footer span.commit code{padding:0;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:1em;background:none;border:none;color:grey}.rst-footer-buttons{*zoom:1}.rst-footer-buttons:after,.rst-footer-buttons:before{width:100%;display:table;content:""}.rst-footer-buttons:after{clear:both}.rst-breadcrumbs-buttons{margin-top:12px;*zoom:1}.rst-breadcrumbs-buttons:after,.rst-breadcrumbs-buttons:before{display:table;content:""}.rst-breadcrumbs-buttons:after{clear:both}#search-results .search li{margin-bottom:24px;border-bottom:1px solid #e1e4e5;padding-bottom:24px}#search-results .search li:first-child{border-top:1px solid #e1e4e5;padding-top:24px}#search-results .search li a{font-size:120%;margin-bottom:12px;display:inline-block}#search-results .context{color:grey;font-size:90%}.genindextable li>ul{margin-left:24px}@media screen and (max-width:768px){.wy-body-for-nav{background:#fcfcfc}.wy-nav-top{display:block}.wy-nav-side{left:-300px}.wy-nav-side.shift{width:85%;left:0}.wy-menu.wy-menu-vertical,.wy-side-nav-search,.wy-side-scroll{width:auto}.wy-nav-content-wrap{margin-left:0}.wy-nav-content-wrap .wy-nav-content{padding:1.618em}.wy-nav-content-wrap.shift{position:fixed;min-width:100%;left:85%;top:0;height:100%;overflow:hidden}}@media screen and (min-width:1100px){.wy-nav-content-wrap{background:rgba(0,0,0,.05)}.wy-nav-content{margin:0;background:#fcfcfc}}@media print{.rst-versions,.wy-nav-side,footer{display:none}.wy-nav-content-wrap{margin-left:0}}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60;*zoom:1}.rst-versions .rst-current-version:after,.rst-versions .rst-current-version:before{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-content .code-block-caption .rst-versions .rst-current-version .headerlink,.rst-content .eqno .rst-versions .rst-current-version .headerlink,.rst-content .rst-versions .rst-current-version .admonition-title,.rst-content code.download .rst-versions .rst-current-version span:first-child,.rst-content dl dt .rst-versions .rst-current-version .headerlink,.rst-content h1 .rst-versions .rst-current-version .headerlink,.rst-content h2 .rst-versions .rst-current-version .headerlink,.rst-content h3 .rst-versions .rst-current-version .headerlink,.rst-content h4 .rst-versions .rst-current-version .headerlink,.rst-content h5 .rst-versions .rst-current-version .headerlink,.rst-content h6 .rst-versions .rst-current-version .headerlink,.rst-content p .rst-versions .rst-current-version .headerlink,.rst-content table>caption .rst-versions .rst-current-version .headerlink,.rst-content tt.download .rst-versions .rst-current-version span:first-child,.rst-versions .rst-current-version .fa,.rst-versions .rst-current-version .icon,.rst-versions .rst-current-version .rst-content .admonition-title,.rst-versions .rst-current-version .rst-content .code-block-caption .headerlink,.rst-versions .rst-current-version .rst-content .eqno .headerlink,.rst-versions .rst-current-version .rst-content code.download span:first-child,.rst-versions .rst-current-version .rst-content dl dt .headerlink,.rst-versions .rst-current-version .rst-content h1 .headerlink,.rst-versions .rst-current-version .rst-content h2 .headerlink,.rst-versions .rst-current-version .rst-content h3 .headerlink,.rst-versions .rst-current-version .rst-content h4 .headerlink,.rst-versions .rst-current-version .rst-content h5 .headerlink,.rst-versions .rst-current-version .rst-content h6 .headerlink,.rst-versions .rst-current-version .rst-content p .headerlink,.rst-versions .rst-current-version .rst-content table>caption .headerlink,.rst-versions .rst-current-version .rst-content tt.download span:first-child,.rst-versions .rst-current-version .wy-menu-vertical li button.toctree-expand,.wy-menu-vertical li .rst-versions .rst-current-version button.toctree-expand{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}.rst-content .toctree-wrapper>p.caption,.rst-content h1,.rst-content h2,.rst-content h3,.rst-content h4,.rst-content h5,.rst-content h6{margin-bottom:24px}.rst-content img{max-width:100%;height:auto}.rst-content div.figure,.rst-content figure{margin-bottom:24px}.rst-content div.figure .caption-text,.rst-content figure .caption-text{font-style:italic}.rst-content div.figure p:last-child.caption,.rst-content figure p:last-child.caption{margin-bottom:0}.rst-content div.figure.align-center,.rst-content figure.align-center{text-align:center}.rst-content .section>a>img,.rst-content .section>img,.rst-content section>a>img,.rst-content section>img{margin-bottom:24px}.rst-content abbr[title]{text-decoration:none}.rst-content.style-external-links a.reference.external:after{font-family:FontAwesome;content:"\f08e";color:#b3b3b3;vertical-align:super;font-size:60%;margin:0 .2em}.rst-content blockquote{margin-left:24px;line-height:24px;margin-bottom:24px}.rst-content pre.literal-block{white-space:pre;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;display:block;overflow:auto}.rst-content div[class^=highlight],.rst-content pre.literal-block{border:1px solid #e1e4e5;overflow-x:auto;margin:1px 0 24px}.rst-content div[class^=highlight] div[class^=highlight],.rst-content pre.literal-block div[class^=highlight]{padding:0;border:none;margin:0}.rst-content div[class^=highlight] td.code{width:100%}.rst-content .linenodiv pre{border-right:1px solid #e6e9ea;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;user-select:none;pointer-events:none}.rst-content div[class^=highlight] pre{white-space:pre;margin:0;padding:12px;display:block;overflow:auto}.rst-content div[class^=highlight] pre .hll{display:block;margin:0 -12px;padding:0 12px}.rst-content .linenodiv pre,.rst-content div[class^=highlight] pre,.rst-content pre.literal-block{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:12px;line-height:1.4}.rst-content div.highlight .gp,.rst-content div.highlight span.linenos{user-select:none;pointer-events:none}.rst-content div.highlight span.linenos{display:inline-block;padding-left:0;padding-right:12px;margin-right:12px;border-right:1px solid #e6e9ea}.rst-content .code-block-caption{font-style:italic;font-size:85%;line-height:1;padding:1em 0;text-align:center}@media print{.rst-content .codeblock,.rst-content div[class^=highlight],.rst-content div[class^=highlight] pre{white-space:pre-wrap}}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning{clear:both}.rst-content .admonition-todo .last,.rst-content .admonition-todo>:last-child,.rst-content .admonition .last,.rst-content .admonition>:last-child,.rst-content .attention .last,.rst-content .attention>:last-child,.rst-content .caution .last,.rst-content .caution>:last-child,.rst-content .danger .last,.rst-content .danger>:last-child,.rst-content .error .last,.rst-content .error>:last-child,.rst-content .hint .last,.rst-content .hint>:last-child,.rst-content .important .last,.rst-content .important>:last-child,.rst-content .note .last,.rst-content .note>:last-child,.rst-content .seealso .last,.rst-content .seealso>:last-child,.rst-content .tip .last,.rst-content .tip>:last-child,.rst-content .warning .last,.rst-content .warning>:last-child{margin-bottom:0}.rst-content .admonition-title:before{margin-right:4px}.rst-content .admonition table{border-color:rgba(0,0,0,.1)}.rst-content .admonition table td,.rst-content .admonition table th{background:transparent!important;border-color:rgba(0,0,0,.1)!important}.rst-content .section ol.loweralpha,.rst-content .section ol.loweralpha>li,.rst-content .toctree-wrapper ol.loweralpha,.rst-content .toctree-wrapper ol.loweralpha>li,.rst-content section ol.loweralpha,.rst-content section ol.loweralpha>li{list-style:lower-alpha}.rst-content .section ol.upperalpha,.rst-content .section ol.upperalpha>li,.rst-content .toctree-wrapper ol.upperalpha,.rst-content .toctree-wrapper ol.upperalpha>li,.rst-content section ol.upperalpha,.rst-content section ol.upperalpha>li{list-style:upper-alpha}.rst-content .section ol li>*,.rst-content .section ul li>*,.rst-content .toctree-wrapper ol li>*,.rst-content .toctree-wrapper ul li>*,.rst-content section ol li>*,.rst-content section ul li>*{margin-top:12px;margin-bottom:12px}.rst-content .section ol li>:first-child,.rst-content .section ul li>:first-child,.rst-content .toctree-wrapper ol li>:first-child,.rst-content .toctree-wrapper ul li>:first-child,.rst-content section ol li>:first-child,.rst-content section ul li>:first-child{margin-top:0}.rst-content .section ol li>p,.rst-content .section ol li>p:last-child,.rst-content .section ul li>p,.rst-content .section ul li>p:last-child,.rst-content .toctree-wrapper ol li>p,.rst-content .toctree-wrapper ol li>p:last-child,.rst-content .toctree-wrapper ul li>p,.rst-content .toctree-wrapper ul li>p:last-child,.rst-content section ol li>p,.rst-content section ol li>p:last-child,.rst-content section ul li>p,.rst-content section ul li>p:last-child{margin-bottom:12px}.rst-content .section ol li>p:only-child,.rst-content .section ol li>p:only-child:last-child,.rst-content .section ul li>p:only-child,.rst-content .section ul li>p:only-child:last-child,.rst-content .toctree-wrapper ol li>p:only-child,.rst-content .toctree-wrapper ol li>p:only-child:last-child,.rst-content .toctree-wrapper ul li>p:only-child,.rst-content .toctree-wrapper ul li>p:only-child:last-child,.rst-content section ol li>p:only-child,.rst-content section ol li>p:only-child:last-child,.rst-content section ul li>p:only-child,.rst-content section ul li>p:only-child:last-child{margin-bottom:0}.rst-content .section ol li>ol,.rst-content .section ol li>ul,.rst-content .section ul li>ol,.rst-content .section ul li>ul,.rst-content .toctree-wrapper ol li>ol,.rst-content .toctree-wrapper ol li>ul,.rst-content .toctree-wrapper ul li>ol,.rst-content .toctree-wrapper ul li>ul,.rst-content section ol li>ol,.rst-content section ol li>ul,.rst-content section ul li>ol,.rst-content section ul li>ul{margin-bottom:12px}.rst-content .section ol.simple li>*,.rst-content .section ol.simple li ol,.rst-content .section ol.simple li ul,.rst-content .section ul.simple li>*,.rst-content .section ul.simple li ol,.rst-content .section ul.simple li ul,.rst-content .toctree-wrapper ol.simple li>*,.rst-content .toctree-wrapper ol.simple li ol,.rst-content .toctree-wrapper ol.simple li ul,.rst-content .toctree-wrapper ul.simple li>*,.rst-content .toctree-wrapper ul.simple li ol,.rst-content .toctree-wrapper ul.simple li ul,.rst-content section ol.simple li>*,.rst-content section ol.simple li ol,.rst-content section ol.simple li ul,.rst-content section ul.simple li>*,.rst-content section ul.simple li ol,.rst-content section ul.simple li ul{margin-top:0;margin-bottom:0}.rst-content .line-block{margin-left:0;margin-bottom:24px;line-height:24px}.rst-content .line-block .line-block{margin-left:24px;margin-bottom:0}.rst-content .topic-title{font-weight:700;margin-bottom:12px}.rst-content .toc-backref{color:#404040}.rst-content .align-right{float:right;margin:0 0 24px 24px}.rst-content .align-left{float:left;margin:0 24px 24px 0}.rst-content .align-center{margin:auto}.rst-content .align-center:not(table){display:block}.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink{opacity:0;font-size:14px;font-family:FontAwesome;margin-left:.5em}.rst-content .code-block-caption .headerlink:focus,.rst-content .code-block-caption:hover .headerlink,.rst-content .eqno .headerlink:focus,.rst-content .eqno:hover .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink:focus,.rst-content .toctree-wrapper>p.caption:hover .headerlink,.rst-content dl dt .headerlink:focus,.rst-content dl dt:hover .headerlink,.rst-content h1 .headerlink:focus,.rst-content h1:hover .headerlink,.rst-content h2 .headerlink:focus,.rst-content h2:hover .headerlink,.rst-content h3 .headerlink:focus,.rst-content h3:hover .headerlink,.rst-content h4 .headerlink:focus,.rst-content h4:hover .headerlink,.rst-content h5 .headerlink:focus,.rst-content h5:hover .headerlink,.rst-content h6 .headerlink:focus,.rst-content h6:hover .headerlink,.rst-content p.caption .headerlink:focus,.rst-content p.caption:hover .headerlink,.rst-content p .headerlink:focus,.rst-content p:hover .headerlink,.rst-content table>caption .headerlink:focus,.rst-content table>caption:hover .headerlink{opacity:1}.rst-content p a{overflow-wrap:anywhere}.rst-content .wy-table td p,.rst-content .wy-table td ul,.rst-content .wy-table th p,.rst-content .wy-table th ul,.rst-content table.docutils td p,.rst-content table.docutils td ul,.rst-content table.docutils th p,.rst-content table.docutils th ul,.rst-content table.field-list td p,.rst-content table.field-list td ul,.rst-content table.field-list th p,.rst-content table.field-list th ul{font-size:inherit}.rst-content .btn:focus{outline:2px solid}.rst-content table>caption .headerlink:after{font-size:12px}.rst-content .centered{text-align:center}.rst-content .sidebar{float:right;width:40%;display:block;margin:0 0 24px 24px;padding:24px;background:#f3f6f6;border:1px solid #e1e4e5}.rst-content .sidebar dl,.rst-content .sidebar p,.rst-content .sidebar ul{font-size:90%}.rst-content .sidebar .last,.rst-content .sidebar>:last-child{margin-bottom:0}.rst-content .sidebar .sidebar-title{display:block;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif;font-weight:700;background:#e1e4e5;padding:6px 12px;margin:-24px -24px 24px;font-size:100%}.rst-content .highlighted{background:#f1c40f;box-shadow:0 0 0 2px #f1c40f;display:inline;font-weight:700}.rst-content .citation-reference,.rst-content .footnote-reference{vertical-align:baseline;position:relative;top:-.4em;line-height:0;font-size:90%}.rst-content .citation-reference>span.fn-bracket,.rst-content .footnote-reference>span.fn-bracket{display:none}.rst-content .hlist{width:100%}.rst-content dl dt span.classifier:before{content:" : "}.rst-content dl dt span.classifier-delimiter{display:none!important}html.writer-html4 .rst-content table.docutils.citation,html.writer-html4 .rst-content table.docutils.footnote{background:none;border:none}html.writer-html4 .rst-content table.docutils.citation td,html.writer-html4 .rst-content table.docutils.citation tr,html.writer-html4 .rst-content table.docutils.footnote td,html.writer-html4 .rst-content table.docutils.footnote tr{border:none;background-color:transparent!important;white-space:normal}html.writer-html4 .rst-content table.docutils.citation td.label,html.writer-html4 .rst-content table.docutils.footnote td.label{padding-left:0;padding-right:0;vertical-align:top}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{display:grid;grid-template-columns:auto minmax(80%,95%)}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{display:inline-grid;grid-template-columns:max-content auto}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{display:grid;grid-template-columns:auto auto minmax(.65rem,auto) minmax(40%,95%)}html.writer-html5 .rst-content aside.citation>span.label,html.writer-html5 .rst-content aside.footnote>span.label,html.writer-html5 .rst-content div.citation>span.label{grid-column-start:1;grid-column-end:2}html.writer-html5 .rst-content aside.citation>span.backrefs,html.writer-html5 .rst-content aside.footnote>span.backrefs,html.writer-html5 .rst-content div.citation>span.backrefs{grid-column-start:2;grid-column-end:3;grid-row-start:1;grid-row-end:3}html.writer-html5 .rst-content aside.citation>p,html.writer-html5 .rst-content aside.footnote>p,html.writer-html5 .rst-content div.citation>p{grid-column-start:4;grid-column-end:5}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{margin-bottom:24px}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{padding-left:1rem}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dd,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dd,html.writer-html5 .rst-content dl.footnote>dt{margin-bottom:0}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{font-size:.9rem}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.footnote>dt{margin:0 .5rem .5rem 0;line-height:1.2rem;word-break:break-all;font-weight:400}html.writer-html5 .rst-content dl.citation>dt>span.brackets:before,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:before{content:"["}html.writer-html5 .rst-content dl.citation>dt>span.brackets:after,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:after{content:"]"}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a{word-break:keep-all}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a:not(:first-child):before,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.footnote>dd{margin:0 0 .5rem;line-height:1.2rem}html.writer-html5 .rst-content dl.citation>dd p,html.writer-html5 .rst-content dl.footnote>dd p{font-size:.9rem}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{padding-left:1rem;padding-right:1rem;font-size:.9rem;line-height:1.2rem}html.writer-html5 .rst-content aside.citation p,html.writer-html5 .rst-content aside.footnote p,html.writer-html5 .rst-content div.citation p{font-size:.9rem;line-height:1.2rem;margin-bottom:12px}html.writer-html5 .rst-content aside.citation span.backrefs,html.writer-html5 .rst-content aside.footnote span.backrefs,html.writer-html5 .rst-content div.citation span.backrefs{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content aside.citation span.backrefs>a,html.writer-html5 .rst-content aside.footnote span.backrefs>a,html.writer-html5 .rst-content div.citation span.backrefs>a{word-break:keep-all}html.writer-html5 .rst-content aside.citation span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content aside.footnote span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content div.citation span.backrefs>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content aside.citation span.label,html.writer-html5 .rst-content aside.footnote span.label,html.writer-html5 .rst-content div.citation span.label{line-height:1.2rem}html.writer-html5 .rst-content aside.citation-list,html.writer-html5 .rst-content aside.footnote-list,html.writer-html5 .rst-content div.citation-list{margin-bottom:24px}html.writer-html5 .rst-content dl.option-list kbd{font-size:.9rem}.rst-content table.docutils.footnote,html.writer-html4 .rst-content table.docutils.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content aside.footnote-list aside.footnote,html.writer-html5 .rst-content div.citation-list>div.citation,html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{color:grey}.rst-content table.docutils.footnote code,.rst-content table.docutils.footnote tt,html.writer-html4 .rst-content table.docutils.citation code,html.writer-html4 .rst-content table.docutils.citation tt,html.writer-html5 .rst-content aside.footnote-list aside.footnote code,html.writer-html5 .rst-content aside.footnote-list aside.footnote tt,html.writer-html5 .rst-content aside.footnote code,html.writer-html5 .rst-content aside.footnote tt,html.writer-html5 .rst-content div.citation-list>div.citation code,html.writer-html5 .rst-content div.citation-list>div.citation tt,html.writer-html5 .rst-content dl.citation code,html.writer-html5 .rst-content dl.citation tt,html.writer-html5 .rst-content dl.footnote code,html.writer-html5 .rst-content dl.footnote tt{color:#555}.rst-content .wy-table-responsive.citation,.rst-content .wy-table-responsive.footnote{margin-bottom:0}.rst-content .wy-table-responsive.citation+:not(.citation),.rst-content .wy-table-responsive.footnote+:not(.footnote){margin-top:24px}.rst-content .wy-table-responsive.citation:last-child,.rst-content .wy-table-responsive.footnote:last-child{margin-bottom:24px}.rst-content table.docutils th{border-color:#e1e4e5}html.writer-html5 .rst-content table.docutils th{border:1px solid #e1e4e5}html.writer-html5 .rst-content table.docutils td>p,html.writer-html5 .rst-content table.docutils th>p{line-height:1rem;margin-bottom:0;font-size:.9rem}.rst-content table.docutils td .last,.rst-content table.docutils td .last>:last-child{margin-bottom:0}.rst-content table.field-list,.rst-content table.field-list td{border:none}.rst-content table.field-list td p{line-height:inherit}.rst-content table.field-list td>strong{display:inline-block}.rst-content table.field-list .field-name{padding-right:10px;text-align:left;white-space:nowrap}.rst-content table.field-list .field-body{text-align:left}.rst-content code,.rst-content tt{color:#000;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;padding:2px 5px}.rst-content code big,.rst-content code em,.rst-content tt big,.rst-content tt em{font-size:100%!important;line-height:normal}.rst-content code.literal,.rst-content tt.literal{color:#e74c3c;white-space:normal}.rst-content code.xref,.rst-content tt.xref,a .rst-content code,a .rst-content tt{font-weight:700;color:#404040;overflow-wrap:normal}.rst-content kbd,.rst-content pre,.rst-content samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace}.rst-content a code,.rst-content a tt{color:#2980b9}.rst-content dl{margin-bottom:24px}.rst-content dl dt{font-weight:700;margin-bottom:12px}.rst-content dl ol,.rst-content dl p,.rst-content dl table,.rst-content dl ul{margin-bottom:12px}.rst-content dl dd{margin:0 0 12px 24px;line-height:24px}.rst-content dl dd>ol:last-child,.rst-content dl dd>p:last-child,.rst-content dl dd>table:last-child,.rst-content dl dd>ul:last-child{margin-bottom:0}html.writer-html4 .rst-content dl:not(.docutils),html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple){margin-bottom:24px}html.writer-html4 .rst-content dl:not(.docutils)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{display:table;margin:6px 0;font-size:90%;line-height:normal;background:#e7f2fa;color:#2980b9;border-top:3px solid #6ab0de;padding:6px;position:relative}html.writer-html4 .rst-content dl:not(.docutils)>dt:before,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:before{color:#6ab0de}html.writer-html4 .rst-content dl:not(.docutils)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{margin-bottom:6px;border:none;border-left:3px solid #ccc;background:#f0f0f0;color:#555}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils)>dt:first-child,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:first-child{margin-top:0}html.writer-html4 .rst-content dl:not(.docutils) code.descclassname,html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descclassname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{background-color:transparent;border:none;padding:0;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .optional,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .optional{display:inline-block;padding:0 4px;color:#000;font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .property,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .property{display:inline-block;padding-right:8px;max-width:100%}html.writer-html4 .rst-content dl:not(.docutils) .k,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .k{font-style:italic}html.writer-html4 .rst-content dl:not(.docutils) .descclassname,html.writer-html4 .rst-content dl:not(.docutils) .descname,html.writer-html4 .rst-content dl:not(.docutils) .sig-name,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .sig-name{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#000}.rst-content .viewcode-back,.rst-content .viewcode-link{display:inline-block;color:#27ae60;font-size:80%;padding-left:24px}.rst-content .viewcode-back{display:block;float:right}.rst-content p.rubric{margin-bottom:12px;font-weight:700}.rst-content code.download,.rst-content tt.download{background:inherit;padding:inherit;font-weight:400;font-family:inherit;font-size:inherit;color:inherit;border:inherit;white-space:inherit}.rst-content code.download span:first-child,.rst-content tt.download span:first-child{-webkit-font-smoothing:subpixel-antialiased}.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{margin-right:4px}.rst-content .guilabel,.rst-content .menuselection{font-size:80%;font-weight:700;border-radius:4px;padding:2.4px 6px;margin:auto 2px}.rst-content .guilabel,.rst-content .menuselection{border:1px solid #7fbbe3;background:#e7f2fa}.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>.kbd,.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>kbd{color:inherit;font-size:80%;background-color:#fff;border:1px solid #a6a6a6;border-radius:4px;box-shadow:0 2px grey;padding:2.4px 6px;margin:auto 0}.rst-content .versionmodified{font-style:italic}@media screen and (max-width:480px){.rst-content .sidebar{width:100%}}span[id*=MathJax-Span]{color:#404040}.math{text-align:center}@font-face{font-family:Lato;src:url(fonts/lato-normal.woff2?bd03a2cc277bbbc338d464e679fe9942) format("woff2"),url(fonts/lato-normal.woff?27bd77b9162d388cb8d4c4217c7c5e2a) format("woff");font-weight:400;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold.woff2?cccb897485813c7c256901dbca54ecf2) format("woff2"),url(fonts/lato-bold.woff?d878b6c29b10beca227e9eef4246111b) format("woff");font-weight:700;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold-italic.woff2?0b6bb6725576b072c5d0b02ecdd1900d) format("woff2"),url(fonts/lato-bold-italic.woff?9c7e4e9eb485b4a121c760e61bc3707c) format("woff");font-weight:700;font-style:italic;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-normal-italic.woff2?4eb103b4d12be57cb1d040ed5e162e9d) format("woff2"),url(fonts/lato-normal-italic.woff?f28f2d6482446544ef1ea1ccc6dd5892) format("woff");font-weight:400;font-style:italic;font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:400;src:url(fonts/Roboto-Slab-Regular.woff2?7abf5b8d04d26a2cafea937019bca958) format("woff2"),url(fonts/Roboto-Slab-Regular.woff?c1be9284088d487c5e3ff0a10a92e58c) format("woff");font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:700;src:url(fonts/Roboto-Slab-Bold.woff2?9984f4a9bda09be08e83f2506954adbe) format("woff2"),url(fonts/Roboto-Slab-Bold.woff?bed5564a116b05148e3b3bea6fb1162a) format("woff");font-display:block} \ No newline at end of file diff --git a/pr/600/_static/jquery.js b/pr/600/_static/jquery.js new file mode 100644 index 00000000..c4c6022f --- /dev/null +++ b/pr/600/_static/jquery.js @@ -0,0 +1,2 @@ +/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */ +!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||D,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,D=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="",y.option=!!ce.lastChild;var ge={thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n",""]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function je(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function De(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function qe(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Le(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var _t,zt=[],Ut=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=zt.pop()||S.expando+"_"+wt.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Ut.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ut.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Ut,"$1"+r):!1!==e.jsonp&&(e.url+=(Tt.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,zt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((_t=E.implementation.createHTMLDocument("").body).innerHTML="
",2===_t.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=Fe(y.pixelPosition,function(e,t){if(t)return t=We(e,n),Pe.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0 + + @@ -147,7 +149,7 @@

community.crypto.acme_account_facts

Note

-

This plugin was part of the community.crypto collection (version 2.14.0).

+

This plugin was part of the community.crypto collection (version 2.14.1).

This module has been removed in version 2.0.0 of community.crypto. diff --git a/pr/600/acme_account_info_module.html b/pr/600/acme_account_info_module.html index e785aaf1..de69a1ec 100644 --- a/pr/600/acme_account_info_module.html +++ b/pr/600/acme_account_info_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

community.crypto.acme_account_info module – Retrieves information on ACME accounts

Note

-

This module is part of the community.crypto collection (version 2.14.0).

+

This module is part of the community.crypto collection (version 2.14.1).

To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

@@ -212,8 +214,8 @@ see

string

Content of the ACME account RSA or Elliptic Curve key.

-

Mutually exclusive with account_key_src.

-

Required if account_key_src is not used.

+

Mutually exclusive with account_key_src.

+

Required if account_key_src is not used.

Warning: the content will be written into a temporary file, which will be deleted by Ansible when the module completes. Since this is an important private key — it can be used to change the account key, or to revoke your certificates without knowing their private keys —, this might not be acceptable.

In case cryptography is used, the content is not written into a temporary file. It can still happen that it is written to disk by Ansible in the process of moving the module with its argument to the node where it is executed.

@@ -235,8 +237,8 @@ see

Path to a file containing the ACME account RSA or Elliptic Curve key.

Private keys can be created with the community.crypto.openssl_privatekey or community.crypto.openssl_privatekey_pipe modules. If the requisite (cryptography) is not available, keys can also be created directly with the openssl command line tool: RSA keys can be created with openssl genrsa .... Elliptic curve keys can be created with openssl ecparam -genkey .... Any other tool creating private keys in PEM format can be used as well.

-

Mutually exclusive with account_key_content.

-

Required if account_key_content is not used.

+

Mutually exclusive with account_key_content.

+

Required if account_key_content is not used.

@@ -265,8 +267,8 @@ see

integer / required

The ACME version of the endpoint.

-

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

-

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

+

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

+

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

Choices:

  • 1

    • @@ -289,9 +291,9 @@ see

    string

Whether to retrieve the list of order URLs or order objects, if provided by the ACME server.

-

A value of ignore will not fetch the list of orders.

-

If the value is not ignore and the ACME server supports orders, the order_uris return value is always populated. The orders return value is only returned if this option is set to object_list.

-

Currently, Let’s Encrypt does not return orders, so the orders result will always be empty.

+

A value of ignore will not fetch the list of orders.

+

If the value is not ignore and the ACME server supports orders, the order_uris return value is always populated. The orders return value is only returned if this option is set to object_list.

+

Currently, Let’s Encrypt does not return orders, so the orders result will always be empty.

Choices:

  • "ignore" ← (default)

    • @@ -305,9 +307,9 @@ see

    string

Determines which crypto backend to use.

-

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

-

If set to openssl, will try to use the openssl binary.

-

If set to cryptography, will try to use the cryptography library.

+

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

+

If set to openssl, will try to use the openssl binary.

+

If set to cryptography, will try to use the cryptography library.

Choices:

  • "auto" ← (default)

    • @@ -321,7 +323,7 @@ see

    boolean

Whether calls to the ACME directory will validate TLS certificates.

-

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

+

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

Choices:

  • false

    • @@ -378,7 +380,7 @@ see

  • The community.crypto.acme_account module allows to modify, create and delete ACME accounts.

  • This module was called acme_account_facts before Ansible 2.8. The usage did not change.

    • -

  • If a new enough version of the cryptography library is available (see Requirements for details), it will be used instead of the openssl binary. This can be explicitly disabled or enabled with the select_crypto_backend option. Note that using the openssl binary will be slower and less secure, as private key contents always have to be stored on disk (see account_key_content).

    • +

  • If a new enough version of the cryptography library is available (see Requirements for details), it will be used instead of the openssl binary. This can be explicitly disabled or enabled with the select_crypto_backend option. Note that using the openssl binary will be slower and less secure, as private key contents always have to be stored on disk (see account_key_content).

  • Although the defaults are chosen so that the module can be used with the Let’s Encrypt CA, the module can in principle be used with any CA providing an ACME endpoint, such as Buypass Go SSL.

  • So far, the ACME modules have only been tested by the developers against Let’s Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and Pebble testing server. We have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with another ACME server, please create an issue to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.

@@ -401,7 +403,7 @@ see account_key_src: /etc/pki/cert/private/account.key register: account_data - name: Verify that account exists - assert: + ansible.builtin.assert: that: - account_data.exists - name: Print account URI @@ -417,7 +419,7 @@ see account_uri: "{{ acme_account_uri }}" register: account_data - name: Verify that account exists - assert: + ansible.builtin.assert: that: - account_data.exists - name: Print account contacts @@ -458,7 +460,7 @@ see

string

A URL where a list of orders can be retrieved for this account.

-

Use the retrieve_orders option to query this URL and retrieve the complete list of orders.

+

Use the retrieve_orders option to query this URL and retrieve the complete list of orders.

Returned: always

Sample: "https://example.ca/account/1/orders"

@@ -509,9 +511,9 @@ see added in community.crypto 1.5.0

The list of orders.

-

If retrieve_orders is url_list, this will be a list of URLs.

-

If retrieve_orders is object_list, this will be a list of objects.

-

Returned: if account exists, retrieve_orders is not ignore, and server supports order listing

+

If retrieve_orders is url_list, this will be a list of URLs.

+

If retrieve_orders is object_list, this will be a list of objects.

+

Returned: if account exists, retrieve_orders is not ignore, and server supports order listing

@@ -519,7 +521,7 @@ see

list / elements=dictionary

The list of orders.

-

Returned: if account exists, retrieve_orders is object_list, and server supports order listing

+

Returned: if account exists, retrieve_orders is object_list, and server supports order listing

@@ -553,7 +555,7 @@ see

When the order expires.

Timestamp should be formatted as described in RFC3339.

-

Only required to be included in result when status is pending or valid.

+

Only required to be included in result when orders[].status is pending or valid.

Returned: when server gives expiry date

@@ -577,8 +579,13 @@ see

type

string

-

Type of identifier. dns or ip.

+

Type of identifier.

Returned: success

+

Can only return:

+
    +

  • "dns"

    • +

  • "ip"

    • +
@@ -593,7 +600,7 @@ see

wildcard

boolean

-

Whether value is actually a wildcard. The wildcard prefix *. is not included in value if this is true.

+

Whether orders[].identifiers[].value is actually a wildcard. The wildcard prefix *. is not included in orders[].identifiers[].value if this is true.

Returned: required to be included if the identifier is wildcarded

diff --git a/pr/600/acme_account_module.html b/pr/600/acme_account_module.html index 58e78d04..2be7c6bb 100644 --- a/pr/600/acme_account_module.html +++ b/pr/600/acme_account_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

community.crypto.acme_account module – Create, modify or delete ACME accounts

Note

-

This module is part of the community.crypto collection (version 2.14.0).

+

This module is part of the community.crypto collection (version 2.14.1).

To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

@@ -212,8 +214,8 @@ see

string

Content of the ACME account RSA or Elliptic Curve key.

-

Mutually exclusive with account_key_src.

-

Required if account_key_src is not used.

+

Mutually exclusive with account_key_src.

+

Required if account_key_src is not used.

Warning: the content will be written into a temporary file, which will be deleted by Ansible when the module completes. Since this is an important private key — it can be used to change the account key, or to revoke your certificates without knowing their private keys —, this might not be acceptable.

In case cryptography is used, the content is not written into a temporary file. It can still happen that it is written to disk by Ansible in the process of moving the module with its argument to the node where it is executed.

@@ -235,8 +237,8 @@ see

Path to a file containing the ACME account RSA or Elliptic Curve key.

Private keys can be created with the community.crypto.openssl_privatekey or community.crypto.openssl_privatekey_pipe modules. If the requisite (cryptography) is not available, keys can also be created directly with the openssl command line tool: RSA keys can be created with openssl genrsa .... Elliptic curve keys can be created with openssl ecparam -genkey .... Any other tool creating private keys in PEM format can be used as well.

-

Mutually exclusive with account_key_content.

-

Required if account_key_content is not used.

+

Mutually exclusive with account_key_content.

+

Required if account_key_content is not used.

@@ -265,8 +267,8 @@ see

integer / required

The ACME version of the endpoint.

-

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

-

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

+

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

+

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

Choices:

  • 1

    • @@ -278,7 +280,7 @@ see

allow_creation

boolean

-

Whether account creation is allowed (when state is present).

+

Whether account creation is allowed (when state is present).

Choices:

@@ -312,7 +314,7 @@ see

string / required

The MAC algorithm provided by the CA.

-

If not specified by the CA, this is probably HS256.

+

If not specified by the CA, this is probably HS256.

Choices:

  • "HS256"

    • @@ -326,7 +328,7 @@ see

    string / required

Base64 URL encoded value of the MAC key provided by the CA.

-

Padding (= symbols at the end) can be omitted.

+

Padding (= symbols at the end) can be omitted.

@@ -341,9 +343,9 @@ see

string

Content of the ACME account RSA or Elliptic Curve key to change to.

-

Same restrictions apply as to account_key_content.

-

Mutually exclusive with new_account_key_src.

-

Required if new_account_key_src is not used and state is changed_key.

+

Same restrictions apply as to account_key_content.

+

Mutually exclusive with new_account_key_src.

+

Required if new_account_key_src is not used and state is changed_key.

@@ -360,9 +362,9 @@ see

path

Path to a file containing the ACME account RSA or Elliptic Curve key to change to.

-

Same restrictions apply as to account_key_src.

-

Mutually exclusive with new_account_key_content.

-

Required if new_account_key_content is not used and state is changed_key.

+

Same restrictions apply as to account_key_src.

+

Mutually exclusive with new_account_key_content.

+

Required if new_account_key_content is not used and state is changed_key.

@@ -380,9 +382,9 @@ see

string

Determines which crypto backend to use.

-

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

-

If set to openssl, will try to use the openssl binary.

-

If set to cryptography, will try to use the cryptography library.

+

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

+

If set to openssl, will try to use the openssl binary.

+

If set to cryptography, will try to use the cryptography library.

Choices:

  • "auto" ← (default)

    • @@ -396,8 +398,8 @@ see

    string / required

The state of the account, to be identified by its account key.

-

If the state is absent, the account will either not exist or be deactivated.

-

If the state is changed_key, the account must exist. The account key will be changed; no other information will be touched.

+

If the state is absent, the account will either not exist or be deactivated.

+

If the state is changed_key, the account must exist. The account key will be changed; no other information will be touched.

Choices:

  • "present"

    • @@ -411,7 +413,7 @@ see

    boolean

Boolean indicating whether you agree to the terms of service document.

-

ACME servers can require this to be true.

+

ACME servers can require this to be true.

Choices:

  • false ← (default)

    • @@ -424,7 +426,7 @@ see

    boolean

Whether calls to the ACME directory will validate TLS certificates.

-

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

+

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

Choices:

  • false

    • @@ -477,8 +479,8 @@ see

    Note

      -

    • The community.crypto.acme_certificate module also allows to do basic account management. When using both modules, it is recommended to disable account management for community.crypto.acme_certificate. For that, use the modify_account option of community.crypto.acme_certificate.

      • -

    • If a new enough version of the cryptography library is available (see Requirements for details), it will be used instead of the openssl binary. This can be explicitly disabled or enabled with the select_crypto_backend option. Note that using the openssl binary will be slower and less secure, as private key contents always have to be stored on disk (see account_key_content).

      • +

    • The community.crypto.acme_certificate module also allows to do basic account management. When using both modules, it is recommended to disable account management for community.crypto.acme_certificate. For that, use the modify_account option of community.crypto.acme_certificate.

      • +

    • If a new enough version of the cryptography library is available (see Requirements for details), it will be used instead of the openssl binary. This can be explicitly disabled or enabled with the select_crypto_backend option. Note that using the openssl binary will be slower and less secure, as private key contents always have to be stored on disk (see account_key_content).

    • Although the defaults are chosen so that the module can be used with the Let’s Encrypt CA, the module can in principle be used with any CA providing an ACME endpoint, such as Buypass Go SSL.

    • So far, the ACME modules have only been tested by the developers against Let’s Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and Pebble testing server. We have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with another ACME server, please create an issue to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.

    diff --git a/pr/600/acme_certificate_module.html b/pr/600/acme_certificate_module.html index 9ec58125..fb023440 100644 --- a/pr/600/acme_certificate_module.html +++ b/pr/600/acme_certificate_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

    community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -186,9 +188,9 @@ see

    Synopsis

      -

    • Create and renew SSL/TLS certificates with a CA supporting the ACME protocol, such as Let’s Encrypt or Buypass. The current implementation supports the http-01, dns-01 and tls-alpn-01 challenges.

      • -

    • To use this module, it has to be executed twice. Either as two different tasks in the same run or during two runs. Note that the output of the first run needs to be recorded and passed to the second run as the module argument data.

      • -

    • Between these two tasks you have to fulfill the required steps for the chosen challenge by whatever means necessary. For http-01 that means creating the necessary challenge file on the destination webserver. For dns-01 the necessary dns record has to be created. For tls-alpn-01 the necessary certificate has to be created and served. It is not the responsibility of this module to perform these steps.

      • +

    • Create and renew SSL/TLS certificates with a CA supporting the ACME protocol, such as Let’s Encrypt or Buypass. The current implementation supports the http-01, dns-01 and tls-alpn-01 challenges.

      • +

    • To use this module, it has to be executed twice. Either as two different tasks in the same run or during two runs. Note that the output of the first run needs to be recorded and passed to the second run as the module argument data.

      • +

    • Between these two tasks you have to fulfill the required steps for the chosen challenge by whatever means necessary. For http-01 that means creating the necessary challenge file on the destination webserver. For dns-01 the necessary dns record has to be created. For tls-alpn-01 the necessary certificate has to be created and served. It is not the responsibility of this module to perform these steps.

    • For details on how to fulfill these challenges, you might have to read through the main ACME specification and the TLS-ALPN-01 specification. Also, consider the examples provided for this module.

    • The module includes experimental support for IP identifiers according to the RFC 8738.

    @@ -216,7 +218,7 @@ see

    The email address associated with this account.

    It will be used for certificate expiration warnings.

    -

    Note that when modify_account is not set to false and you also used the community.crypto.acme_account module to specify more than one contact for your account, this module will update your account and restrict it to the (at most one) contact email address specified here.

    +

    Note that when modify_account is not set to false and you also used the community.crypto.acme_account module to specify more than one contact for your account, this module will update your account and restrict it to the (at most one) contact email address specified here.

    @@ -224,8 +226,8 @@ see

    string

    Content of the ACME account RSA or Elliptic Curve key.

    -

    Mutually exclusive with account_key_src.

    -

    Required if account_key_src is not used.

    +

    Mutually exclusive with account_key_src.

    +

    Required if account_key_src is not used.

    Warning: the content will be written into a temporary file, which will be deleted by Ansible when the module completes. Since this is an important private key — it can be used to change the account key, or to revoke your certificates without knowing their private keys —, this might not be acceptable.

    In case cryptography is used, the content is not written into a temporary file. It can still happen that it is written to disk by Ansible in the process of moving the module with its argument to the node where it is executed.

    @@ -247,8 +249,8 @@ see

    Path to a file containing the ACME account RSA or Elliptic Curve key.

    Private keys can be created with the community.crypto.openssl_privatekey or community.crypto.openssl_privatekey_pipe modules. If the requisite (cryptography) is not available, keys can also be created directly with the openssl command line tool: RSA keys can be created with openssl genrsa .... Elliptic curve keys can be created with openssl ecparam -genkey .... Any other tool creating private keys in PEM format can be used as well.

    -

    Mutually exclusive with account_key_content.

    -

    Required if account_key_content is not used.

    +

    Mutually exclusive with account_key_content.

    +

    Required if account_key_content is not used.

@@ -277,8 +279,8 @@ see

integer / required

The ACME version of the endpoint.

-

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

-

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

+

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

+

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

Choices:

  • 1

    • @@ -290,9 +292,9 @@ see

agreement

string

-

URI to a terms of service document you agree to when using the ACME v1 service at acme_directory.

-

Default is latest gathered from acme_directory URL.

-

This option will only be used when acme_version is 1.

+

URI to a terms of service document you agree to when using the ACME v1 service at acme_directory.

+

Default is latest gathered from acme_directory URL.

+

This option will only be used when acme_version is 1.

@@ -309,11 +311,13 @@ see

string

The challenge to be performed.

+

If set to no challenge, no challenge will be used. This is necessary for some private CAs which use External Account Binding and other means of validating certificate assurance. For example, an account could be allowed to issue certificates for foo.example.com without any further validation for a certain period of time.

Choices:

  • "http-01" ← (default)

  • "dns-01"

  • "tls-alpn-01"

    • +

  • "no challenge"

@@ -327,7 +331,7 @@ see community.crypto.openssl_csr or openssl req ....

The CSR may contain multiple Subject Alternate Names, but each one will lead to an individual challenge that must be fulfilled for the CSR to be signed.

Note: the private key used to create the CSR must not be the account key. This is a bad idea from a security point of view, and the CA should not accept the CSR. The ACME server should return an error in this case.

-

Precisely one of csr or csr_content must be specified.

+

Precisely one of csr or csr_content must be specified.

@@ -339,7 +343,7 @@ see community.crypto.openssl_csr_pipe or openssl req ....

The CSR may contain multiple Subject Alternate Names, but each one will lead to an individual challenge that must be fulfilled for the CSR to be signed.

Note: the private key used to create the CSR must not be the account key. This is a bad idea from a security point of view, and the CA should not accept the CSR. The ACME server should return an error in this case.

-

Precisely one of csr or csr_content must be specified.

+

Precisely one of csr or csr_content must be specified.

@@ -348,8 +352,8 @@ see

The data to validate ongoing challenges. This must be specified for the second run of the module only.

The value that must be used here will be provided by a previous use of this module. See the examples for more details.

-

Note that for ACME v2, only the order_uri entry of data will be used. For ACME v1, data must be non-empty to indicate the second stage is active; all needed data will be taken from the CSR.

-

Note: the data option was marked as no_log up to Ansible 2.5. From Ansible 2.6 on, it is no longer marked this way as it causes error messages to be come unusable, and data does not contain any information which can be used without having access to the account key or which are not public anyway.

+

Note that for ACME v2, only the order_uri entry of data will be used. For ACME v1, data must be non-empty to indicate the second stage is active; all needed data will be taken from the CSR.

+

Note: the data option was marked as no_log up to Ansible 2.5. From Ansible 2.6 on, it is no longer marked this way as it causes error messages to be come unusable, and data does not contain any information which can be used without having access to the account key or which are not public anyway.

@@ -372,14 +376,14 @@ see path

The destination file for the certificate.

-

Required if fullchain_dest is not specified.

+

Required if fullchain_dest is not specified.

force

boolean

-

Enforces the execution of the challenge and validation, even if an existing certificate is still valid for more than remaining_days.

+

Enforces the execution of the challenge and validation, even if an existing certificate is still valid for more than remaining_days.

This is especially helpful when having an updated CSR, for example with additional domains for which a new certificate is desired.

Choices:

    @@ -395,7 +399,7 @@ see path

The destination file for the full chain (that is, a certificate followed by chain of intermediate certificates).

-

Required if dest is not specified.

+

Required if dest is not specified.

@@ -403,8 +407,8 @@ see

boolean

Boolean indicating whether the module should create the account if necessary, and update its contact data.

-

Set to false if you want to use the community.crypto.acme_account module to manage your account instead, and to avoid accidental creation of a new account using an old key if you changed the account key with community.crypto.acme_account.

-

If set to false, terms_agreed and account_email are ignored.

+

Set to false if you want to use the community.crypto.acme_account module to manage your account instead, and to avoid accidental creation of a new account using an old key if you changed the account key with community.crypto.acme_account.

+

If set to false, terms_agreed and account_email are ignored.

Choices:

  • false

    • @@ -416,8 +420,8 @@ see

remaining_days

integer

-

The number of days the certificate must have left being valid. If cert_days < remaining_days, then it will be renewed. If the certificate is not renewed, module return values will not include challenge_data.

-

To make sure that the certificate is renewed in any case, you can use the force option.

+

The number of days the certificate must have left being valid. If cert_days < remaining_days, then it will be renewed. If the certificate is not renewed, module return values will not include challenge_data.

+

To make sure that the certificate is renewed in any case, you can use the force option.

Default: 10

@@ -435,7 +439,7 @@ see

retrieve_all_alternates

boolean

-

When set to true, will retrieve all alternate trust chains offered by the ACME CA. These will not be written to disk, but will be returned together with the main chain as all_chains. See the documentation for the all_chains return value for details.

+

When set to true, will retrieve all alternate trust chains offered by the ACME CA. These will not be written to disk, but will be returned together with the main chain as all_chains. See the documentation for the all_chains return value for details.

Choices:

@@ -460,7 +464,7 @@ see

string

Checks for the AuthorityKeyIdentifier extension. This is an identifier based on the private key of the issuer of the intermediate certificate.

-

The identifier must be of the form C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10.

+

The identifier must be of the form C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10.

@@ -468,8 +472,8 @@ see

dictionary

Allows to specify parts of the issuer of a certificate in the chain must have to be selected.

-

If issuer is empty, any certificate will match.

-

An example value would be {"commonName": "My Preferred CA Root"}.

+

If select_chain[].issuer is empty, any certificate will match.

+

An example value would be {"commonName": "My Preferred CA Root"}.

@@ -477,8 +481,8 @@ see

dictionary

Allows to specify parts of the subject of a certificate in the chain must have to be selected.

-

If subject is empty, any certificate will match.

-

An example value would be {"CN": "My Preferred CA Intermediate"}

+

If select_chain[].subject is empty, any certificate will match.

+

An example value would be {"CN": "My Preferred CA Intermediate"}

@@ -486,7 +490,7 @@ see

string

Checks for the SubjectKeyIdentifier extension. This is an identifier based on the private key of the intermediate certificate.

-

The identifier must be of the form A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1.

+

The identifier must be of the form A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1.

@@ -494,9 +498,9 @@ see

string

Determines which certificates in the chain will be tested.

-

all tests all certificates in the chain (excluding the leaf, which is identical in all chains).

-

first only tests the first certificate in the chain, that is the one which signed the leaf.

-

last only tests the last certificate in the chain, that is the one furthest away from the leaf. Its issuer is the root certificate of this chain.

+

all tests all certificates in the chain (excluding the leaf, which is identical in all chains).

+

first only tests the first certificate in the chain, that is the one which signed the leaf.

+

last only tests the last certificate in the chain, that is the one furthest away from the leaf. Its issuer is the root certificate of this chain.

Choices:

  • "first"

    • @@ -510,9 +514,9 @@ see

    string

Determines which crypto backend to use.

-

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

-

If set to openssl, will try to use the openssl binary.

-

If set to cryptography, will try to use the cryptography library.

+

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

+

If set to openssl, will try to use the openssl binary.

+

If set to cryptography, will try to use the cryptography library.

Choices:

Whether calls to the ACME directory will validate TLS certificates.

-

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

+

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

Choices:

all_chains

list / elements=dictionary

-

When retrieve_all_alternates is set to true, the module will query the ACME server for alternate chains. This return value will contain a list of all chains returned, the first entry being the main chain returned by the server.

+

When retrieve_all_alternates is set to true, the module will query the ACME server for alternate chains. This return value will contain a list of all chains returned, the first entry being the main chain returned by the server.

See Section 7.4.2 of RFC8555 for details.

-

Returned: when certificate was retrieved and retrieve_all_alternates is set to true

+

Returned: when certificate was retrieved and retrieve_all_alternates is set to true

@@ -866,7 +874,7 @@ see

string

The full DNS record’s name for the challenge.

-

Returned: changed and challenge is dns-01

+

Returned: changed and challenge is dns-01

Sample: "_acme-challenge.example.com"

@@ -883,8 +891,8 @@ see

resource_original

string

-

The original challenge resource including type identifier for tls-alpn-01 challenges.

-

Returned: changed and challenge is tls-alpn-01

+

The original challenge resource including type identifier for tls-alpn-01 challenges.

+

Returned: changed and challenge is tls-alpn-01

Sample: "DNS:example.com"

@@ -893,8 +901,8 @@ see

string

The value the resource has to produce for the validation.

-

For http-01 and dns-01 challenges, the value can be used as-is.

-

For tls-alpn-01 challenges, note that this return value contains a Base64 encoded version of the correct binary blob which has to be put into the acmeValidation x509 extension; see https://www.rfc-editor.org/rfc/rfc8737.html#section-3 for details. To do this, you might need the b64decode Jinja filter to extract the binary blob from this return value.

+

For http-01 and dns-01 challenges, the value can be used as-is.

+

For tls-alpn-01 challenges, note that this return value contains a Base64 encoded version of the correct binary blob which has to be put into the acmeValidation x509 extension; see https://www.rfc-editor.org/rfc/rfc8737.html#section-3 for details. To do this, you might need the ansible.builtin.b64decode Jinja filter to extract the binary blob from this return value.

Returned: changed

Sample: "IlirfxKKXA...17Dt3juxGJ-PCt92wr-oA"

@@ -903,7 +911,7 @@ see

challenge_data_dns

dictionary

-

List of TXT values per DNS record, in case challenge is dns-01.

+

List of TXT values per DNS record, in case challenge is dns-01.

Since Ansible 2.8.5, only challenges which are not yet valid are returned.

Returned: changed

diff --git a/pr/600/acme_certificate_revoke_module.html b/pr/600/acme_certificate_revoke_module.html index fe84b23f..c9238a8a 100644 --- a/pr/600/acme_certificate_revoke_module.html +++ b/pr/600/acme_certificate_revoke_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol

Note

-

This module is part of the community.crypto collection (version 2.14.0).

+

This module is part of the community.crypto collection (version 2.14.1).

To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

@@ -209,7 +211,7 @@ see

string

Content of the ACME account RSA or Elliptic Curve key.

-

Note that exactly one of account_key_src, account_key_content, private_key_src or private_key_content must be specified.

+

Note that exactly one of account_key_src, account_key_content, private_key_src, or private_key_content must be specified.

Warning: the content will be written into a temporary file, which will be deleted by Ansible when the module completes. Since this is an important private key — it can be used to change the account key, or to revoke your certificates without knowing their private keys —, this might not be acceptable.

In case cryptography is used, the content is not written into a temporary file. It can still happen that it is written to disk by Ansible in the process of moving the module with its argument to the node where it is executed.

@@ -231,8 +233,8 @@ see

Path to a file containing the ACME account RSA or Elliptic Curve key.

RSA keys can be created with openssl rsa .... Elliptic curve keys can be created with openssl ecparam -genkey .... Any other tool creating private keys in PEM format can be used as well.

-

Mutually exclusive with account_key_content.

-

Required if account_key_content is not used.

+

Mutually exclusive with account_key_content.

+

Required if account_key_content is not used.

@@ -261,8 +263,8 @@ see

integer / required

The ACME version of the endpoint.

-

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

-

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

+

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

+

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

Choices:

  • 1

    • @@ -282,7 +284,7 @@ see

    string

Content of the certificate’s private key.

-

Note that exactly one of account_key_src, account_key_content, private_key_src or private_key_content must be specified.

+

Note that exactly one of account_key_src, account_key_content, private_key_src, or private_key_content must be specified.

Warning: the content will be written into a temporary file, which will be deleted by Ansible when the module completes. Since this is an important private key — it can be used to change the account key, or to revoke your certificates without knowing their private keys —, this might not be acceptable.

In case cryptography is used, the content is not written into a temporary file. It can still happen that it is written to disk by Ansible in the process of moving the module with its argument to the node where it is executed.

@@ -301,7 +303,7 @@ see

path

Path to the certificate’s private key.

-

Note that exactly one of account_key_src, account_key_content, private_key_src or private_key_content must be specified.

+

Note that exactly one of account_key_src, account_key_content, private_key_src, or private_key_content must be specified.

@@ -319,7 +321,7 @@ see

integer

One of the revocation reasonCodes defined in Section 5.3.1 of RFC5280.

-

Possible values are 0 (unspecified), 1 (keyCompromise), 2 (cACompromise), 3 (affiliationChanged), 4 (superseded), 5 (cessationOfOperation), 6 (certificateHold), 8 (removeFromCRL), 9 (privilegeWithdrawn), 10 (aACompromise).

+

Possible values are 0 (unspecified), 1 (keyCompromise), 2 (cACompromise), 3 (affiliationChanged), 4 (superseded), 5 (cessationOfOperation), 6 (certificateHold), 8 (removeFromCRL), 9 (privilegeWithdrawn), 10 (aACompromise).

@@ -327,9 +329,9 @@ see

string

Determines which crypto backend to use.

-

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

-

If set to openssl, will try to use the openssl binary.

-

If set to cryptography, will try to use the cryptography library.

+

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

+

If set to openssl, will try to use the openssl binary.

+

If set to cryptography, will try to use the cryptography library.

Choices:

  • "auto" ← (default)

    • @@ -343,7 +345,7 @@ see

    boolean

Whether calls to the ACME directory will validate TLS certificates.

-

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

+

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

Choices:

  • false

    • @@ -396,9 +398,9 @@ see

    Note

      -

    • Exactly one of account_key_src, account_key_content, private_key_src or private_key_content must be specified.

      • +

    • Exactly one of account_key_src, account_key_content, private_key_src, or private_key_content must be specified.

    • Trying to revoke an already revoked certificate should result in an unchanged status, even if the revocation reason was different than the one specified here. Also, depending on the server, it can happen that some other error is returned if the certificate has already been revoked.

      • -

    • If a new enough version of the cryptography library is available (see Requirements for details), it will be used instead of the openssl binary. This can be explicitly disabled or enabled with the select_crypto_backend option. Note that using the openssl binary will be slower and less secure, as private key contents always have to be stored on disk (see account_key_content).

      • +

    • If a new enough version of the cryptography library is available (see Requirements for details), it will be used instead of the openssl binary. This can be explicitly disabled or enabled with the select_crypto_backend option. Note that using the openssl binary will be slower and less secure, as private key contents always have to be stored on disk (see account_key_content).

    • Although the defaults are chosen so that the module can be used with the Let’s Encrypt CA, the module can in principle be used with any CA providing an ACME endpoint, such as Buypass Go SSL.

    • So far, the ACME modules have only been tested by the developers against Let’s Encrypt (staging and production), Buypass (staging and production), ZeroSSL (production), and Pebble testing server. We have got community feedback that they also work with Sectigo ACME Service for InCommon. If you experience problems with another ACME server, please create an issue to help us supporting it. Feedback that an ACME server not mentioned does work is also appreciated.

    diff --git a/pr/600/acme_challenge_cert_helper_module.html b/pr/600/acme_challenge_cert_helper_module.html index 0c0be094..82fb804f 100644 --- a/pr/600/acme_challenge_cert_helper_module.html +++ b/pr/600/acme_challenge_cert_helper_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as tls-alpn-01

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -219,7 +221,7 @@ see

    challenge_data

    dictionary / required

-

The challenge_data entry provided by community.crypto.acme_certificate for the challenge.

+

The challenge_data entry provided by community.crypto.acme_certificate for the challenge.

@@ -227,7 +229,7 @@ see

string

Content of the private key to use for this challenge certificate.

-

Mutually exclusive with private_key_src.

+

Mutually exclusive with private_key_src.

@@ -243,7 +245,7 @@ see

path

Path to a file containing the private key file to use for this challenge certificate.

-

Mutually exclusive with private_key_content.

+

Mutually exclusive with private_key_content.

@@ -366,7 +368,7 @@ see

identifier

string

-

The identifier for the actual resource. Will be a domain name if the type is dns, or an IP address if the type is ip.

+

The identifier for the actual resource. Will be a domain name if identifier_type=dns, or an IP address if identifier_type=ip.

Returned: always

@@ -374,8 +376,13 @@ see

identifier_type

string

-

The identifier type for the actual resource identifier. Will be dns or ip.

+

The identifier type for the actual resource identifier.

Returned: always

+

Can only return:

+
    +

  • "dns"

    • +

  • "ip"

    • +
diff --git a/pr/600/acme_inspect_module.html b/pr/600/acme_inspect_module.html index 17522870..74a988af 100644 --- a/pr/600/acme_inspect_module.html +++ b/pr/600/acme_inspect_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

community.crypto.acme_inspect module – Send direct requests to an ACME server

Note

-

This module is part of the community.crypto collection (version 2.14.0).

+

This module is part of the community.crypto collection (version 2.14.1).

To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

@@ -213,8 +215,8 @@ see

string

Content of the ACME account RSA or Elliptic Curve key.

-

Mutually exclusive with account_key_src.

-

Required if account_key_src is not used.

+

Mutually exclusive with account_key_src.

+

Required if account_key_src is not used.

Warning: the content will be written into a temporary file, which will be deleted by Ansible when the module completes. Since this is an important private key — it can be used to change the account key, or to revoke your certificates without knowing their private keys —, this might not be acceptable.

In case cryptography is used, the content is not written into a temporary file. It can still happen that it is written to disk by Ansible in the process of moving the module with its argument to the node where it is executed.

@@ -236,8 +238,8 @@ see

Path to a file containing the ACME account RSA or Elliptic Curve key.

Private keys can be created with the community.crypto.openssl_privatekey or community.crypto.openssl_privatekey_pipe modules. If the requisite (cryptography) is not available, keys can also be created directly with the openssl command line tool: RSA keys can be created with openssl genrsa .... Elliptic curve keys can be created with openssl ecparam -genkey .... Any other tool creating private keys in PEM format can be used as well.

-

Mutually exclusive with account_key_content.

-

Required if account_key_content is not used.

+

Mutually exclusive with account_key_content.

+

Required if account_key_content is not used.

@@ -266,8 +268,8 @@ see

integer / required

The ACME version of the endpoint.

-

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

-

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

+

Must be 1 for the classic Let’s Encrypt and Buypass ACME endpoints, or 2 for standardized ACME v2 endpoints.

+

The value 1 is deprecated since community.crypto 2.0.0 and will be removed from community.crypto 3.0.0.

Choices:

  • 1

    • @@ -279,15 +281,15 @@ see

content

string

-

An encoded JSON object which will be sent as the content if method is post.

-

Required when method is post, and not allowed otherwise.

+

An encoded JSON object which will be sent as the content if method is post.

+

Required when method is post, and not allowed otherwise.

fail_on_acme_error

boolean

-

If method is post or get, make the module fail in case an ACME error is returned.

+

If method is post or get, make the module fail in case an ACME error is returned.

Choices:

  • false

    • @@ -300,9 +302,9 @@ see

    string

The method to use to access the given URL on the ACME server.

-

The value post executes an authenticated POST request. The content must be specified in the content option.

-

The value get executes an authenticated POST-as-GET request for ACME v2, and a regular GET request for ACME v1.

-

The value directory-only only retrieves the directory, without doing a request.

+

The value post executes an authenticated POST request. The content must be specified in the content option.

+

The value get executes an authenticated POST-as-GET request for ACME v2, and a regular GET request for ACME v1.

+

The value directory-only only retrieves the directory, without doing a request.

Choices:

  • "get" ← (default)

    • @@ -326,9 +328,9 @@ see

    string

Determines which crypto backend to use.

-

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

-

If set to openssl, will try to use the openssl binary.

-

If set to cryptography, will try to use the cryptography library.

+

The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

+

If set to openssl, will try to use the openssl binary.

+

If set to cryptography, will try to use the cryptography library.

Choices:

  • "auto" ← (default)

    • @@ -342,7 +344,7 @@ see

    string

The URL to send the request to.

-

Must be specified if method is not directory-only.

+

Must be specified if method is not directory-only.

@@ -350,7 +352,7 @@ see

boolean

Whether calls to the ACME directory will validate TLS certificates.

-

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

+

Warning: Should only ever be set to false for testing purposes, for example when testing against a local Pebble server.

Choices:

Information on the installed OpenSSL binary.

-

Returned: when openssl_present=true

+

Returned: when openssl_present=true

@@ -284,7 +286,7 @@

dictionary

Information on the installed Python cryptography library.

-

Returned: when python_cryptography_installed=true

+

Returned: when python_cryptography_installed=true

@@ -426,7 +428,7 @@

string

Import error when trying to import the Python cryptography library.

-

Returned: when python_cryptography_installed=false

+

Returned: when python_cryptography_installed=false

diff --git a/pr/600/docsite/guide_ownca.html b/pr/600/docsite/guide_ownca.html index 5ea482ae..4e22f33c 100644 --- a/pr/600/docsite/guide_ownca.html +++ b/pr/600/docsite/guide_ownca.html @@ -14,6 +14,8 @@ + + diff --git a/pr/600/docsite/guide_selfsigned.html b/pr/600/docsite/guide_selfsigned.html index a2d63158..4fba29b8 100644 --- a/pr/600/docsite/guide_selfsigned.html +++ b/pr/600/docsite/guide_selfsigned.html @@ -14,6 +14,8 @@ + + @@ -148,13 +150,13 @@

How to create self-signed certificates

The community.crypto collection offers multiple modules that create private keys, certificate signing requests, and certificates. This guide shows how to create self-signed certificates.

-

For creating any kind of certificate, you always have to start with a private key. You can use the community.crypto.openssl_privatekey module to create a private key. If you only specify path, the default parameters will be used. This will result in a 4096 bit RSA private key:

+

For creating any kind of certificate, you always have to start with a private key. You can use the community.crypto.openssl_privatekey module to create a private key. If you only specify path, the default parameters will be used. This will result in a 4096 bit RSA private key:

- name: Create private key (RSA, 4096 bits)
   community.crypto.openssl_privatekey:
     path: /path/to/certificate.key
-

You can specify type to select another key type, size to select a different key size (only available for RSA and DSA keys), or passphrase if you want to store the key password-protected:

+

You can specify type to select another key type, size to select a different key size (only available for RSA and DSA keys), or passphrase if you want to store the key password-protected:

- name: Create private key (X25519) with password protection
   community.crypto.openssl_privatekey:
     path: /path/to/certificate.key
@@ -170,8 +172,8 @@
     provider: selfsigned
-

(If you used passphrase for the private key, you have to provide privatekey_passphrase.)

-

You can use selfsigned_not_after to define when the certificate expires (default: in roughly 10 years), and selfsigned_not_before to define from when the certificate is valid (default: now).

+

(If you used passphrase for the private key, you have to provide privatekey_passphrase.)

+

You can use selfsigned_not_after to define when the certificate expires (default: in roughly 10 years), and selfsigned_not_before to define from when the certificate is valid (default: now).

To define further properties of the certificate, like the subject, Subject Alternative Names (SANs), key usages, name constraints, etc., you need to first create a Certificate Signing Request (CSR) and provide it to the community.crypto.x509_certificate module. If you do not need the CSR file, you can use the community.crypto.openssl_csr_pipe module as in the example below. (To store it to disk, use the community.crypto.openssl_csr module instead.)

- name: Create certificate signing request (CSR) for self-signed certificate
   community.crypto.openssl_csr_pipe:
diff --git a/pr/600/ecs_certificate_module.html b/pr/600/ecs_certificate_module.html
index 2065cb9a..686d99c5 100644
--- a/pr/600/ecs_certificate_module.html
+++ b/pr/600/ecs_certificate_module.html
@@ -14,6 +14,8 @@
     
   
   
+        
+        
         
         
         
@@ -165,7 +167,7 @@
 
community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API

 

 
Note

-
This module is part of the community.crypto collection (version 2.14.0).

+
This module is part of the community.crypto collection (version 2.14.1).

 
To install it, use: ansible-galaxy collection install community.crypto.
 You need further requirements to be able to use this module,
 see Requirements for details.

@@ -219,7 +221,7 @@ see 
backup

 
boolean
-

Whether a backup should be made for the certificate in path.

+

Whether a backup should be made for the certificate in path.

Choices:

  • false ← (default)

    • @@ -231,12 +233,12 @@ see

cert_expiry

string

-

The date the certificate should be set to expire, in RFC3339 compliant date or date-time format. For example, 2020-02-23, 2020-02-23T15:00:00.05Z.

-

cert_expiry is only supported for requests of request_type=new or request_type=renew. If request_type=reissue, cert_expiry will be used for the first certificate issuance, but subsequent issuances will have the same expiry as the initial certificate.

+

The date the certificate should be set to expire, in RFC3339 compliant date or date-time format. For example, 2020-02-23, 2020-02-23T15:00:00.05Z.

+

cert_expiry is only supported for requests of request_type=new or request_type=renew. If request_type=reissue, cert_expiry will be used for the first certificate issuance, but subsequent issuances will have the same expiry as the initial certificate.

A reissued certificate will always have the same expiry as the original certificate.

Note that only the date (day, month, year) is supported for specifying the expiry date. If you choose to specify an expiry time with the expiry date, the time will be adjusted to Eastern Standard Time (EST). This could have the unintended effect of moving your expiry date to the previous day.

Applies only to accounts with a pooling inventory model.

-

Only one of cert_expiry or cert_lifetime may be specified.

+

Only one of cert_expiry or cert_lifetime may be specified.

@@ -245,12 +247,12 @@ see

The lifetime of the certificate.

Applies to all certificates for accounts with a non-pooling inventory model.

-

cert_lifetime is only supported for requests of request_type=new or request_type=renew. If request_type=reissue, cert_lifetime will be used for the first certificate issuance, but subsequent issuances will have the same expiry as the initial certificate.

-

Applies to certificates of cert_type=CDS_INDIVIDUAL, CDS_GROUP, CDS_ENT_LITE, CDS_ENT_PRO, SMIME_ENT for accounts with a pooling inventory model.

-

P1Y is a certificate with a 1 year lifetime.

-

P2Y is a certificate with a 2 year lifetime.

-

P3Y is a certificate with a 3 year lifetime.

-

Only one of cert_expiry or cert_lifetime may be specified.

+

cert_lifetime is only supported for requests of request_type=new or request_type=renew. If request_type=reissue, cert_lifetime will be used for the first certificate issuance, but subsequent issuances will have the same expiry as the initial certificate.

+

Applies to certificates of cert_type=CDS_INDIVIDUAL, CDS_GROUP, CDS_ENT_LITE, CDS_ENT_PRO, or SMIME_ENT for accounts with a pooling inventory model.

+

P1Y is a certificate with a 1 year lifetime.

+

P2Y is a certificate with a 2 year lifetime.

+

P3Y is a certificate with a 3 year lifetime.

+

Only one of cert_expiry or cert_lifetime may be specified.

Choices:

  • "P1Y"

    • @@ -264,7 +266,7 @@ see

    string

Specify the type of certificate requested.

-

If a certificate is being reissued or renewed, this parameter is ignored, and the cert_type of the initial certificate is used.

+

If a certificate is being reissued or renewed, this parameter is ignored, and the cert_type of the initial certificate is used.

Choices:

@@ -299,12 +301,12 @@ see

csr

string

-

Base-64 encoded Certificate Signing Request (CSR). csr is accepted with or without PEM formatting around the Base-64 string.

-

If no csr is provided when request_type=reissue or request_type=renew, the certificate will be generated with the same public key as the certificate being renewed or reissued.

-

If subject_alt_name is specified, it will override the subject alternate names in the CSR.

-

If eku is specified, it will override the extended key usage in the CSR.

-

If ou is specified, it will override the organizational units “ou=” present in the subject distinguished name of the CSR, if any.

-

The organization “O=” field from the CSR will not be used. It will be replaced in the issued certificate by org if present, and if not present, the organization tied to client_id.

+

Base-64 encoded Certificate Signing Request (CSR). csr is accepted with or without PEM formatting around the Base-64 string.

+

If no csr is provided when request_type=reissue or request_type=renew, the certificate will be generated with the same public key as the certificate being renewed or reissued.

+

If subject_alt_name is specified, it will override the subject alternate names in the CSR.

+

If eku is specified, it will override the extended key usage in the CSR.

+

If ou is specified, it will override the organizational units “ou=” present in the subject distinguished name of the CSR, if any.

+

The organization “O=” field from the CSR will not be used. It will be replaced in the issued certificate by org if present, and if not present, the organization tied to client_id.

@@ -312,9 +314,9 @@ see

boolean

In compliance with browser requirements, this certificate may be posted to the Certificate Transparency (CT) logs. This is a best practice technique that helps domain owners monitor certificates issued to their domains. Note that not all certificates are eligible for CT logging.

-

If ct_log is not specified, the certificate uses the account default.

-

If ct_log is specified and the account settings allow it, ct_log overrides the account default.

-

If ct_log is set to false, but the account settings are set to “always log”, the certificate generation will fail.

+

If ct_log is not specified, the certificate uses the account default.

+

If ct_log is specified and the account settings allow it, ct_log overrides the account default.

+

If ct_log is set to false, but the account settings are set to “always log”, the certificate generation will fail.

Choices:

  • false

    • @@ -580,7 +582,7 @@ see

eku

string

-

If specified, overrides the key usage in the csr.

+

If specified, overrides the key usage in the csr.

Choices:

  • "SERVER_AUTH"

    • @@ -593,8 +595,8 @@ see

end_user_key_storage_agreement

boolean

-

The end user of the Code Signing certificate must generate and store the private key for this request on cryptographically secure hardware to be compliant with the Entrust CSP and Subscription agreement. If requesting a certificate of type CODE_SIGNING or EV_CODE_SIGNING, you must set end_user_key_storage_agreement to true if and only if you acknowledge that you will inform the user of this requirement.

-

Applicable only to cert_type of values CODE_SIGNING and EV_CODE_SIGNING.

+

The end user of the Code Signing certificate must generate and store the private key for this request on cryptographically secure hardware to be compliant with the Entrust CSP and Subscription agreement. If requesting a certificate of type CODE_SIGNING or EV_CODE_SIGNING, you must set end_user_key_storage_agreement to true if and only if you acknowledge that you will inform the user of this requirement.

+

Applicable only to cert_type of values CODE_SIGNING and EV_CODE_SIGNING.

Choices:

  • false

    • @@ -643,8 +645,8 @@ see

force

boolean

-

If force is used, a certificate is requested regardless of whether path points to an existing valid certificate.

-

If request_type=renew, a forced renew will fail if the certificate being renewed has been issued within the past 30 days, regardless of the value of remaining_days or the return value of cert_days - the ECS API does not support the “renew” operation for certificates that are not at least 30 days old.

+

If force is used, a certificate is requested regardless of whether path points to an existing valid certificate.

+

If request_type=renew, a forced renew will fail if the certificate being renewed has been issued within the past 30 days, regardless of the value of remaining_days or the return value of cert_days - the ECS API does not support the “renew” operation for certificates that are not at least 30 days old.

Choices:

  • false ← (default)

    • @@ -664,8 +666,8 @@ see

    string

Organization “O=” to include in the certificate.

-

If org is not specified, the organization from the client represented by client_id is used.

-

Unless the cert_type is PD_SSL, this field may not be specified if the value of client_id is not “1” (the primary client). non-primary clients, certificates may only be issued with the organization of that client.

+

If org is not specified, the organization from the client represented by client_id is used.

+

Unless the cert_type is PD_SSL, this field may not be specified if the value of client_id is not “1” (the primary client). non-primary clients, certificates may only be issued with the organization of that client.

@@ -673,10 +675,10 @@ see

list / elements=string

Organizational unit “OU=” to include in the certificate.

-

ou behavior is dependent on whether organizational units are enabled for your account. If organizational unit support is disabled for your account, organizational units from the csr and the ou parameter are ignored.

-

If both csr and ou are specified, the value in ou will override the OU fields present in the subject distinguished name in the csr

-

If neither csr nor ou are specified for a renew or reissue operation, the OU fields in the initial certificate are reused.

-

An invalid OU from csr is ignored, but any invalid organizational units in ou will result in an error indicating “Unapproved OU”. The ou parameter can be used to force failure if an unapproved organizational unit is provided.

+

ou behavior is dependent on whether organizational units are enabled for your account. If organizational unit support is disabled for your account, organizational units from the csr and the ou parameter are ignored.

+

If both csr and ou are specified, the value in ou will override the OU fields present in the subject distinguished name in the csr

+

If neither csr nor ou are specified for a renew or reissue operation, the OU fields in the initial certificate are reused.

+

An invalid OU from csr is ignored, but any invalid organizational units in ou will result in an error indicating “Unapproved OU”. The ou parameter can be used to force failure if an unapproved organizational unit is provided.

A maximum of one OU may be specified for current products. Multiple OUs are reserved for future products.

@@ -686,18 +688,18 @@ see

The destination path for the generated certificate as a PEM encoded cert.

If the certificate at this location is not an Entrust issued certificate, a new certificate will always be requested even if the current certificate is technically valid.

-

If there is already an Entrust certificate at this location, whether it is replaced is depends on the remaining_days calculation.

-

If an existing certificate is being replaced (see remaining_days, force, and tracking_id), whether a new certificate is requested or the existing certificate is renewed or reissued is based on request_type.

+

If there is already an Entrust certificate at this location, whether it is replaced is depends on the remaining_days calculation.

+

If an existing certificate is being replaced (see remaining_days, force, and tracking_id), whether a new certificate is requested or the existing certificate is renewed or reissued is based on request_type.

remaining_days

integer

-

The number of days the certificate must have left being valid. If cert_days < remaining_days then a new certificate will be obtained using request_type.

-

If request_type=renew, a renewal will fail if the certificate being renewed has been issued within the past 30 days, so do not set a remaining_days value that is within 30 days of the full lifetime of the certificate being acted upon.

-

For exmaple, if you are requesting Certificates with a 90 day lifetime, do not set remaining_days to a value 60 or higher).

-

The force option may be used to ensure that a new certificate is always obtained.

+

The number of days the certificate must have left being valid. If cert_days < remaining_days then a new certificate will be obtained using request_type.

+

If request_type=renew, a renewal will fail if the certificate being renewed has been issued within the past 30 days, so do not set a remaining_days value that is within 30 days of the full lifetime of the certificate being acted upon.

+

For exmaple, if you are requesting Certificates with a 90 day lifetime, do not set remaining_days to a value 60 or higher).

+

The force option may be used to ensure that a new certificate is always obtained.

Default: 30

@@ -705,15 +707,15 @@ see

request_type

string

-

The operation performed if tracking_id references a valid certificate to reissue, or there is already a certificate present in path but either force is specified or cert_days < remaining_days.

-

Specifying request_type=validate_only means the request will be validated against the ECS API, but no certificate will be issued.

-

Specifying request_type=new means a certificate request will always be submitted and a new certificate issued.

-

Specifying request_type=renew means that an existing certificate (specified by tracking_id if present, otherwise path) will be renewed. If there is no certificate to renew, a new certificate is requested.

-

Specifying request_type=reissue means that an existing certificate (specified by tracking_id if present, otherwise path) will be reissued. If there is no certificate to reissue, a new certificate is requested.

-

If a certificate was issued within the past 30 days, the renew operation is not a valid operation and will fail.

-

Note that reissue is an operation that will result in the revocation of the certificate that is reissued, be cautious with its use.

-

check_mode is only supported if request_type=new

-

For example, setting request_type=renew and remaining_days=30 and pointing to the same certificate on multiple playbook runs means that on the first run new certificate will be requested. It will then be left along on future runs until it is within 30 days of expiry, then the ECS “renew” operation will be performed.

+

The operation performed if tracking_id references a valid certificate to reissue, or there is already a certificate present in path but either force is specified or cert_days < remaining_days.

+

Specifying request_type=validate_only means the request will be validated against the ECS API, but no certificate will be issued.

+

Specifying request_type=new means a certificate request will always be submitted and a new certificate issued.

+

Specifying request_type=renew means that an existing certificate (specified by tracking_id if present, otherwise path) will be renewed. If there is no certificate to renew, a new certificate is requested.

+

Specifying request_type=reissue means that an existing certificate (specified by tracking_id if present, otherwise path) will be reissued. If there is no certificate to reissue, a new certificate is requested.

+

If a certificate was issued within the past 30 days, the renew operation is not a valid operation and will fail.

+

Note that reissue is an operation that will result in the revocation of the certificate that is reissued, be cautious with its use.

+

check_mode is only supported if request_type=new

+

For example, setting request_type=renew and remaining_days=30 and pointing to the same certificate on multiple playbook runs means that on the first run new certificate will be requested. It will then be left along on future runs until it is within 30 days of expiry, then the ECS “renew” operation will be performed.

Choices:

  • "new" ← (default)

    • @@ -748,10 +750,10 @@ see

subject_alt_name

list / elements=string

-

The subject alternative name identifiers, as an array of values (applies to cert_type with a value of STANDARD_SSL, ADVANTAGE_SSL, UC_SSL, EV_SSL, WILDCARD_SSL, PRIVATE_SSL, and PD_SSL).

-

If you are requesting a new SSL certificate, and you pass a subject_alt_name parameter, any SAN names in the CSR are ignored. If no subjectAltName parameter is passed, the SAN names in the CSR are used.

-

See request_type to understand more about SANs during reissues and renewals.

-

In the case of certificates of type STANDARD_SSL certificates, if the CN of the certificate is <domain>.<tld> only the www.<domain>.<tld> value is accepted. If the CN of the certificate is www.<domain>.<tld> only the <domain>.<tld> value is accepted.

+

The subject alternative name identifiers, as an array of values (applies to cert_type with a value of STANDARD_SSL, ADVANTAGE_SSL, UC_SSL, EV_SSL, WILDCARD_SSL, PRIVATE_SSL, and PD_SSL).

+

If you are requesting a new SSL certificate, and you pass a subject_alt_name parameter, any SAN names in the CSR are ignored. If no subjectAltName parameter is passed, the SAN names in the CSR are used.

+

See request_type to understand more about SANs during reissues and renewals.

+

In the case of certificates of type STANDARD_SSL certificates, if the CN of the certificate is <domain>.<tld> only the www.<domain>.<tld> value is accepted. If the CN of the certificate is www.<domain>.<tld> only the <domain>.<tld> value is accepted.

@@ -759,11 +761,11 @@ see

integer

The tracking ID of the certificate to reissue or renew.

-

tracking_id is invalid if request_type=new or request_type=validate_only.

-

If there is a certificate present in path and it is an ECS certificate, tracking_id will be ignored.

-

If there is no certificate present in path or there is but it is from another provider, the certificate represented by tracking_id will be renewed or reissued and saved to path.

-

If there is no certificate present in path and the force and remaining_days parameters do not indicate a new certificate is needed, the certificate referenced by tracking_id certificate will be saved to path.

-

This can be used when a known certificate is not currently present on a server, but you want to renew or reissue it to be managed by an ansible playbook. For example, if you specify request_type=renew, tracking_id of an issued certificate, and path to a file that does not exist, the first run of a task will download the certificate specified by tracking_id (assuming it is still valid). Future runs of the task will (if applicable - see force and remaining_days) renew the certificate now present in path.

+

tracking_id is invalid if request_type=new or request_type=validate_only.

+

If there is a certificate present in path and it is an ECS certificate, tracking_id will be ignored.

+

If there is no certificate present in path or there is but it is from another provider, the certificate represented by tracking_id will be renewed or reissued and saved to path.

+

If there is no certificate present in path and the force and remaining_days parameters do not indicate a new certificate is needed, the certificate referenced by tracking_id certificate will be saved to path.

+

This can be used when a known certificate is not currently present on a server, but you want to renew or reissue it to be managed by an ansible playbook. For example, if you specify request_type=renew, tracking_id of an issued certificate, and path to a file that does not exist, the first run of a task will download the certificate specified by tracking_id (assuming it is still valid). Future runs of the task will (if applicable - see force and remaining_days) renew the certificate now present in path.

@@ -790,7 +792,7 @@ see

check_mode

Support: partial

-

Check mode is only supported if request_type=new.

+

Check mode is only supported if request_type=new.

Can run in check_mode and return changed status prediction without modifying target.

@@ -819,7 +821,7 @@ see

Note
@@ -967,7 +969,7 @@ see

string

Name of backup file created for the certificate.

-

Returned: changed and if backup is true

+

Returned: changed and if backup is true

Sample: "/path/to/www.ansible.com.crt.2019-03-09@11:22~"

@@ -976,7 +978,7 @@ see

string

Name of the backup file created for the certificate chain.

-

Returned: changed and if backup is true and full_chain_path is set.

+

Returned: changed and if backup is true and full_chain_path is set.

Sample: "/path/to/ca.chain.crt.2019-03-09@11:22~"

@@ -1003,7 +1005,7 @@ see

string

The certificate status in ECS.

-

Current possible values (which may be expanded in the future) are: ACTIVE, APPROVED, DEACTIVATED, DECLINED, EXPIRED, NA, PENDING, PENDING_QUORUM, READY, REISSUED, REISSUING, RENEWED, RENEWING, REVOKED, SUSPENDED

+

Current possible values (which may be expanded in the future) are: ACTIVE, APPROVED, DEACTIVATED, DECLINED, EXPIRED, NA, PENDING, PENDING_QUORUM, READY, REISSUED, REISSUING, RENEWED, RENEWING, REVOKED, SUSPENDED

Returned: success

Sample: "ACTIVE"

diff --git a/pr/600/ecs_domain_module.html b/pr/600/ecs_domain_module.html index f4808fd9..8e2b20f2 100644 --- a/pr/600/ecs_domain_module.html +++ b/pr/600/ecs_domain_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API

Note

-

This module is part of the community.crypto collection (version 2.14.0).

+

This module is part of the community.crypto collection (version 2.14.1).

To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

@@ -190,11 +192,11 @@ see Entrust Certificate Services (ECS) API.

  • If the domain is already in the validation process, no new validation will be requested, but the validation data (if applicable) will be returned.

    • -

  • If the domain is already in the validation process but the verification_method specified is different than the current verification_method, the verification_method will be updated and validation data (if applicable) will be returned.

    • -

  • If the domain is an active, validated domain, the return value of changed will be false, unless domain_status=EXPIRED, in which case a re-validation will be performed.

    • -

  • If verification_method=dns, details about the required DNS entry will be specified in the return parameters dns_contents, dns_location, and dns_resource_type.

    • -

  • If verification_method=web_server, details about the required file details will be specified in the return parameters file_contents and file_location.

    • -

  • If verification_method=email, the email address(es) that the validation email(s) were sent to will be in the return parameter emails. This is purely informational. For domains requested using this module, this will always be a list of size 1.

    • +

  • If the domain is already in the validation process but the verification_method specified is different than the current verification_method, the verification_method will be updated and validation data (if applicable) will be returned.

    • +

  • If the domain is an active, validated domain, the return value of changed will be false, unless domain_status=EXPIRED, in which case a re-validation will be performed.

    • +

  • If verification_method=dns, details about the required DNS entry will be specified in the return parameters dns_contents, dns_location, and dns_resource_type.

    • +

  • If verification_method=web_server, details about the required file details will be specified in the return parameters file_contents and file_location.

    • +

  • If verification_method=email, the email address(es) that the validation email(s) were sent to will be in the return parameter emails. This is purely informational. For domains requested using this module, this will always be a list of size 1.

    • @@ -271,12 +273,12 @@ see

    string

    Email address to be used to verify domain ownership.

    -

    Email address must be either an email address present in the WHOIS data for domain_name, or one of the following constructed emails: admin@domain_name, administrator@domain_name, webmaster@domain_name, hostmaster@domain_name, postmaster@domain_name.

    -

    Note that if domain_name includes subdomains, the top level domain should be used. For example, if requesting validation of example1.ansible.com, or test.example2.ansible.com, and you want to use the “admin” preconstructed name, the email address should be admin@ansible.com.

    +

    Email address must be either an email address present in the WHOIS data for domain_name, or one of the following constructed emails: admin@domain_name, administrator@domain_name, webmaster@domain_name, hostmaster@domain_name, postmaster@domain_name.

    +

    Note that if domain_name includes subdomains, the top level domain should be used. For example, if requesting validation of example1.ansible.com, or test.example2.ansible.com, and you want to use the “admin” preconstructed name, the email address should be admin@ansible.com.

    If using the email values from the WHOIS data for the domain or its top level namespace, they must be exact matches.

    -

    If verification_method=email but verification_email is not provided, the first email address found in WHOIS data for the domain will be used.

    +

    If verification_method=email but verification_email is not provided, the first email address found in WHOIS data for the domain will be used.

    To verify domain ownership, domain owner must follow the instructions in the email they receive.

    -

    Only allowed if verification_method=email

    +

    Only allowed if verification_method=email

    @@ -284,10 +286,10 @@ see

    string / required

    The verification method to be used to prove control of the domain.

    -

    If verification_method=email and the value verification_email is specified, that value is used for the email validation. If verification_email is not provided, the first value present in WHOIS data will be used. An email will be sent to the address in verification_email with instructions on how to verify control of the domain.

    -

    If verification_method=dns, the value dns_contents must be stored in location dns_location, with a DNS record type of verification_dns_record_type. To prove domain ownership, update your DNS records so the text string returned by dns_contents is available at dns_location.

    -

    If verification_method=web_server, the contents of return value file_contents must be made available on a web server accessible at location file_location.

    -

    If verification_method=manual, the domain will be validated with a manual process. This is not recommended.

    +

    If verification_method=email and the value verification_email is specified, that value is used for the email validation. If verification_email is not provided, the first value present in WHOIS data will be used. An email will be sent to the address in verification_email with instructions on how to verify control of the domain.

    +

    If verification_method=dns, the value dns_contents must be stored in location dns_location, with a DNS record type of dns_resource_type. To prove domain ownership, update your DNS records so the text string returned by dns_contents is available at dns_location.

    +

    If verification_method=web_server, the contents of return value file_contents must be made available on a web server accessible at location file_location.

    +

    If verification_method=manual, the domain will be validated with a manual process. This is not recommended.

    Choices:

    @@ -343,7 +345,7 @@ see

    See also

    -
    community.crypto.x509_certificate

    Can be used to request certificates from ECS, with provider=entrust.

    +
    community.crypto.x509_certificate

    Can be used to request certificates from ECS, with provider=entrust.

    community.crypto.ecs_certificate

    Can be used to request a Certificate from ECS using a verified domain.

    @@ -408,7 +410,7 @@ see

    client_id

    integer

    -

    Client ID that the domain belongs to. If the input value client_id is specified, this will always be the same as client_id

    +

    Client ID that the domain belongs to. If the input value client_id is specified, this will always be the same as client_id

    Returned: changed or success

    Sample: 1

    @@ -417,8 +419,8 @@ see

    dns_contents

    string

    -

    The value that ECS will be expecting to find in the DNS record located at dns_location.

    -

    Returned: changed and if verification_method is dns

    +

    The value that ECS will be expecting to find in the DNS record located at dns_location.

    +

    Returned: changed and if verification_method is dns

    Sample: "AB23CD41432522FF2526920393982FAB"

    @@ -426,8 +428,8 @@ see

    dns_location

    string

    -

    The location that ECS will be expecting to be able to find the DNS entry for domain verification, containing the contents of dns_contents.

    -

    Returned: changed and if verification_method is dns

    +

    The location that ECS will be expecting to be able to find the DNS entry for domain verification, containing the contents of dns_contents.

    +

    Returned: changed and if verification_method is dns

    Sample: "_pki-validation.ansible.com"

    @@ -435,8 +437,8 @@ see

    dns_resource_type

    string

    -

    The type of resource record that ECS will be expecting for the DNS record located at dns_location.

    -

    Returned: changed and if verification_method is dns

    +

    The type of resource record that ECS will be expecting for the DNS record located at dns_location.

    +

    Returned: changed and if verification_method is dns

    Sample: "TXT"

    @@ -444,7 +446,7 @@ see

    domain_status

    string

    -

    Status of the current domain. Will be one of APPROVED, DECLINED, CANCELLED, INITIAL_VERIFICATION, DECLINED, CANCELLED, RE_VERIFICATION, EXPIRED, EXPIRING

    +

    Status of the current domain. Will be one of APPROVED, DECLINED, CANCELLED, INITIAL_VERIFICATION, DECLINED, CANCELLED, RE_VERIFICATION, EXPIRED, EXPIRING

    Returned: changed or success

    Sample: "APPROVED"

    @@ -455,7 +457,7 @@ see

    The list of emails used to request validation of this domain.

    Domains requested using this module will only have a list of size 1.

    -

    Returned: verification_method is email

    +

    Returned: verification_method is email

    Sample: ["admin@ansible.com", "administrator@ansible.com"]

    @@ -463,8 +465,8 @@ see

    ev_days_remaining

    integer

    -

    The number of days the domain remains eligible for submission of “EV” certificates. Will never be greater than the value of ov_days_remaining

    -

    Returned: success and ev_eligible is true and domain_status is APPROVED, RE_VERIFICATION or EXPIRING.

    +

    The number of days the domain remains eligible for submission of “EV” certificates. Will never be greater than the value of ov_days_remaining

    +

    Returned: success and ev_eligible is true and domain_status is APPROVED, RE_VERIFICATION or EXPIRING.

    Sample: 94

    @@ -472,8 +474,8 @@ see

    ev_eligible

    boolean

    -

    Whether the domain is eligible for submission of “EV” certificates. Will never be true if ov_eligible is false

    -

    Returned: success and domain_status is APPROVED, RE_VERIFICATION or EXPIRING, or EXPIRED.

    +

    Whether the domain is eligible for submission of “EV” certificates. Will never be true if ov_eligible is false

    +

    Returned: success and domain_status is APPROVED, RE_VERIFICATION or EXPIRING, or EXPIRED.

    Sample: true

    @@ -481,8 +483,8 @@ see

    file_contents

    string

    -

    The contents of the file that ECS will be expecting to find at file_location.

    -

    Returned: verification_method is web_server

    +

    The contents of the file that ECS will be expecting to find at file_location.

    +

    Returned: verification_method is web_server

    Sample: "AB23CD41432522FF2526920393982FAB"

    @@ -490,8 +492,8 @@ see

    file_location

    string

    -

    The location that ECS will be expecting to be able to find the file for domain verification, containing the contents of file_contents.

    -

    Returned: verification_method is web_server

    +

    The location that ECS will be expecting to be able to find the file for domain verification, containing the contents of file_contents.

    +

    Returned: verification_method is web_server

    Sample: "http://ansible.com/.well-known/pki-validation/abcd.txt"

    @@ -499,8 +501,8 @@ see

    ov_days_remaining

    integer

    -

    The number of days the domain remains eligible for submission of “OV” certificates. Will never be less than the value of ev_days_remaining

    -

    Returned: success and ov_eligible is true and domain_status is APPROVED, RE_VERIFICATION or EXPIRING.

    +

    The number of days the domain remains eligible for submission of “OV” certificates. Will never be less than the value of ev_days_remaining

    +

    Returned: success and ov_eligible is true and domain_status is APPROVED, RE_VERIFICATION or EXPIRING.

    Sample: 129

    @@ -508,8 +510,8 @@ see

    ov_eligible

    boolean

    -

    Whether the domain is eligible for submission of “OV” certificates. Will never be false if ov_eligible is true

    -

    Returned: success and domain_status is APPROVED, RE_VERIFICATION, EXPIRING, or EXPIRED.

    +

    Whether the domain is eligible for submission of “OV” certificates. Will never be false if ev_eligible is true

    +

    Returned: success and domain_status is APPROVED, RE_VERIFICATION, EXPIRING, or EXPIRED.

    Sample: true

    @@ -517,7 +519,7 @@ see

    verification_method

    string

    -

    Verification method used to request the domain validation. If changed will be the same as verification_method input parameter.

    +

    Verification method used to request the domain validation. If changed will be the same as verification_method input parameter.

    Returned: changed or success

    Sample: "dns"

    diff --git a/pr/600/environment_variables.html b/pr/600/environment_variables.html index 6e7c8752..c456535c 100644 --- a/pr/600/environment_variables.html +++ b/pr/600/environment_variables.html @@ -14,6 +14,8 @@ + + diff --git a/pr/600/get_certificate_module.html b/pr/600/get_certificate_module.html index 8f7aae25..25dcecfd 100644 --- a/pr/600/get_certificate_module.html +++ b/pr/600/get_certificate_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.get_certificate module – Get a certificate from a host:port

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -193,7 +195,7 @@ see

    Requirements

    The below requirements are needed on the host that executes this module.

      -

    • python >= 2.7 when using proxy_host

      • +

    • python >= 2.7 when using proxy_host

    • cryptography >= 1.6

    @@ -211,9 +213,9 @@ see

    boolean

    added in community.crypto 2.12.0

    -

    Whether to encode the ASN.1 values in the extensions return value with Base64 or not.

    -

    The documentation claimed for a long time that the values are Base64 encoded, but they never were. For compatibility this option is set to false.

    -

    The default value false is deprecated and will change to true in community.crypto 3.0.0.

    +

    Whether to encode the ASN.1 values in the extensions return value with Base64 or not.

    +

    The documentation claimed for a long time that the values are Base64 encoded, but they never were. For compatibility this option is set to false.

    +

    The default value false is deprecated and will change to true in community.crypto 3.0.0.

    Choices:

    SSL/TLS Ciphers to use for the request.

    -

    When a list is provided, all ciphers are joined in order with :.

    +

    When a list is provided, all ciphers are joined in order with :.

    See the OpenSSL Cipher List Format for more details.

    The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions.

    @@ -274,8 +276,8 @@ see

    string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    Requests a secure connection for protocols which require clients to initiate encryption.

    -

    Only available for mysql currently.

    +

    Only available for mysql currently.

    Choices:

    The ASN.1 content of the extension.

    -

    If asn1_base64=true this will be Base64 encoded, otherwise the raw binary value will be returned.

    +

    If asn1_base64=true this will be Base64 encoded, otherwise the raw binary value will be returned.

    Please note that the raw binary value might not survive JSON serialization to the Ansible controller, and also might cause failures when displaying it. See https://github.com/ansible/ansible/issues/80258 for more information.

    Note that depending on the cryptography version used, it is not possible to extract the ASN.1 content of the extension, but only to provide the re-encoded content of the extension in case it was parsed by cryptography. This should usually result in exactly the same value, except if the original extension value was malformed.

    Returned: success

    diff --git a/pr/600/index.html b/pr/600/index.html index 04f5369d..ce516f22 100644 --- a/pr/600/index.html +++ b/pr/600/index.html @@ -14,6 +14,8 @@ + + @@ -146,7 +148,7 @@

    Community.Crypto

    -

    Collection version 2.14.0

    +

    Collection version 2.14.1

    @@ -211,21 +213,21 @@ see

    This option allows the user to define the cipher specification string for the LUKS container.

    Will only be used on container creation.

    -

    For pre-2.6.10 kernels, use aes-plain as they do not understand the new cipher spec strings. To use ESSIV, use aes-cbc-essiv:sha256.

    +

    For pre-2.6.10 kernels, use aes-plain as they do not understand the new cipher spec strings. To use ESSIV, use aes-cbc-essiv:sha256.

    device

    string

    -

    Device to work with (for example /dev/sda1). Needed in most cases. Can be omitted only when state=closed together with name is provided.

    +

    Device to work with (for example /dev/sda1). Needed in most cases. Can be omitted only when state=closed together with name is provided.

    force_remove_last_key

    boolean

    -

    If set to true, allows removing the last key from a container.

    +

    If set to true, allows removing the last key from a container.

    BEWARE that when the last key has been removed from a container, the container can no longer be opened!

    Choices:

      @@ -247,7 +249,7 @@ see

    keyfile

    path

    -

    Used to unlock the container. Either a keyfile or a passphrase is needed for most of the operations. Parameter value is the path to the keyfile with the passphrase.

    +

    Used to unlock the container. Either a keyfile or a passphrase is needed for most of the operations. Parameter value is the path to the keyfile with the passphrase.

    BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.

    @@ -265,22 +267,22 @@ see added in community.crypto 1.0.0

    This option allow the user to create a LUKS2 format container with label support, respectively to identify the container by label on later usages.

    -

    Will only be used on container creation, or when device is not specified.

    -

    This cannot be specified if type is set to luks1.

    +

    Will only be used on container creation, or when device is not specified.

    +

    This cannot be specified if type is set to luks1.

    name

    string

    -

    Sets container name when state=opened. Can be used instead of device when closing the existing container (that is, when state=closed).

    +

    Sets container name when state=opened. Can be used instead of device when closing the existing container (that is, when state=closed).

    new_keyfile

    path

    -

    Adds additional key to given container on device. Needs keyfile or passphrase option for authorization. LUKS container supports up to 8 keyslots. Parameter value is the path to the keyfile with the passphrase.

    +

    Adds additional key to given container on device. Needs keyfile or passphrase option for authorization. LUKS container supports up to 8 keyslots. Parameter value is the path to the keyfile with the passphrase.

    NOTE that adding additional keys is idempotent only since community.crypto 1.4.0. For older versions, a new keyslot will be used even if another keyslot already exists for this keyfile.

    BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.

    @@ -290,7 +292,7 @@ see

    string

    added in community.crypto 1.0.0

    -

    Adds additional passphrase to given container on device. Needs keyfile or passphrase option for authorization. LUKS container supports up to 8 keyslots. Parameter value is a string with the new passphrase.

    +

    Adds additional passphrase to given container on device. Needs keyfile or passphrase option for authorization. LUKS container supports up to 8 keyslots. Parameter value is a string with the new passphrase.

    NOTE that adding additional passphrase is idempotent only since community.crypto 1.4.0. For older versions, a new keyslot will be used even if another keyslot already exists for this passphrase.

    @@ -299,7 +301,7 @@ see

    string

    added in community.crypto 1.0.0

    -

    Used to unlock the container. Either a passphrase or a keyfile is needed for most of the operations. Parameter value is a string with the passphrase.

    +

    Used to unlock the container. Either a passphrase or a keyfile is needed for most of the operations. Parameter value is a string with the passphrase.

    @@ -330,7 +332,7 @@ see

    integer

    Specify the iteration count used for the PBKDF.

    -

    Mutually exclusive with iteration_time.

    +

    Mutually exclusive with pbkdf.iteration_time.

    @@ -339,7 +341,7 @@ see

    Specify the iteration time used for the PBKDF.

    Note that this is in seconds, not in milliseconds as on the command line.

    -

    Mutually exclusive with iteration_count.

    +

    Mutually exclusive with pbkdf.iteration_count.

    @@ -422,7 +424,7 @@ see

    boolean

    added in community.crypto 2.3.0

    -

    Allows the user to store options into container’s metadata persistently and automatically use them next time. Only perf_same_cpu_crypt, perf_submit_from_crypt_cpus, perf_no_read_workqueue, and perf_no_write_workqueue can be stored persistently.

    +

    Allows the user to store options into container’s metadata persistently and automatically use them next time. Only perf_same_cpu_crypt, perf_submit_from_crypt_cpus, perf_no_read_workqueue, and perf_no_write_workqueue can be stored persistently.

    Will only work with LUKS2 containers.

    Will only be used when opening containers.

    Choices:

    @@ -436,9 +438,9 @@ see

    remove_keyfile

    path

    -

    Removes given key from the container on device. Does not remove the keyfile from filesystem. Parameter value is the path to the keyfile with the passphrase.

    +

    Removes given key from the container on device. Does not remove the keyfile from filesystem. Parameter value is the path to the keyfile with the passphrase.

    NOTE that removing keys is idempotent only since community.crypto 1.4.0. For older versions, trying to remove a key which no longer exists results in an error.

    -

    NOTE that to remove the last key from a LUKS container, the force_remove_last_key option must be set to true.

    +

    NOTE that to remove the last key from a LUKS container, the force_remove_last_key option must be set to true.

    BEWARE that working with keyfiles in plaintext is dangerous. Make sure that they are protected.

    @@ -447,9 +449,9 @@ see

    string

    added in community.crypto 1.0.0

    -

    Removes given passphrase from the container on device. Parameter value is a string with the passphrase to remove.

    +

    Removes given passphrase from the container on device. Parameter value is a string with the passphrase to remove.

    NOTE that removing passphrases is idempotent only since community.crypto 1.4.0. For older versions, trying to remove a passphrase which no longer exists results in an error.

    -

    NOTE that to remove the last keyslot from a LUKS container, the force_remove_last_key option must be set to true.

    +

    NOTE that to remove the last keyslot from a LUKS container, the force_remove_last_key option must be set to true.

    @@ -466,10 +468,10 @@ see

    string

    Desired state of the LUKS container. Based on its value creates, destroys, opens or closes the LUKS container on a given device.

    -

    present will create LUKS container unless already present. Requires device and either keyfile or passphrase options to be provided.

    -

    absent will remove existing LUKS container if it exists. Requires device or name to be specified.

    -

    opened will unlock the LUKS container. If it does not exist it will be created first. Requires device and either keyfile or passphrase to be specified. Use the name option to set the name of the opened container. Otherwise the name will be generated automatically and returned as a part of the result.

    -

    closed will lock the LUKS container. However if the container does not exist it will be created. Requires device and either keyfile or passphrase options to be provided. If container does already exist device or name will suffice.

    +

    present will create LUKS container unless already present. Requires device and either keyfile or passphrase options to be provided.

    +

    absent will remove existing LUKS container if it exists. Requires device or name to be specified.

    +

    opened will unlock the LUKS container. If it does not exist it will be created first. Requires device and either keyfile or passphrase to be specified. Use the name option to set the name of the opened container. Otherwise the name will be generated automatically and returned as a part of the result.

    +

    closed will lock the LUKS container. However if the container does not exist it will be created. Requires device and either keyfile or passphrase options to be provided. If container does already exist device or name will suffice.

    Choices:

    • "present" ← (default)

      • @@ -484,7 +486,7 @@ see

      string

      added in community.crypto 1.0.0

    -

    This option allow the user explicit define the format of LUKS container that wants to work with. Options are luks1 or luks2

    +

    This option allow the user explicit define the format of LUKS container that wants to work with. Options are luks1 or luks2

    Choices:

    With this option user can identify the LUKS container by UUID.

    -

    Will only be used when device and label are not specified.

    +

    Will only be used when device and label are not specified.

    @@ -649,7 +651,7 @@ see

    name

    string

    -

    When state=opened returns (generated or given) name of LUKS container. Returns None if no name is supplied.

    +

    When state=opened returns (generated or given) name of LUKS container. Returns None if no name is supplied.

    Returned: success

    Sample: "luks-c1da9a58-2fde-4256-9d9f-6ab008b4dd1b"

    diff --git a/pr/600/openssh_cert_module.html b/pr/600/openssh_cert_module.html index 258e22dd..92aff707 100644 --- a/pr/600/openssh_cert_module.html +++ b/pr/600/openssh_cert_module.html @@ -14,6 +14,8 @@ + + @@ -163,7 +165,7 @@

    community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -218,7 +220,7 @@ see

    boolean

    Should the certificate be regenerated even if it already exists and is valid.

    -

    Equivalent to regenerate=always.

    +

    Equivalent to regenerate=always.

    Choices:

    • false ← (default)

      • @@ -246,7 +248,7 @@ see

      boolean

      added in community.crypto 2.2.0

    -

    Whether the valid_from and valid_to timestamps should be ignored for idempotency checks.

    +

    Whether the valid_from and valid_to timestamps should be ignored for idempotency checks.

    However, the values will still be applied to a new certificate if it meets any other necessary conditions for generation/regeneration.

    Choices:

      @@ -273,19 +275,19 @@ see

      list / elements=string

    Specify certificate options when signing a key. The option that are valid for user certificates are:

    -

    clear: Clear all enabled permissions. This is useful for clearing the default set of permissions so permissions may be added individually.

    -

    force-command=command: Forces the execution of command instead of any shell or command specified by the user when the certificate is used for authentication.

    -

    no-agent-forwarding: Disable ssh-agent forwarding (permitted by default).

    -

    no-port-forwarding: Disable port forwarding (permitted by default).

    -

    no-pty: Disable PTY allocation (permitted by default).

    -

    no-user-rc: Disable execution of ~/.ssh/rc by sshd (permitted by default).

    -

    no-x11-forwarding: Disable X11 forwarding (permitted by default)

    -

    permit-agent-forwarding: Allows ssh-agent forwarding.

    -

    permit-port-forwarding: Allows port forwarding.

    -

    permit-pty: Allows PTY allocation.

    -

    permit-user-rc: Allows execution of ~/.ssh/rc by sshd.

    -

    permit-x11-forwarding: Allows X11 forwarding.

    -

    source-address=address_list: Restrict the source addresses from which the certificate is considered valid. The address_list is a comma-separated list of one or more address/netmask pairs in CIDR format.

    +

    clear: Clear all enabled permissions. This is useful for clearing the default set of permissions so permissions may be added individually.

    +

    force-command=command: Forces the execution of command instead of any shell or command specified by the user when the certificate is used for authentication.

    +

    no-agent-forwarding: Disable ssh-agent forwarding (permitted by default).

    +

    no-port-forwarding: Disable port forwarding (permitted by default).

    +

    no-pty: Disable PTY allocation (permitted by default).

    +

    no-user-rc: Disable execution of ~/.ssh/rc by sshd (permitted by default).

    +

    no-x11-forwarding: Disable X11 forwarding (permitted by default)

    +

    permit-agent-forwarding: Allows ssh-agent forwarding.

    +

    permit-port-forwarding: Allows port forwarding.

    +

    permit-pty: Allows PTY allocation.

    +

    permit-user-rc: Allows execution of ~/.ssh/rc by sshd.

    +

    permit-x11-forwarding: Allows X11 forwarding.

    +

    source-address=address_list: Restrict the source addresses from which the certificate is considered valid. The address_list is a comma-separated list of one or more address/netmask pairs in CIDR format.

    At present, no options are valid for host keys.

    @@ -311,7 +313,7 @@ see added in community.crypto 1.1.0

    To use a signing key that resides on a PKCS#11 token, set this to the name (or full path) of the shared library to use with the token. Usually libpkcs11.so.

    -

    If this is set, signing_key needs to point to a file containing the public key of the CA.

    +

    If this is set, signing_key needs to point to a file containing the public key of the CA.

    @@ -326,7 +328,7 @@ see

    path

    The path to the public key that will be signed with the signing key in order to generate the certificate.

    -

    Required if state is present.

    +

    Required if state is present.

    @@ -334,11 +336,11 @@ see

    string

    added in community.crypto 1.8.0

    -

    When never the task will fail if a certificate already exists at path and is unreadable otherwise a new certificate will only be generated if there is no existing certificate.

    -

    When fail the task will fail if a certificate already exists at path and does not match the module’s options.

    -

    When partial_idempotence an existing certificate will be regenerated based on serial, signature_algorithm, type, valid_from, valid_to, valid_at, and principals. valid_from and valid_to can be excluded by ignore_timestamps=true.

    -

    When full_idempotence identifier, options, public_key, and signing_key are also considered when compared against an existing certificate.

    -

    always is equivalent to force=true.

    +

    When never the task will fail if a certificate already exists at path and is unreadable otherwise a new certificate will only be generated if there is no existing certificate.

    +

    When fail the task will fail if a certificate already exists at path and does not match the module’s options.

    +

    When partial_idempotence an existing certificate will be regenerated based on serial_number, signature_algorithm, type, valid_from, valid_to, valid_at, and principals. valid_from and valid_to can be excluded by ignore_timestamps=true.

    +

    When full_idempotence identifier, options, public_key, and signing_key are also considered when compared against an existing certificate.

    +

    always is equivalent to force=true.

    Choices:

    • "never"

      • @@ -395,8 +397,8 @@ see

      string

      added in community.crypto 1.10.0

    -

    As of OpenSSH 8.2 the SHA-1 signature algorithm for RSA keys has been disabled and ssh will refuse host certificates signed with the SHA-1 algorithm. OpenSSH 8.1 made rsa-sha2-512 the default algorithm when acting as a CA and signing certificates with a RSA key. However, for OpenSSH versions less than 8.1 the SHA-2 signature algorithms, rsa-sha2-256 or rsa-sha2-512, must be specified using this option if compatibility with newer ssh clients is required. Conversely if hosts using OpenSSH version 8.2 or greater must remain compatible with ssh clients using OpenSSH less than 7.2, then ssh-rsa can be used when generating host certificates (a corresponding change to the sshd_config to add ssh-rsa to the CASignatureAlgorithms keyword is also required).

    -

    Using any value for this option with a non-RSA signing_key will cause this module to fail.

    +

    As of OpenSSH 8.2 the SHA-1 signature algorithm for RSA keys has been disabled and ssh will refuse host certificates signed with the SHA-1 algorithm. OpenSSH 8.1 made rsa-sha2-512 the default algorithm when acting as a CA and signing certificates with a RSA key. However, for OpenSSH versions less than 8.1 the SHA-2 signature algorithms, rsa-sha2-256 or rsa-sha2-512, must be specified using this option if compatibility with newer ssh clients is required. Conversely if hosts using OpenSSH version 8.2 or greater must remain compatible with ssh clients using OpenSSH less than 7.2, then ssh-rsa can be used when generating host certificates (a corresponding change to the sshd_config to add ssh-rsa to the CASignatureAlgorithms keyword is also required).

    +

    Using any value for this option with a non-RSA signing_key will cause this module to fail.

    Note: OpenSSH versions prior to 7.2 do not support SHA-2 signature algorithms for RSA keys and OpenSSH versions prior to 7.3 do not support SHA-2 signature algorithms for certificates.

    See https://www.openssh.com/txt/release-8.2 for more information.

    Choices:

    @@ -412,8 +414,8 @@ see

    path

    The path to the private openssh key that is used for signing the public key in order to generate the certificate.

    -

    If the private key is on a PKCS#11 token (pkcs11_provider), set this to the path to the public key instead.

    -

    Required if state is present.

    +

    If the private key is on a PKCS#11 token (pkcs11_provider), set this to the path to the public key instead.

    +

    Required if state is present.

    @@ -433,7 +435,7 @@ see

    string

    Whether the module should generate a host or a user certificate.

    -

    Required if state is present.

    +

    Required if state is present.

    Choices:

    • "host"

      • @@ -473,26 +475,26 @@ see

    valid_at

    string

    -

    Check if the certificate is valid at a certain point in time. If it is not the certificate will be regenerated. Time will always be interpreted as UTC. Mainly to be used with relative timespec for valid_from and / or valid_to. Note that if using relative time this module is NOT idempotent.

    +

    Check if the certificate is valid at a certain point in time. If it is not the certificate will be regenerated. Time will always be interpreted as UTC. Mainly to be used with relative timespec for valid_from and / or valid_to. Note that if using relative time this module is NOT idempotent.

    valid_from

    string

    -

    The point in time the certificate is valid from. Time can be specified either as relative time or as absolute timestamp. Time will always be interpreted as UTC. Valid formats are: [+-]timespec | YYYY-MM-DD | YYYY-MM-DDTHH:MM:SS | YYYY-MM-DD HH:MM:SS | always where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h). Note that if using relative time this module is NOT idempotent.

    -

    The value always is only supported for OpenSSH 7.7 and greater, however, the value 1970-01-01T00:00:01 can be used with earlier versions as an equivalent expression.

    -

    To ignore this value during comparison with an existing certificate set ignore_timestamps=true.

    -

    Required if state is present.

    +

    The point in time the certificate is valid from. Time can be specified either as relative time or as absolute timestamp. Time will always be interpreted as UTC. Valid formats are: [+-]timespec | YYYY-MM-DD | YYYY-MM-DDTHH:MM:SS | YYYY-MM-DD HH:MM:SS | always where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h). Note that if using relative time this module is NOT idempotent.

    +

    The value always is only supported for OpenSSH 7.7 and greater, however, the value 1970-01-01T00:00:01 can be used with earlier versions as an equivalent expression.

    +

    To ignore this value during comparison with an existing certificate set ignore_timestamps=true.

    +

    Required if state is present.

    valid_to

    string

    -

    The point in time the certificate is valid to. Time can be specified either as relative time or as absolute timestamp. Time will always be interpreted as UTC. Valid formats are: [+-]timespec | YYYY-MM-DD | YYYY-MM-DDTHH:MM:SS | YYYY-MM-DD HH:MM:SS | forever where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h). Note that if using relative time this module is NOT idempotent.

    -

    To ignore this value during comparison with an existing certificate set ignore_timestamps=true.

    -

    Required if state is present.

    +

    The point in time the certificate is valid to. Time can be specified either as relative time or as absolute timestamp. Time will always be interpreted as UTC. Valid formats are: [+-]timespec | YYYY-MM-DD | YYYY-MM-DDTHH:MM:SS | YYYY-MM-DD HH:MM:SS | forever where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h). Note that if using relative time this module is NOT idempotent.

    +

    To ignore this value during comparison with an existing certificate set ignore_timestamps=true.

    +

    Required if state is present.

    diff --git a/pr/600/openssh_keypair_module.html b/pr/600/openssh_keypair_module.html index bb0186ce..65356194 100644 --- a/pr/600/openssh_keypair_module.html +++ b/pr/600/openssh_keypair_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssh_keypair module – Generate OpenSSH private and public keys

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -184,16 +186,16 @@ see

    Synopsis

      -

    • This module allows one to (re)generate OpenSSH private and public keys. It uses ssh-keygen to generate keys. One can generate rsa, dsa, rsa1, ed25519 or ecdsa private keys.

      • +

    • This module allows one to (re)generate OpenSSH private and public keys. It uses ssh-keygen to generate keys. One can generate rsa, dsa, rsa1, ed25519 or ecdsa private keys.

    Requirements

    The below requirements are needed on the host that executes this module.

      -

    • ssh-keygen (if backend=openssh)

      • -

    • cryptography >= 2.6 (if backend=cryptography and OpenSSH < 7.8 is installed)

      • -

    • cryptography >= 3.0 (if backend=cryptography and OpenSSH >= 7.8 is installed)

      • +

    • ssh-keygen (if backend=openssh)

      • +

    • cryptography >= 2.6 (if backend=cryptography and OpenSSH < 7.8 is installed)

      • +

    • cryptography >= 3.0 (if backend=cryptography and OpenSSH >= 7.8 is installed)

    @@ -222,8 +224,8 @@ see

    string

    added in community.crypto 1.7.0

    -

    Selects between the cryptography library or the OpenSSH binary opensshbin.

    -

    auto will default to opensshbin unless the OpenSSH binary is not installed or when using passphrase.

    +

    Selects between the cryptography library or the OpenSSH binary opensshbin.

    +

    auto will default to opensshbin unless the OpenSSH binary is not installed or when using passphrase.

    Choices:

    Passphrase used to decrypt an existing private key or encrypt a newly generated private key.

    -

    Passphrases are not supported for type=rsa1.

    -

    Can only be used when backend=cryptography, or when backend=auto and a required cryptography version is installed.

    +

    Passphrases are not supported for type=rsa1.

    +

    Can only be used when backend=cryptography, or when backend=auto and a required cryptography version is installed.

    @@ -303,11 +305,11 @@ see

    string

    added in community.crypto 1.7.0

    -

    Used when backend=cryptography to select a format for the private key at the provided path.

    -

    When set to auto this module will match the key format of the installed OpenSSH version.

    +

    Used when backend=cryptography to select a format for the private key at the provided path.

    +

    When set to auto this module will match the key format of the installed OpenSSH version.

    For OpenSSH < 7.8 private keys will be in PKCS1 format except ed25519 keys which will be in OpenSSH format.

    For OpenSSH >= 7.8 all private key types will be in the OpenSSH format.

    -

    Using this option when regenerate=partial_idempotence or regenerate=full_idempotence will cause a new keypair to be generated if the private key’s format does not match the value of private_key_format. This module will not however convert existing private keys between formats.

    +

    Using this option when regenerate=partial_idempotence or regenerate=full_idempotence will cause a new keypair to be generated if the private key’s format does not match the value of private_key_format. This module will not however convert existing private keys between formats.

    Choices:

    Allows to configure in which situations the module is allowed to regenerate private keys. The module will always generate a new key if the destination file does not exist.

    -

    By default, the key will be regenerated when it does not match the module’s options, except when the key cannot be read or the passphrase does not match. Please note that this changed for Ansible 2.10. For Ansible 2.9, the behavior was as if full_idempotence is specified.

    -

    If set to never, the module will fail if the key cannot be read or the passphrase is not matching, and will never regenerate an existing key.

    -

    If set to fail, the module will fail if the key does not correspond to the module’s options.

    -

    If set to partial_idempotence, the key will be regenerated if it does not conform to the module’s options. The key is not regenerated if it cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified.

    -

    If set to full_idempotence, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a backup when using this option!

    -

    If set to always, the module will always regenerate the key. This is equivalent to setting force to true.

    -

    Note that adjusting the comment and the permissions can be changed without regeneration. Therefore, even for never, the task can result in changed.

    +

    By default, the key will be regenerated when it does not match the module’s options, except when the key cannot be read or the passphrase does not match. Please note that this changed for Ansible 2.10. For Ansible 2.9, the behavior was as if full_idempotence is specified.

    +

    If set to never, the module will fail if the key cannot be read or the passphrase is not matching, and will never regenerate an existing key.

    +

    If set to fail, the module will fail if the key does not correspond to the module’s options.

    +

    If set to partial_idempotence, the key will be regenerated if it does not conform to the module’s options. The key is not regenerated if it cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified.

    +

    If set to full_idempotence, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a backup when using this option!

    +

    If set to always, the module will always regenerate the key. This is equivalent to setting force to true.

    +

    Note that adjusting the comment and the permissions can be changed without regeneration. Therefore, even for never, the task can result in changed.

    Choices:

    • "never"

      • @@ -397,7 +399,7 @@ see

    type

    string

    -

    The algorithm used to generate the SSH private key. rsa1 is for protocol version 1. rsa1 is deprecated and may not be supported by every version of ssh-keygen.

    +

    The algorithm used to generate the SSH private key. rsa1 is for protocol version 1. rsa1 is deprecated and may not be supported by every version of ssh-keygen.

    Choices:

    diff --git a/pr/600/openssl_certificate_info_module.html b/pr/600/openssl_certificate_info_module.html index 75035979..7e6a38dd 100644 --- a/pr/600/openssl_certificate_info_module.html +++ b/pr/600/openssl_certificate_info_module.html @@ -14,6 +14,8 @@ + + @@ -147,7 +149,7 @@

    community.crypto.openssl_certificate_info

    Note

    -

    This plugin was part of the community.crypto collection (version 2.14.0).

    +

    This plugin was part of the community.crypto collection (version 2.14.1).

    This module has been removed in version 2.0.0 of community.crypto. diff --git a/pr/600/openssl_certificate_module.html b/pr/600/openssl_certificate_module.html index 6e1fe119..cc99c023 100644 --- a/pr/600/openssl_certificate_module.html +++ b/pr/600/openssl_certificate_module.html @@ -14,6 +14,8 @@ + + @@ -147,7 +149,7 @@

    community.crypto.openssl_certificate

    Note

    -

    This plugin was part of the community.crypto collection (version 2.14.0).

    +

    This plugin was part of the community.crypto collection (version 2.14.1).

    This module has been removed in version 2.0.0 of community.crypto. diff --git a/pr/600/openssl_csr_info_filter.html b/pr/600/openssl_csr_info_filter.html index 86cac117..87e992c2 100644 --- a/pr/600/openssl_csr_info_filter.html +++ b/pr/600/openssl_csr_info_filter.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_csr_info filter – Retrieve information from OpenSSL Certificate Signing Requests (CSR)

    Note

    -

    This filter plugin is part of the community.crypto collection (version 2.14.0).

    +

    This filter plugin is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this filter plugin, see Requirements for details.

    @@ -193,7 +195,7 @@ see

    Requirements

    The below requirements are needed on the local controller node that executes this filter.

    @@ -232,10 +234,10 @@ example: input

    string

    How to encode names (DNS names, URIs, email addresses) in return values.

    -

    ignore will use the encoding returned by the backend.

    -

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    -

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    -

    Note that idna and unicode require the idna Python library to be installed.

    +

    ignore will use the encoding returned by the backend.

    +

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    +

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    +

    Note that idna and unicode require the idna Python library to be installed.

    Choices:

    • "ignore" ← (default)

      • @@ -293,8 +295,8 @@ example: input

      list / elements=string

    The CSR’s authority cert issuer as a list of general names.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

    @@ -304,7 +306,7 @@ example: input

    integer

    The CSR’s authority cert serial number.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    Returned: success

    Sample: 12345

    @@ -314,8 +316,8 @@ example: input

    string

    The CSR’s authority key identifier.

    -

    The identifier is returned in hexadecimal, with : used to separate bytes.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    The identifier is returned in hexadecimal, with : used to separate bytes.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    Returned: success

    Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

    @@ -324,7 +326,7 @@ example: input

    basic_constraints

    list / elements=string

    -

    Entries in the basic_constraints extension, or none if extension is not present.

    +

    Entries in the basic_constraints extension, or none if extension is not present.

    Returned: success

    Sample: ["CA:TRUE", "pathlen:1"]

    @@ -341,7 +343,7 @@ example: input

    extended_key_usage

    list / elements=string

    -

    Entries in the extended_key_usage extension, or none if extension is not present.

    +

    Entries in the extended_key_usage extension, or none if extension is not present.

    Returned: success

    Sample: ["Biometric Info", "DVCS", "Time Stamping"]

    @@ -385,7 +387,7 @@ example: input

    key_usage

    string

    -

    Entries in the key_usage extension, or none if extension is not present.

    +

    Entries in the key_usage extension, or none if extension is not present.

    Returned: success

    Sample: "['Key Agreement', 'Data Encipherment']"

    @@ -403,7 +405,7 @@ example: input

    boolean

    Whether the name_constraints extension is critical.

    -

    Is none if extension is not present.

    +

    Is none if extension is not present.

    Returned: success

    @@ -412,8 +414,8 @@ example: input

    list / elements=string

    List of excluded subtrees the CA cannot sign certificates for.

    -

    Is none if extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Is none if extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["email:.com"]

    @@ -431,7 +433,7 @@ example: input

    ocsp_must_staple

    boolean

    -

    true if the OCSP Must Staple extension is present, none otherwise.

    +

    true if the OCSP Must Staple extension is present, none otherwise.

    Returned: success

    @@ -465,7 +467,7 @@ example: input

    string

    The curve’s name for ECC.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When _value.public_key_type=ECC

    @@ -473,7 +475,7 @@ example: input

    integer

    The RSA key’s public exponent.

    -

    Returned: When public_key_type=RSA

    +

    Returned: When _value.public_key_type=RSA

    @@ -481,7 +483,7 @@ example: input

    integer

    The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When _value.public_key_type=ECC

    @@ -490,7 +492,7 @@ example: input

    The g value for DSA.

    This is the element spanning the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When _value.public_key_type=DSA

    @@ -498,7 +500,7 @@ example: input

    integer

    The RSA key’s modulus.

    -

    Returned: When public_key_type=RSA

    +

    Returned: When _value.public_key_type=RSA

    @@ -507,7 +509,7 @@ example: input

    The p value for DSA.

    This is the prime modulus upon which arithmetic takes place.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When _value.public_key_type=DSA

    @@ -516,7 +518,7 @@ example: input

    The q value for DSA.

    This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When _value.public_key_type=DSA

    @@ -524,7 +526,7 @@ example: input

    integer

    Bit size of modulus (RSA) or prime number (DSA).

    -

    Returned: When public_key_type=RSA or public_key_type=DSA

    +

    Returned: When _value.public_key_type=RSA or _value.public_key_type=DSA

    @@ -532,16 +534,16 @@ example: input

    integer

    The x coordinate for the public point on the elliptic curve.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When _value.public_key_type=ECC

    y

    integer

    -

    For public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

    -

    For public_key_type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    -

    Returned: When public_key_type=DSA or public_key_type=ECC

    +

    For _value.public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

    +

    For _value.public_key_type=DSA, this is the publicly known group element whose discrete logarithm with respect to g is the private key.

    +

    Returned: When _value.public_key_type=DSA or _value.public_key_type=ECC

    @@ -559,7 +561,7 @@ example: input

    string

    The CSR’s public key’s type.

    -

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    +

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    Will start with unknown if the key type cannot be determined.

    Returned: success

    Sample: "RSA"

    @@ -570,7 +572,7 @@ example: input

    boolean

    Whether the CSR’s signature is valid.

    -

    In case the check returns false, the module will fail.

    +

    In case the check returns false, the module will fail.

    Returned: success

    @@ -588,8 +590,8 @@ example: input

    subject_alt_name

    list / elements=string

    -

    Entries in the subject_alt_name extension, or none if extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Entries in the subject_alt_name extension, or none if extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

    @@ -607,8 +609,8 @@ example: input

    string

    The CSR’s subject key identifier.

    -

    The identifier is returned in hexadecimal, with : used to separate bytes.

    -

    Is none if the SubjectKeyIdentifier extension is not present.

    +

    The identifier is returned in hexadecimal, with : used to separate bytes.

    +

    Is none if the SubjectKeyIdentifier extension is not present.

    Returned: success

    Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

    diff --git a/pr/600/openssl_csr_info_module.html b/pr/600/openssl_csr_info_module.html index 0eb96a5b..caf9def1 100644 --- a/pr/600/openssl_csr_info_module.html +++ b/pr/600/openssl_csr_info_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_csr_info module – Provide information of OpenSSL Certificate Signing Requests (CSR)

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -193,7 +195,7 @@ see

    Requirements

    The below requirements are needed on the host that executes this module.

    @@ -212,7 +214,7 @@ see added in community.crypto 1.0.0

    Content of the CSR file.

    -

    Either path or content must be specified, but not both.

    +

    Either path or content must be specified, but not both.

    @@ -220,10 +222,10 @@ see

    string

    How to encode names (DNS names, URIs, email addresses) in return values.

    -

    ignore will use the encoding returned by the backend.

    -

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    -

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    -

    Note that idna and unicode require the idna Python library to be installed.

    +

    ignore will use the encoding returned by the backend.

    +

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    +

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    +

    Note that idna and unicode require the idna Python library to be installed.

    Choices:

    • "ignore" ← (default)

      • @@ -237,7 +239,7 @@ see

      path

    Remote absolute path where the CSR file is loaded from.

    -

    Either path or content must be specified, but not both.

    +

    Either path or content must be specified, but not both.

    @@ -245,8 +247,8 @@ see

    string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    @@ -316,7 +318,7 @@ see register: result - name: Dump information - debug: + ansible.builtin.debug: var: result @@ -336,8 +338,8 @@ see

    list / elements=string

    The CSR’s authority cert issuer as a list of general names.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

    @@ -347,7 +349,7 @@ see

    integer

    The CSR’s authority cert serial number.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    Returned: success

    Sample: 12345

    @@ -357,8 +359,8 @@ see

    string

    The CSR’s authority key identifier.

    -

    The identifier is returned in hexadecimal, with : used to separate bytes.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    The identifier is returned in hexadecimal, with : used to separate bytes.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    Returned: success

    Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

    @@ -367,7 +369,7 @@ see

    basic_constraints

    list / elements=string

    -

    Entries in the basic_constraints extension, or none if extension is not present.

    +

    Entries in the basic_constraints extension, or none if extension is not present.

    Returned: success

    Sample: ["CA:TRUE", "pathlen:1"]

    @@ -384,7 +386,7 @@ see

    extended_key_usage

    list / elements=string

    -

    Entries in the extended_key_usage extension, or none if extension is not present.

    +

    Entries in the extended_key_usage extension, or none if extension is not present.

    Returned: success

    Sample: ["Biometric Info", "DVCS", "Time Stamping"]

    @@ -428,7 +430,7 @@ see

    key_usage

    string

    -

    Entries in the key_usage extension, or none if extension is not present.

    +

    Entries in the key_usage extension, or none if extension is not present.

    Returned: success

    Sample: "['Key Agreement', 'Data Encipherment']"

    @@ -447,7 +449,7 @@ see added in community.crypto 1.1.0

    Whether the name_constraints extension is critical.

    -

    Is none if extension is not present.

    +

    Is none if extension is not present.

    Returned: success

    @@ -457,8 +459,8 @@ see     added in community.crypto 1.1.0

    List of excluded subtrees the CA cannot sign certificates for.

    -

    Is none if extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Is none if extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["email:.com"]

    @@ -477,7 +479,7 @@ see

    ocsp_must_staple

    boolean

    -

    true if the OCSP Must Staple extension is present, none otherwise.

    +

    true if the OCSP Must Staple extension is present, none otherwise.

    Returned: success

    @@ -512,7 +514,7 @@ see

    string

    The curve’s name for ECC.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When public_key_type=ECC

    @@ -520,7 +522,7 @@ see

    integer

    The RSA key’s public exponent.

    -

    Returned: When public_key_type=RSA

    +

    Returned: When public_key_type=RSA

    @@ -528,7 +530,7 @@ see

    integer

    The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When public_key_type=ECC

    @@ -537,7 +539,7 @@ see

    The g value for DSA.

    This is the element spanning the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When public_key_type=DSA

    @@ -545,7 +547,7 @@ see

    integer

    The RSA key’s modulus.

    -

    Returned: When public_key_type=RSA

    +

    Returned: When public_key_type=RSA

    @@ -554,7 +556,7 @@ see

    The p value for DSA.

    This is the prime modulus upon which arithmetic takes place.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When public_key_type=DSA

    @@ -563,7 +565,7 @@ see

    The q value for DSA.

    This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When public_key_type=DSA

    @@ -571,7 +573,7 @@ see

    integer

    Bit size of modulus (RSA) or prime number (DSA).

    -

    Returned: When public_key_type=RSA or public_key_type=DSA

    +

    Returned: When public_key_type=RSA or public_key_type=DSA

    @@ -579,16 +581,16 @@ see

    integer

    The x coordinate for the public point on the elliptic curve.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When public_key_type=ECC

    y

    integer

    -

    For public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

    -

    For public_key_type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    -

    Returned: When public_key_type=DSA or public_key_type=ECC

    +

    For public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

    +

    For public_key_type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    +

    Returned: When public_key_type=DSA or public_key_type=ECC

    @@ -607,8 +609,8 @@ see added in community.crypto 1.7.0

    The CSR’s public key’s type.

    -

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    -

    Will start with unknown if the key type cannot be determined.

    +

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    +

    Will start with unknown if the key type cannot be determined.

    Returned: success

    Sample: "RSA"

    @@ -618,7 +620,7 @@ see

    boolean

    Whether the CSR’s signature is valid.

    -

    In case the check returns false, the module will fail.

    +

    In case the check returns false, the module will fail.

    Returned: success

    @@ -636,8 +638,8 @@ see

    subject_alt_name

    list / elements=string

    -

    Entries in the subject_alt_name extension, or none if extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Entries in the subject_alt_name extension, or none if extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

    @@ -655,8 +657,8 @@ see

    string

    The CSR’s subject key identifier.

    -

    The identifier is returned in hexadecimal, with : used to separate bytes.

    -

    Is none if the SubjectKeyIdentifier extension is not present.

    +

    The identifier is returned in hexadecimal, with : used to separate bytes.

    +

    Is none if the SubjectKeyIdentifier extension is not present.

    Returned: success

    Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

    diff --git a/pr/600/openssl_csr_module.html b/pr/600/openssl_csr_module.html index 5794097b..24f21380 100644 --- a/pr/600/openssl_csr_module.html +++ b/pr/600/openssl_csr_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

    community.crypto.openssl_csr module – Generate OpenSSL Certificate Signing Request (CSR)

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -186,7 +188,7 @@ see

    Synopsis

      -

    • Please note that the module regenerates an existing CSR if it does not match the module’s options, or if it seems to be corrupt. If you are concerned that this could overwrite your existing CSR, consider using the backup option.

      • +

    • Please note that the module regenerates an existing CSR if it does not match the module’s options, or if it seems to be corrupt. If you are concerned that this could overwrite your existing CSR, consider using the backup option.

    • This module allows one to (re)generate OpenSSL certificate signing requests.

    • This module supports the subjectAltName, keyUsage, extendedKeyUsage, basicConstraints and OCSP Must Staple extensions.

    @@ -224,12 +226,12 @@ see

    list / elements=string

    Names that will be present in the authority cert issuer field of the certificate signing request.

    -

    Values must be prefixed by their options. (i.e., email, URI, DNS, RID, IP, dirName, otherName and the ones specific to your CA)

    -

    Example: DNS:ca.example.org

    -

    If specified, authority_cert_serial_number must also be specified.

    +

    Values must be prefixed by their options. (That is, email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA)

    +

    Example: DNS:ca.example.org

    +

    If specified, authority_cert_serial_number must also be specified.

    Please note that commercial CAs ignore this value, respectively use a value of their own choice. Specifying this option is mostly useful for self-signed certificates or for own CAs.

    Note that this is only supported if the cryptography backend is used!

    -

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    +

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    @@ -237,10 +239,10 @@ see

    integer

    The authority cert serial number.

    -

    If specified, authority_cert_issuer must also be specified.

    +

    If specified, authority_cert_issuer must also be specified.

    Note that this is only supported if the cryptography backend is used!

    Please note that commercial CAs ignore this value, respectively use a value of their own choice. Specifying this option is mostly useful for self-signed certificates or for own CAs.

    -

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    +

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    @@ -248,10 +250,10 @@ see

    string

    The authority key identifier as a hex string, where two bytes are separated by colons.

    -

    Example: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33

    +

    Example: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33

    Please note that commercial CAs ignore this value, respectively use a value of their own choice. Specifying this option is mostly useful for self-signed certificates or for own CAs.

    Note that this is only supported if the cryptography backend is used!

    -

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    +

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    @@ -344,8 +346,8 @@ see

    list / elements=string

    Describes how the CRL can be retrieved.

    -

    Mutually exclusive with relative_name.

    -

    Example: URI:https://ca.example.com/revocations.crl.

    +

    Mutually exclusive with crl_distribution_points[].relative_name.

    +

    Example: URI:https://ca.example.com/revocations.crl.

    @@ -371,8 +373,8 @@ see

    list / elements=string

    Describes how the CRL can be retrieved relative to the CRL issuer.

    -

    Mutually exclusive with full_name.

    -

    Example: /CN=example.com.

    +

    Mutually exclusive with crl_distribution_points[].full_name.

    +

    Example: /CN=example.com.

    Can only be used when cryptography >= 1.6 is installed.

    @@ -504,7 +506,7 @@ see added in community.crypto 1.1.0

    For CA certificates, this specifies a list of identifiers which describe subtrees of names that this CA is not allowed to issue certificates for.

    -

    Values must be prefixed by their options. (i.e., email, URI, DNS, RID, IP, dirName, otherName and the ones specific to your CA).

    +

    Values must be prefixed by their options. (That is, email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA).

    @@ -513,7 +515,7 @@ see added in community.crypto 1.1.0

    For CA certificates, this specifies a list of identifiers which describe subtrees of names that this CA is allowed to issue certificates for.

    -

    Values must be prefixed by their options. (i.e., email, URI, DNS, RID, IP, dirName, otherName and the ones specific to your CA).

    +

    Values must be prefixed by their options. (That is, email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA).

    @@ -587,7 +589,7 @@ see added in community.crypto 1.0.0

    The content of the private key to use when signing the certificate signing request.

    -

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    +

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    @@ -603,7 +605,7 @@ see

    path

    The path to the private key to use when signing the certificate signing request.

    -

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    +

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    @@ -611,7 +613,7 @@ see

    boolean

    added in community.crypto 1.0.0

    -

    If set to true, will return the (current or generated) CSR’s content as csr.

    +

    If set to true, will return the (current or generated) CSR’s content as csr.

    Choices:

    • false ← (default)

      • @@ -624,8 +626,8 @@ see

      string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    @@ -707,7 +709,7 @@ see

    Subject Alternative Name (SAN) extension to attach to the certificate signing request.

    Values must be prefixed by their options. (These are email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA).

    -

    Note that if no SAN is specified, but a common name, the common name will be added as a SAN except if useCommonNameForSAN is set to false.

    +

    Note that if no SAN is specified, but a common name, the common name will be added as a SAN except if use_common_name_for_san is set to false.

    More at https://tools.ietf.org/html/rfc5280#section-4.2.1.6.

    @@ -730,9 +732,9 @@ see

    string

    The subject key identifier as a hex string, where two bytes are separated by colons.

    -

    Example: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33

    +

    Example: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33

    Please note that commercial CAs ignore this value, respectively use a value of their own choice. Specifying this option is mostly useful for self-signed certificates or for own CAs.

    -

    Note that this option can only be used if create_subject_key_identifier is false.

    +

    Note that this option can only be used if create_subject_key_identifier is false.

    Note that this is only supported if the cryptography backend is used!

    @@ -743,7 +745,7 @@ see

    A list of dictionaries, where every dictionary must contain one key/value pair. This key/value pair will be present in the subject name field of the certificate signing request.

    If you want to specify more than one value with the same key in a row, you can use a list as value.

    -

    Mutually exclusive with subject, and any other subject field option, such as country_name, state_or_province_name, locality_name, organization_name, organizational_unit_name, common_name, or email_address.

    +

    Mutually exclusive with subject, and any other subject field option, such as country_name, state_or_province_name, locality_name, organization_name, organizational_unit_name, common_name, or email_address.

    @@ -767,7 +769,7 @@ see

    aliases: useCommonNameForSAN

    boolean

    -

    If set to true, the module will fill the common name in for subject_alt_name with DNS: prefix if no SAN is specified.

    +

    If set to true, the module will fill the common name in for subject_alt_name with DNS: prefix if no SAN is specified.

    Choices:

    • false

      • @@ -975,7 +977,7 @@ see

      string

    Name of backup file created.

    -

    Returned: changed and if backup is true

    +

    Returned: changed and if backup is true

    Sample: "/path/to/www.ansible.com.csr.2019-03-09@11:22~"

    @@ -994,7 +996,7 @@ see added in community.crypto 1.0.0

    The (current or generated) CSR’s content.

    -

    Returned: if state is present and return_content is true

    +

    Returned: if state is present and return_content is true

    @@ -1058,7 +1060,7 @@ see

    string

    Path to the TLS/SSL private key the CSR was generated for

    -

    Will be none if the private key has been provided in privatekey_content.

    +

    Will be none if the private key has been provided in privatekey_content.

    Returned: changed or success

    Sample: "/etc/ssl/private/ansible.com.pem"

    diff --git a/pr/600/openssl_csr_pipe_module.html b/pr/600/openssl_csr_pipe_module.html index 0d3daa19..2bb81eff 100644 --- a/pr/600/openssl_csr_pipe_module.html +++ b/pr/600/openssl_csr_pipe_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

    community.crypto.openssl_csr_pipe module – Generate OpenSSL Certificate Signing Request (CSR)

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -213,12 +215,12 @@ see

    list / elements=string

    Names that will be present in the authority cert issuer field of the certificate signing request.

    -

    Values must be prefixed by their options. (i.e., email, URI, DNS, RID, IP, dirName, otherName and the ones specific to your CA)

    -

    Example: DNS:ca.example.org

    -

    If specified, authority_cert_serial_number must also be specified.

    +

    Values must be prefixed by their options. (That is, email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA)

    +

    Example: DNS:ca.example.org

    +

    If specified, authority_cert_serial_number must also be specified.

    Please note that commercial CAs ignore this value, respectively use a value of their own choice. Specifying this option is mostly useful for self-signed certificates or for own CAs.

    Note that this is only supported if the cryptography backend is used!

    -

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    +

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    @@ -226,10 +228,10 @@ see

    integer

    The authority cert serial number.

    -

    If specified, authority_cert_issuer must also be specified.

    +

    If specified, authority_cert_issuer must also be specified.

    Note that this is only supported if the cryptography backend is used!

    Please note that commercial CAs ignore this value, respectively use a value of their own choice. Specifying this option is mostly useful for self-signed certificates or for own CAs.

    -

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    +

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    @@ -237,10 +239,10 @@ see

    string

    The authority key identifier as a hex string, where two bytes are separated by colons.

    -

    Example: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33

    +

    Example: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33

    Please note that commercial CAs ignore this value, respectively use a value of their own choice. Specifying this option is mostly useful for self-signed certificates or for own CAs.

    Note that this is only supported if the cryptography backend is used!

    -

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    +

    The AuthorityKeyIdentifier extension will only be added if at least one of authority_key_identifier, authority_cert_issuer and authority_cert_serial_number is specified.

    @@ -328,8 +330,8 @@ see

    list / elements=string

    Describes how the CRL can be retrieved.

    -

    Mutually exclusive with relative_name.

    -

    Example: URI:https://ca.example.com/revocations.crl.

    +

    Mutually exclusive with crl_distribution_points[].relative_name.

    +

    Example: URI:https://ca.example.com/revocations.crl.

    @@ -355,8 +357,8 @@ see

    list / elements=string

    Describes how the CRL can be retrieved relative to the CRL issuer.

    -

    Mutually exclusive with full_name.

    -

    Example: /CN=example.com.

    +

    Mutually exclusive with crl_distribution_points[].full_name.

    +

    Example: /CN=example.com.

    Can only be used when cryptography >= 1.6 is installed.

    @@ -453,7 +455,7 @@ see

    list / elements=string

    For CA certificates, this specifies a list of identifiers which describe subtrees of names that this CA is not allowed to issue certificates for.

    -

    Values must be prefixed by their options. (i.e., email, URI, DNS, RID, IP, dirName, otherName and the ones specific to your CA).

    +

    Values must be prefixed by their options. (That is, email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA).

    @@ -461,7 +463,7 @@ see

    list / elements=string

    For CA certificates, this specifies a list of identifiers which describe subtrees of names that this CA is allowed to issue certificates for.

    -

    Values must be prefixed by their options. (i.e., email, URI, DNS, RID, IP, dirName, otherName and the ones specific to your CA).

    +

    Values must be prefixed by their options. (That is, email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA).

    @@ -518,7 +520,7 @@ see

    string

    The content of the private key to use when signing the certificate signing request.

    -

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    +

    Either privatekey_path or privatekey_content must be specified, but not both.

    @@ -534,7 +536,7 @@ see

    path

    The path to the private key to use when signing the certificate signing request.

    -

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    +

    Either privatekey_path or privatekey_content must be specified, but not both.

    @@ -542,8 +544,8 @@ see

    string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    @@ -579,7 +581,7 @@ see

    Subject Alternative Name (SAN) extension to attach to the certificate signing request.

    Values must be prefixed by their options. (These are email, URI, DNS, RID, IP, dirName, otherName, and the ones specific to your CA).

    -

    Note that if no SAN is specified, but a common name, the common name will be added as a SAN except if useCommonNameForSAN is set to false.

    +

    Note that if no SAN is specified, but a common name, the common name will be added as a SAN except if use_common_name_for_san is set to false.

    More at https://tools.ietf.org/html/rfc5280#section-4.2.1.6.

    @@ -602,9 +604,9 @@ see

    string

    The subject key identifier as a hex string, where two bytes are separated by colons.

    -

    Example: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33

    +

    Example: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33

    Please note that commercial CAs ignore this value, respectively use a value of their own choice. Specifying this option is mostly useful for self-signed certificates or for own CAs.

    -

    Note that this option can only be used if create_subject_key_identifier is false.

    +

    Note that this option can only be used if create_subject_key_identifier is false.

    Note that this is only supported if the cryptography backend is used!

    @@ -615,7 +617,7 @@ see

    A list of dictionaries, where every dictionary must contain one key/value pair. This key/value pair will be present in the subject name field of the certificate signing request.

    If you want to specify more than one value with the same key in a row, you can use a list as value.

    -

    Mutually exclusive with subject, and any other subject field option, such as country_name, state_or_province_name, locality_name, organization_name, organizational_unit_name, common_name, or email_address.

    +

    Mutually exclusive with subject, and any other subject field option, such as country_name, state_or_province_name, locality_name, organization_name, organizational_unit_name, common_name, or email_address.

    @@ -624,7 +626,7 @@ see

    aliases: useCommonNameForSAN

    boolean

    -

    If set to true, the module will fill the common name in for subject_alt_name with DNS: prefix if no SAN is specified.

    +

    If set to true, the module will fill the common name in for subject_alt_name with DNS: prefix if no SAN is specified.

    Choices:

    Path to the TLS/SSL private key the CSR was generated for

    -

    Will be none if the private key has been provided in privatekey_content.

    +

    Will be none if the private key has been provided in privatekey_content.

    Returned: changed or success

    Sample: "/etc/ssl/private/ansible.com.pem"

    diff --git a/pr/600/openssl_dhparam_module.html b/pr/600/openssl_dhparam_module.html index 1dd27255..17180717 100644 --- a/pr/600/openssl_dhparam_module.html +++ b/pr/600/openssl_dhparam_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_dhparam module – Generate OpenSSL Diffie-Hellman Parameters

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -186,8 +188,8 @@ see

  • This module allows one to (re)generate OpenSSL DH-params.

  • This module uses file common arguments to specify generated file permissions.

    • -

  • Please note that the module regenerates existing DH params if they do not match the module’s options. If you are concerned that this could overwrite your existing DH params, consider using the backup option.

    • -

  • The module can use the cryptography Python library, or the openssl executable. By default, it tries to detect which one is available. This can be overridden with the select_crypto_backend option.

    • +

  • Please note that the module regenerates existing DH params if they do not match the module’s options. If you are concerned that this could overwrite your existing DH params, consider using the backup option.

    • +

  • The module can use the cryptography Python library, or the openssl executable. By default, it tries to detect which one is available. This can be overridden with the select_crypto_backend option.

    • @@ -285,7 +287,7 @@ see

    boolean

    added in community.crypto 1.0.0

    -

    If set to true, will return the (current or generated) DH parameter’s content as dhparams.

    +

    If set to true, will return the (current or generated) DH parameter’s content as dhparams.

    Choices:

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

    -

    If set to openssl, will try to use the OpenSSL openssl executable.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available, and falls back to openssl.

    +

    If set to openssl, will try to use the OpenSSL openssl executable.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -470,7 +472,7 @@ see

      string

    Name of backup file created.

    -

    Returned: changed and if backup is true

    +

    Returned: changed and if backup is true

    Sample: "/path/to/dhparams.pem.2019-03-09@11:22~"

    @@ -480,7 +482,7 @@ see added in community.crypto 1.0.0

    The (current or generated) DH params’ content.

    -

    Returned: if state is present and return_content is true

    +

    Returned: if state is present and return_content is true

    diff --git a/pr/600/openssl_pkcs12_module.html b/pr/600/openssl_pkcs12_module.html index 00aa1cae..a9c7fe7b 100644 --- a/pr/600/openssl_pkcs12_module.html +++ b/pr/600/openssl_pkcs12_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_pkcs12 module – Generate OpenSSL PKCS#12 archive

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -185,7 +187,7 @@ see Synopsis

    • This module allows one to (re-)generate PKCS#12.

      • -

    • The module can use the cryptography Python library, or the pyOpenSSL Python library. By default, it tries to detect which one is available, assuming none of the iter_size and maciter_size options are used. This can be overridden with the select_crypto_backend option.

      • +

    • The module can use the cryptography Python library, or the pyOpenSSL Python library. By default, it tries to detect which one is available, assuming none of the iter_size and maciter_size options are used. This can be overridden with the select_crypto_backend option.

    @@ -208,7 +210,7 @@ see

    action

    string

    -

    export or parse a PKCS#12.

    +

    export or parse a PKCS#12.

    Choices:

    Determines the encryption level used.

    -

    auto uses the default of the selected backend. For cryptography, this is what the cryptography library’s specific version considers the best available encryption.

    -

    compatibility2022 uses compatibility settings for older software in 2022. This is only supported by the cryptography backend if cryptography >= 38.0.0 is available.

    +

    auto uses the default of the selected backend. For cryptography, this is what the cryptography library’s specific version considers the best available encryption.

    +

    compatibility2022 uses compatibility settings for older software in 2022. This is only supported by the cryptography backend if cryptography >= 38.0.0 is available.

    Note that this option is not used for idempotency.

    Choices:

    @@ -309,7 +311,7 @@ see

    Number of times to repeat the MAC step.

    This is not considered during idempotency checks.

    -

    This is only used by the pyopenssl backend. When using it, the default is 1.

    +

    This is only used by the pyopenssl backend. When using it, the default is 1.

    @@ -331,8 +333,8 @@ see

    aliases: ca_certificates

    list / elements=path

    -

    List of other certificates to include. Pre Ansible 2.8 this parameter was called ca_certificates.

    -

    Assumes there is one PEM-encoded certificate per file. If a file contains multiple PEM certificates, set other_certificates_parse_all to true.

    +

    List of other certificates to include. Pre Ansible 2.8 this parameter was called ca_certificates.

    +

    Assumes there is one PEM-encoded certificate per file. If a file contains multiple PEM certificates, set other_certificates_parse_all to true.

    @@ -340,7 +342,7 @@ see

    boolean

    added in community.crypto 1.4.0

    -

    If set to true, assumes that the files mentioned in other_certificates can contain more than one certificate per file (or even none per file).

    +

    If set to true, assumes that the files mentioned in other_certificates can contain more than one certificate per file (or even none per file).

    Choices:

    Content of the private key file.

    -

    Mutually exclusive with privatekey_path.

    +

    Mutually exclusive with privatekey_path.

    @@ -393,7 +395,7 @@ see

    path

    File to read private key from.

    -

    Mutually exclusive with privatekey_content.

    +

    Mutually exclusive with privatekey_content.

    @@ -401,7 +403,7 @@ see

    boolean

    added in community.crypto 1.0.0

    -

    If set to true, will return the (current or generated) PKCS#12’s content as pkcs12.

    +

    If set to true, will return the (current or generated) PKCS#12’s content as pkcs12.

    Choices:

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available, and falls back to pyopenssl. If iter_size is used together with encryption_level != compatibility2022, or if maciter_size is used, auto will always result in pyopenssl to be chosen for backwards compatibility.

    -

    If set to pyopenssl, will try to use the pyOpenSSL library.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available, and falls back to pyopenssl. If iter_size is used together with encryption_level is not compatibility2022, or if maciter_size is used, auto will always result in pyopenssl to be chosen for backwards compatibility.

    +

    If set to pyopenssl, will try to use the pyOpenSSL library.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -471,7 +473,7 @@ see

    state

    string

    -

    Whether the file should exist or not. All parameters except path are ignored when state is absent.

    +

    Whether the file should exist or not. All parameters except path are ignored when state is absent.

    Choices:

    • "absent"

      • @@ -638,7 +640,7 @@ see

      string

    Name of backup file created.

    -

    Returned: changed and if backup is true

    +

    Returned: changed and if backup is true

    Sample: "/path/to/ansible.com.pem.2019-03-09@11:22~"

    @@ -657,7 +659,7 @@ see added in community.crypto 1.0.0

    The (current or generated) PKCS#12’s content Base64 encoded.

    -

    Returned: if state is present and return_content is true

    +

    Returned: if state is present and return_content is true

    diff --git a/pr/600/openssl_privatekey_convert_module.html b/pr/600/openssl_privatekey_convert_module.html index bca29bfe..f09eb35e 100644 --- a/pr/600/openssl_privatekey_convert_module.html +++ b/pr/600/openssl_privatekey_convert_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_privatekey_convert module – Convert OpenSSL private keys

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -186,7 +188,7 @@ see Synopsis

    • This module allows one to convert OpenSSL private keys.

      • -

    • The default mode for the private key file will be 0600 if mode is not explicitly set.

      • +

    • The default mode for the private key file will be 0600 if mode is not explicitly set.

    @@ -240,7 +242,7 @@ see

    dest_path

    path / required

    -

    Name of the file in which the generated TLS/SSL private key will be written. It will have 0600 mode if mode is not explicitly set.

    +

    Name of the file in which the generated TLS/SSL private key will be written. It will have 0600 mode if mode is not explicitly set.

    @@ -326,7 +328,7 @@ see

    string

    The content of the file containing the OpenSSL private key to convert.

    -

    Exactly one of src_path or src_content must be specified.

    +

    Exactly one of src_path or src_content must be specified.

    @@ -341,7 +343,7 @@ see

    path

    Name of the file containing the OpenSSL private key to convert.

    -

    Exactly one of src_path or src_content must be specified.

    +

    Exactly one of src_path or src_content must be specified.

    @@ -439,7 +441,7 @@ see

    string

    Name of backup file created.

    -

    Returned: changed and if backup is true

    +

    Returned: changed and if backup is true

    Sample: "/path/to/privatekey.pem.2019-03-09@11:22~"

    diff --git a/pr/600/openssl_privatekey_info_filter.html b/pr/600/openssl_privatekey_info_filter.html index 8274be1f..da9dbced 100644 --- a/pr/600/openssl_privatekey_info_filter.html +++ b/pr/600/openssl_privatekey_info_filter.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_privatekey_info filter – Retrieve information from OpenSSL private keys

    Note

    -

    This filter plugin is part of the community.crypto collection (version 2.14.0).

    +

    This filter plugin is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this filter plugin, see Requirements for details.

    @@ -193,7 +195,7 @@ see

    Requirements

    The below requirements are needed on the local controller node that executes this filter.

    @@ -232,10 +234,10 @@ example: input

    string

    How to encode names (DNS names, URIs, email addresses) in return values.

    -

    ignore will use the encoding returned by the backend.

    -

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    -

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    -

    Note that idna and unicode require the idna Python library to be installed.

    +

    ignore will use the encoding returned by the backend.

    +

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    +

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    +

    Note that idna and unicode require the idna Python library to be installed.

    Choices:

    • "ignore" ← (default)

      • @@ -256,7 +258,7 @@ example: input

      boolean

    Whether to return private key data.

    -

    Only set this to true when you want private information about this key to be extracted.

    +

    Only set this to true when you want private information about this key to be extracted.

    WARNING: you have to make sure that private key data is not accidentally logged!

    Choices:

      @@ -314,7 +316,7 @@ example: input

      dictionary

    Private key data. Depends on key type.

    -

    Returned: success and when return_private_key_data is set to true

    +

    Returned: success and when return_private_key_data is set to true

    @@ -330,7 +332,7 @@ example: input

    string

    The curve’s name for ECC.

    -

    Returned: When type=ECC

    +

    Returned: When _value.type=ECC

    @@ -338,7 +340,7 @@ example: input

    integer

    The RSA key’s public exponent.

    -

    Returned: When type=RSA

    +

    Returned: When _value.type=RSA

    @@ -346,7 +348,7 @@ example: input

    integer

    The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

    -

    Returned: When type=ECC

    +

    Returned: When _value.type=ECC

    @@ -355,7 +357,7 @@ example: input

    The g value for DSA.

    This is the element spanning the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When type=DSA

    +

    Returned: When _value.type=DSA

    @@ -363,7 +365,7 @@ example: input

    integer

    The RSA key’s modulus.

    -

    Returned: When type=RSA

    +

    Returned: When _value.type=RSA

    @@ -372,7 +374,7 @@ example: input

    The p value for DSA.

    This is the prime modulus upon which arithmetic takes place.

    -

    Returned: When type=DSA

    +

    Returned: When _value.type=DSA

    @@ -381,7 +383,7 @@ example: input

    The q value for DSA.

    This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When type=DSA

    +

    Returned: When _value.type=DSA

    @@ -389,7 +391,7 @@ example: input

    integer

    Bit size of modulus (RSA) or prime number (DSA).

    -

    Returned: When type=RSA or type=DSA

    +

    Returned: When _value.type=RSA or _value.type=DSA

    @@ -397,16 +399,16 @@ example: input

    integer

    The x coordinate for the public point on the elliptic curve.

    -

    Returned: When type=ECC

    +

    Returned: When _value.type=ECC

    y

    integer

    -

    For type=ECC, this is the y coordinate for the public point on the elliptic curve.

    -

    For type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    -

    Returned: When type=DSA or type=ECC

    +

    For _value.type=ECC, this is the y coordinate for the public point on the elliptic curve.

    +

    For _value.type=DSA, this is the publicly known group element whose discrete logarithm with respect to g is the private key.

    +

    Returned: When _value.type=DSA or _value.type=ECC

    @@ -433,8 +435,8 @@ example: input

    string

    The key’s type.

    -

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    -

    Will start with unknown if the key type cannot be determined.

    +

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    +

    Will start with unknown if the key type cannot be determined.

    Returned: success

    Sample: "RSA"

    diff --git a/pr/600/openssl_privatekey_info_module.html b/pr/600/openssl_privatekey_info_module.html index 2680d604..aa986ace 100644 --- a/pr/600/openssl_privatekey_info_module.html +++ b/pr/600/openssl_privatekey_info_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_privatekey_info module – Provide information for OpenSSL private keys

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -185,7 +187,7 @@ see Synopsis

    • This module allows one to query information on OpenSSL private keys.

      • -

    • In case the key consistency checks fail, the module will fail as this indicates a faked private key. In this case, all return variables are still returned. Note that key consistency checks are not available all key types; if none is available, none is returned for key_is_consistent.

      • +

    • In case the key consistency checks fail, the module will fail as this indicates a faked private key. In this case, all return variables are still returned. Note that key consistency checks are not available all key types; if none is available, none is returned for key_is_consistent.

    • It uses the cryptography python library to interact with OpenSSL.

    @@ -226,7 +228,7 @@ see added in community.crypto 1.0.0

    Content of the private key file.

    -

    Either path or content must be specified, but not both.

    +

    Either path or content must be specified, but not both.

    @@ -248,7 +250,7 @@ see

    boolean

    Whether to return private key data.

    -

    Only set this to true when you want private information about this key to leave the remote machine.

    +

    Only set this to true when you want private information about this key to leave the remote machine.

    WARNING: you have to make sure that private key data is not accidentally logged!

    Choices:

      @@ -262,8 +264,8 @@ see

      string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    @@ -366,9 +368,9 @@ see

    key_is_consistent

    boolean

    -

    Whether the key is consistent. Can also return none next to true and false, to indicate that consistency could not be checked.

    -

    In case the check returns false, the module will fail.

    -

    Returned: when check_consistency=true

    +

    Whether the key is consistent. Can also return none next to true and false, to indicate that consistency could not be checked.

    +

    In case the check returns false, the module will fail.

    +

    Returned: when check_consistency=true

    @@ -376,7 +378,7 @@ see

    dictionary

    Private key data. Depends on key type.

    -

    Returned: success and when return_private_key_data is set to true

    +

    Returned: success and when return_private_key_data is set to true

    @@ -392,7 +394,7 @@ see

    string

    The curve’s name for ECC.

    -

    Returned: When type=ECC

    +

    Returned: When type=ECC

    @@ -400,7 +402,7 @@ see

    integer

    The RSA key’s public exponent.

    -

    Returned: When type=RSA

    +

    Returned: When type=RSA

    @@ -408,7 +410,7 @@ see

    integer

    The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

    -

    Returned: When type=ECC

    +

    Returned: When type=ECC

    @@ -417,7 +419,7 @@ see

    The g value for DSA.

    This is the element spanning the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When type=DSA

    +

    Returned: When type=DSA

    @@ -425,7 +427,7 @@ see

    integer

    The RSA key’s modulus.

    -

    Returned: When type=RSA

    +

    Returned: When type=RSA

    @@ -434,7 +436,7 @@ see

    The p value for DSA.

    This is the prime modulus upon which arithmetic takes place.

    -

    Returned: When type=DSA

    +

    Returned: When type=DSA

    @@ -443,7 +445,7 @@ see

    The q value for DSA.

    This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When type=DSA

    +

    Returned: When type=DSA

    @@ -451,7 +453,7 @@ see

    integer

    Bit size of modulus (RSA) or prime number (DSA).

    -

    Returned: When type=RSA or type=DSA

    +

    Returned: When type=RSA or type=DSA

    @@ -459,16 +461,16 @@ see

    integer

    The x coordinate for the public point on the elliptic curve.

    -

    Returned: When type=ECC

    +

    Returned: When type=ECC

    y

    integer

    -

    For type=ECC, this is the y coordinate for the public point on the elliptic curve.

    -

    For type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    -

    Returned: When type=DSA or type=ECC

    +

    For type=ECC, this is the y coordinate for the public point on the elliptic curve.

    +

    For type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    +

    Returned: When type=DSA or type=ECC

    @@ -495,8 +497,8 @@ see

    string

    The key’s type.

    -

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    -

    Will start with unknown if the key type cannot be determined.

    +

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    +

    Will start with unknown if the key type cannot be determined.

    Returned: success

    Sample: "RSA"

    diff --git a/pr/600/openssl_privatekey_module.html b/pr/600/openssl_privatekey_module.html index 111699e4..deded006 100644 --- a/pr/600/openssl_privatekey_module.html +++ b/pr/600/openssl_privatekey_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_privatekey module – Generate OpenSSL private keys

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -185,9 +187,9 @@ see Synopsis

    • Keys are generated in PEM format.

      • -

    • One can generate RSA, DSA, ECC or EdDSA private keys.

      • -

    • Please note that the module regenerates private keys if they do not match the module’s options. In particular, if you provide another passphrase (or specify none), change the keysize, etc., the private key will be regenerated. If you are concerned that this could overwrite your private key, consider using the backup option.

      • -

    • The default mode for the private key file will be 0600 if mode is not explicitly set.

      • +

    • One can generate RSA, DSA, ECC or EdDSA private keys.

      • +

    • Please note that the module regenerates private keys if they do not match the module’s options. In particular, if you provide another passphrase (or specify none), change the keysize, etc., the private key will be regenerated. If you are concerned that this could overwrite your private key, consider using the backup option.

      • +

    • The default mode for the private key file will be 0600 if mode is not explicitly set.

    • This module allows one to (re)generate OpenSSL private keys.

    @@ -235,7 +237,7 @@ see

    cipher

    string

    -

    The cipher to encrypt the private key. Must be auto.

    +

    The cipher to encrypt the private key. Must be auto.

    @@ -243,9 +245,9 @@ see

    string

    Note that not all curves are supported by all versions of cryptography.

    -

    For maximal interoperability, secp384r1 or secp256r1 should be used.

    +

    For maximal interoperability, secp384r1 or secp256r1 should be used.

    We use the curve names as defined in the IANA registry for TLS.

    -

    Please note that all curves except secp224r1, secp256k1, secp256r1, secp384r1 and secp521r1 are discouraged for new private keys.

    +

    Please note that all curves except secp224r1, secp256k1, secp256r1, secp384r1, and secp521r1 are discouraged for new private keys.

    Choices:

    Determines which format the private key is written in. By default, PKCS1 (traditional OpenSSL format) is used for all keys which support it. Please note that not every key can be exported in any format.

    -

    The value auto selects a format based on the key format. The value auto_ignore does the same, but for existing private key files, it will not force a regenerate when its format is not the automatically selected one for generation.

    -

    Note that if the format for an existing private key mismatches, the key is regenerated by default. To change this behavior, use the format_mismatch option.

    +

    The value auto selects a format based on the key format. The value auto_ignore does the same, but for existing private key files, it will not force a regenerate when its format is not the automatically selected one for generation.

    +

    Note that if the format for an existing private key mismatches, the key is regenerated by default. To change this behavior, use the format_mismatch option.

    Choices:

    Determines behavior of the module if the format of a private key does not match the expected format, but all other parameters are as expected.

    -

    If set to regenerate (default), generates a new private key.

    -

    If set to convert, the key will be converted to the new format instead.

    +

    If set to regenerate (default), generates a new private key.

    +

    If set to convert, the key will be converted to the new format instead.

    Only supported by the cryptography backend.

    Choices:

    path

    path / required

    -

    Name of the file in which the generated TLS/SSL private key will be written. It will have 0600 mode if mode is not explicitly set.

    +

    Name of the file in which the generated TLS/SSL private key will be written. It will have 0600 mode if mode is not explicitly set.

    @@ -366,13 +368,13 @@ see added in community.crypto 1.0.0

    Allows to configure in which situations the module is allowed to regenerate private keys. The module will always generate a new key if the destination file does not exist.

    -

    By default, the key will be regenerated when it does not match the module’s options, except when the key cannot be read or the passphrase does not match. Please note that this changed for Ansible 2.10. For Ansible 2.9, the behavior was as if full_idempotence is specified.

    -

    If set to never, the module will fail if the key cannot be read or the passphrase is not matching, and will never regenerate an existing key.

    -

    If set to fail, the module will fail if the key does not correspond to the module’s options.

    -

    If set to partial_idempotence, the key will be regenerated if it does not conform to the module’s options. The key is not regenerated if it cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified.

    -

    If set to full_idempotence, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a backup when using this option!

    -

    If set to always, the module will always regenerate the key. This is equivalent to setting force to true.

    -

    Note that if format_mismatch is set to convert and everything matches except the format, the key will always be converted, except if regenerate is set to always.

    +

    By default, the key will be regenerated when it does not match the module’s options, except when the key cannot be read or the passphrase does not match. Please note that this changed for Ansible 2.10. For Ansible 2.9, the behavior was as if full_idempotence is specified.

    +

    If set to never, the module will fail if the key cannot be read or the passphrase is not matching, and will never regenerate an existing key.

    +

    If set to fail, the module will fail if the key does not correspond to the module’s options.

    +

    If set to partial_idempotence, the key will be regenerated if it does not conform to the module’s options. The key is not regenerated if it cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified.

    +

    If set to full_idempotence, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a backup when using this option!

    +

    If set to always, the module will always regenerate the key. This is equivalent to setting force to true.

    +

    Note that if format_mismatch is set to convert and everything matches except the format, the key will always be converted, except if regenerate is set to always.

    Choices:

    • "never"

      • @@ -388,9 +390,9 @@ see

      boolean

      added in community.crypto 1.0.0

    -

    If set to true, will return the (current or generated) private key’s content as privatekey.

    +

    If set to true, will return the (current or generated) private key’s content as privatekey.

    Note that especially if the private key is not encrypted, you have to make sure that the returned value is treated appropriately and not accidentally written to logs etc.! Use with care!

    -

    Use Ansible’s no_log task option to avoid the output being shown. See also https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook.

    +

    Use Ansible’s no_log task option to avoid the output being shown. See also https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook.

    Choices:

    • false ← (default)

      • @@ -403,8 +405,8 @@ see

      string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -471,7 +473,7 @@ see

      string

    The algorithm used to generate the TLS/SSL private key.

    -

    Note that ECC, X25519, X448, Ed25519 and Ed448 require the cryptography backend. X25519 needs cryptography 2.5 or newer, while X448, Ed25519 and Ed448 require cryptography 2.6 or newer. For ECC, the minimal cryptography version required depends on the curve option.

    +

    Note that ECC, X25519, X448, Ed25519, and Ed448 require the cryptography backend. X25519 needs cryptography 2.5 or newer, while X448, Ed25519, and Ed448 require cryptography 2.6 or newer. For ECC, the minimal cryptography version required depends on the curve option.

    Choices:

    • "DSA"

      • @@ -609,7 +611,7 @@ see

      string

    Name of backup file created.

    -

    Returned: changed and if backup is true

    +

    Returned: changed and if backup is true

    Sample: "/path/to/privatekey.pem.2019-03-09@11:22~"

    @@ -618,7 +620,7 @@ see

    string

    Elliptic curve used to generate the TLS/SSL private key.

    -

    Returned: changed or success, and type is ECC

    +

    Returned: changed or success, and type is ECC

    Sample: "secp256r1"

    @@ -647,7 +649,7 @@ see

    The (current or generated) private key’s content.

    Will be Base64-encoded if the key is in raw format.

    -

    Returned: if state is present and return_content is true

    +

    Returned: if state is present and return_content is true

    diff --git a/pr/600/openssl_privatekey_pipe_module.html b/pr/600/openssl_privatekey_pipe_module.html index 08828a7e..05072bfa 100644 --- a/pr/600/openssl_privatekey_pipe_module.html +++ b/pr/600/openssl_privatekey_pipe_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_privatekey_pipe module – Generate OpenSSL private keys without disk access

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -186,10 +188,9 @@ see Synopsis

    • Keys are generated in PEM format.

      • -

    • Make sure to not write the result of this module into logs or to the console, as it contains private key data! Use the no_log task option to be sure.

      • +

    • Make sure to not write the result of this module into logs or to the console, as it contains private key data! Use the no_log task option to be sure.

    • Note that this module is implemented as an action plugin and will always be executed on the controller.

      • -

    • One can generate RSA, DSA, ECC or EdDSA private keys.

      • -

    • Please note that the module regenerates private keys if they do not match the module’s options. In particular, if you provide another passphrase (or specify none), change the keysize, etc., the private key will be regenerated. If you are concerned that this could overwrite your private key, consider using the backup option.

      • +

    • One can generate RSA, DSA, ECC or EdDSA private keys.

    • This allows to read and write keys to vaults without having to write intermediate versions to disk.

    • This module allows one to (re)generate OpenSSL private keys without disk access.

    @@ -218,7 +219,7 @@ see

    cipher

    string

    -

    The cipher to encrypt the private key. Must be auto.

    +

    The cipher to encrypt the private key. Must be auto.

    @@ -233,7 +234,7 @@ see

    content_base64

    boolean

    -

    Set to true if the content is base64 encoded.

    +

    Set to true if the content is base64 encoded.

    Choices:

    • false ← (default)

      • @@ -246,9 +247,9 @@ see

      string

    Note that not all curves are supported by all versions of cryptography.

    -

    For maximal interoperability, secp384r1 or secp256r1 should be used.

    +

    For maximal interoperability, secp384r1 or secp256r1 should be used.

    We use the curve names as defined in the IANA registry for TLS.

    -

    Please note that all curves except secp224r1, secp256k1, secp256r1, secp384r1 and secp521r1 are discouraged for new private keys.

    +

    Please note that all curves except secp224r1, secp256k1, secp256r1, secp384r1, and secp521r1 are discouraged for new private keys.

    Choices:

    • "secp224r1"

      • @@ -278,8 +279,8 @@ see

      string

    Determines which format the private key is written in. By default, PKCS1 (traditional OpenSSL format) is used for all keys which support it. Please note that not every key can be exported in any format.

    -

    The value auto selects a format based on the key format. The value auto_ignore does the same, but for existing private key files, it will not force a regenerate when its format is not the automatically selected one for generation.

    -

    Note that if the format for an existing private key mismatches, the key is regenerated by default. To change this behavior, use the format_mismatch option.

    +

    The value auto selects a format based on the key format. The value auto_ignore does the same, but for existing private key files, it will not force a regenerate when its format is not the automatically selected one for generation.

    +

    Note that if the format for an existing private key mismatches, the key is regenerated by default. To change this behavior, use the format_mismatch option.

    Choices:

    • "pkcs1"

      • @@ -295,8 +296,8 @@ see

      string

    Determines behavior of the module if the format of a private key does not match the expected format, but all other parameters are as expected.

    -

    If set to regenerate (default), generates a new private key.

    -

    If set to convert, the key will be converted to the new format instead.

    +

    If set to regenerate (default), generates a new private key.

    +

    If set to convert, the key will be converted to the new format instead.

    Only supported by the cryptography backend.

    Choices:

      @@ -317,13 +318,13 @@ see

      string

    Allows to configure in which situations the module is allowed to regenerate private keys. The module will always generate a new key if the destination file does not exist.

    -

    By default, the key will be regenerated when it does not match the module’s options, except when the key cannot be read or the passphrase does not match. Please note that this changed for Ansible 2.10. For Ansible 2.9, the behavior was as if full_idempotence is specified.

    -

    If set to never, the module will fail if the key cannot be read or the passphrase is not matching, and will never regenerate an existing key.

    -

    If set to fail, the module will fail if the key does not correspond to the module’s options.

    -

    If set to partial_idempotence, the key will be regenerated if it does not conform to the module’s options. The key is not regenerated if it cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified.

    -

    If set to full_idempotence, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a backup when using this option!

    -

    If set to always, the module will always regenerate the key. This is equivalent to setting force to true.

    -

    Note that if format_mismatch is set to convert and everything matches except the format, the key will always be converted, except if regenerate is set to always.

    +

    By default, the key will be regenerated when it does not match the module’s options, except when the key cannot be read or the passphrase does not match. Please note that this changed for Ansible 2.10. For Ansible 2.9, the behavior was as if full_idempotence is specified.

    +

    If set to never, the module will fail if the key cannot be read or the passphrase is not matching, and will never regenerate an existing key.

    +

    If set to fail, the module will fail if the key does not correspond to the module’s options.

    +

    If set to partial_idempotence, the key will be regenerated if it does not conform to the module’s options. The key is not regenerated if it cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified.

    +

    If set to full_idempotence, the key will be regenerated if it does not conform to the module’s options. This is also the case if the key cannot be read (broken file), the key is protected by an unknown passphrase, or when they key is not protected by a passphrase, but a passphrase is specified. Make sure you have a backup when using this option!

    +

    If set to always, the module will always regenerate the key.

    +

    Note that if format_mismatch is set to convert and everything matches except the format, the key will always be converted, except if regenerate is set to always.

    Choices:

    • "never"

      • @@ -338,8 +339,8 @@ see

    return_current_key

    boolean

    -

    Set to true to return the current private key when the module did not generate a new one.

    -

    Note that in case of check mode, when this option is not set to true, the module always returns the current key (if it was provided) and Ansible will replace it by VALUE_SPECIFIED_IN_NO_LOG_PARAMETER.

    +

    Set to true to return the current private key when the module did not generate a new one.

    +

    Note that in case of check mode, when this option is not set to true, the module always returns the current key (if it was provided) and Ansible will replace it by VALUE_SPECIFIED_IN_NO_LOG_PARAMETER.

    Choices:

    • false ← (default)

      • @@ -352,8 +353,8 @@ see

      string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -374,7 +375,7 @@ see

      string

    The algorithm used to generate the TLS/SSL private key.

    -

    Note that ECC, X25519, X448, Ed25519 and Ed448 require the cryptography backend. X25519 needs cryptography 2.5 or newer, while X448, Ed25519 and Ed448 require cryptography 2.6 or newer. For ECC, the minimal cryptography version required depends on the curve option.

    +

    Note that ECC, X25519, X448, Ed25519, and Ed448 require the cryptography backend. X25519 needs cryptography 2.5 or newer, while X448, Ed25519, and Ed448 require cryptography 2.6 or newer. For ECC, the minimal cryptography version required depends on the curve option.

    Choices:

    Elliptic curve used to generate the TLS/SSL private key.

    -

    Returned: changed or success, and type is ECC

    +

    Returned: changed or success, and type is ECC

    Sample: "secp256r1"

    @@ -527,9 +529,9 @@ see

    string

    The generated private key’s content.

    -

    Please note that if the result is not changed, the current private key will only be returned if the return_current_key option is set to true.

    +

    Please note that if the result is not changed, the current private key will only be returned if the return_current_key option is set to true.

    Will be Base64-encoded if the key is in raw format.

    -

    Returned: changed, or return_current_key is true

    +

    Returned: changed, or return_current_key is true

    diff --git a/pr/600/openssl_publickey_info_filter.html b/pr/600/openssl_publickey_info_filter.html index 7591ec98..73e16eef 100644 --- a/pr/600/openssl_publickey_info_filter.html +++ b/pr/600/openssl_publickey_info_filter.html @@ -14,6 +14,8 @@ + + @@ -162,7 +164,7 @@

    community.crypto.openssl_publickey_info filter – Retrieve information from OpenSSL public keys in PEM format

    Note

    -

    This filter plugin is part of the community.crypto collection (version 2.14.0).

    +

    This filter plugin is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto.

    To use it in a playbook, specify: community.crypto.openssl_publickey_info.

    @@ -267,7 +269,7 @@

    string

    The curve’s name for ECC.

    -

    Returned: When type=ECC

    +

    Returned: When _value.type=ECC

    @@ -275,7 +277,7 @@

    integer

    The RSA key’s public exponent.

    -

    Returned: When type=RSA

    +

    Returned: When _value.type=RSA

    @@ -283,7 +285,7 @@

    integer

    The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

    -

    Returned: When type=ECC

    +

    Returned: When _value.type=ECC

    @@ -292,7 +294,7 @@

    The g value for DSA.

    This is the element spanning the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When type=DSA

    +

    Returned: When _value.type=DSA

    @@ -300,7 +302,7 @@

    integer

    The RSA key’s modulus.

    -

    Returned: When type=RSA

    +

    Returned: When _value.type=RSA

    @@ -309,7 +311,7 @@

    The p value for DSA.

    This is the prime modulus upon which arithmetic takes place.

    -

    Returned: When type=DSA

    +

    Returned: When _value.type=DSA

    @@ -318,7 +320,7 @@

    The q value for DSA.

    This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When type=DSA

    +

    Returned: When _value.type=DSA

    @@ -326,7 +328,7 @@

    integer

    Bit size of modulus (RSA) or prime number (DSA).

    -

    Returned: When type=RSA or type=DSA

    +

    Returned: When _value.type=RSA or _value.type=DSA

    @@ -334,16 +336,16 @@

    integer

    The x coordinate for the public point on the elliptic curve.

    -

    Returned: When type=ECC

    +

    Returned: When _value.type=ECC

    y

    integer

    -

    For type=ECC, this is the y coordinate for the public point on the elliptic curve.

    -

    For type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    -

    Returned: When type=DSA or type=ECC

    +

    For _value.type=ECC, this is the y coordinate for the public point on the elliptic curve.

    +

    For _value.type=DSA, this is the publicly known group element whose discrete logarithm with respect to g is the private key.

    +

    Returned: When _value.type=DSA or _value.type=ECC

    @@ -351,8 +353,8 @@

    string

    The key’s type.

    -

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    -

    Will start with unknown if the key type cannot be determined.

    +

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    +

    Will start with unknown if the key type cannot be determined.

    Returned: success

    Sample: "RSA"

    diff --git a/pr/600/openssl_publickey_info_module.html b/pr/600/openssl_publickey_info_module.html index 7cdef7b8..05f66566 100644 --- a/pr/600/openssl_publickey_info_module.html +++ b/pr/600/openssl_publickey_info_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_publickey_info module – Provide information for OpenSSL public keys

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -210,7 +212,7 @@ see

    string

    Content of the public key file.

    -

    Either path or content must be specified, but not both.

    +

    Either path or content must be specified, but not both.

    @@ -225,8 +227,8 @@ see

    string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    @@ -337,7 +339,7 @@ see

    string

    The curve’s name for ECC.

    -

    Returned: When type=ECC

    +

    Returned: When type=ECC

    @@ -345,7 +347,7 @@ see

    integer

    The RSA key’s public exponent.

    -

    Returned: When type=RSA

    +

    Returned: When type=RSA

    @@ -353,7 +355,7 @@ see

    integer

    The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

    -

    Returned: When type=ECC

    +

    Returned: When type=ECC

    @@ -362,7 +364,7 @@ see

    The g value for DSA.

    This is the element spanning the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When type=DSA

    +

    Returned: When type=DSA

    @@ -370,7 +372,7 @@ see

    integer

    The RSA key’s modulus.

    -

    Returned: When type=RSA

    +

    Returned: When type=RSA

    @@ -379,7 +381,7 @@ see

    The p value for DSA.

    This is the prime modulus upon which arithmetic takes place.

    -

    Returned: When type=DSA

    +

    Returned: When type=DSA

    @@ -388,7 +390,7 @@ see

    The q value for DSA.

    This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When type=DSA

    +

    Returned: When type=DSA

    @@ -396,7 +398,7 @@ see

    integer

    Bit size of modulus (RSA) or prime number (DSA).

    -

    Returned: When type=RSA or type=DSA

    +

    Returned: When type=RSA or type=DSA

    @@ -404,16 +406,16 @@ see

    integer

    The x coordinate for the public point on the elliptic curve.

    -

    Returned: When type=ECC

    +

    Returned: When type=ECC

    y

    integer

    -

    For type=ECC, this is the y coordinate for the public point on the elliptic curve.

    -

    For type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    -

    Returned: When type=DSA or type=ECC

    +

    For type=ECC, this is the y coordinate for the public point on the elliptic curve.

    +

    For type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    +

    Returned: When type=DSA or type=ECC

    @@ -421,8 +423,8 @@ see

    string

    The key’s type.

    -

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    -

    Will start with unknown if the key type cannot be determined.

    +

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    +

    Will start with unknown if the key type cannot be determined.

    Returned: success

    Sample: "RSA"

    diff --git a/pr/600/openssl_publickey_module.html b/pr/600/openssl_publickey_module.html index 8ced114f..f172b733 100644 --- a/pr/600/openssl_publickey_module.html +++ b/pr/600/openssl_publickey_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.openssl_publickey module – Generate an OpenSSL public key from its private key.

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -194,7 +196,7 @@ see

  • cryptography >= 1.2.3 (older versions might work as well)

    • -

  • Needs cryptography >= 1.4 if format is OpenSSH

    • +

  • Needs cryptography >= 1.4 if format is OpenSSH

    • @@ -297,7 +299,7 @@ see added in community.crypto 1.0.0

    The content of the TLS/SSL private key from which to generate the public key.

    -

    Either privatekey_path or privatekey_content must be specified, but not both. If state is present, one of them is required.

    +

    Either privatekey_path or privatekey_content must be specified, but not both. If state is present, one of them is required.

    @@ -312,7 +314,7 @@ see

    path

    Path to the TLS/SSL private key from which to generate the public key.

    -

    Either privatekey_path or privatekey_content must be specified, but not both. If state is present, one of them is required.

    +

    Either privatekey_path or privatekey_content must be specified, but not both. If state is present, one of them is required.

    @@ -320,7 +322,7 @@ see

    boolean

    added in community.crypto 1.0.0

    -

    If set to true, will return the (current or generated) public key’s content as publickey.

    +

    If set to true, will return the (current or generated) public key’s content as publickey.

    Choices:

    • false ← (default)

      • @@ -333,8 +335,8 @@ see

      string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -519,7 +521,7 @@ see

      string

    Name of backup file created.

    -

    Returned: changed and if backup is true

    +

    Returned: changed and if backup is true

    Sample: "/path/to/publickey.pem.2019-03-09@11:22~"

    @@ -555,7 +557,7 @@ see

    string

    Path to the TLS/SSL private key the public key was generated from.

    -

    Will be none if the private key has been provided in privatekey_content.

    +

    Will be none if the private key has been provided in privatekey_content.

    Returned: changed or success

    Sample: "/etc/ssl/private/ansible.com.pem"

    @@ -566,7 +568,7 @@ see added in community.crypto 1.0.0

    The (current or generated) public key’s content.

    -

    Returned: if state is present and return_content is true

    +

    Returned: if state is present and return_content is true

    diff --git a/pr/600/openssl_signature_info_module.html b/pr/600/openssl_signature_info_module.html index 678b9783..33c894be 100644 --- a/pr/600/openssl_signature_info_module.html +++ b/pr/600/openssl_signature_info_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

    community.crypto.openssl_signature_info module – Verify signatures with openssl

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -212,7 +214,7 @@ see

    string

    The content of the certificate used to verify the signature.

    -

    Either certificate_path or certificate_content must be specified, but not both.

    +

    Either certificate_path or certificate_content must be specified, but not both.

    @@ -220,7 +222,7 @@ see

    path

    The path to the certificate used to verify the signature.

    -

    Either certificate_path or certificate_content must be specified, but not both.

    +

    Either certificate_path or certificate_content must be specified, but not both.

    @@ -236,8 +238,8 @@ see

    string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -326,7 +328,7 @@ ed448 and ed25519 keys: register: verify - name: Make sure the signature is valid - assert: + ansible.builtin.assert: that: - verify.valid
    @@ -346,7 +348,7 @@ ed448 and ed25519 keys:

    valid

    boolean

    -

    true means the signature was valid for the given file, false means it was not.

    +

    true means the signature was valid for the given file, false means it was not.

    Returned: success

    diff --git a/pr/600/openssl_signature_module.html b/pr/600/openssl_signature_module.html index 49552e5f..9b13565c 100644 --- a/pr/600/openssl_signature_module.html +++ b/pr/600/openssl_signature_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

    community.crypto.openssl_signature module – Sign data with openssl

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -220,7 +222,7 @@ see

    string

    The content of the private key to use when signing the certificate signing request.

    -

    Either privatekey_path or privatekey_content must be specified, but not both.

    +

    Either privatekey_path or privatekey_content must be specified, but not both.

    @@ -236,7 +238,7 @@ see

    path

    The path to the private key to use when signing.

    -

    Either privatekey_path or privatekey_content must be specified, but not both.

    +

    Either privatekey_path or privatekey_content must be specified, but not both.

    @@ -244,8 +246,8 @@ see

    string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -326,7 +328,7 @@ ed448 and ed25519 keys: register: verify - name: Make sure the signature is valid - assert: + ansible.builtin.assert: that: - verify.valid
    diff --git a/pr/600/search.html b/pr/600/search.html index 7f2d94ca..2110147e 100644 --- a/pr/600/search.html +++ b/pr/600/search.html @@ -14,6 +14,8 @@ + + diff --git a/pr/600/searchindex.js b/pr/600/searchindex.js index 1d3c4348..97529c16 100644 --- a/pr/600/searchindex.js +++ b/pr/600/searchindex.js @@ -1 +1 @@ -Search.setIndex({"docnames": ["acme_account_facts_module", "acme_account_info_module", "acme_account_module", "acme_certificate_module", "acme_certificate_revoke_module", "acme_challenge_cert_helper_module", "acme_inspect_module", "certificate_complete_chain_module", "crypto_info_module", "docsite/guide_ownca", "docsite/guide_selfsigned", "ecs_certificate_module", "ecs_domain_module", "environment_variables", "get_certificate_module", "index", "luks_device_module", "openssh_cert_module", "openssh_keypair_module", "openssl_certificate_info_module", "openssl_certificate_module", "openssl_csr_info_filter", "openssl_csr_info_module", "openssl_csr_module", "openssl_csr_pipe_module", "openssl_dhparam_module", "openssl_pkcs12_module", "openssl_privatekey_convert_module", "openssl_privatekey_info_filter", "openssl_privatekey_info_module", "openssl_privatekey_module", "openssl_privatekey_pipe_module", "openssl_publickey_info_filter", "openssl_publickey_info_module", "openssl_publickey_module", "openssl_signature_info_module", "openssl_signature_module", "split_pem_filter", "x509_certificate_info_filter", "x509_certificate_info_module", "x509_certificate_module", "x509_certificate_pipe_module", "x509_crl_info_filter", "x509_crl_info_module", "x509_crl_module"], "filenames": ["acme_account_facts_module.rst", "acme_account_info_module.rst", "acme_account_module.rst", "acme_certificate_module.rst", "acme_certificate_revoke_module.rst", "acme_challenge_cert_helper_module.rst", "acme_inspect_module.rst", "certificate_complete_chain_module.rst", "crypto_info_module.rst", "docsite/guide_ownca.rst", "docsite/guide_selfsigned.rst", "ecs_certificate_module.rst", "ecs_domain_module.rst", "environment_variables.rst", "get_certificate_module.rst", "index.rst", "luks_device_module.rst", "openssh_cert_module.rst", "openssh_keypair_module.rst", "openssl_certificate_info_module.rst", "openssl_certificate_module.rst", "openssl_csr_info_filter.rst", "openssl_csr_info_module.rst", "openssl_csr_module.rst", "openssl_csr_pipe_module.rst", "openssl_dhparam_module.rst", "openssl_pkcs12_module.rst", "openssl_privatekey_convert_module.rst", "openssl_privatekey_info_filter.rst", "openssl_privatekey_info_module.rst", "openssl_privatekey_module.rst", "openssl_privatekey_pipe_module.rst", "openssl_publickey_info_filter.rst", "openssl_publickey_info_module.rst", "openssl_publickey_module.rst", "openssl_signature_info_module.rst", "openssl_signature_module.rst", "split_pem_filter.rst", "x509_certificate_info_filter.rst", "x509_certificate_info_module.rst", "x509_certificate_module.rst", "x509_certificate_pipe_module.rst", "x509_crl_info_filter.rst", "x509_crl_info_module.rst", "x509_crl_module.rst"], "titles": ["community.crypto.acme_account_facts", "community.crypto.acme_account_info module \u2013 Retrieves information on ACME accounts", "community.crypto.acme_account module \u2013 Create, modify or delete ACME accounts", "community.crypto.acme_certificate module \u2013 Create SSL/TLS certificates with the ACME protocol", "community.crypto.acme_certificate_revoke module \u2013 Revoke certificates with the ACME protocol", "community.crypto.acme_challenge_cert_helper module \u2013 Prepare certificates required for ACME challenges such as tls-alpn-01", "community.crypto.acme_inspect module \u2013 Send direct requests to an ACME server", "community.crypto.certificate_complete_chain module \u2013 Complete certificate chain given a set of untrusted and root certificates", "community.crypto.crypto_info module \u2013 Retrieve cryptographic capabilities", "How to create a small CA", "How to create self-signed certificates", "community.crypto.ecs_certificate module \u2013 Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API", "community.crypto.ecs_domain module \u2013 Request validation of a domain with the Entrust Certificate Services (ECS) API", "Index of all Collection Environment Variables", "community.crypto.get_certificate module \u2013 Get a certificate from a host:port", "Community.Crypto", "community.crypto.luks_device module \u2013 Manage encrypted (LUKS) devices", "community.crypto.openssh_cert module \u2013 Generate OpenSSH host or user certificates.", "community.crypto.openssh_keypair module \u2013 Generate OpenSSH private and public keys", "community.crypto.openssl_certificate_info", "community.crypto.openssl_certificate", "community.crypto.openssl_csr_info filter \u2013 Retrieve information from OpenSSL Certificate Signing Requests (CSR)", "community.crypto.openssl_csr_info module \u2013 Provide information of OpenSSL Certificate Signing Requests (CSR)", "community.crypto.openssl_csr module \u2013 Generate OpenSSL Certificate Signing Request (CSR)", "community.crypto.openssl_csr_pipe module \u2013 Generate OpenSSL Certificate Signing Request (CSR)", "community.crypto.openssl_dhparam module \u2013 Generate OpenSSL Diffie-Hellman Parameters", "community.crypto.openssl_pkcs12 module \u2013 Generate OpenSSL PKCS#12 archive", "community.crypto.openssl_privatekey_convert module \u2013 Convert OpenSSL private keys", "community.crypto.openssl_privatekey_info filter \u2013 Retrieve information from OpenSSL private keys", "community.crypto.openssl_privatekey_info module \u2013 Provide information for OpenSSL private keys", "community.crypto.openssl_privatekey module \u2013 Generate OpenSSL private keys", "community.crypto.openssl_privatekey_pipe module \u2013 Generate OpenSSL private keys without disk access", "community.crypto.openssl_publickey_info filter \u2013 Retrieve information from OpenSSL public keys in PEM format", "community.crypto.openssl_publickey_info module \u2013 Provide information for OpenSSL public keys", "community.crypto.openssl_publickey module \u2013 Generate an OpenSSL public key from its private key.", "community.crypto.openssl_signature_info module \u2013 Verify signatures with openssl", "community.crypto.openssl_signature module \u2013 Sign data with openssl", "community.crypto.split_pem filter \u2013 Split PEM file contents into multiple objects", "community.crypto.x509_certificate_info filter \u2013 Retrieve information from X.509 certificates in PEM format", "community.crypto.x509_certificate_info module \u2013 Provide information of OpenSSL X.509 certificates", "community.crypto.x509_certificate module \u2013 Generate and/or check OpenSSL certificates", "community.crypto.x509_certificate_pipe module \u2013 Generate and/or check OpenSSL certificates", "community.crypto.x509_crl_info filter \u2013 Retrieve information from X.509 CRLs in PEM format", "community.crypto.x509_crl_info module \u2013 Retrieve information on Certificate Revocation Lists (CRLs)", "community.crypto.x509_crl module \u2013 Generate Certificate Revocation Lists (CRLs)"], "terms": {"thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "plugin": [0, 13, 19, 20, 21, 28, 31, 32, 37, 38, 42], "wa": [0, 1, 3, 4, 6, 9, 11, 14, 16, 18, 19, 20, 21, 22, 23, 24, 26, 29, 30, 31, 34, 35, 38, 39, 40, 42, 43, 44], "part": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "collect": [0, 9, 10, 15, 19, 20], "version": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "2": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "14": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "0": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "modul": [0, 9, 10, 19, 20, 21, 28, 32, 38, 42], "ha": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 42, 43, 44], "been": [0, 1, 2, 3, 4, 6, 11, 13, 14, 16, 17, 19, 20, 23, 24, 29, 34, 41, 44], "remov": [0, 1, 2, 3, 4, 6, 16, 19, 20, 26, 34, 40, 44], "The": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "renam": [0, 19, 20, 39, 40, 44], "acme_account_info": [0, 2, 15], "i": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "To": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "instal": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "us": [1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "ansibl": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "galaxi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "you": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "need": [1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "further": [1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "abl": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "detail": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "playbook": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "specifi": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "allow": [1, 2, 3, 4, 6, 11, 12, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "ca": [1, 2, 3, 4, 6, 7, 11, 15, 17, 21, 22, 23, 24, 26, 37, 38, 39, 40, 41, 42, 43, 44], "support": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "protocol": [1, 2, 5, 6, 14, 15, 18, 40], "let": [1, 2, 3, 4, 6, 40], "": [1, 2, 3, 4, 5, 6, 9, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 41, 42, 43, 44], "encrypt": [1, 2, 3, 4, 6, 14, 15, 18, 26, 27, 30, 31, 40], "onli": [1, 2, 3, 4, 6, 7, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "work": [1, 2, 3, 4, 6, 16, 27, 30, 31, 34], "v2": [1, 2, 3, 4, 6, 34], "below": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "ar": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "host": [1, 2, 3, 4, 5, 6, 7, 11, 12, 15, 16, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "execut": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "either": [1, 2, 3, 4, 6, 11, 12, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 33, 34, 35, 36, 39, 40, 41, 43, 44], "openssl": [1, 2, 3, 4, 6, 7, 8, 14, 15, 38], "cryptographi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 18, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 43, 44], "1": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "5": [1, 2, 3, 4, 6, 7, 8, 12, 16, 21, 22, 30, 31, 35, 36, 38, 39, 40, 41], "ipaddress": [1, 2, 3, 4, 6], "comment": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "account_key_cont": [1, 2, 3, 4, 6], "string": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "content": [1, 2, 3, 4, 5, 6, 7, 9, 11, 12, 14, 15, 16, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "rsa": [1, 2, 3, 4, 6, 8, 10, 17, 18, 21, 22, 28, 29, 30, 31, 32, 33, 35, 36, 38, 39], "ellipt": [1, 2, 3, 4, 6, 8, 18, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "curv": [1, 2, 3, 4, 6, 8, 18, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "kei": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 21, 22, 23, 24, 25, 26, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "mutual": [1, 2, 3, 4, 5, 6, 16, 23, 24, 26, 40, 41, 44], "exclus": [1, 2, 3, 4, 5, 6, 16, 23, 24, 26, 40, 41, 44], "account_key_src": [1, 2, 3, 4, 5, 6, 8], "warn": [1, 2, 3, 4, 6, 28, 29, 39, 40], "written": [1, 2, 3, 4, 6, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 44], "temporari": [1, 2, 3, 4, 6], "file": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "which": [1, 2, 3, 4, 6, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "delet": [1, 3, 4, 6, 15], "when": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "complet": [1, 2, 3, 4, 6, 8, 15, 16, 31], "sinc": [1, 2, 3, 4, 6, 9, 16, 23, 24, 26, 29], "an": [1, 2, 3, 4, 5, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 38, 39, 40, 41, 42, 43, 44], "import": [1, 2, 3, 4, 6, 8, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 44], "privat": [1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 15, 17, 21, 22, 23, 24, 25, 26, 32, 33, 35, 36, 38, 39, 40, 41, 42, 43, 44], "can": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 42, 43, 44], "chang": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "revok": [1, 2, 3, 6, 11, 15, 42, 43, 44], "your": [1, 2, 3, 4, 6, 9, 11, 12, 23, 24, 25, 30, 31, 40, 41], "certif": [1, 2, 6, 15, 25, 26, 28, 30, 31, 34, 35, 36, 37, 42], "without": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 33, 34, 35, 36, 39, 40, 41, 43, 44], "know": [1, 2, 3, 4, 6, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40], "might": [1, 2, 3, 4, 6, 14, 27, 30, 31, 34, 44], "accept": [1, 2, 3, 4, 6, 11, 23, 24], "In": [1, 2, 3, 4, 6, 9, 11, 18, 21, 22, 26, 29, 30, 31, 41], "case": [1, 2, 3, 4, 6, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 25, 26, 27, 29, 30, 31, 34, 38, 39, 40, 44], "It": [1, 2, 3, 4, 6, 7, 11, 18, 22, 27, 29, 30, 33, 39, 40, 41, 44], "still": [1, 2, 3, 4, 6, 11, 17, 22, 29, 39, 40], "happen": [1, 2, 3, 4, 6], "disk": [1, 2, 3, 4, 6, 7, 10, 15, 23, 24, 27, 29, 30, 34, 40, 41], "process": [1, 2, 3, 4, 6, 12, 16, 44], "move": [1, 2, 3, 4, 6, 11, 39, 40, 41], "its": [1, 2, 3, 4, 6, 7, 9, 11, 12, 15, 16, 17, 18, 23, 24, 25, 26, 27, 30, 31, 33, 40, 41], "argument": [1, 2, 3, 4, 6, 25], "node": [1, 2, 3, 4, 6, 21, 28, 38, 42], "where": [1, 2, 3, 4, 6, 9, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 33, 34, 39, 40, 41, 43, 44], "account_key_passphras": [1, 2, 3, 4, 6], "ad": [1, 2, 3, 4, 5, 6, 7, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 29, 30, 34, 39, 40, 41, 42, 43, 44], "6": [1, 2, 3, 4, 5, 6, 8, 11, 14, 16, 18, 21, 22, 23, 24, 30, 31, 35, 36, 38, 39, 40, 41], "phassphras": [1, 2, 3, 4, 5, 6], "decod": [1, 2, 3, 4, 5, 6, 21, 22, 28, 38, 39, 42, 43, 44], "backend": [1, 2, 3, 4, 6, 14, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "alias": [1, 2, 3, 4, 6, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 41, 44], "account_kei": [1, 2, 3, 4, 6], "path": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "contain": [1, 2, 3, 4, 5, 6, 7, 12, 14, 16, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 40, 44], "creat": [1, 4, 5, 6, 11, 15, 16, 17, 18, 23, 24, 25, 26, 27, 30, 33, 34, 40, 41, 43, 44], "openssl_privatekei": [1, 2, 3, 6, 9, 10, 11, 15, 23, 24, 25, 26, 27, 29, 31, 33, 34, 36, 40, 41], "openssl_privatekey_pip": [1, 2, 3, 6, 15, 23, 24, 27, 29, 30, 34, 40, 41], "If": [1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "requisit": [1, 2, 3, 6], "avail": [1, 2, 3, 4, 6, 8, 10, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 44], "directli": [1, 2, 3, 6, 10, 39, 40], "command": [1, 2, 3, 6, 16, 17], "line": [1, 2, 3, 6, 16], "tool": [1, 2, 3, 4, 6, 23, 24], "genrsa": [1, 2, 3, 6], "ecparam": [1, 2, 3, 4, 6], "genkei": [1, 2, 3, 4, 6], "ani": [1, 2, 3, 4, 6, 9, 10, 11, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 40, 41], "other": [1, 2, 3, 4, 6, 11, 17, 18, 23, 24, 26, 30, 31, 38, 39, 43, 44], "pem": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 14, 15, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "format": [1, 2, 3, 4, 5, 6, 7, 11, 14, 15, 16, 17, 18, 21, 22, 26, 27, 28, 29, 30, 31, 34, 39, 40, 41, 43, 44], "well": [1, 2, 3, 4, 6, 12, 26, 27, 30, 31, 34, 40], "account_uri": [1, 2, 3, 4, 6], "assum": [1, 2, 3, 4, 6, 7, 9, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "uri": [1, 2, 3, 4, 6, 21, 22, 23, 24, 28, 38, 39, 42, 43, 44], "given": [1, 2, 3, 4, 5, 6, 15, 16, 23, 24, 35], "doe": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "match": [1, 2, 3, 4, 6, 7, 12, 17, 18, 23, 24, 25, 30, 31, 40, 41, 44], "exist": [1, 2, 3, 4, 5, 6, 9, 11, 16, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 40, 41, 44], "fail": [1, 2, 3, 4, 6, 11, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 34, 38, 39, 40, 42, 43, 44], "acme_directori": [1, 2, 3, 4, 6, 40], "directori": [1, 2, 3, 4, 6, 7, 40], "entri": [1, 2, 3, 4, 5, 6, 12, 21, 22, 28, 32, 37, 38, 39, 40, 42, 44], "point": [1, 2, 3, 4, 6, 7, 11, 17, 21, 22, 23, 24, 28, 29, 32, 33, 38, 39, 40, 41, 42, 43, 44], "url": [1, 2, 3, 4, 6], "access": [1, 2, 3, 4, 6, 12, 15, 23, 24, 27, 29, 30, 34, 40, 41, 44], "server": [1, 2, 3, 4, 9, 11, 12, 14, 15, 17, 23, 24, 40, 41], "api": [1, 2, 3, 4, 6, 15, 40, 41], "For": [1, 2, 3, 4, 6, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 37, 38, 39, 40, 41, 42], "safeti": [1, 2, 3, 4, 6], "reason": [1, 2, 3, 4, 6, 23, 24, 40, 41, 42, 43, 44], "default": [1, 2, 3, 4, 6, 7, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "set": [1, 2, 3, 4, 5, 6, 11, 13, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "stage": [1, 2, 3, 4, 6, 40], "v1": [1, 2, 3, 4, 6], "technic": [1, 2, 3, 4, 6, 11], "correct": [1, 2, 3, 4, 6, 7, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "untrust": [1, 2, 3, 4, 6, 15], "all": [1, 2, 3, 4, 6, 7, 8, 9, 11, 14, 17, 18, 21, 22, 26, 28, 29, 30, 31, 37, 38, 39, 40, 41, 42, 43, 44], "endpoint": [1, 2, 3, 4, 6], "found": [1, 2, 3, 4, 6, 8, 12], "here": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "http": [1, 2, 3, 4, 5, 6, 11, 12, 14, 17, 23, 24, 30, 40, 41], "letsencrypt": [1, 2, 3, 4, 6, 40], "org": [1, 2, 3, 4, 6, 11, 23, 24, 40, 42, 43, 44], "doc": [1, 2, 3, 4, 6, 9, 10, 30, 40], "environ": [1, 2, 3, 4, 5, 6, 40], "buypass": [1, 2, 3, 4, 6, 40], "com": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 17, 21, 22, 23, 24, 26, 27, 29, 30, 31, 33, 34, 38, 39, 40, 41, 42, 43, 44], "t": [1, 2, 3, 4, 6, 9, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40, 44], "63d4ai": [1, 2, 3, 4, 6], "go": [1, 2, 3, 4, 6], "ssl": [1, 2, 4, 5, 6, 7, 12, 14, 15, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 39, 40, 41, 43, 44], "product": [1, 2, 3, 4, 6, 11, 31], "v02": [1, 2, 3, 4, 6, 40], "zerossl": [1, 2, 3, 4, 6], "dv90": [1, 2, 3, 4, 6], "sectigo": [1, 2, 3, 4, 6], "qa": [1, 2, 3, 4, 6], "secur": [1, 2, 3, 4, 6, 11, 14, 26, 40, 41], "trust": [1, 2, 3, 4, 6, 42, 43, 44], "provid": [1, 2, 3, 4, 5, 6, 9, 10, 11, 12, 14, 15, 16, 18, 21, 23, 24, 28, 30, 31, 32, 34, 38, 40, 41, 42, 43], "dv": [1, 2, 3, 4, 6], "list": [1, 2, 3, 4, 6, 7, 8, 11, 12, 14, 15, 17, 21, 22, 23, 24, 26, 28, 32, 37, 38, 39, 42], "servic": [1, 2, 3, 4, 6, 15, 40, 41], "test": [1, 2, 3, 4, 6, 11, 12, 18, 21, 22, 38, 39], "against": [1, 2, 3, 4, 6, 11, 14, 17], "acme_vers": [1, 2, 3, 4, 6], "integ": [1, 2, 3, 4, 6, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 32, 33, 38, 39, 40, 41, 42, 43, 44], "must": [1, 2, 3, 4, 5, 6, 9, 11, 12, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 43, 44], "classic": [1, 2, 3, 4, 6], "standard": [1, 2, 3, 4, 6, 11], "deprec": [1, 2, 3, 4, 6, 14, 18, 39, 40, 44], "from": [1, 2, 3, 4, 6, 7, 9, 10, 11, 12, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 39, 40, 41, 43, 44], "3": [1, 2, 3, 4, 5, 6, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 26, 27, 29, 30, 31, 33, 34, 38, 39, 40, 41, 44], "choic": [1, 2, 3, 4, 5, 6, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "request_timeout": [1, 2, 3, 4, 6], "time": [1, 2, 3, 4, 6, 11, 12, 14, 16, 17, 21, 22, 26, 28, 29, 32, 33, 38, 39, 40, 41, 42, 43, 44], "should": [1, 2, 3, 4, 5, 6, 8, 11, 12, 14, 17, 18, 21, 22, 23, 24, 25, 26, 27, 30, 31, 34, 38, 39, 40, 41, 43, 44], "wait": [1, 2, 3, 4, 6], "respons": [1, 2, 3, 4, 6, 11], "timeout": [1, 2, 3, 4, 6, 14], "appli": [1, 2, 3, 4, 6, 11, 14, 17, 18], "request": [1, 2, 3, 4, 5, 7, 8, 9, 10, 14, 15, 16, 17, 18, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "head": [1, 2, 3, 4, 6], "get": [1, 2, 3, 4, 6, 11, 15, 17, 18, 22, 23, 25, 26, 27, 29, 30, 33, 34, 39, 40, 43, 44], "post": [1, 2, 3, 4, 6, 11], "10": [1, 2, 3, 4, 6, 10, 14, 15, 16, 17, 18, 21, 28, 30, 31, 32, 34, 37, 38, 39, 40, 41, 42], "retrieve_ord": 1, "whether": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 34, 38, 39, 40, 41, 42, 43, 44], "order": [1, 3, 6, 11, 14, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33, 34, 37, 38, 39, 40, 42, 43, 44], "object": [1, 3, 6, 15, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "A": [1, 2, 5, 7, 8, 11, 14, 22, 23, 24, 29, 33, 35, 37, 39, 40, 41, 43, 44], "ignor": [1, 2, 3, 7, 11, 17, 18, 21, 22, 23, 24, 26, 28, 31, 37, 38, 39, 40, 41, 42, 43, 44], "fetch": 1, "order_uri": [1, 3, 6], "alwai": [1, 2, 3, 4, 5, 6, 8, 10, 11, 12, 14, 17, 18, 26, 29, 30, 31, 39, 40, 41, 44], "popul": 1, "option": [1, 2, 3, 4, 6, 11, 14, 16, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 39, 40, 41, 44], "object_list": 1, "current": [1, 3, 8, 11, 12, 14, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 40, 41, 44], "so": [1, 2, 3, 4, 6, 11, 12, 16, 17, 18, 21, 23, 25, 26, 27, 28, 29, 30, 31, 34, 38, 40, 42, 44], "result": [1, 4, 5, 9, 10, 11, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 38, 39, 40, 41, 42, 43, 44], "empti": [1, 3, 8], "url_list": 1, "select_crypto_backend": [1, 2, 3, 4, 6, 14, 22, 23, 24, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41], "determin": [1, 2, 3, 4, 6, 14, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41], "auto": [1, 2, 3, 4, 6, 14, 18, 22, 23, 24, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41], "tri": [1, 2, 3, 4, 6, 7, 14, 22, 23, 24, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41], "fall": [1, 2, 3, 4, 6, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "back": [1, 2, 3, 4, 6, 9, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "try": [1, 2, 3, 4, 6, 7, 8, 14, 16, 22, 23, 24, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41], "binari": [1, 2, 3, 4, 6, 8, 14, 18, 25], "librari": [1, 2, 3, 4, 6, 8, 14, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "validate_cert": [1, 2, 3, 4, 6], "boolean": [1, 2, 3, 4, 6, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 44], "call": [1, 2, 3, 4, 6, 11, 26, 39, 40, 44], "valid": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 14, 15, 17, 21, 22, 23, 24, 35, 36, 39, 40, 41, 44], "tl": [1, 2, 4, 6, 14, 15, 23, 24, 26, 27, 30, 31, 34, 40, 41], "ever": [1, 2, 3, 4, 6], "fals": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 44], "purpos": [1, 2, 3, 4, 6, 11, 23, 24, 40, 41], "local": [1, 2, 3, 4, 6, 11, 12, 21, 28, 38, 40, 41, 42], "pebbl": [1, 2, 3, 4, 6], "true": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 44], "descript": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "action_group": [1, 2, 3, 4, 6], "action": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 17, 18, 22, 23, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 43, 44], "group": [1, 2, 3, 4, 6, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40, 44], "module_default": [1, 2, 3, 4, 6], "check_mod": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "full": [1, 2, 3, 7, 8, 11, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "modifi": [1, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "state": [1, 2, 3, 5, 7, 8, 14, 16, 17, 18, 22, 23, 24, 25, 26, 29, 30, 33, 34, 35, 36, 39, 40, 43, 44], "run": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "statu": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "predict": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "target": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "diff_mod": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "n": [1, 5, 6, 7, 8, 14, 22, 29, 33, 35, 39, 43], "Will": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 43, 44], "what": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "possibli": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "diff": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "mode": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "acme_account": [1, 3, 15], "acme_account_fact": 1, "befor": [1, 3, 12, 21, 28, 32, 37, 38, 40, 41, 42, 44], "8": [1, 3, 4, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40], "usag": [1, 3, 7, 10, 11, 15, 16, 23, 40, 41, 44], "did": [1, 3, 31], "new": [1, 2, 3, 4, 5, 6, 8, 9, 11, 12, 16, 17, 18, 21, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "enough": [1, 2, 3, 4, 6], "instead": [1, 2, 3, 4, 6, 10, 16, 17, 23, 24, 30, 31, 44], "explicitli": [1, 2, 3, 4, 6, 27, 29, 30], "disabl": [1, 2, 3, 4, 6, 11, 16, 17, 29], "enabl": [1, 2, 3, 4, 6, 11, 17, 23, 24], "slower": [1, 2, 3, 4, 6], "less": [1, 2, 3, 4, 6, 12, 17], "have": [1, 2, 3, 4, 6, 10, 11, 12, 13, 17, 18, 21, 23, 25, 26, 27, 28, 29, 30, 31, 32, 34, 37, 38, 40, 41, 42, 44], "store": [1, 2, 3, 4, 6, 10, 11, 12, 16, 24, 26, 27, 40, 41], "although": [1, 2, 3, 4, 6], "chosen": [1, 2, 3, 4, 6, 26], "principl": [1, 2, 3, 4, 6], "far": [1, 2, 3, 4, 6], "develop": [1, 2, 3, 4, 6, 40], "we": [1, 2, 3, 4, 5, 6, 9, 26, 30, 31], "got": [1, 2, 3, 4, 6], "feedback": [1, 2, 3, 4, 6], "thei": [1, 2, 3, 4, 6, 12, 14, 16, 18, 25, 30, 31, 39, 43], "incommon": [1, 2, 3, 4, 6], "experi": [1, 2, 3, 4, 6], "problem": [1, 2, 3, 4, 6], "anoth": [1, 2, 3, 4, 6, 7, 9, 10, 11, 16, 21, 22, 28, 30, 31, 38, 39, 41, 42, 43, 44], "pleas": [1, 2, 3, 4, 6, 7, 9, 14, 18, 23, 24, 25, 27, 30, 31, 40, 41], "issu": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "help": [1, 2, 3, 4, 6, 11], "u": [1, 2, 3, 4, 6, 17, 18, 23, 25, 26, 27, 30, 34, 40, 41], "mention": [1, 2, 3, 4, 6, 26], "appreci": [1, 2, 3, 4, 6], "name": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "check": [1, 3, 7, 9, 11, 15, 17, 21, 22, 23, 24, 25, 26, 29, 30, 31, 34, 35, 39, 42, 43, 44], "etc": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 39, 40, 41, 43, 44], "pki": [1, 2, 3, 4, 5, 6, 8, 12], "cert": [1, 2, 3, 4, 5, 6, 8, 11, 14, 17, 21, 22, 23, 24, 26, 28, 35, 36, 38, 39, 42, 44], "regist": [1, 3, 5, 6, 7, 8, 9, 10, 14, 22, 24, 29, 31, 33, 35, 36, 39, 40, 41, 43], "account_data": 1, "verifi": [1, 7, 12, 15, 36, 40], "assert": [1, 35, 36, 39, 40], "print": [1, 37, 41, 43], "builtin": [1, 8, 21, 24, 28, 29, 32, 33, 37, 38, 39, 40, 41, 42, 43], "debug": [1, 2, 3, 4, 6, 8, 11, 14, 21, 22, 24, 28, 29, 31, 32, 33, 37, 38, 39, 41, 42, 43], "var": [1, 3, 6, 8, 14, 22, 24, 29, 33, 39, 41], "contact": [1, 2, 3, 6], "acme_account_kei": 1, "acme_account_uri": 1, "common": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "document": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "follow": [1, 2, 3, 5, 6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "field": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 43, 44], "uniqu": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "dictionari": [1, 2, 3, 5, 6, 8, 11, 14, 16, 21, 22, 23, 24, 28, 29, 30, 31, 32, 33, 34, 38, 39, 42, 43, 44], "element": [1, 2, 3, 7, 8, 11, 12, 14, 17, 21, 22, 23, 24, 26, 28, 29, 32, 33, 37, 38, 39, 42, 43, 44], "challeng": [1, 3, 6, 15, 40], "resourc": [1, 3, 5, 12], "sampl": [1, 3, 4, 5, 6, 8, 11, 12, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 42, 43, 44], "mailto": [1, 2, 6], "me": [1, 2, 6], "tel": 1, "00123456789": 1, "queri": [1, 3, 22, 29, 33, 39], "public_account_kei": 1, "public": [1, 3, 11, 15, 17, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 38, 39, 40, 41], "json": [1, 6, 11, 14, 42, 43], "web": [1, 12], "kty": [1, 6], "ec": [1, 3, 15, 40, 41], "crv": 1, "p": [1, 21, 22, 28, 29, 32, 33, 38, 39], "256": [1, 17, 18], "x": [1, 6, 14, 15, 21, 22, 28, 29, 32, 33, 43], "mkbctnickusdii11yss3526idz8aito7tu6kpaqv7d4": 1, "y": [1, 14, 21, 22, 28, 29, 32, 33, 38, 39], "4etl6srw2yilurn5vfvvhuhp7x8pxltmwwlbbm4ifym": 1, "deactiv": [1, 2, 3, 11], "none": [1, 2, 3, 4, 5, 6, 11, 12, 14, 16, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 34, 36, 38, 39], "success": [1, 3, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "error": [1, 3, 4, 6, 8, 11, 16, 40], "occur": [1, 44], "dure": [1, 2, 3, 11, 17, 26], "about": [1, 2, 11, 12, 14, 17, 23, 24, 28, 29], "structur": 1, "rfc7807": 1, "expir": [1, 3, 6, 10, 11, 12, 14, 38, 39, 40, 41, 44], "timestamp": [1, 17, 23, 25, 26, 27, 30, 34, 39, 40, 41, 43, 44], "describ": [1, 21, 23, 24, 28, 32, 37, 38, 42], "rfc3339": [1, 11], "includ": [1, 3, 7, 9, 11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 38, 39, 40, 42, 43, 44], "pend": [1, 11], "give": [1, 17, 18, 23, 25, 26, 27, 30, 34, 40], "expiri": [1, 11, 40, 41], "date": [1, 6, 7, 11, 14, 38, 39, 40, 41, 42, 43, 44], "final": [1, 3], "identifi": [1, 2, 3, 5, 11, 16, 17, 21, 22, 23, 24, 38, 39, 40, 41], "type": [1, 3, 5, 6, 10, 11, 12, 16, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 44], "dn": [1, 3, 5, 9, 10, 12, 21, 22, 23, 24, 28, 38, 39, 40, 42, 43, 44], "ip": [1, 3, 5, 14, 21, 22, 23, 24, 38, 39], "hostnam": [1, 14], "address": [1, 2, 3, 5, 11, 12, 17, 21, 22, 28, 38, 39, 42, 43, 44], "wildcard": [1, 3], "actual": [1, 5, 17, 18, 23, 25, 26, 27, 30, 34, 40], "prefix": [1, 2, 23, 24], "notaft": [1, 38, 39], "notbefor": [1, 38, 39], "readi": [1, 11], "invalid": [1, 11, 37, 42, 43, 44], "felix": [1, 2, 4, 5, 6, 7, 8, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 37, 38, 39, 41, 42, 43, 44], "fontein": [1, 2, 4, 5, 6, 7, 8, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 37, 38, 39, 41, 42, 43, 44], "felixfontein": [1, 2, 4, 5, 6, 7, 8, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 37, 38, 39, 41, 42, 43, 44], "tracker": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "repositori": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "sourc": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "submit": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "bug": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "report": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "featur": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "allow_cr": 2, "creation": [2, 3, 6, 16], "present": [2, 3, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 30, 34, 38, 39, 40, 44], "email": [2, 3, 11, 12, 21, 22, 23, 24, 28, 38, 39, 40, 41, 42, 43, 44], "ietf": [2, 3, 6, 23, 24], "html": [2, 3, 6, 23, 24, 30], "rfc8555": [2, 3, 6], "section": [2, 3, 4, 6, 23, 24], "7": [2, 3, 6, 14, 17, 18, 21, 22, 26, 33, 38, 39, 42, 43], "absent": [2, 16, 17, 18, 23, 25, 26, 30, 34, 40, 44], "changed_kei": 2, "external_account_bind": 2, "extern": 2, "bind": 2, "data": [2, 3, 5, 11, 12, 15, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 38, 39, 40, 41, 44], "like": [2, 3, 10, 17, 18, 23, 25, 26, 27, 30, 34, 40, 41], "specif": [2, 3, 4, 5, 6, 10, 11, 12, 16, 23, 24, 26, 39, 40, 41], "properli": [2, 6], "custom": [2, 11, 18], "alg": 2, "mac": [2, 26], "algorithm": [2, 14, 16, 17, 18, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 41, 42, 43, 44], "probabl": 2, "hs256": 2, "hs384": 2, "hs512": 2, "base64": [2, 3, 14, 21, 22, 26, 30, 31, 35, 36, 38, 39, 43, 44], "encod": [2, 3, 6, 11, 14, 21, 22, 26, 28, 30, 31, 35, 36, 38, 39, 42, 43, 44], "pad": 2, "symbol": [2, 7, 17, 18, 23, 25, 26, 27, 30, 34, 40], "end": [2, 3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40], "omit": [2, 9, 16, 17, 18], "kid": 2, "new_account_key_cont": 2, "same": [2, 3, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 44], "restrict": [2, 3, 17, 23, 24], "new_account_key_src": 2, "new_account_key_passphras": 2, "inform": [2, 3, 4, 5, 6, 8, 10, 11, 12, 14, 15, 17, 23, 24, 30, 31, 40, 41], "touch": 2, "terms_agre": [2, 3], "indic": [2, 3, 11, 14, 23, 24, 29, 31], "agre": [2, 3], "term": [2, 3, 6], "acme_certif": [2, 5, 6, 7, 15], "do": [2, 3, 6, 9, 10, 11, 12, 16, 17, 18, 23, 25, 26, 27, 29, 30, 31, 34, 40], "basic": [2, 3, 21, 22, 23, 24, 28, 29, 32, 33, 38, 39], "manag": [2, 3, 4, 5, 6, 11, 15, 34], "both": [2, 3, 11, 18, 22, 23, 24, 29, 33, 34, 35, 36, 39, 41, 43, 44], "recommend": [2, 11, 12, 40, 41], "modify_account": [2, 3], "automat": [2, 3, 4, 5, 6, 16, 30, 31, 40], "rfc": [2, 3, 4, 5, 6, 23, 24], "8555": [2, 3, 4, 5, 6], "retriev": [2, 3, 6, 14, 15, 23, 24, 40, 41], "fact": 2, "write": [2, 3, 6, 7, 9, 16, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 41, 44], "acme_inspect": [2, 3, 4, 15], "make": [2, 3, 6, 11, 14, 16, 18, 28, 29, 30, 31, 35, 36, 39, 44], "sure": [2, 3, 16, 18, 28, 29, 30, 31, 35, 36, 44], "TOS": 2, "myself": [2, 3], "one": [2, 3, 4, 7, 9, 11, 12, 14, 17, 18, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "variabl": [2, 3, 9, 21, 22, 28, 29, 32, 37, 38, 42], "new_account_kei": 2, "renew": [3, 11], "implement": [3, 31, 40, 41], "01": [3, 6, 11, 15, 17, 30, 31, 34], "alpn": [3, 6, 15], "twice": 3, "two": [3, 23, 24], "differ": [3, 4, 10, 12, 14, 17, 18, 23, 25, 30, 34, 40, 44], "task": [3, 11, 17, 18, 30, 31, 39], "output": [3, 6, 8, 11, 17, 26, 30, 31], "first": [3, 5, 6, 10, 11, 12, 16, 26, 39], "record": [3, 11, 12], "pass": [3, 9, 11], "second": [3, 12, 14, 16, 39, 40, 41, 44], "between": [3, 16, 18], "fulfil": 3, "step": [3, 11, 26], "whatev": 3, "mean": [3, 11, 35], "necessari": [3, 17], "destin": [3, 11, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40], "webserv": 3, "serv": [3, 40], "perform": [3, 11, 12, 16, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 44], "how": [3, 5, 12, 14, 15, 21, 22, 23, 24, 28, 30, 38, 39, 40, 42, 43, 44], "read": [3, 9, 16, 17, 18, 23, 25, 26, 27, 30, 31, 34, 35, 36, 40, 41, 44], "through": 3, "main": 3, "consid": [3, 17, 18, 23, 24, 25, 26, 30, 31, 40, 41], "experiment": 3, "accord": [3, 23, 24], "8738": 3, "account_email": 3, "associ": [3, 7, 11, 12], "account": [3, 4, 5, 6, 8, 11, 15], "more": [3, 7, 11, 14, 17, 23, 24, 26, 40, 41, 44], "than": [3, 4, 11, 12, 17, 18, 21, 22, 23, 24, 26, 28, 38, 39, 40, 41, 42, 43, 44], "updat": [3, 6, 12, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 44], "most": [3, 16], "agreement": [3, 11, 21, 22, 38, 39], "latest": [3, 30, 44], "gather": 3, "chain_dest": 3, "chain": [3, 11, 14, 15, 40], "intermedi": [3, 7, 11, 26, 31, 40], "csr": [3, 5, 6, 7, 9, 10, 11, 15, 25, 26, 28, 30, 31, 34, 39, 40, 41], "src": [3, 9, 26, 41], "openssl_csr": [3, 10, 11, 15, 22, 24, 25, 26, 30, 31, 34, 40, 41], "req": 3, "mai": [3, 11, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 41], "multipl": [3, 9, 10, 11, 15, 21, 22, 23, 24, 26, 28, 29, 32, 33, 38, 39], "subject": [3, 7, 10, 11, 14, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 30, 34, 38, 39, 40, 41, 42, 44], "altern": [3, 10, 11, 23, 24, 40, 41], "each": [3, 9, 11, 21, 28, 30, 31, 32, 34, 37, 38, 42], "lead": [3, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "individu": [3, 17], "sign": [3, 5, 8, 11, 14, 15, 17, 25, 26, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 44], "bad": 3, "idea": 3, "view": 3, "precis": 3, "csr_content": [3, 9, 10, 40, 41], "openssl_csr_pip": [3, 9, 10, 15, 22, 23, 30, 31, 34, 40, 41], "ongo": 3, "previou": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "non": [3, 8, 11, 17], "activ": [3, 6, 11, 12], "taken": 3, "mark": [3, 23, 24], "no_log": [3, 30, 31], "up": [3, 5, 11, 16, 17, 18, 21, 23, 25, 26, 27, 28, 30, 32, 34, 37, 38, 39, 40, 42], "longer": [3, 16, 23, 24], "wai": [3, 5, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "caus": [3, 14, 17, 18], "messag": 3, "come": 3, "unus": 3, "anywai": 3, "deactivate_authz": 3, "authent": [3, 6, 11, 12, 17, 23, 24, 40, 41], "authz": [3, 6], "after": [3, 16, 40, 41], "bound": 3, "remain": [3, 11, 12, 16, 17], "certain": [3, 17, 39], "amount": 3, "re": [3, 12, 14, 18, 21, 22, 23, 24, 25, 26, 30, 31, 34, 38, 39, 40, 41, 44], "domain": [3, 5, 11, 15, 21, 22, 28, 38, 39, 42, 43, 44], "concern": [3, 23, 25, 30, 31, 40, 41], "dest": [3, 5, 7, 9, 24, 41], "fullchain_dest": [3, 6], "forc": [3, 11, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 41, 44], "enforc": 3, "even": [3, 4, 11, 16, 17, 18, 25, 26, 30, 34, 40, 41], "remaining_dai": [3, 11], "especi": [3, 30], "addit": [3, 11, 16, 23, 24], "desir": [3, 16], "fullchain": [3, 6, 7], "want": [3, 9, 10, 11, 12, 16, 18, 23, 24, 28, 29, 44], "avoid": [3, 11, 12, 17, 18, 23, 25, 26, 27, 29, 30, 34, 39, 40, 41, 44], "accident": [3, 28, 29, 30, 31], "old": [3, 11, 23, 24, 39, 40, 44], "number": [3, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40, 41, 42, 43, 44], "dai": [3, 11, 12, 14, 39, 40, 41], "left": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "being": [3, 11, 17, 30, 31, 39, 40, 41], "cert_dai": [3, 11], "challenge_data": [3, 5], "retrieve_all_altern": 3, "offer": [3, 9, 10], "These": [3, 15, 21, 23, 24, 28, 38, 42], "togeth": [3, 16, 26], "all_chain": 3, "select_chain": 3, "criteria": 3, "select": [3, 5, 10, 18, 26, 30, 31], "until": [3, 7, 11, 14], "criterium": 3, "header": [3, 5, 6], "determinist": 3, "everi": [3, 11, 12, 18, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 38, 39, 40, 41, 44], "consist": [3, 29], "condit": [3, 14, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "issuer": [3, 7, 14, 21, 22, 23, 24, 38, 39, 40, 42, 43, 44], "authority_key_identifi": [3, 21, 22, 23, 24, 38, 39], "authoritykeyidentifi": [3, 21, 22, 23, 24, 38, 39], "extens": [3, 5, 6, 14, 18, 21, 22, 23, 24, 38, 39, 42, 43, 44], "base": [3, 11, 16, 17, 30, 31], "form": [3, 7, 11, 38, 39], "c4": 3, "a7": 3, "b1": [3, 30, 31, 34], "a4": 3, "7b": 3, "2c": [3, 30, 31, 34], "71": [3, 30, 31, 34], "fa": 3, "db": 3, "e1": [3, 30, 31, 34], "4b": 3, "90": [3, 11, 12, 40, 41], "75": [3, 30, 31, 34], "ff": [3, 21, 22, 23, 24, 28, 29, 32, 33, 38, 39], "15": [3, 6, 11, 26, 40, 41], "60": [3, 11, 12, 30, 31, 34], "85": [3, 30, 31, 34], "89": 3, "would": [3, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "commonnam": [3, 21, 22, 23, 24, 38, 39, 40, 42, 43, 44], "my": [3, 30, 43, 44], "prefer": [3, 21, 22, 28, 38, 39, 42, 43, 44], "root": [3, 11, 14, 15, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "cn": [3, 9, 11, 14, 23, 24, 44], "subject_key_identifi": [3, 21, 22, 23, 24, 38, 39], "subjectkeyidentifi": [3, 21, 22, 38, 39], "a8": 3, "4a": [3, 21, 22, 28, 29, 32, 33, 38, 39], "6a": [3, 30, 31, 34], "63": [3, 11, 21, 22, 28, 29, 32, 33, 38, 39], "04": [3, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "7d": [3, 44], "dd": [3, 17, 21, 22, 23, 24, 30, 31, 34, 38, 39], "ba": [3, 21, 22, 28, 29, 32, 33, 38, 39], "e6": [3, 21, 22, 28, 29, 32, 33, 38, 39], "d1": 3, "39": [3, 30, 31, 34], "b7": 3, "a6": [3, 30, 31, 34], "45": 3, "65": 3, "ef": [3, 30, 31, 34], "f3": 3, "a1": [3, 30, 31, 34], "test_certif": 3, "exclud": [3, 17, 21, 22, 23, 24], "leaf": [3, 7], "ident": [3, 17], "last": [3, 16, 21, 22, 38, 39, 42, 43, 44], "furthest": 3, "awai": 3, "Its": 3, "safe_file_oper": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "strict": [3, 6, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "oper": [3, 11, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "function": [3, 11, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "ensur": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "proper": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "permiss": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "corrupt": [3, 11, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 41, 44], "At": [3, 17], "least": [3, 11, 23, 24, 35, 36], "control": [3, 6, 12, 14, 21, 28, 31, 38, 42, 43], "over": 3, "rate": [3, 4], "limit": [3, 4, 16, 17], "8737": [3, 5, 6], "acme_challenge_cert_help": [3, 15], "prepar": [3, 15], "certificate_complete_chain": [3, 15], "find": [3, 7, 12], "acme_certificate_revok": [3, 15], "account_private_kei": 3, "httpd": [3, 4, 5, 6], "crt": [3, 4, 5, 6, 11, 12, 39, 40, 41, 44], "sample_com_challeng": [3, 5], "hashi": 3, "vault": [3, 16, 31], "lookup": [3, 7, 21, 24, 28, 31, 32, 37, 38, 41, 42], "hashi_vault": 3, "secret": [3, 30], "copi": [3, 7, 9, 11, 12, 24, 40, 41], "www": [3, 7, 9, 10, 11, 14, 17, 21, 22, 23, 24, 38, 39, 40, 41], "resource_valu": 3, "item": [3, 5, 23, 37], "loop": [3, 5, 37], "dict2item": 3, "v01": 3, "30": [3, 11, 30, 31, 34], "aw": 3, "route53": 3, "zone": 3, "txt": [3, 12, 17], "ttl": 3, "enclos": 3, "quot": [3, 17, 18, 23, 25, 26, 27, 30, 34, 40], "regex_replac": [3, 23], "map": [3, 11, 23, 39], "challenge_data_dn": 3, "dst": 3, "x3": 3, "cross": 3, "identrust": 3, "As": [3, 17, 18, 23, 25, 26, 27, 30, 34, 40], "long": [3, 12, 14], "switch": 3, "own": [3, 9, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 41, 44], "isrg": 3, "x1": 3, "compat": [3, 11, 14, 17, 26], "older": [3, 16, 26, 27, 30, 31, 34, 40], "client": [3, 11, 12, 14, 17, 23, 24, 40, 41, 42, 43, 44], "o": [3, 11, 14, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40], "digit": 3, "signatur": [3, 7, 15, 17, 21, 22, 23, 24, 36, 38, 39, 40, 42, 43, 44], "co": 3, "4": [3, 4, 8, 14, 16, 21, 22, 23, 24, 26, 34, 35, 36, 38, 39, 40], "itself": [3, 44], "concaten": [3, 7], "full_chain": 3, "token": [3, 17], "a5b1c3d2e9f8g7h6": 3, "12345": [3, 6, 21, 22, 38, 39], "2022": [3, 26], "08": [3, 11, 30, 31, 34], "01t01": 3, "02": [3, 11], "34z": 3, "04t01": 3, "03": [3, 11, 23, 25, 26, 27, 30, 34, 40, 44], "45z": 3, "per": [3, 26], "yet": [3, 6], "_acm": 3, "known": [3, 11, 12, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40, 42, 43, 44], "evagxfads6psrb2lav9izf17dt3juxgj": 3, "pct92wr": 3, "oa": 3, "resource_origin": 3, "origin": [3, 11, 14, 21, 22, 23, 25, 26, 27, 30, 34, 38, 39, 40, 44], "produc": 3, "blob": 3, "put": 3, "acmevalid": 3, "x509": 3, "editor": 3, "rfc8737": 3, "b64decod": [3, 9, 41], "jinja": 3, "filter": [3, 22, 29, 33, 39, 43], "extract": [3, 14, 21, 22, 28, 38, 39, 44], "ilirfxkkxa": 3, "17dt3juxgj": 3, "finalization_uri": 3, "michael": 3, "gruener": 3, "mgruener": 3, "exactli": [4, 14, 18, 21, 22, 27, 38, 39], "private_key_src": [4, 5], "private_key_cont": [4, 5, 23, 24, 26, 34], "valu": 4, "private_key_passphras": [4, 5, 27], "revoke_reason": 4, "One": [4, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 42, 43, 44], "revoc": [4, 11, 15, 23, 24, 42], "reasoncod": 4, "defin": [4, 10, 11, 12, 13, 16, 23, 24, 30, 31, 40, 41, 44], "rfc5280": [4, 23, 24], "possibl": [4, 11, 14, 21, 22, 38, 39], "unspecifi": [4, 17, 18, 23, 25, 26, 27, 30, 34, 40, 42, 43, 44], "keycompromis": 4, "cacompromis": 4, "affiliationchang": 4, "supersed": [4, 23, 24, 42, 43, 44], "cessationofoper": 4, "certificatehold": 4, "removefromcrl": 4, "9": [4, 14, 15, 18, 30, 31, 39, 40], "privilegewithdrawn": 4, "aacompromis": 4, "return": 4, "alreadi": [4, 11, 12, 16, 17, 18, 23, 24, 25, 26, 30, 34, 40, 41, 43, 44], "unchang": [4, 16], "depend": [4, 8, 11, 14, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "some": [4, 14, 16, 31, 35, 36, 42, 43], "raw": [5, 6, 14, 27, 30, 31], "convert": [5, 15, 18, 21, 22, 28, 30, 31, 38, 39, 42, 43, 44], "simpl": [5, 9, 10], "gener": [5, 7, 11, 15, 16, 21, 22, 27, 29, 33, 35, 36, 38, 39, 43], "dictsort": 5, "sample_com_challenge_cert": 5, "regular_certif": 5, "deliv": 5, "regular": [5, 6], "connect": [5, 6, 14], "except": [5, 6, 14, 18, 21, 22, 23, 24, 26, 30, 31, 38, 39, 44], "challenge_certif": 5, "achiev": 5, "veri": [5, 10, 43], "nginx": [5, 6], "search": 5, "ssl_preread": 5, "ssl_preread_alpn_protocol": 5, "rout": 5, "private_kei": [5, 17, 31], "identifier_typ": 5, "self": [5, 9, 15, 23, 24, 39, 40, 41], "place": [5, 21, 22, 28, 29, 32, 33, 38, 39], "attempt": [6, 18], "encount": 6, "wish": 6, "investig": 6, "sent": [6, 12], "method": [6, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "otherwis": [6, 11, 14, 16, 17, 18, 21, 22, 23, 25, 26, 27, 30, 34, 38, 39, 40, 42, 43, 44], "fail_on_acme_error": 6, "id": [6, 11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "localhost": [6, 14, 23, 41], "m": [6, 14, 17, 23, 24, 39, 40, 41, 44], "acct": 6, "newaccount": 6, "termsofserviceagre": 6, "account_cr": 6, "locat": [6, 11, 12, 40, 43, 44], "account_info": 6, "to_json": 6, "certificate_request": 6, "someth": [6, 26, 39], "went": 6, "wrong": 6, "output_json": 6, "selectattr": 6, "equalto": 6, "http01challeng": 6, "manual": [6, 12], "a85k3x9f91a4": 6, "random": [6, 12], "33417": 6, "keychang": 6, "meta": 6, "caaident": 6, "termsofservic": 6, "le": 6, "sa": 6, "novemb": 6, "2017": 6, "pdf": 6, "websit": 6, "newnonc": 6, "nonc": 6, "neword": 6, "revokecert": 6, "lowercas": 6, "boulder": 6, "cach": 6, "max": 6, "ag": 6, "close": [6, 16], "length": [6, 18, 40], "904": 6, "applic": [6, 11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "cooki": 6, "cookies_str": 6, "wed": 6, "07": [6, 21, 22, 28, 29, 32, 33, 38, 39], "nov": 6, "2018": [6, 11], "12": [6, 14, 15, 23, 24, 25, 30, 31, 34, 40, 41], "34": [6, 21, 22, 28, 29, 32, 33, 38, 39], "56": [6, 30, 31, 34], "gmt": [6, 40, 41], "44": [6, 21, 22, 23, 24, 38, 39], "rel": [6, 17, 23, 24, 39, 40, 41, 44], "msg": [6, 14, 21, 28, 31, 32, 37, 38, 42, 43], "ok": 6, "byte": [6, 16, 21, 22, 23, 24, 38, 39], "pragma": 6, "replai": 6, "1234567890abcdefghijklmnopqrstuvwxyzabcdefgh": 6, "200": 6, "transport": [6, 29], "604800": 6, "46161": 6, "frame": 6, "deni": 6, "pars": [6, 7, 14, 21, 22, 26, 29, 38, 39], "output_text": 6, "text": [6, 11, 12], "see": [7, 9, 14, 16, 17, 18, 44], "note": [7, 9, 16, 17, 21, 22, 25, 26, 27, 28, 29, 30, 31, 38, 42], "input_chain": 7, "intermediate_certif": 7, "filenam": [7, 11, 17, 18, 23, 25, 26, 30, 34, 40, 44], "subdirectori": 7, "scan": 7, "root_certif": 7, "www_ansible_com": 7, "completechain": 7, "join": [7, 14, 21, 28, 38], "complete_chain": 7, "rootchain": 7, "input": [7, 12, 26], "python": [8, 14, 21, 22, 25, 26, 28, 29, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "crypto_inform": 8, "show": [8, 9, 10, 21, 28, 31, 32, 38, 40, 42], "openssl_pres": 8, "usr": [8, 17, 18, 23, 25, 26, 27, 30, 34, 40], "bin": [8, 17, 18, 23, 25, 26, 27, 30, 34, 40], "1m": 8, "version_output": 8, "dec": 8, "2021": 8, "python_cryptography_cap": 8, "python_cryptography_instal": 8, "theoret": 8, "higher": [8, 11, 21, 28, 32, 37, 38, 42], "libssl": 8, "has_dsa": 8, "dsa": [8, 10, 18, 21, 22, 28, 29, 30, 31, 32, 33, 35, 36, 38, 39], "has_dsa_sign": 8, "has_ec": 8, "has_ec_sign": 8, "has_ed25519": 8, "ed25519": [8, 18, 21, 22, 28, 29, 30, 31, 32, 33, 35, 36, 38, 39], "has_ed25519_sign": 8, "has_ed448": 8, "ed448": [8, 21, 22, 28, 29, 30, 31, 32, 33, 35, 36, 38, 39], "has_ed448_sign": 8, "has_rsa": 8, "has_rsa_sign": 8, "has_x25519": 8, "x25519": [8, 10, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "has_x25519_seri": 8, "serial": [8, 11, 14, 17, 21, 22, 23, 24, 38, 39, 42, 43, 44], "has_x448": 8, "x448": [8, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "python_cryptography_import_error": 8, "commun": [9, 10], "crypto": [9, 10], "guid": [9, 10], "exampl": [9, 10], "password": [9, 10, 11, 12, 16, 18, 23, 24, 26, 36, 40, 41, 44], "protect": [9, 10, 16, 18, 23, 24, 30, 31, 34, 36, 40, 41, 44], "secret_ca_passphras": 9, "instruct": [9, 12], "ask": 9, "pai": 9, "commerci": [9, 23, 24], "passphras": [9, 10, 16, 18, 23, 24, 26, 27, 28, 29, 30, 31, 34, 36, 40, 41, 44], "privatekey_path": [9, 10, 22, 23, 24, 26, 33, 34, 35, 36, 39, 40, 41, 44], "privatekey_passphras": [9, 10, 23, 24, 26, 34, 36, 40, 41, 44], "common_nam": [9, 10, 22, 23, 24], "use_common_name_for_san": [9, 23, 24], "san": [9, 10, 11, 23, 24], "don": 9, "basic_constraint": [9, 21, 22, 23, 24, 38, 39], "basic_constraints_crit": [9, 21, 22, 23, 24, 38, 39], "key_usag": [9, 21, 22, 23, 24, 38, 39, 40], "keycertsign": 9, "key_usage_crit": [9, 21, 22, 23, 24, 38, 39], "ca_csr": 9, "x509_certif": [9, 10, 12, 15, 20, 23, 24, 25, 26, 30, 31, 34, 35, 39, 41], "selfsign": [9, 10, 39, 40, 41], "x509_certificate_pip": [9, 15, 23, 24, 30, 31, 34, 39, 40], "server_1": 9, "while": [9, 11, 12, 30, 31, 40, 41], "our": [9, 41], "server_2": 9, "materi": [9, 29, 31], "leav": [9, 29], "respect": [9, 16, 23, 24], "delegate_to": [9, 14, 41], "run_onc": [9, 14], "subject_alt_nam": [9, 10, 11, 21, 22, 23, 24, 28, 38, 39, 40], "ownca": [9, 40, 41], "ownca_path": [9, 40, 41], "ownca_privatekey_path": [9, 40, 41], "ownca_privatekey_passphras": [9, 40, 41], "ownca_not_aft": [9, 40, 41], "365d": [9, 40, 41], "year": [9, 10, 11, 40, 41], "ownca_not_befor": [9, 40, 41], "1d": [9, 30, 31, 34, 39], "yesterdai": 9, "abov": 9, "procedur": 9, "idempot": [9, 16, 17, 26, 31, 40, 41, 44], "extend": [9, 11], "stat": 9, "certificate_exist": 9, "slurp": [9, 41], "els": [9, 26], "kind": 10, "start": [10, 21, 22, 28, 29, 32, 33, 38, 39, 40, 41], "paramet": [10, 15, 32, 37], "4096": [10, 18, 25, 29, 30, 31, 33], "bit": [10, 18, 21, 22, 25, 28, 29, 30, 31, 32, 33, 38, 39], "size": [10, 12, 16, 18, 21, 22, 25, 28, 29, 30, 31, 32, 33, 38, 39], "changem": 10, "proce": 10, "selfsigned_not_aft": [10, 40, 41], "roughli": 10, "selfsigned_not_befor": [10, 40, 41], "now": [10, 11, 17, 40, 41, 44], "properti": 10, "constraint": [10, 23, 24], "organization_nam": [10, 23, 24], "inc": [10, 11], "reissu": 11, "credenti": [11, 12, 40, 41], "organ": [11, 42], "system": [11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "those": [11, 17, 18, 23, 25, 26, 27, 30, 34, 40], "pyyaml": [11, 12], "11": [11, 12, 14, 17, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40, 44], "additional_email": 11, "receiv": [11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40], "deliveri": 11, "notic": 11, "notif": 11, "backup": [11, 18, 23, 25, 26, 27, 30, 31, 34, 40, 41, 44], "made": [11, 12, 17], "cert_expiri": 11, "compliant": 11, "2020": [11, 17, 18, 23, 25, 26, 27, 30, 34, 40], "23": 11, "23t15": 11, "00": [11, 17, 21, 22, 23, 24, 30, 31, 34, 38, 39, 40, 41], "05z": 11, "request_typ": 11, "issuanc": [11, 40, 41], "subsequ": 11, "initi": [11, 14], "month": [11, 40, 41], "choos": 11, "adjust": [11, 18, 40, 41], "eastern": 11, "est": [11, 40, 41], "could": [11, 23, 25, 29, 30, 31, 40, 41], "unintend": 11, "effect": 11, "pool": 11, "inventori": 11, "model": 11, "cert_lifetim": 11, "lifetim": [11, 40, 41], "cert_typ": 11, "cds_individu": 11, "cds_group": 11, "cds_ent_lit": [11, 40, 41], "cds_ent_pro": [11, 40, 41], "smime_": [11, 40, 41], "p1y": 11, "p2y": 11, "p3y": 11, "standard_ssl": [11, 40, 41], "advantage_ssl": [11, 40, 41], "uc_ssl": [11, 40, 41], "ev_ssl": [11, 40, 41], "wildcard_ssl": [11, 40, 41], "private_ssl": [11, 40, 41], "pd_ssl": [11, 40, 41], "code_sign": 11, "ev_code_sign": 11, "client_id": [11, 12], "under": [11, 12], "primari": [11, 12], "cannot": [11, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 44], "distinguish": 11, "repres": 11, "64": 11, "around": [11, 29], "overrid": [11, 21, 28, 32, 37, 38, 42], "eku": 11, "ou": [11, 14, 23, 24], "organiz": 11, "unit": 11, "replac": [11, 31, 44], "ti": 11, "ct_log": 11, "complianc": 11, "browser": 11, "transpar": 11, "ct": 11, "log": [11, 17, 28, 29, 30, 31], "best": [11, 17, 18, 23, 25, 26, 27, 30, 34, 40], "practic": 11, "techniqu": 11, "owner": [11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "monitor": 11, "elig": [11, 12], "custom_field": 11, "date1": 11, "date2": 11, "date3": 11, "date4": 11, "date5": 11, "dropdown1": 11, "dropdown": 11, "dropdown2": 11, "dropdown3": 11, "dropdown4": 11, "dropdown5": 11, "email1": 11, "email2": 11, "email3": 11, "email4": 11, "email5": 11, "number1": 11, "float": [11, 16], "number2": 11, "number3": 11, "number4": 11, "number5": 11, "text1": 11, "maximum": [11, 21, 22, 28, 29, 32, 33, 38, 39, 40, 41], "500": 11, "charact": 11, "text10": 11, "text11": 11, "text12": 11, "text13": 11, "text14": 11, "text15": 11, "text2": 11, "text3": 11, "text4": 11, "text5": 11, "text6": 11, "text7": 11, "text8": 11, "text9": 11, "server_auth": 11, "client_auth": 11, "server_and_client_auth": 11, "end_user_key_storage_agr": 11, "user": [11, 15, 16, 18, 23, 25, 26, 27, 30, 34, 40, 44], "code": 11, "cryptograph": [11, 15], "hardwar": 11, "csp": 11, "subscript": 11, "acknowledg": 11, "entrust_api_client_cert_key_path": [11, 12, 40, 41], "entrust_api_client_cert_path": [11, 12, 40, 41], "entrust_api_kei": [11, 12, 40, 41], "entrust_api_specification_path": [11, 12, 40, 41], "configur": [11, 12, 13, 16, 17, 18, 21, 23, 25, 26, 27, 28, 30, 31, 32, 34, 37, 38, 40, 41, 42, 44], "keep": [11, 12, 30, 40, 41], "download": [11, 12, 40, 41], "cloud": [11, 12, 40, 41], "net": [11, 12, 40, 41], "entrustcloud": [11, 12, 40, 41], "cm": [11, 12, 40, 41], "yaml": [11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 41], "entrust_api_us": [11, 12, 40, 41], "usernam": [11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 41, 44], "regardless": 11, "within": [11, 12], "past": [11, 38, 39], "full_chain_path": 11, "unless": [11, 12, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "behavior": [11, 18, 26, 30, 31, 40], "neither": 11, "nor": 11, "reus": 11, "unapprov": 11, "failur": [11, 14], "reserv": 11, "futur": 11, "calcul": 11, "tracking_id": 11, "obtain": [11, 12], "act": [11, 17], "upon": [11, 21, 22, 28, 29, 32, 33, 38, 39], "exmapl": 11, "refer": 11, "validate_onli": 11, "cautiou": 11, "along": 11, "requester_email": 11, "track": [11, 40, 41], "requester_nam": 11, "requester_phon": 11, "phone": [11, 40, 41], "arrai": 11, "subjectaltnam": [11, 23, 24], "understand": [11, 16], "tld": 11, "save": [11, 25], "referenc": 11, "tracking_info": 11, "free": 11, "attach": [11, 23, 24], "partial": 11, "bare": 11, "minimum": [11, 18, 40, 41], "jo": [11, 40], "jdoe": [11, 23, 40], "555": [11, 40], "5555": [11, 40], "apiusernam": [11, 12, 40], "lv": [11, 12, 40], "32": [11, 12, 17, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40], "cd9lnt": [11, 12, 40], "20": [11, 23], "79": [11, 30, 31, 34], "migrat": 11, "2378915": 11, "rather": 11, "overridden": [11, 25, 26], "testcertif": 11, "administr": [11, 12], "via": [11, 40], "itsupport": 11, "jsmith": 11, "admin": [11, 12], "invoic": 11, "25": [11, 30, 31, 34], "342": 11, "sale": 11, "red": 11, "backup_fil": [11, 23, 25, 26, 27, 30, 34, 40, 44], "2019": [11, 17, 23, 25, 26, 27, 30, 34, 40, 41, 44], "09": [11, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 44], "22": [11, 21, 22, 23, 24, 25, 26, 27, 30, 31, 34, 38, 39, 40, 44], "backup_full_chain_fil": 11, "253": 11, "cert_detail": 11, "guarante": 11, "forward": [11, 17], "releas": [11, 17], "take": [11, 17, 18, 21, 22, 23, 25, 28, 29, 30, 32, 33, 34, 38, 39, 40, 42, 43, 44], "howev": [11, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "audit": 11, "cert_statu": 11, "expand": 11, "approv": [11, 12], "declin": [11, 12], "na": 11, "pending_quorum": 11, "suspend": 11, "serial_numb": [11, 14, 17, 38, 39, 42, 43, 44], "1235262234164342": 11, "380079": 11, "chri": [11, 12], "trufan": [11, 12], "ctrufan": [11, 12], "verification_method": 12, "domain_statu": 12, "dns_content": 12, "dns_locat": 12, "dns_resource_typ": 12, "web_serv": 12, "file_cont": 12, "file_loc": 12, "e": [12, 23, 24], "were": [12, 14], "pure": 12, "domain_nam": 12, "reverifi": 12, "verification_email": 12, "ownership": [12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "whoi": 12, "construct": 12, "webmast": 12, "hostmast": 12, "postmast": 12, "subdomain": 12, "top": 12, "level": [12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "example1": 12, "example2": 12, "preconstruct": 12, "namespac": 12, "exact": [12, 44], "verif": 12, "prove": 12, "verification_dns_record_typ": 12, "There": [12, 16], "small": [12, 15], "delai": 12, "typic": 12, "Be": 12, "awar": 12, "mani": [12, 14, 44], "ecs_certif": [12, 15], "revalid": 12, "fewer": [12, 40, 41], "ev": 12, "belong": [12, 23, 24], "expect": [12, 30, 31, 39, 40, 41, 44], "ab23cd41432522ff2526920393982fab": 12, "_pki": 12, "cancel": 12, "initial_verif": 12, "re_verif": 12, "ev_days_remain": 12, "submiss": 12, "never": [12, 14, 17, 18, 30, 31, 40, 41, 44], "greater": [12, 17], "ov_days_remain": 12, "ev_elig": 12, "94": [12, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "ov_elig": 12, "abcd": 12, "ov": 12, "129": 12, "declar": 13, "core": [13, 15], "No": 13, "sni": 14, "proxy_host": 14, "asn1_base64": 14, "asn": [14, 21, 22, 38, 39, 40, 41, 42, 43, 44], "claim": 14, "ca_cert": [14, 41], "cipher": [14, 16, 30, 31], "libressl": 14, "fine": 14, "proxi": 14, "proxy_port": 14, "8080": 14, "server_nam": 14, "starttl": 14, "mysql": 14, "succe": 14, "rdp": 14, "3389": 14, "googl": 14, "443": 14, "expire_dai": 14, "not_aft": [14, 38, 39, 40], "to_datetim": 14, "d": [14, 17, 39, 40, 41, 44], "h": [14, 17, 39, 40, 41, 44], "sz": 14, "ansible_date_tim": 14, "iso8601": 14, "dt": 14, "asn1_data": 14, "surviv": 14, "also": [14, 17, 18, 44], "displai": [14, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "github": [14, 15], "80258": 14, "usual": [14, 17, 21, 22, 38, 39], "malform": [14, 21, 22, 38, 39], "critic": [14, 21, 22, 23, 24, 38, 39, 42, 43, 44], "not_befor": [14, 38, 39, 40], "signature_algorithm": [14, 17, 38, 39, 40], "john": 14, "westcott": 14, "iv": 14, "author": 15, "newer": [15, 17, 30, 31, 35, 36], "matrix": 15, "room": 15, "im": 15, "question": 15, "irc": 15, "channel": [15, 29], "libera": 15, "network": 15, "mail": 15, "project": 15, "subscrib": 15, "acm": [15, 40], "requir": [15, 32, 37], "send": [15, 26, 42, 43], "direct": 15, "crypto_info": 15, "capabl": 15, "entrust": [15, 40, 41], "ecs_domain": 15, "get_certif": 15, "port": [15, 17], "luks_devic": 15, "luk": 15, "devic": 15, "openssh_cert": 15, "openssh": [15, 34], "openssh_keypair": [15, 34], "openssl_csr_info": [15, 23, 24, 40], "openssl_dhparam": [15, 23, 24, 26, 30, 31, 34, 40, 41], "diffi": [15, 23, 24, 26, 30, 31, 34, 40, 41], "hellman": [15, 23, 24, 26, 30, 31, 34, 40, 41], "openssl_pkcs12": [15, 23, 24, 25, 30, 31, 34, 40, 41], "pkc": [15, 17, 23, 24, 25, 30, 31, 34, 40, 41], "archiv": [15, 23, 24, 25, 30, 31, 34, 40, 41], "openssl_privatekey_convert": 15, "openssl_privatekey_info": [15, 30, 31, 33, 40], "openssl_publickei": [15, 23, 24, 25, 26, 27, 30, 31, 33, 40, 41], "openssl_publickey_info": 15, "openssl_signatur": [15, 35], "openssl_signature_info": [15, 36], "x509_certificate_info": [15, 19, 40], "509": [15, 43], "x509_crl": [15, 43], "crl": [15, 23, 24], "x509_crl_info": 15, "split_pem": 15, "split": 15, "destroi": 16, "open": 16, "cryptsetup": 16, "wipef": 16, "lsblk": 16, "blkid": 16, "label": [16, 21, 22, 28, 38, 39, 42, 43, 44], "uuid": 16, "pre": [16, 26], "kernel": 16, "ae": [16, 30, 31, 34], "plain": 16, "spec": 16, "essiv": 16, "cbc": 16, "sha256": [16, 18, 21, 22, 23, 24, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 41, 44], "dev": 16, "sda1": 16, "force_remove_last_kei": 16, "bewar": 16, "hash": [16, 21, 22, 28, 29, 32, 33, 38, 39], "setup": 16, "scheme": 16, "volum": 16, "digest": [16, 23, 24, 40, 41, 42, 43, 44], "keyfil": 16, "unlock": 16, "plaintext": 16, "danger": 16, "keysiz": [16, 30, 31], "luks2": 16, "later": 16, "luks1": 16, "new_keyfil": 16, "add": [16, 17, 18, 23, 25, 26, 27, 30, 34, 40], "keyslot": 16, "new_passphras": 16, "pbkdf": 16, "deriv": 16, "argon2i": 16, "argon2id": 16, "pbkdf2": 16, "iteration_count": 16, "iter": 16, "count": 16, "iteration_tim": 16, "millisecond": 16, "memori": 16, "cost": 16, "kilobyt": 16, "argon": 16, "parallel": 16, "thread": 16, "perf_no_read_workqueu": 16, "bypass": 16, "dm": 16, "crypt": 16, "intern": 16, "workqueu": 16, "synchron": 16, "perf_no_write_workqueu": 16, "perf_same_cpu_crypt": 16, "cpu": 16, "io": 16, "unbound": 16, "balanc": 16, "perf_submit_from_crypt_cpu": 16, "offload": 16, "separ": [16, 17, 21, 22, 23, 24, 38, 39], "situat": [16, 18, 30, 31], "block": [16, 31], "singl": 16, "degrad": 16, "significantli": 16, "persist": 16, "metadata": 16, "them": [16, 25, 34], "next": [16, 29], "remove_keyfil": 16, "filesystem": [16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "remove_passphras": 16, "sector_s": 16, "sector": 16, "lock": 16, "suffic": 16, "explicit": 16, "With": 16, "loop0": 16, "foo": [16, 17], "mycrypt": 16, "keyfile2": 16, "personallabelnam": 16, "03ecd578": 16, "fad4": 16, "4e6c": 16, "9348": 16, "842e3e8fa340": 16, "suppli": 16, "c1da9a58": 16, "2fde": 16, "4256": 16, "9d9f": 16, "6ab008b4dd1b": 16, "jan": 16, "pokorni": 16, "japokorn": 16, "regener": [17, 18, 23, 24, 25, 26, 30, 31, 34, 40, 41, 44], "ssh": [17, 18], "keygen": [17, 18], "attr": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "flag": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "look": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "man": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "page": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "chattr": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "lsattr": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "equival": [17, 18, 30, 31], "fed": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "chown": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "preserv": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "ignore_timestamp": [17, 40, 41, 44], "valid_from": 17, "valid_to": 17, "meet": 17, "chmod": [17, 18, 23, 25, 26, 27, 30, 34, 40], "rememb": [17, 18, 23, 25, 26, 27, 30, 34, 40], "octal": [17, 18, 23, 25, 26, 27, 30, 34, 40], "zero": [17, 18, 23, 25, 26, 27, 30, 34, 40], "parser": [17, 18, 23, 25, 26, 27, 30, 34, 40], "0644": [17, 18, 23, 25, 26, 27, 30, 34, 40], "01777": [17, 18, 23, 25, 26, 27, 30, 34, 40], "644": [17, 18, 23, 25, 26, 27, 30, 34, 40], "1777": [17, 18, 23, 25, 26, 27, 30, 34, 40], "convers": [17, 18, 23, 25, 26, 27, 30, 34, 40], "rule": [17, 18, 23, 25, 26, 27, 30, 34, 40], "decim": [17, 18, 23, 25, 26, 27, 30, 34, 40], "unexpect": [17, 18, 23, 25, 26, 27, 30, 34, 40], "rwx": [17, 18, 23, 25, 26, 27, 30, 34, 40], "rw": [17, 18, 23, 25, 26, 27, 30, 34, 40], "g": [17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40], "r": [17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40], "umask": [17, 18, 23, 25, 26, 27, 30, 34, 40], "newli": [17, 18, 23, 25, 26, 27, 30, 34, 40], "cve": [17, 18, 23, 25, 26, 27, 30, 34, 40], "1736": [17, 18, 23, 25, 26, 27, 30, 34, 40], "clear": 17, "shell": 17, "agent": 17, "permit": [17, 21, 22, 23, 24], "pty": 17, "alloc": 17, "rc": 17, "sshd": 17, "x11": 17, "address_list": 17, "comma": 17, "netmask": 17, "pair": [17, 23, 24, 44], "cidr": 17, "numer": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "confus": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "pkcs11_provid": 17, "resid": 17, "share": 17, "libpkcs11": 17, "signing_kei": 17, "princip": 17, "By": [17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 44], "public_kei": [17, 18, 21, 22, 28, 29, 38, 39, 40], "unread": 17, "partial_idempot": [17, 18, 30, 31], "valid_at": [17, 39, 40], "full_idempot": [17, 18, 30, 31], "compar": 17, "selevel": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "selinux": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "context": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "ml": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "mc": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "sometim": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "rang": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "_default": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "portion": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "polici": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "keyrevocationlist": 17, "again": [17, 42, 43], "serol": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "role": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "setyp": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "seuser": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "sha": 17, "refus": 17, "sha2": 17, "512": 17, "correspond": [17, 18, 30, 31], "sshd_config": 17, "casignaturealgorithm": 17, "keyword": [17, 31, 39, 40], "prior": 17, "unsafe_writ": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "influenc": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "atom": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "prevent": [17, 18, 23, 25, 26, 27, 29, 30, 34, 40, 44], "inconsist": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "just": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "broken": [17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 44], "docker": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "mount": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "insid": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "unsaf": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "manner": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "doesn": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "race": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "use_ag": 17, "interpret": [17, 39, 40, 41, 44], "utc": [17, 39, 40, 41, 43, 44], "mainli": 17, "timespec": [17, 39, 40, 41, 44], "NOT": [17, 31, 40, 41, 44], "absolut": [17, 22, 29, 33, 39, 40, 41, 43, 44], "yyyi": 17, "mm": 17, "ddthh": 17, "ss": 17, "hh": 17, "w": [17, 21, 22, 28, 29, 32, 33, 38, 39, 40, 41, 44], "32w1d2h": [17, 39, 40, 41, 44], "1970": 17, "01t00": 17, "earlier": [17, 40, 41], "express": 17, "comparison": 17, "forev": 17, "pub": [17, 18, 33], "week": [17, 39], "32w": 17, "2w": 17, "examplehost": 17, "21": 17, "2001": 17, "tmp": [17, 18, 35, 36], "bla": 17, "ca_public_kei": 17, "info": [17, 21, 22, 38, 39], "l": [17, 23, 24], "f": 17, "david": [17, 18], "kainz": [17, 18], "lolcub": [17, 18], "rsa1": 18, "ecdsa": [18, 35, 36], "opensshbin": 18, "decrypt": [18, 26], "private_key_format": 18, "pkcs1": [18, 27, 30, 31], "keypair": 18, "pkcs8": [18, 27, 30, 31], "conform": [18, 30, 31], "unknown": [18, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "therefor": 18, "1024": 18, "2048": [18, 25, 26, 30, 31], "suffici": 18, "fip": 18, "186": 18, "three": [18, 39, 40, 41, 44], "384": 18, "521": 18, "fix": 18, "id_ssh_rsa": 18, "super_secret_password": 18, "id_ssh_dsa": 18, "fingerprint": [18, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "r4yczxihvjedh2olfjvgi6y5xaytdcwk8vxkyzvyyfm": 18, "aaaab3nza": 18, "vel4e3xcw": 18, "name_encod": [21, 22, 28, 38, 39, 42, 43, 44], "idna": [21, 22, 28, 38, 39, 42, 43, 44], "key1": [21, 28, 38, 42], "value1": [21, 28, 38, 42], "key2": [21, 28, 38, 42], "value2": [21, 28, 38, 42], "idna2008": [21, 22, 28, 38, 39, 42, 43, 44], "idna2003": [21, 22, 28, 38, 39, 42, 43, 44], "unicod": [21, 22, 28, 38, 39, 42, 43, 44], "alt": [21, 28, 38], "authority_cert_issu": [21, 22, 23, 24, 38, 39], "idn": [21, 22, 38, 39, 42, 43, 44], "handl": [21, 22, 38, 39, 42, 43, 44], "authority_cert_serial_numb": [21, 22, 23, 24, 38, 39], "hexadecim": [21, 22, 38, 39], "33": [21, 22, 23, 24, 28, 29, 30, 31, 32, 33, 34, 38, 39], "55": [21, 22, 23, 24, 38, 39], "66": [21, 22, 23, 24, 30, 31, 34, 38, 39], "77": [21, 22, 23, 24, 30, 31, 34, 38, 39], "88": [21, 22, 23, 24, 30, 31, 34, 38, 39], "99": [21, 22, 23, 24, 30, 31, 34, 38, 39], "aa": [21, 22, 23, 24, 28, 29, 32, 33, 38, 39], "bb": [21, 22, 23, 24, 38, 39], "cc": [21, 22, 23, 24, 30, 31, 34, 38, 39], "ee": [21, 22, 23, 24, 30, 31, 34, 38, 39], "pathlen": [21, 22, 38, 39], "extended_key_usag": [21, 22, 23, 24, 38, 39, 40], "biometr": [21, 22, 38, 39], "dvc": [21, 22, 38, 39, 40], "stamp": [21, 22, 38, 39], "extended_key_usage_crit": [21, 22, 23, 24, 38, 39], "extensions_by_oid": [21, 22, 38, 39, 40], "oid": [21, 22, 38, 39], "24": [21, 22, 30, 31, 34, 38, 39], "mamcaqu": [21, 22, 38, 39], "der": [21, 22, 38, 39, 42, 43, 44], "encipher": [21, 22, 23, 24, 38, 39, 40], "name_constraints_crit": [21, 22, 23, 24], "name_constraint": [21, 22], "name_constraints_exclud": [21, 22, 23, 24], "subtre": [21, 22, 23, 24], "name_constraints_permit": [21, 22, 23, 24], "somedomain": [21, 22, 23, 24], "ocsp_must_stapl": [21, 22, 23, 24, 38, 39], "ocsp": [21, 22, 23, 24, 38, 39], "stapl": [21, 22, 23, 24, 38, 39], "ocsp_must_staple_crit": [21, 22, 23, 24, 38, 39], "begin": [21, 22, 28, 29, 38, 39], "miicijanbgkqhkig9w0baqefaaocag8a": [21, 28, 38], "public_key_data": [21, 22, 38, 39], "ecc": [21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "public_key_typ": [21, 22, 38, 39], "expon": [21, 22, 28, 29, 32, 33, 38, 39], "exponent_s": [21, 22, 28, 29, 32, 33, 38, 39], "subgroup": [21, 22, 28, 29, 32, 33, 38, 39], "span": [21, 22, 28, 29, 32, 33, 38, 39], "prime": [21, 22, 28, 29, 32, 33, 38, 39], "modulu": [21, 22, 28, 29, 32, 33, 38, 39], "arithmet": [21, 22, 28, 29, 32, 33, 38, 39], "q": [21, 22, 28, 29, 32, 33, 38, 39], "divid": [21, 22, 28, 29, 32, 33, 38, 39], "coordin": [21, 22, 28, 29, 32, 33, 38, 39], "publicli": [21, 22, 28, 29, 32, 33, 38, 39], "whose": [21, 22, 28, 29, 32, 33, 38, 39, 41], "discret": [21, 22, 28, 29, 32, 33, 38, 39], "logarithm": [21, 22, 28, 29, 32, 33, 38, 39], "public_key_fingerprint": [21, 22, 28, 29, 38, 39], "comput": [21, 22, 28, 29, 32, 33, 38, 39], "d4": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "b3": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "6d": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "c8": [21, 22, 28, 29, 32, 33, 38, 39], "ce": [21, 22, 28, 29, 32, 33, 38, 39], "4e": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "f6": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "29": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "4d": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "92": [21, 22, 28, 29, 32, 33, 38, 39], "a3": [21, 22, 28, 29, 32, 33, 38, 39], "b0": [21, 22, 28, 29, 32, 33, 38, 39], "c2": [21, 22, 28, 29, 32, 33, 38, 39], "bd": [21, 22, 28, 29, 32, 33, 38, 39], "bf": [21, 22, 28, 29, 32, 33, 38, 39], "43": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "0f": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "51": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "95": [21, 22, 28, 29, 32, 33, 38, 39], "2f": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "sha512": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "f7": [21, 22, 28, 29, 32, 33, 38, 39], "f0": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "8b": [21, 22, 28, 29, 32, 33, 38, 39], "5f": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "f9": [21, 22, 28, 29, 32, 33, 38, 39], "61": [21, 22, 28, 29, 32, 33, 38, 39], "0a": [21, 22, 28, 29, 32, 33, 38, 39], "68": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "f1": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "signature_valid": [21, 22], "repeat": [21, 22, 26, 38, 39, 42, 43, 44], "emailaddress": [21, 22, 23, 24, 38, 39], "subject_alt_name_crit": [21, 22, 23, 24, 38, 39], "subject_ord": [21, 22, 23, 24, 38, 39, 40], "tupl": [21, 22, 23, 24, 38, 39, 42, 43, 44], "low": [21, 28, 32, 37, 38, 42], "high": [21, 28, 32, 37, 38, 42], "prioriti": [21, 28, 32, 37, 38, 42], "lower": [21, 28, 32, 37, 38, 42], "interact": [22, 29, 33, 39, 40, 41], "remot": [22, 29, 33, 39, 40, 41, 43, 44], "load": [22, 27, 29, 33, 39], "variant": [22, 29, 33, 39, 43], "dump": [22, 26, 29, 33, 39], "nmiicijanbgkqhkig9w0baqefaaocag8a": [22, 29, 39], "yani": [22, 23, 24, 29, 30, 31, 34, 39, 40, 41], "guenan": [22, 23, 24, 29, 30, 31, 34, 39, 40, 41], "spredzi": [22, 23, 24, 29, 30, 31, 34, 39, 40, 41], "seem": [23, 24, 40, 41], "overwrit": [23, 25, 30, 31, 40, 41], "keyusag": [23, 24], "extendedkeyusag": [23, 24], "basicconstraint": [23, 24], "rid": [23, 24], "dirnam": [23, 24], "othernam": [23, 24], "ones": [23, 24, 25], "mostli": [23, 24], "hex": [23, 24], "colon": [23, 24], "overwrot": [23, 25, 26, 27, 30, 34, 40, 44], "accid": [23, 25, 26, 27, 30, 34, 40, 44], "basicconstraints_crit": [23, 24], "country_nam": [23, 24], "c": [23, 24], "countrynam": [23, 24], "create_subject_key_identifi": [23, 24], "crl_distribution_point": [23, 24], "distribut": [23, 24], "crl_issuer": [23, 24], "full_nam": [23, 24], "relative_nam": [23, 24], "key_compromis": [23, 24, 42, 43, 44], "ca_compromis": [23, 24, 42, 43, 44], "affiliation_chang": [23, 24, 42, 43, 44], "cessation_of_oper": [23, 24, 42, 43, 44], "certificate_hold": [23, 24, 42, 43, 44], "privilege_withdrawn": [23, 24, 42, 43, 44], "aa_compromis": [23, 24, 42, 43, 44], "email_address": [23, 24], "extkeyusag": [23, 24], "extkeyusage_crit": [23, 24], "extendedkeyusage_crit": [23, 24], "keyusage_crit": [23, 24], "locality_nam": [23, 24], "localitynam": [23, 24], "ocspmuststapl": [23, 24], "rfc7633": [23, 24], "ocspmuststaple_crit": [23, 24], "reject": [23, 24], "organizationnam": [23, 24, 38, 39, 42, 43, 44], "organizational_unit_nam": [23, 24], "organizationalunitnam": [23, 24], "privatekey_cont": [23, 24, 26, 34, 36, 40, 41, 44], "return_cont": [23, 25, 26, 30, 34, 40, 44], "state_or_province_nam": [23, 24], "st": [23, 24], "stateorprovincenam": [23, 24], "compon": [23, 24, 44], "usecommonnameforsan": [23, 24], "subjectaltname_crit": [23, 24], "row": [23, 24, 44], "fill": [23, 24], "2986": [23, 24], "unsupport": [23, 24], "inlin": [23, 24, 34, 41], "fr": 23, "dynam": 23, "with_dict": 23, "dns_server": 23, "special": 23, "digitalsignatur": [23, 24], "keyagr": [23, 24], "clientauth": [23, 24], "winrm": 23, "auth": 23, "311": 23, "utf8": 23, "pathlenconstraint": [23, 24], "privatekei": [23, 24, 26, 27, 30, 31, 34, 44], "dh": 25, "param": 25, "detect": [25, 26], "Or": 25, "dhparam": 25, "thom": 25, "wigger": 25, "thomwigg": 25, "pyopenssl": 26, "iter_s": 26, "maciter_s": 26, "export": [26, 27, 30, 31], "certificate_path": [26, 35, 36], "encryption_level": 26, "compatibility2022": 26, "softwar": 26, "38": [26, 30, 31, 34], "friendly_nam": 26, "friendli": 26, "50000": 26, "other_certif": 26, "ca_certif": 26, "other_certificates_parse_al": 26, "pkcs12": 26, "mechan": 26, "safe": 26, "addition": 26, "backward": 26, "opt": 26, "p12": 26, "raclett": 26, "ca_bundl": 26, "bundl": [26, 37], "0600": [26, 27, 30], "regen": 26, "guillaum": 26, "delpierr": 26, "gdelpierr": 26, "dest_passphras": 27, "dest_path": 27, "src_content": 27, "src_path": 27, "src_passphras": 27, "return_private_key_data": [28, 29], "private_data": [28, 29], "public_data": [28, 29, 32, 33], "fake": 29, "key_is_consist": 29, "check_consist": 29, "potenti": 29, "side": 29, "attack": 29, "machin": [29, 40, 41], "can_load_kei": 29, "can_parse_kei": 29, "eddsa": [30, 31], "particular": [30, 31], "maxim": [30, 31], "interoper": [30, 31], "secp384r1": [30, 31], "secp256r1": [30, 31], "iana": [30, 31], "registri": [30, 31], "secp224r1": [30, 31], "secp256k1": [30, 31], "secp521r1": [30, 31], "discourag": [30, 31], "secp192r1": [30, 31], "brainpoolp256r1": [30, 31], "brainpoolp384r1": [30, 31], "brainpoolp512r1": [30, 31], "sect163k1": [30, 31], "sect163r2": [30, 31], "sect233k1": [30, 31], "sect233r1": [30, 31], "sect283k1": [30, 31], "sect283r1": [30, 31], "sect409k1": [30, 31], "sect409r1": [30, 31], "sect571k1": [30, 31], "sect571r1": [30, 31], "tradit": [30, 31], "auto_ignor": [30, 31], "mismatch": [30, 31], "format_mismatch": [30, 31], "everyth": [30, 31, 44], "treat": [30, 39, 44], "appropri": 30, "care": 30, "shown": 30, "reference_appendic": 30, "faq": 30, "minim": [30, 31], "hashlib": [30, 31, 34], "md5": [30, 31, 34], "84": [30, 31, 34], "72": [30, 31, 34], "8d": [30, 31, 34], "b5": [30, 31, 34], "6c": [30, 31, 34], "37": [30, 31, 34], "83": [30, 31, 34], "f5": [30, 31, 34], "4c": [30, 31, 34], "sha1": [30, 31, 34], "7c": [30, 31, 34], "5d": [30, 31, 34], "eb": [30, 31, 34], "41": [30, 31, 34], "7e": [30, 31, 34], "1a": [30, 31, 34], "c7": [30, 31, 34], "f8": [30, 31, 34], "sha224": [30, 31, 34], "19": [30, 31, 34], "ac": [30, 31, 34], "ed": [30, 31, 34], "18": [30, 31, 34, 40, 41], "50": [30, 31, 34], "d3": [30, 31, 34], "06": [30, 31, 34, 40, 41], "5c": [30, 31, 34], "b2": [30, 31, 34], "91": [30, 31, 34], "52": [30, 31, 34], "8c": [30, 31, 34], "cb": [30, 31, 34], "d5": [30, 31, 34], "e9": [30, 31, 34], "9b": [30, 31, 34], "46": [30, 31, 34], "ab": [30, 31, 34], "70": [30, 31, 34], "cf": [30, 31, 34], "76": [30, 31, 34], "4f": [30, 31, 34], "57": [30, 31, 34], "6e": [30, 31, 34], "97": [30, 31, 34], "df": [30, 31, 34], "de": [30, 31, 34], "sha384": [30, 31, 34], "d9": [30, 31, 34], "40": [30, 31, 34], "59": [30, 31, 34], "c3": [30, 31, 34], "a2": [30, 31, 34], "e4": [30, 31, 34], "0b": [30, 31, 34], "1c": [30, 31, 34], "0c": [30, 31, 34], "9e": [30, 31, 34], "af": [30, 31, 34], "da": [30, 31, 34], "2e": [30, 31, 34], "c0": [30, 31, 34], "9a": [30, 31, 34], "3a": [30, 31, 34], "3d": [30, 31, 34], "fd": [30, 31, 34], "5e": [30, 31, 34], "48": [30, 31, 34], "9f": [30, 31, 34], "fe": [30, 31, 34], "7f": [30, 31, 34], "3f": [30, 31, 34], "cd": [30, 31, 34], "a5": [30, 31, 34], "e7": [30, 31, 34], "13": [30, 31, 34, 44], "82": [30, 31, 34], "87": [30, 31, 34], "1f": [30, 31, 34], "28": [30, 31, 34], "53": [30, 31, 34], "86": [30, 31, 34], "69": [30, 31, 34], "35": [30, 31, 34], "1e": [30, 31, 34], "consol": 31, "relat": 31, "content_base64": 31, "return_current_kei": 31, "value_specified_in_no_log_paramet": 31, "async": 31, "reveal": 31, "TO": 31, "OR": 31, "IN": 31, "sop": 31, "sops_encrypt": 31, "content_text": 31, "overwritten": 31, "set_fact": 31, "publickei": 34, "certificate_cont": [35, 41], "example_fil": [35, 36], "sig": [35, 36], "patrick": [35, 36], "pichler": [35, 36], "aveexi": [35, 36], "marku": [35, 36, 39, 40, 41], "teufelberg": [35, 36, 39, 40, 41], "markusteufelberg": [35, 36, 39, 40, 41], "word": [38, 39, 43], "whole": [38, 39], "issuer_ord": [38, 39, 42, 43, 44], "issuer_uri": [38, 39], "20190413202428z": [38, 39, 40, 42, 43, 44], "20190331202428z": [38, 39, 40, 44], "ocsp_uri": [38, 39], "respond": [38, 39], "1234": [38, 39, 42, 43, 44], "sha256withrsaencrypt": [38, 39, 40, 42, 43, 44], "openssl_certificate_info": 39, "short": [39, 40], "redirect": [39, 40], "fqcn": [39, 40], "dict": 39, "pattern": [39, 40, 41, 43, 44], "yyyymmddhhmmssz": [39, 40, 41, 43, 44], "csr_path": [39, 40, 41], "tomorrow": 39, "point_1": 39, "point_2": 39, "3w": 39, "notion": [40, 41], "openssl_certif": 40, "intend": [40, 41], "tini": 40, "acme_accountkey_path": 40, "accountkei": 40, "acme_chain": 40, "acme_challenge_path": 40, "80": 40, "job": 40, "entrust_cert_typ": [40, 41], "entrust_not_aft": [40, 41], "stop": [40, 41], "365": [40, 41], "cover": [40, 41], "entrust_requester_email": [40, 41], "entrust_requester_nam": [40, 41], "entrust_requester_phon": [40, 41], "better": [40, 41], "ownca_cont": [40, 41], "ownca_create_authority_key_identifi": [40, 41], "ownca_create_subject_key_identifi": [40, 41], "ski": [40, 41], "create_if_not_provid": [40, 41], "always_cr": [40, 41], "never_cr": [40, 41], "ownca_digest": [40, 41], "On": [40, 41], "maco": [40, 41], "onward": [40, 41], "period": [40, 41], "825": [40, 41], "appl": [40, 41], "en": [40, 41], "ht210176": [40, 41], "3650d": [40, 41], "ownca_privatekey_cont": [40, 41], "resp": [40, 41], "ownca_vers": [40, 41], "nowadai": [40, 41], "almost": [40, 41], "emul": 40, "selfsigned_create_subject_key_identifi": [40, 41], "selfsigned_digest": [40, 41], "selfsigned_notaft": [40, 41], "selfsigned_notbefor": [40, 41], "selfsigned_vers": [40, 41], "minut": [40, 41, 44], "mandatori": [40, 41, 44], "dedic": [40, 41], "onc": [40, 41, 44], "ansible_ca": 40, "assertonli": 40, "invalid_at": 40, "valid_in": 40, "one_day_ten_hour": 40, "1d10h": 40, "fixed_timestamp": 40, "20200331202428z": 40, "ten_second": 40, "result_csr": 40, "result_privatekei": 40, "sha512withrsaencrypt": 40, "subject_strict": 40, "issuer_strict": 40, "has_expir": 40, "key_usage_strict": 40, "extended_key_usage_strict": 40, "subject_alt_name_strict": 40, "ie": 41, "ownca_cert": 41, "ownca_privatekei": 41, "hunter2": 41, "the_csr": 41, "list_revoked_certif": [42, 43], "larg": [42, 43], "enumer": [42, 43], "last_upd": [42, 43, 44], "next_upd": [42, 43, 44], "revoked_certif": [42, 43, 44], "invalidity_d": [42, 43, 44], "suspect": [42, 43, 44], "compromis": [42, 43, 44], "becam": [42, 43, 44], "invalidity_date_crit": [42, 43, 44], "issuer_crit": [42, 43, 44], "remove_from_crl": [42, 43, 44], "reason_crit": [42, 43, 44], "revocation_d": [42, 43, 44], "crl_mode": 44, "interest": 44, "collis": 44, "combin": 44, "2345": 44, "20191013152910z": 44, "20191001000000z": 44, "20191010010203z": 44}, "objects": {}, "objtypes": {}, "objnames": {}, "titleterms": {"commun": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "crypto": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "acme_account_fact": 0, "acme_account_info": 1, "modul": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "retriev": [1, 8, 21, 28, 32, 38, 42, 43], "inform": [1, 21, 22, 28, 29, 32, 33, 38, 39, 42, 43], "acm": [1, 2, 3, 4, 5, 6], "account": [1, 2], "synopsi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "requir": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "paramet": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "attribut": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "note": [1, 2, 3, 4, 6, 11, 12, 14, 18, 23, 24, 35, 36, 39, 40, 41, 43, 44], "see": [1, 2, 3, 4, 5, 6, 11, 12, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43], "also": [1, 2, 3, 4, 5, 6, 11, 12, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43], "exampl": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "return": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "valu": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "author": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "collect": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "link": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "acme_account": 2, "creat": [2, 3, 9, 10], "modifi": 2, "delet": 2, "acme_certif": 3, "ssl": [3, 11], "tl": [3, 5, 11], "certif": [3, 4, 5, 7, 9, 10, 11, 12, 14, 17, 21, 22, 23, 24, 38, 39, 40, 41, 43, 44], "protocol": [3, 4], "acme_certificate_revok": 4, "revok": 4, "acme_challenge_cert_help": 5, "prepar": 5, "challeng": 5, "alpn": 5, "01": 5, "acme_inspect": 6, "send": 6, "direct": 6, "request": [6, 11, 12, 21, 22, 23, 24], "an": [6, 34], "server": 6, "certificate_complete_chain": 7, "complet": 7, "chain": 7, "given": 7, "set": [7, 9], "untrust": 7, "root": 7, "crypto_info": 8, "cryptograph": 8, "capabl": 8, "how": [9, 10], "small": 9, "ca": 9, "up": 9, "us": 9, "sign": [9, 10, 21, 22, 23, 24, 36], "self": 10, "ecs_certif": 11, "entrust": [11, 12], "servic": [11, 12], "ec": [11, 12], "api": [11, 12], "ecs_domain": 12, "valid": 12, "domain": 12, "index": [13, 15], "all": 13, "environ": 13, "variabl": 13, "get_certif": 14, "get": 14, "from": [14, 21, 28, 32, 34, 38, 42], "host": [14, 17], "port": 14, "descript": 15, "scenario": 15, "guid": 15, "plugin": 15, "filter": [15, 21, 28, 32, 37, 38, 42], "luks_devic": 16, "manag": 16, "encrypt": 16, "luk": 16, "devic": 16, "openssh_cert": 17, "gener": [17, 18, 23, 24, 25, 26, 30, 31, 34, 40, 41, 44], "openssh": [17, 18], "user": 17, "openssh_keypair": 18, "privat": [18, 27, 28, 29, 30, 31, 34], "public": [18, 32, 33, 34], "kei": [18, 27, 28, 29, 30, 31, 32, 33, 34], "openssl_certificate_info": 19, "openssl_certif": 20, "openssl_csr_info": [21, 22], "openssl": [21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41], "csr": [21, 22, 23, 24], "input": [21, 28, 32, 37, 38, 42], "keyword": [21, 28, 38, 42], "provid": [22, 29, 33, 39], "openssl_csr": 23, "openssl_csr_pip": 24, "openssl_dhparam": 25, "diffi": 25, "hellman": 25, "openssl_pkcs12": 26, "pkc": 26, "12": 26, "archiv": 26, "openssl_privatekey_convert": 27, "convert": 27, "openssl_privatekey_info": [28, 29], "openssl_privatekei": 30, "openssl_privatekey_pip": 31, "without": 31, "disk": 31, "access": 31, "openssl_publickey_info": [32, 33], "pem": [32, 37, 38, 42], "format": [32, 38, 42], "openssl_publickei": 34, "its": 34, "openssl_signature_info": 35, "verifi": 35, "signatur": 35, "openssl_signatur": 36, "data": 36, "split_pem": 37, "split": 37, "file": 37, "content": 37, "multipl": 37, "object": 37, "x509_certificate_info": [38, 39], "x": [38, 39, 42], "509": [38, 39, 42], "x509_certif": 40, "check": [40, 41], "x509_certificate_pip": 41, "x509_crl_info": [42, 43], "crl": [42, 43, 44], "revoc": [43, 44], "list": [43, 44], "x509_crl": 44}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 8, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx": 57}, "alltitles": {"community.crypto.acme_account_facts": [[0, "community-crypto-acme-account-facts"]], "community.crypto.acme_account_info module \u2013 Retrieves information on ACME accounts": [[1, "community-crypto-acme-account-info-module-retrieves-information-on-acme-accounts"]], "Synopsis": [[1, "synopsis"], [2, "synopsis"], [3, "synopsis"], [4, "synopsis"], [5, "synopsis"], [6, "synopsis"], [7, "synopsis"], [8, "synopsis"], [11, "synopsis"], [12, "synopsis"], [14, "synopsis"], [16, "synopsis"], [17, "synopsis"], [18, "synopsis"], [21, "synopsis"], [22, "synopsis"], [23, "synopsis"], [24, "synopsis"], [25, "synopsis"], [26, "synopsis"], [27, "synopsis"], [28, "synopsis"], [29, "synopsis"], [30, "synopsis"], [31, "synopsis"], [32, "synopsis"], [33, "synopsis"], [34, "synopsis"], [35, "synopsis"], [36, "synopsis"], [37, "synopsis"], [38, "synopsis"], [39, "synopsis"], [40, "synopsis"], [41, "synopsis"], [42, "synopsis"], [43, "synopsis"], [44, "synopsis"]], "Requirements": [[1, "requirements"], [2, "requirements"], [3, "requirements"], [4, "requirements"], [5, "requirements"], [6, "requirements"], [7, "requirements"], [11, "requirements"], [12, "requirements"], [14, "requirements"], [16, "requirements"], [17, "requirements"], [18, "requirements"], [21, "requirements"], [22, "requirements"], [23, "requirements"], [24, "requirements"], [25, "requirements"], [26, "requirements"], [27, "requirements"], [28, "requirements"], [29, "requirements"], [30, "requirements"], [31, "requirements"], [33, "requirements"], [34, "requirements"], [35, "requirements"], [36, "requirements"], [38, "requirements"], [39, "requirements"], [40, "requirements"], [41, "requirements"], [42, "requirements"], [43, "requirements"], [44, "requirements"]], "Parameters": [[1, "parameters"], [2, "parameters"], [3, "parameters"], [4, "parameters"], [5, "parameters"], [6, "parameters"], [7, "parameters"], [11, "parameters"], [12, "parameters"], [14, "parameters"], [16, "parameters"], [17, "parameters"], [18, "parameters"], [22, "parameters"], [23, "parameters"], [24, "parameters"], [25, "parameters"], [26, "parameters"], [27, "parameters"], [29, "parameters"], [30, "parameters"], [31, "parameters"], [33, "parameters"], [34, "parameters"], [35, "parameters"], [36, "parameters"], [39, "parameters"], [40, "parameters"], [41, "parameters"], [43, "parameters"], [44, "parameters"]], "Attributes": [[1, "attributes"], [2, "attributes"], [3, "attributes"], [4, "attributes"], [5, "attributes"], [6, "attributes"], [7, "attributes"], [8, "attributes"], [11, "attributes"], [12, "attributes"], [14, "attributes"], [16, "attributes"], [17, "attributes"], [18, "attributes"], [22, "attributes"], [23, "attributes"], [24, "attributes"], [25, "attributes"], [26, "attributes"], [27, "attributes"], [29, "attributes"], [30, "attributes"], [31, "attributes"], [33, "attributes"], [34, "attributes"], [35, "attributes"], [36, "attributes"], [39, "attributes"], [40, "attributes"], [41, "attributes"], [43, "attributes"], [44, "attributes"]], "Notes": [[1, "notes"], [2, "notes"], [3, "notes"], [4, "notes"], [6, "notes"], [11, "notes"], [12, "notes"], [14, "notes"], [18, "notes"], [23, "notes"], [24, "notes"], [35, "notes"], [36, "notes"], [39, "notes"], [40, "notes"], [41, "notes"], [43, "notes"], [44, "notes"]], "See Also": [[1, "see-also"], [2, "see-also"], [3, "see-also"], [4, "see-also"], [5, "see-also"], [6, "see-also"], [11, "see-also"], [12, "see-also"], [21, "see-also"], [22, "see-also"], [23, "see-also"], [24, "see-also"], [25, "see-also"], [26, "see-also"], [27, "see-also"], [28, "see-also"], [29, "see-also"], [30, "see-also"], [31, "see-also"], [32, "see-also"], [33, "see-also"], [34, "see-also"], [35, "see-also"], [36, "see-also"], [38, "see-also"], [39, "see-also"], [40, "see-also"], [41, "see-also"], [42, "see-also"], [43, "see-also"]], "Examples": [[1, "examples"], [2, "examples"], [3, "examples"], [4, "examples"], [5, "examples"], [6, "examples"], [7, "examples"], [8, "examples"], [11, "examples"], [12, "examples"], [14, "examples"], [16, "examples"], [17, "examples"], [18, "examples"], [21, "examples"], [22, "examples"], [23, "examples"], [24, "examples"], [25, "examples"], [26, "examples"], [27, "examples"], [28, "examples"], [29, "examples"], [30, "examples"], [31, "examples"], [32, "examples"], [33, "examples"], [34, "examples"], [35, "examples"], [36, "examples"], [37, "examples"], [38, "examples"], [39, "examples"], [40, "examples"], [41, "examples"], [42, "examples"], [43, "examples"], [44, "examples"]], "Return Values": [[1, "return-values"], [2, "return-values"], [3, "return-values"], [5, "return-values"], [6, "return-values"], [7, "return-values"], [8, "return-values"], [11, "return-values"], [12, "return-values"], [14, "return-values"], [16, "return-values"], [17, "return-values"], [18, "return-values"], [22, "return-values"], [23, "return-values"], [24, "return-values"], [25, "return-values"], [26, "return-values"], [27, "return-values"], [29, "return-values"], [30, "return-values"], [31, "return-values"], [33, "return-values"], [34, "return-values"], [35, "return-values"], [36, "return-values"], [39, "return-values"], [40, "return-values"], [41, "return-values"], [43, "return-values"], [44, "return-values"]], "Authors": [[1, "authors"], [2, "authors"], [3, "authors"], [4, "authors"], [5, "authors"], [6, "authors"], [7, "authors"], [8, "authors"], [11, "authors"], [12, "authors"], [14, "authors"], [16, "authors"], [17, "authors"], [18, "authors"], [21, "authors"], [22, "authors"], [23, "authors"], [24, "authors"], [25, "authors"], [26, "authors"], [27, "authors"], [28, "authors"], [29, "authors"], [30, "authors"], [31, "authors"], [32, "authors"], [33, "authors"], [34, "authors"], [35, "authors"], [36, "authors"], [37, "authors"], [38, "authors"], [39, "authors"], [40, "authors"], [41, "authors"], [42, "authors"], [43, "authors"], [44, "authors"]], "Collection links": [[1, "collection-links"], [2, "collection-links"], [3, "collection-links"], [4, "collection-links"], [5, "collection-links"], [6, "collection-links"], [7, "collection-links"], [8, "collection-links"], [11, "collection-links"], [12, "collection-links"], [14, "collection-links"], [16, "collection-links"], [17, "collection-links"], [18, "collection-links"], [21, "collection-links"], [22, "collection-links"], [23, "collection-links"], [24, "collection-links"], [25, "collection-links"], [26, "collection-links"], [27, "collection-links"], [28, "collection-links"], [29, "collection-links"], [30, "collection-links"], [31, "collection-links"], [32, "collection-links"], [33, "collection-links"], [34, "collection-links"], [35, "collection-links"], [36, "collection-links"], [37, "collection-links"], [38, "collection-links"], [39, "collection-links"], [40, "collection-links"], [41, "collection-links"], [42, "collection-links"], [43, "collection-links"], [44, "collection-links"]], "community.crypto.acme_account module \u2013 Create, modify or delete ACME accounts": [[2, "community-crypto-acme-account-module-create-modify-or-delete-acme-accounts"]], "community.crypto.acme_certificate module \u2013 Create SSL/TLS certificates with the ACME protocol": [[3, "community-crypto-acme-certificate-module-create-ssl-tls-certificates-with-the-acme-protocol"]], "community.crypto.acme_certificate_revoke module \u2013 Revoke certificates with the ACME protocol": [[4, "community-crypto-acme-certificate-revoke-module-revoke-certificates-with-the-acme-protocol"]], "community.crypto.acme_challenge_cert_helper module \u2013 Prepare certificates required for ACME challenges such as tls-alpn-01": [[5, "community-crypto-acme-challenge-cert-helper-module-prepare-certificates-required-for-acme-challenges-such-as-tls-alpn-01"]], "community.crypto.acme_inspect module \u2013 Send direct requests to an ACME server": [[6, "community-crypto-acme-inspect-module-send-direct-requests-to-an-acme-server"]], "community.crypto.certificate_complete_chain module \u2013 Complete certificate chain given a set of untrusted and root certificates": [[7, "community-crypto-certificate-complete-chain-module-complete-certificate-chain-given-a-set-of-untrusted-and-root-certificates"]], "community.crypto.crypto_info module \u2013 Retrieve cryptographic capabilities": [[8, "community-crypto-crypto-info-module-retrieve-cryptographic-capabilities"]], "How to create a small CA": [[9, "how-to-create-a-small-ca"]], "Set up the CA": [[9, "set-up-the-ca"]], "Use the CA to sign a certificate": [[9, "use-the-ca-to-sign-a-certificate"]], "How to create self-signed certificates": [[10, "how-to-create-self-signed-certificates"]], "community.crypto.ecs_certificate module \u2013 Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API": [[11, "community-crypto-ecs-certificate-module-request-ssl-tls-certificates-with-the-entrust-certificate-services-ecs-api"]], "community.crypto.ecs_domain module \u2013 Request validation of a domain with the Entrust Certificate Services (ECS) API": [[12, "community-crypto-ecs-domain-module-request-validation-of-a-domain-with-the-entrust-certificate-services-ecs-api"]], "Index of all Collection Environment Variables": [[13, "index-of-all-collection-environment-variables"]], "community.crypto.get_certificate module \u2013 Get a certificate from a host:port": [[14, "community-crypto-get-certificate-module-get-a-certificate-from-a-host-port"]], "Community.Crypto": [[15, "community-crypto"]], "Description": [[15, "description"]], "Communication": [[15, "communication"]], "Scenario Guides": [[15, "scenario-guides"]], "Plugin Index": [[15, "plugin-index"]], "Modules": [[15, "modules"]], "Filter Plugins": [[15, "filter-plugins"]], "community.crypto.luks_device module \u2013 Manage encrypted (LUKS) devices": [[16, "community-crypto-luks-device-module-manage-encrypted-luks-devices"]], "community.crypto.openssh_cert module \u2013 Generate OpenSSH host or user certificates.": [[17, "community-crypto-openssh-cert-module-generate-openssh-host-or-user-certificates"]], "community.crypto.openssh_keypair module \u2013 Generate OpenSSH private and public keys": [[18, "community-crypto-openssh-keypair-module-generate-openssh-private-and-public-keys"]], "community.crypto.openssl_certificate_info": [[19, "community-crypto-openssl-certificate-info"]], "community.crypto.openssl_certificate": [[20, "community-crypto-openssl-certificate"]], "community.crypto.openssl_csr_info filter \u2013 Retrieve information from OpenSSL Certificate Signing Requests (CSR)": [[21, "community-crypto-openssl-csr-info-filter-retrieve-information-from-openssl-certificate-signing-requests-csr"]], "Input": [[21, "input"], [28, "input"], [32, "input"], [37, "input"], [38, "input"], [42, "input"]], "Keyword parameters": [[21, "keyword-parameters"], [28, "keyword-parameters"], [38, "keyword-parameters"], [42, "keyword-parameters"]], "Return Value": [[21, "return-value"], [28, "return-value"], [32, "return-value"], [37, "return-value"], [38, "return-value"], [42, "return-value"]], "community.crypto.openssl_csr_info module \u2013 Provide information of OpenSSL Certificate Signing Requests (CSR)": [[22, "community-crypto-openssl-csr-info-module-provide-information-of-openssl-certificate-signing-requests-csr"]], "community.crypto.openssl_csr module \u2013 Generate OpenSSL Certificate Signing Request (CSR)": [[23, "community-crypto-openssl-csr-module-generate-openssl-certificate-signing-request-csr"]], "community.crypto.openssl_csr_pipe module \u2013 Generate OpenSSL Certificate Signing Request (CSR)": [[24, "community-crypto-openssl-csr-pipe-module-generate-openssl-certificate-signing-request-csr"]], "community.crypto.openssl_dhparam module \u2013 Generate OpenSSL Diffie-Hellman Parameters": [[25, "community-crypto-openssl-dhparam-module-generate-openssl-diffie-hellman-parameters"]], "community.crypto.openssl_pkcs12 module \u2013 Generate OpenSSL PKCS#12 archive": [[26, "community-crypto-openssl-pkcs12-module-generate-openssl-pkcs-12-archive"]], "community.crypto.openssl_privatekey_convert module \u2013 Convert OpenSSL private keys": [[27, "community-crypto-openssl-privatekey-convert-module-convert-openssl-private-keys"]], "community.crypto.openssl_privatekey_info filter \u2013 Retrieve information from OpenSSL private keys": [[28, "community-crypto-openssl-privatekey-info-filter-retrieve-information-from-openssl-private-keys"]], "community.crypto.openssl_privatekey_info module \u2013 Provide information for OpenSSL private keys": [[29, "community-crypto-openssl-privatekey-info-module-provide-information-for-openssl-private-keys"]], "community.crypto.openssl_privatekey module \u2013 Generate OpenSSL private keys": [[30, "community-crypto-openssl-privatekey-module-generate-openssl-private-keys"]], "community.crypto.openssl_privatekey_pipe module \u2013 Generate OpenSSL private keys without disk access": [[31, "community-crypto-openssl-privatekey-pipe-module-generate-openssl-private-keys-without-disk-access"]], "community.crypto.openssl_publickey_info filter \u2013 Retrieve information from OpenSSL public keys in PEM format": [[32, "community-crypto-openssl-publickey-info-filter-retrieve-information-from-openssl-public-keys-in-pem-format"]], "community.crypto.openssl_publickey_info module \u2013 Provide information for OpenSSL public keys": [[33, "community-crypto-openssl-publickey-info-module-provide-information-for-openssl-public-keys"]], "community.crypto.openssl_publickey module \u2013 Generate an OpenSSL public key from its private key.": [[34, "community-crypto-openssl-publickey-module-generate-an-openssl-public-key-from-its-private-key"]], "community.crypto.openssl_signature_info module \u2013 Verify signatures with openssl": [[35, "community-crypto-openssl-signature-info-module-verify-signatures-with-openssl"]], "community.crypto.openssl_signature module \u2013 Sign data with openssl": [[36, "community-crypto-openssl-signature-module-sign-data-with-openssl"]], "community.crypto.split_pem filter \u2013 Split PEM file contents into multiple objects": [[37, "community-crypto-split-pem-filter-split-pem-file-contents-into-multiple-objects"]], "community.crypto.x509_certificate_info filter \u2013 Retrieve information from X.509 certificates in PEM format": [[38, "community-crypto-x509-certificate-info-filter-retrieve-information-from-x-509-certificates-in-pem-format"]], "community.crypto.x509_certificate_info module \u2013 Provide information of OpenSSL X.509 certificates": [[39, "community-crypto-x509-certificate-info-module-provide-information-of-openssl-x-509-certificates"]], "community.crypto.x509_certificate module \u2013 Generate and/or check OpenSSL certificates": [[40, "community-crypto-x509-certificate-module-generate-and-or-check-openssl-certificates"]], "community.crypto.x509_certificate_pipe module \u2013 Generate and/or check OpenSSL certificates": [[41, "community-crypto-x509-certificate-pipe-module-generate-and-or-check-openssl-certificates"]], "community.crypto.x509_crl_info filter \u2013 Retrieve information from X.509 CRLs in PEM format": [[42, "community-crypto-x509-crl-info-filter-retrieve-information-from-x-509-crls-in-pem-format"]], "community.crypto.x509_crl_info module \u2013 Retrieve information on Certificate Revocation Lists (CRLs)": [[43, "community-crypto-x509-crl-info-module-retrieve-information-on-certificate-revocation-lists-crls"]], "community.crypto.x509_crl module \u2013 Generate Certificate Revocation Lists (CRLs)": [[44, "community-crypto-x509-crl-module-generate-certificate-revocation-lists-crls"]]}, "indexentries": {}}) \ No newline at end of file +Search.setIndex({"docnames": ["acme_account_facts_module", "acme_account_info_module", "acme_account_module", "acme_certificate_module", "acme_certificate_revoke_module", "acme_challenge_cert_helper_module", "acme_inspect_module", "certificate_complete_chain_module", "crypto_info_module", "docsite/guide_ownca", "docsite/guide_selfsigned", "ecs_certificate_module", "ecs_domain_module", "environment_variables", "get_certificate_module", "index", "luks_device_module", "openssh_cert_module", "openssh_keypair_module", "openssl_certificate_info_module", "openssl_certificate_module", "openssl_csr_info_filter", "openssl_csr_info_module", "openssl_csr_module", "openssl_csr_pipe_module", "openssl_dhparam_module", "openssl_pkcs12_module", "openssl_privatekey_convert_module", "openssl_privatekey_info_filter", "openssl_privatekey_info_module", "openssl_privatekey_module", "openssl_privatekey_pipe_module", "openssl_publickey_info_filter", "openssl_publickey_info_module", "openssl_publickey_module", "openssl_signature_info_module", "openssl_signature_module", "split_pem_filter", "x509_certificate_info_filter", "x509_certificate_info_module", "x509_certificate_module", "x509_certificate_pipe_module", "x509_crl_info_filter", "x509_crl_info_module", "x509_crl_module"], "filenames": ["acme_account_facts_module.rst", "acme_account_info_module.rst", "acme_account_module.rst", "acme_certificate_module.rst", "acme_certificate_revoke_module.rst", "acme_challenge_cert_helper_module.rst", "acme_inspect_module.rst", "certificate_complete_chain_module.rst", "crypto_info_module.rst", "docsite/guide_ownca.rst", "docsite/guide_selfsigned.rst", "ecs_certificate_module.rst", "ecs_domain_module.rst", "environment_variables.rst", "get_certificate_module.rst", "index.rst", "luks_device_module.rst", "openssh_cert_module.rst", "openssh_keypair_module.rst", "openssl_certificate_info_module.rst", "openssl_certificate_module.rst", "openssl_csr_info_filter.rst", "openssl_csr_info_module.rst", "openssl_csr_module.rst", "openssl_csr_pipe_module.rst", "openssl_dhparam_module.rst", "openssl_pkcs12_module.rst", "openssl_privatekey_convert_module.rst", "openssl_privatekey_info_filter.rst", "openssl_privatekey_info_module.rst", "openssl_privatekey_module.rst", "openssl_privatekey_pipe_module.rst", "openssl_publickey_info_filter.rst", "openssl_publickey_info_module.rst", "openssl_publickey_module.rst", "openssl_signature_info_module.rst", "openssl_signature_module.rst", "split_pem_filter.rst", "x509_certificate_info_filter.rst", "x509_certificate_info_module.rst", "x509_certificate_module.rst", "x509_certificate_pipe_module.rst", "x509_crl_info_filter.rst", "x509_crl_info_module.rst", "x509_crl_module.rst"], "titles": ["community.crypto.acme_account_facts", "community.crypto.acme_account_info module \u2013 Retrieves information on ACME accounts", "community.crypto.acme_account module \u2013 Create, modify or delete ACME accounts", "community.crypto.acme_certificate module \u2013 Create SSL/TLS certificates with the ACME protocol", "community.crypto.acme_certificate_revoke module \u2013 Revoke certificates with the ACME protocol", "community.crypto.acme_challenge_cert_helper module \u2013 Prepare certificates required for ACME challenges such as tls-alpn-01", "community.crypto.acme_inspect module \u2013 Send direct requests to an ACME server", "community.crypto.certificate_complete_chain module \u2013 Complete certificate chain given a set of untrusted and root certificates", "community.crypto.crypto_info module \u2013 Retrieve cryptographic capabilities", "How to create a small CA", "How to create self-signed certificates", "community.crypto.ecs_certificate module \u2013 Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API", "community.crypto.ecs_domain module \u2013 Request validation of a domain with the Entrust Certificate Services (ECS) API", "Index of all Collection Environment Variables", "community.crypto.get_certificate module \u2013 Get a certificate from a host:port", "Community.Crypto", "community.crypto.luks_device module \u2013 Manage encrypted (LUKS) devices", "community.crypto.openssh_cert module \u2013 Generate OpenSSH host or user certificates.", "community.crypto.openssh_keypair module \u2013 Generate OpenSSH private and public keys", "community.crypto.openssl_certificate_info", "community.crypto.openssl_certificate", "community.crypto.openssl_csr_info filter \u2013 Retrieve information from OpenSSL Certificate Signing Requests (CSR)", "community.crypto.openssl_csr_info module \u2013 Provide information of OpenSSL Certificate Signing Requests (CSR)", "community.crypto.openssl_csr module \u2013 Generate OpenSSL Certificate Signing Request (CSR)", "community.crypto.openssl_csr_pipe module \u2013 Generate OpenSSL Certificate Signing Request (CSR)", "community.crypto.openssl_dhparam module \u2013 Generate OpenSSL Diffie-Hellman Parameters", "community.crypto.openssl_pkcs12 module \u2013 Generate OpenSSL PKCS#12 archive", "community.crypto.openssl_privatekey_convert module \u2013 Convert OpenSSL private keys", "community.crypto.openssl_privatekey_info filter \u2013 Retrieve information from OpenSSL private keys", "community.crypto.openssl_privatekey_info module \u2013 Provide information for OpenSSL private keys", "community.crypto.openssl_privatekey module \u2013 Generate OpenSSL private keys", "community.crypto.openssl_privatekey_pipe module \u2013 Generate OpenSSL private keys without disk access", "community.crypto.openssl_publickey_info filter \u2013 Retrieve information from OpenSSL public keys in PEM format", "community.crypto.openssl_publickey_info module \u2013 Provide information for OpenSSL public keys", "community.crypto.openssl_publickey module \u2013 Generate an OpenSSL public key from its private key.", "community.crypto.openssl_signature_info module \u2013 Verify signatures with openssl", "community.crypto.openssl_signature module \u2013 Sign data with openssl", "community.crypto.split_pem filter \u2013 Split PEM file contents into multiple objects", "community.crypto.x509_certificate_info filter \u2013 Retrieve information from X.509 certificates in PEM format", "community.crypto.x509_certificate_info module \u2013 Provide information of OpenSSL X.509 certificates", "community.crypto.x509_certificate module \u2013 Generate and/or check OpenSSL certificates", "community.crypto.x509_certificate_pipe module \u2013 Generate and/or check OpenSSL certificates", "community.crypto.x509_crl_info filter \u2013 Retrieve information from X.509 CRLs in PEM format", "community.crypto.x509_crl_info module \u2013 Retrieve information on Certificate Revocation Lists (CRLs)", "community.crypto.x509_crl module \u2013 Generate Certificate Revocation Lists (CRLs)"], "terms": {"thi": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "plugin": [0, 13, 19, 20, 21, 22, 28, 29, 31, 32, 33, 37, 38, 39, 42, 43], "wa": [0, 1, 3, 4, 6, 9, 11, 14, 16, 18, 19, 20, 21, 22, 23, 24, 26, 29, 30, 31, 34, 35, 38, 39, 40, 42, 43, 44], "part": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "collect": [0, 9, 10, 15, 19, 20], "version": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "2": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "14": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "1": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "modul": [0, 9, 10, 19, 20, 21, 28, 32, 38, 42], "ha": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 42, 43, 44], "been": [0, 1, 2, 3, 4, 6, 11, 13, 14, 16, 17, 19, 20, 23, 24, 29, 34, 41, 44], "remov": [0, 1, 2, 3, 4, 6, 16, 19, 20, 26, 34, 40, 44], "0": [0, 1, 2, 3, 4, 5, 6, 8, 11, 12, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "The": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "renam": [0, 19, 20, 39, 40, 44], "acme_account_info": [0, 2, 15], "i": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "To": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "instal": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "us": [1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "ansibl": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "galaxi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "you": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "need": [1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "further": [1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "abl": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "detail": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "playbook": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "specifi": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "allow": [1, 2, 3, 4, 6, 11, 12, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "ca": [1, 2, 3, 4, 6, 7, 11, 15, 17, 21, 22, 23, 24, 26, 37, 38, 39, 40, 41, 42, 43, 44], "support": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "protocol": [1, 2, 5, 6, 14, 15, 18, 40], "let": [1, 2, 3, 4, 6, 40], "": [1, 2, 3, 4, 5, 6, 9, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 41, 42, 43, 44], "encrypt": [1, 2, 3, 4, 6, 14, 15, 18, 26, 27, 30, 31, 40], "onli": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "work": [1, 2, 3, 4, 6, 16, 27, 30, 31, 34], "v2": [1, 2, 3, 4, 6, 34], "below": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "ar": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "host": [1, 2, 3, 4, 5, 6, 7, 11, 12, 15, 16, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "execut": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "either": [1, 2, 3, 4, 6, 11, 12, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 33, 34, 35, 36, 39, 40, 41, 43, 44], "openssl": [1, 2, 3, 4, 6, 7, 8, 14, 15, 38], "cryptographi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 18, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 43, 44], "5": [1, 2, 3, 4, 6, 7, 8, 12, 16, 21, 22, 30, 31, 35, 36, 38, 39, 40, 41], "ipaddress": [1, 2, 3, 4, 6], "comment": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "account_key_cont": [1, 2, 3, 4, 6], "string": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "content": [1, 2, 3, 4, 5, 6, 7, 9, 11, 12, 14, 15, 16, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "rsa": [1, 2, 3, 4, 6, 8, 10, 17, 18, 21, 22, 28, 29, 30, 31, 32, 33, 35, 36, 38, 39], "ellipt": [1, 2, 3, 4, 6, 8, 18, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "curv": [1, 2, 3, 4, 6, 8, 18, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "kei": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 21, 22, 23, 24, 25, 26, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "mutual": [1, 2, 3, 4, 5, 6, 16, 23, 24, 26, 40, 41, 44], "exclus": [1, 2, 3, 4, 5, 6, 16, 23, 24, 26, 40, 41, 44], "account_key_src": [1, 2, 3, 4, 5, 6, 8], "warn": [1, 2, 3, 4, 6, 28, 29, 39, 40], "written": [1, 2, 3, 4, 6, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 44], "temporari": [1, 2, 3, 4, 6], "file": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "which": [1, 2, 3, 4, 6, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "delet": [1, 3, 4, 6, 15], "when": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "complet": [1, 2, 3, 4, 6, 8, 15, 16, 31], "sinc": [1, 2, 3, 4, 6, 9, 16, 23, 24, 26, 29], "an": [1, 2, 3, 4, 5, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 38, 39, 40, 41, 42, 43, 44], "import": [1, 2, 3, 4, 6, 8, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 44], "privat": [1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 15, 17, 21, 22, 23, 24, 25, 26, 32, 33, 35, 36, 38, 39, 40, 41, 42, 43, 44], "can": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 42, 43, 44], "chang": [1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "revok": [1, 2, 3, 6, 11, 15, 42, 43, 44], "your": [1, 2, 3, 4, 6, 9, 11, 12, 23, 24, 25, 30, 40, 41], "certif": [1, 2, 6, 15, 25, 26, 28, 30, 31, 34, 35, 36, 37, 42], "without": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 33, 34, 35, 36, 39, 40, 41, 43, 44], "know": [1, 2, 3, 4, 6, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40], "might": [1, 2, 3, 4, 6, 14, 27, 30, 31, 34, 44], "accept": [1, 2, 3, 4, 6, 11, 23, 24], "In": [1, 2, 3, 4, 6, 9, 11, 18, 21, 22, 26, 29, 30, 41], "case": [1, 2, 3, 4, 6, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 25, 26, 27, 29, 30, 31, 34, 38, 39, 40, 44], "It": [1, 2, 3, 4, 6, 7, 11, 18, 22, 27, 29, 30, 33, 39, 40, 41, 44], "still": [1, 2, 3, 4, 6, 11, 17, 22, 29, 39, 40], "happen": [1, 2, 3, 4, 6], "disk": [1, 2, 3, 4, 6, 7, 10, 15, 23, 24, 27, 29, 30, 34, 40, 41], "process": [1, 2, 3, 4, 6, 12, 16, 44], "move": [1, 2, 3, 4, 6, 11, 39, 40, 41], "its": [1, 2, 3, 4, 6, 7, 9, 11, 12, 15, 16, 17, 18, 23, 24, 25, 26, 27, 30, 31, 33, 40, 41], "argument": [1, 2, 3, 4, 6, 25], "node": [1, 2, 3, 4, 6, 21, 28, 38, 42], "where": [1, 2, 3, 4, 6, 9, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 33, 34, 39, 40, 41, 43, 44], "account_key_passphras": [1, 2, 3, 4, 6], "ad": [1, 2, 3, 4, 5, 6, 7, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 29, 30, 34, 39, 40, 41, 42, 43, 44], "6": [1, 2, 3, 4, 5, 6, 8, 11, 14, 16, 18, 21, 22, 23, 24, 30, 31, 35, 36, 38, 39, 40, 41], "phassphras": [1, 2, 3, 4, 5, 6], "decod": [1, 2, 3, 4, 5, 6, 21, 22, 28, 38, 39, 42, 43, 44], "backend": [1, 2, 3, 4, 6, 14, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "alias": [1, 2, 3, 4, 6, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 41, 44], "account_kei": [1, 2, 3, 4, 6], "path": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "contain": [1, 2, 3, 4, 5, 6, 7, 12, 14, 16, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 40, 44], "creat": [1, 4, 5, 6, 11, 15, 16, 17, 18, 23, 24, 25, 26, 27, 30, 33, 34, 40, 41, 43, 44], "openssl_privatekei": [1, 2, 3, 6, 9, 10, 11, 15, 23, 24, 25, 26, 27, 29, 31, 33, 34, 36, 40, 41], "openssl_privatekey_pip": [1, 2, 3, 6, 15, 23, 24, 27, 29, 30, 34, 40, 41], "If": [1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "requisit": [1, 2, 3, 6], "avail": [1, 2, 3, 4, 6, 8, 10, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 44], "directli": [1, 2, 3, 6, 10, 39, 40], "command": [1, 2, 3, 6, 16, 17], "line": [1, 2, 3, 6, 16], "tool": [1, 2, 3, 4, 6, 23, 24], "genrsa": [1, 2, 3, 6], "ecparam": [1, 2, 3, 4, 6], "genkei": [1, 2, 3, 4, 6], "ani": [1, 2, 3, 4, 6, 9, 10, 11, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 40, 41], "other": [1, 2, 3, 4, 6, 11, 17, 18, 23, 24, 26, 30, 31, 38, 39, 43, 44], "pem": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 14, 15, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "format": [1, 2, 3, 4, 5, 6, 7, 11, 14, 15, 16, 17, 18, 21, 22, 26, 27, 28, 29, 30, 31, 34, 39, 40, 41, 43, 44], "well": [1, 2, 3, 4, 6, 12, 26, 27, 30, 31, 34, 40], "account_uri": [1, 2, 3, 4, 6], "assum": [1, 2, 3, 4, 6, 7, 9, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "uri": [1, 2, 3, 4, 6, 21, 22, 23, 24, 28, 38, 39, 42, 43, 44], "given": [1, 2, 3, 4, 5, 6, 15, 16, 23, 24, 35], "doe": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "match": [1, 2, 3, 4, 6, 7, 12, 17, 18, 23, 24, 25, 30, 31, 40, 44], "exist": [1, 2, 3, 4, 5, 6, 9, 11, 16, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 40, 41, 44], "fail": [1, 2, 3, 4, 6, 11, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 34, 38, 39, 40, 42, 43, 44], "acme_directori": [1, 2, 3, 4, 6, 40], "directori": [1, 2, 3, 4, 6, 7, 40], "entri": [1, 2, 3, 4, 5, 6, 12, 21, 22, 28, 32, 37, 38, 39, 40, 42, 44], "point": [1, 2, 3, 4, 6, 7, 11, 17, 21, 22, 23, 24, 28, 29, 32, 33, 38, 39, 40, 41, 42, 43, 44], "url": [1, 2, 3, 4, 6], "access": [1, 2, 3, 4, 6, 12, 15, 23, 24, 27, 29, 30, 34, 40, 41, 44], "server": [1, 2, 3, 4, 9, 11, 12, 14, 15, 17, 23, 24, 40, 41], "api": [1, 2, 3, 4, 6, 15, 40, 41], "For": [1, 2, 3, 4, 6, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 37, 38, 39, 40, 41, 42], "safeti": [1, 2, 3, 4, 6], "reason": [1, 2, 3, 4, 6, 23, 24, 40, 41, 42, 43, 44], "default": [1, 2, 3, 4, 6, 7, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "set": [1, 2, 3, 4, 5, 6, 11, 13, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "stage": [1, 2, 3, 4, 6, 40], "v1": [1, 2, 3, 4, 6], "technic": [1, 2, 3, 4, 6, 11], "correct": [1, 2, 3, 4, 6, 7, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "untrust": [1, 2, 3, 4, 6, 15], "all": [1, 2, 3, 4, 6, 7, 8, 9, 11, 14, 17, 18, 21, 22, 26, 28, 29, 30, 31, 37, 38, 39, 40, 41, 42, 43, 44], "endpoint": [1, 2, 3, 4, 6], "found": [1, 2, 3, 4, 6, 8, 12], "here": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "http": [1, 2, 3, 4, 5, 6, 11, 12, 14, 17, 23, 24, 30, 40, 41], "letsencrypt": [1, 2, 3, 4, 6, 40], "org": [1, 2, 3, 4, 6, 11, 23, 24, 40, 42, 43, 44], "doc": [1, 2, 3, 4, 6, 9, 10, 30, 40], "environ": [1, 2, 3, 4, 5, 6, 40], "buypass": [1, 2, 3, 4, 6, 40], "com": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 17, 21, 22, 23, 24, 26, 27, 29, 30, 33, 34, 38, 39, 40, 41, 42, 43, 44], "t": [1, 2, 3, 4, 6, 9, 17, 18, 22, 23, 25, 26, 27, 29, 30, 33, 34, 39, 40, 44], "63d4ai": [1, 2, 3, 4, 6], "go": [1, 2, 3, 4, 6], "ssl": [1, 2, 4, 5, 6, 7, 12, 14, 15, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 39, 40, 41, 43, 44], "product": [1, 2, 3, 4, 6, 11, 31], "v02": [1, 2, 3, 4, 6, 40], "zerossl": [1, 2, 3, 4, 6], "dv90": [1, 2, 3, 4, 6], "sectigo": [1, 2, 3, 4, 6], "qa": [1, 2, 3, 4, 6], "secur": [1, 2, 3, 4, 6, 11, 14, 26, 40, 41], "trust": [1, 2, 3, 4, 6, 42, 43, 44], "provid": [1, 2, 3, 4, 5, 6, 9, 10, 11, 12, 14, 15, 16, 18, 21, 23, 24, 28, 30, 31, 32, 34, 38, 40, 41, 42, 43], "dv": [1, 2, 3, 4, 6], "list": [1, 2, 3, 4, 6, 7, 8, 11, 12, 14, 15, 17, 21, 22, 23, 24, 26, 28, 32, 37, 38, 39, 42], "servic": [1, 2, 3, 4, 6, 15, 40, 41], "test": [1, 2, 3, 4, 6, 11, 12, 18, 21, 22, 38, 39], "against": [1, 2, 3, 4, 6, 11, 14, 17], "acme_vers": [1, 2, 3, 4, 6], "integ": [1, 2, 3, 4, 6, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 32, 33, 38, 39, 40, 41, 42, 43, 44], "must": [1, 2, 3, 4, 5, 6, 9, 11, 12, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 43, 44], "classic": [1, 2, 3, 4, 6], "standard": [1, 2, 3, 4, 6, 11], "deprec": [1, 2, 3, 4, 6, 14, 18, 39, 40, 44], "from": [1, 2, 3, 4, 6, 7, 9, 10, 11, 12, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 39, 40, 41, 43, 44], "3": [1, 2, 3, 4, 5, 6, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 26, 27, 29, 30, 31, 33, 34, 38, 39, 40, 41, 44], "choic": [1, 2, 3, 4, 5, 6, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "request_timeout": [1, 2, 3, 4, 6], "time": [1, 2, 3, 4, 6, 11, 12, 14, 16, 17, 21, 22, 26, 28, 29, 32, 33, 38, 39, 40, 41, 42, 43, 44], "should": [1, 2, 3, 4, 5, 6, 8, 11, 12, 14, 17, 18, 21, 22, 23, 24, 25, 26, 27, 30, 31, 34, 38, 39, 40, 41, 43, 44], "wait": [1, 2, 3, 4, 6], "respons": [1, 2, 3, 4, 6, 11], "timeout": [1, 2, 3, 4, 6, 14], "appli": [1, 2, 3, 4, 6, 11, 14, 17, 18], "request": [1, 2, 3, 4, 5, 7, 8, 9, 10, 14, 15, 16, 17, 18, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "head": [1, 2, 3, 4, 6], "get": [1, 2, 3, 4, 6, 11, 15, 17, 18, 22, 23, 25, 26, 27, 29, 30, 33, 34, 39, 40, 43, 44], "post": [1, 2, 3, 4, 6, 11], "10": [1, 2, 3, 4, 6, 10, 14, 15, 16, 17, 18, 21, 28, 30, 31, 32, 34, 37, 38, 39, 40, 41, 42], "retrieve_ord": 1, "whether": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 34, 38, 39, 40, 41, 42, 43, 44], "order": [1, 3, 6, 11, 14, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33, 34, 37, 38, 39, 40, 42, 43, 44], "object": [1, 3, 6, 15, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "A": [1, 2, 5, 7, 8, 11, 14, 22, 23, 24, 29, 33, 35, 37, 39, 40, 41, 43, 44], "ignor": [1, 2, 3, 7, 11, 17, 18, 21, 22, 23, 24, 26, 28, 31, 37, 38, 39, 40, 41, 42, 43, 44], "fetch": 1, "order_uri": [1, 3, 6], "alwai": [1, 2, 3, 4, 5, 6, 8, 10, 11, 12, 14, 17, 18, 26, 29, 30, 31, 39, 40, 41, 44], "popul": 1, "option": [1, 2, 3, 4, 6, 11, 14, 16, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 39, 40, 41, 44], "object_list": 1, "current": [1, 3, 8, 11, 12, 14, 17, 18, 23, 24, 25, 26, 27, 30, 31, 34, 40, 41, 44], "so": [1, 2, 3, 4, 6, 11, 12, 16, 17, 18, 21, 23, 25, 26, 27, 28, 29, 30, 31, 34, 38, 40, 42, 44], "result": [1, 4, 5, 9, 10, 11, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 38, 39, 40, 41, 42, 43, 44], "empti": [1, 3, 8], "url_list": 1, "select_crypto_backend": [1, 2, 3, 4, 6, 14, 22, 23, 24, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41], "determin": [1, 2, 3, 4, 6, 14, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41], "auto": [1, 2, 3, 4, 6, 14, 18, 22, 23, 24, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41], "tri": [1, 2, 3, 4, 6, 7, 14, 22, 23, 24, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41], "fall": [1, 2, 3, 4, 6, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "back": [1, 2, 3, 4, 6, 9, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "try": [1, 2, 3, 4, 6, 7, 8, 14, 16, 22, 23, 24, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41], "binari": [1, 2, 3, 4, 6, 8, 14, 18, 25], "librari": [1, 2, 3, 4, 6, 8, 14, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "validate_cert": [1, 2, 3, 4, 6], "boolean": [1, 2, 3, 4, 6, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 44], "call": [1, 2, 3, 4, 6, 11, 26, 39, 40, 44], "valid": [1, 2, 3, 4, 5, 6, 7, 9, 10, 11, 14, 15, 17, 21, 22, 23, 24, 35, 36, 39, 40, 41, 44], "tl": [1, 2, 4, 6, 14, 15, 23, 24, 26, 27, 30, 31, 34, 40, 41], "ever": [1, 2, 3, 4, 6], "fals": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 44], "purpos": [1, 2, 3, 4, 6, 11, 23, 24, 40, 41], "local": [1, 2, 3, 4, 6, 11, 12, 21, 28, 38, 40, 41, 42], "pebbl": [1, 2, 3, 4, 6], "true": [1, 2, 3, 4, 6, 8, 9, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 44], "descript": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "action_group": [1, 2, 3, 4, 6], "action": [1, 2, 3, 4, 5, 6, 7, 8, 11, 14, 17, 18, 22, 23, 25, 26, 29, 30, 31, 33, 34, 35, 36, 39, 40, 43, 44], "group": [1, 2, 3, 4, 6, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40, 44], "module_default": [1, 2, 3, 4, 6], "check_mod": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "full": [1, 2, 3, 7, 8, 11, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "modifi": [1, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "state": [1, 2, 3, 5, 7, 8, 14, 16, 17, 18, 22, 23, 25, 26, 29, 30, 33, 34, 35, 36, 39, 40, 43, 44], "run": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "statu": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "predict": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "target": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "diff_mod": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "n": [1, 5, 6, 7, 8, 14, 22, 29, 33, 35, 39, 43], "Will": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 43, 44], "what": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "possibli": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "diff": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "mode": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "acme_account": [1, 3, 15], "acme_account_fact": 1, "befor": [1, 3, 12, 21, 28, 32, 37, 38, 40, 41, 42, 44], "8": [1, 3, 4, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40], "usag": [1, 3, 7, 10, 11, 15, 16, 23, 40, 41, 44], "did": [1, 3, 31], "new": [1, 2, 3, 4, 5, 6, 8, 9, 11, 12, 16, 17, 18, 21, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "enough": [1, 2, 3, 4, 6], "instead": [1, 2, 3, 4, 6, 10, 16, 17, 23, 24, 30, 31, 44], "explicitli": [1, 2, 3, 4, 6, 27, 29, 30], "disabl": [1, 2, 3, 4, 6, 11, 16, 17, 29], "enabl": [1, 2, 3, 4, 6, 11, 17, 23, 24], "slower": [1, 2, 3, 4, 6], "less": [1, 2, 3, 4, 6, 12, 17], "have": [1, 2, 3, 4, 6, 10, 11, 12, 13, 17, 18, 21, 23, 25, 26, 27, 28, 29, 30, 31, 32, 34, 37, 38, 40, 41, 42, 44], "store": [1, 2, 3, 4, 6, 10, 11, 12, 16, 24, 26, 27, 40, 41], "although": [1, 2, 3, 4, 6], "chosen": [1, 2, 3, 4, 6, 26], "principl": [1, 2, 3, 4, 6], "far": [1, 2, 3, 4, 6], "develop": [1, 2, 3, 4, 6, 40], "we": [1, 2, 3, 4, 5, 6, 9, 26, 30, 31], "got": [1, 2, 3, 4, 6], "feedback": [1, 2, 3, 4, 6], "thei": [1, 2, 3, 4, 6, 12, 14, 16, 18, 25, 30, 31, 39, 43], "incommon": [1, 2, 3, 4, 6], "experi": [1, 2, 3, 4, 6], "problem": [1, 2, 3, 4, 6], "anoth": [1, 2, 3, 4, 6, 7, 9, 10, 11, 16, 21, 22, 28, 30, 38, 39, 41, 42, 43, 44], "pleas": [1, 2, 3, 4, 6, 7, 9, 14, 18, 23, 24, 25, 27, 30, 31, 40, 41], "issu": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "help": [1, 2, 3, 4, 6, 11], "u": [1, 2, 3, 4, 6, 17, 18, 23, 25, 26, 27, 30, 34, 40, 41], "mention": [1, 2, 3, 4, 6, 26], "appreci": [1, 2, 3, 4, 6], "name": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "check": [1, 3, 7, 9, 11, 15, 17, 21, 22, 23, 24, 25, 26, 29, 30, 31, 34, 35, 39, 42, 43, 44], "etc": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 22, 23, 24, 25, 26, 27, 29, 30, 33, 34, 39, 40, 41, 43, 44], "pki": [1, 2, 3, 4, 5, 6, 8, 12], "cert": [1, 2, 3, 4, 5, 6, 8, 11, 14, 17, 21, 22, 23, 24, 26, 28, 35, 36, 38, 39, 42, 44], "regist": [1, 3, 5, 6, 7, 8, 9, 10, 14, 22, 24, 29, 31, 33, 35, 36, 39, 40, 41, 43], "account_data": 1, "verifi": [1, 7, 12, 15, 36, 40], "builtin": [1, 3, 7, 8, 14, 21, 22, 24, 28, 29, 31, 32, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43], "assert": [1, 35, 36, 39, 40], "print": [1, 24, 37, 41, 43], "debug": [1, 2, 3, 4, 6, 8, 11, 14, 21, 22, 24, 28, 29, 31, 32, 33, 37, 38, 39, 41, 42, 43], "var": [1, 3, 6, 8, 14, 22, 24, 29, 33, 39, 41], "contact": [1, 2, 3, 6], "acme_account_kei": 1, "acme_account_uri": 1, "common": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "document": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "follow": [1, 2, 3, 5, 6, 7, 8, 9, 11, 12, 13, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "field": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 43, 44], "uniqu": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "dictionari": [1, 2, 3, 5, 6, 8, 11, 14, 16, 21, 22, 23, 24, 28, 29, 30, 31, 32, 33, 34, 38, 39, 42, 43, 44], "element": [1, 2, 3, 7, 8, 11, 12, 14, 17, 21, 22, 23, 24, 26, 28, 29, 32, 33, 37, 38, 39, 42, 43, 44], "challeng": [1, 3, 6, 15, 40], "resourc": [1, 3, 5, 12], "sampl": [1, 3, 4, 5, 6, 8, 11, 12, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 42, 43, 44], "mailto": [1, 2, 6], "me": [1, 2, 6], "tel": 1, "00123456789": 1, "queri": [1, 3, 22, 29, 33, 39], "public_account_kei": 1, "public": [1, 3, 11, 15, 17, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 38, 39, 40, 41], "json": [1, 6, 11, 14, 42, 43], "web": [1, 12], "kty": [1, 6], "ec": [1, 3, 15, 40, 41], "crv": 1, "p": [1, 21, 22, 28, 29, 32, 33, 38, 39], "256": [1, 17, 18], "x": [1, 6, 14, 15, 21, 22, 28, 29, 32, 33, 43], "mkbctnickusdii11yss3526idz8aito7tu6kpaqv7d4": 1, "y": [1, 14, 21, 22, 28, 29, 32, 33, 38, 39], "4etl6srw2yilurn5vfvvhuhp7x8pxltmwwlbbm4ifym": 1, "deactiv": [1, 2, 3, 11], "none": [1, 2, 3, 4, 5, 6, 11, 12, 14, 16, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 34, 36, 38, 39], "success": [1, 3, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "error": [1, 3, 4, 6, 8, 11, 16, 40], "occur": [1, 44], "dure": [1, 2, 3, 11, 17, 26], "about": [1, 2, 11, 12, 14, 17, 23, 24, 28, 29], "structur": 1, "rfc7807": 1, "expir": [1, 3, 6, 10, 11, 12, 14, 38, 39, 40, 41, 44], "timestamp": [1, 17, 23, 25, 26, 27, 30, 34, 39, 40, 41, 43, 44], "describ": [1, 21, 23, 24, 28, 32, 37, 38, 42], "rfc3339": [1, 11], "includ": [1, 3, 7, 9, 11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 38, 39, 40, 42, 43, 44], "pend": [1, 11], "give": [1, 17, 18, 23, 25, 26, 27, 30, 34, 40], "expiri": [1, 11, 40, 41], "date": [1, 6, 7, 11, 14, 38, 39, 40, 41, 42, 43, 44], "final": [1, 3], "identifi": [1, 2, 3, 5, 11, 16, 17, 21, 22, 23, 24, 38, 39, 40, 41], "type": [1, 3, 5, 6, 10, 11, 12, 16, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 44], "dn": [1, 3, 5, 9, 10, 12, 21, 22, 23, 24, 28, 38, 39, 40, 42, 43, 44], "ip": [1, 3, 5, 14, 21, 22, 23, 24, 38, 39], "hostnam": [1, 14], "address": [1, 2, 3, 5, 11, 12, 17, 21, 22, 28, 38, 39, 42, 43, 44], "wildcard": [1, 3], "actual": [1, 5, 17, 18, 23, 25, 26, 27, 30, 34, 40], "prefix": [1, 2, 23, 24], "notaft": [1, 38, 39], "notbefor": [1, 38, 39], "readi": [1, 11], "invalid": [1, 11, 37, 42, 43, 44], "felix": [1, 2, 4, 5, 6, 7, 8, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 37, 38, 39, 41, 42, 43, 44], "fontein": [1, 2, 4, 5, 6, 7, 8, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 37, 38, 39, 41, 42, 43, 44], "felixfontein": [1, 2, 4, 5, 6, 7, 8, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 37, 38, 39, 41, 42, 43, 44], "tracker": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "repositori": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "sourc": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "submit": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "bug": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "report": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "featur": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "allow_cr": 2, "creation": [2, 3, 6, 16], "present": [2, 3, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 30, 34, 38, 39, 40, 44], "email": [2, 3, 11, 12, 21, 22, 23, 24, 28, 38, 39, 40, 41, 42, 43, 44], "ietf": [2, 3, 6, 23, 24], "html": [2, 3, 6, 23, 24, 30], "rfc8555": [2, 3, 6], "section": [2, 3, 4, 6, 23, 24], "7": [2, 3, 6, 14, 17, 18, 21, 22, 26, 33, 38, 39, 42, 43], "absent": [2, 16, 17, 18, 23, 25, 26, 30, 34, 40, 44], "changed_kei": 2, "external_account_bind": 2, "extern": [2, 3], "bind": [2, 3], "data": [2, 3, 5, 11, 12, 15, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 38, 39, 40, 41, 44], "like": [2, 3, 10, 17, 18, 23, 25, 26, 27, 30, 34, 40, 41], "specif": [2, 3, 4, 5, 6, 10, 11, 12, 16, 23, 24, 26, 39, 40, 41], "properli": [2, 6], "custom": [2, 11, 18], "alg": 2, "mac": [2, 26], "algorithm": [2, 14, 16, 17, 18, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 41, 42, 43, 44], "probabl": 2, "hs256": 2, "hs384": 2, "hs512": 2, "base64": [2, 3, 14, 21, 22, 26, 30, 31, 35, 36, 38, 39, 43, 44], "encod": [2, 3, 6, 11, 14, 21, 22, 26, 28, 30, 31, 35, 36, 38, 39, 42, 43, 44], "pad": 2, "symbol": [2, 7, 17, 18, 23, 25, 26, 27, 30, 34, 40], "end": [2, 3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40], "omit": [2, 9, 16, 17, 18], "kid": 2, "new_account_key_cont": 2, "same": [2, 3, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 44], "restrict": [2, 3, 17, 23, 24], "new_account_key_src": 2, "new_account_key_passphras": 2, "inform": [2, 3, 4, 5, 6, 8, 10, 11, 12, 14, 15, 17, 23, 24, 30, 31, 40, 41], "touch": 2, "terms_agre": [2, 3], "indic": [2, 3, 11, 14, 23, 24, 29, 31], "agre": [2, 3], "term": [2, 3, 6], "acme_certif": [2, 5, 6, 7, 15], "do": [2, 3, 6, 9, 10, 11, 12, 16, 17, 18, 23, 25, 26, 27, 29, 30, 31, 34, 40], "basic": [2, 3, 21, 22, 23, 24, 28, 29, 32, 33, 38, 39], "manag": [2, 3, 4, 5, 6, 11, 15, 34], "both": [2, 3, 11, 18, 22, 23, 24, 29, 33, 34, 35, 36, 39, 41, 43, 44], "recommend": [2, 11, 12, 40, 41], "modify_account": [2, 3], "automat": [2, 3, 4, 5, 6, 16, 30, 31, 40], "rfc": [2, 3, 4, 5, 6, 23, 24], "8555": [2, 3, 4, 5, 6], "retriev": [2, 3, 6, 14, 15, 23, 24, 40, 41], "fact": 2, "write": [2, 3, 6, 7, 9, 16, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 41, 44], "acme_inspect": [2, 3, 4, 15], "make": [2, 3, 6, 11, 14, 16, 18, 28, 29, 30, 31, 35, 36, 39, 44], "sure": [2, 3, 16, 18, 28, 29, 30, 31, 35, 36, 44], "TOS": 2, "myself": [2, 3], "one": [2, 3, 4, 7, 9, 11, 12, 14, 17, 18, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "variabl": [2, 3, 9, 21, 22, 28, 29, 32, 37, 38, 42], "new_account_kei": 2, "renew": [3, 11], "implement": [3, 31, 40, 41], "01": [3, 6, 11, 15, 17, 30, 31, 34], "alpn": [3, 6, 15], "twice": 3, "two": [3, 23, 24], "differ": [3, 4, 10, 12, 14, 17, 18, 23, 25, 30, 34, 40, 44], "task": [3, 11, 17, 18, 30, 31, 39], "output": [3, 6, 8, 11, 17, 26, 30, 31], "first": [3, 5, 6, 10, 11, 12, 16, 26, 39], "record": [3, 11, 12], "pass": [3, 9, 11], "second": [3, 12, 14, 16, 39, 40, 41, 44], "between": [3, 16, 18], "fulfil": 3, "step": [3, 11, 26], "whatev": 3, "mean": [3, 11, 35], "necessari": [3, 17], "destin": [3, 11, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40], "webserv": 3, "serv": [3, 40], "perform": [3, 11, 12, 16, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 44], "how": [3, 5, 12, 14, 15, 21, 22, 23, 24, 28, 30, 38, 39, 40, 42, 43, 44], "read": [3, 9, 16, 17, 18, 23, 25, 26, 27, 30, 31, 34, 35, 36, 40, 41, 44], "through": 3, "main": 3, "consid": [3, 17, 18, 23, 24, 25, 26, 30, 40], "experiment": 3, "accord": [3, 23, 24], "8738": 3, "account_email": 3, "associ": [3, 7, 11, 12], "account": [3, 4, 5, 6, 8, 11, 15], "more": [3, 7, 11, 14, 17, 23, 24, 26, 40, 41, 44], "than": [3, 4, 11, 12, 17, 18, 21, 22, 23, 24, 26, 28, 38, 39, 40, 41, 42, 43, 44], "updat": [3, 6, 12, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 44], "most": [3, 16], "agreement": [3, 11, 21, 22, 38, 39], "latest": [3, 30, 44], "gather": 3, "chain_dest": 3, "chain": [3, 11, 14, 15, 40], "intermedi": [3, 7, 11, 26, 31, 40], "some": [3, 4, 14, 16, 31, 35, 36, 42, 43], "assur": 3, "could": [3, 11, 23, 25, 29, 30, 40, 41], "foo": [3, 16, 17], "certain": [3, 17, 39], "period": [3, 40, 41], "csr": [3, 5, 6, 7, 9, 10, 11, 15, 25, 26, 28, 30, 31, 34, 39, 40, 41], "src": [3, 9, 26, 41], "openssl_csr": [3, 10, 11, 15, 22, 24, 25, 26, 30, 31, 34, 40, 41], "req": 3, "mai": [3, 11, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 41], "multipl": [3, 9, 10, 11, 15, 21, 22, 23, 24, 26, 28, 29, 32, 33, 38, 39], "subject": [3, 7, 10, 11, 14, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 30, 34, 38, 39, 40, 41, 42, 44], "altern": [3, 10, 11, 23, 24, 40, 41], "each": [3, 9, 11, 21, 28, 30, 31, 32, 34, 37, 38, 42], "lead": [3, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "individu": [3, 17], "sign": [3, 5, 8, 11, 14, 15, 17, 25, 26, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 44], "bad": 3, "idea": 3, "view": 3, "precis": 3, "csr_content": [3, 9, 10, 40, 41], "openssl_csr_pip": [3, 9, 10, 15, 22, 23, 30, 31, 34, 40, 41], "ongo": 3, "previou": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "non": [3, 8, 11, 17], "activ": [3, 6, 11, 12], "taken": 3, "mark": [3, 23, 24], "no_log": [3, 30, 31], "up": [3, 5, 11, 16, 17, 18, 21, 23, 25, 26, 27, 28, 30, 32, 34, 37, 38, 39, 40, 42], "longer": [3, 16, 23, 24], "wai": [3, 5, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "caus": [3, 14, 17, 18], "messag": 3, "come": 3, "unus": 3, "anywai": 3, "deactivate_authz": 3, "authent": [3, 6, 11, 12, 17, 23, 24, 40, 41], "authz": [3, 6], "after": [3, 16, 40, 41], "bound": 3, "remain": [3, 11, 12, 16, 17], "amount": 3, "re": [3, 12, 14, 18, 21, 22, 23, 24, 25, 26, 30, 31, 34, 38, 39, 40, 41, 44], "domain": [3, 5, 11, 15, 21, 22, 28, 38, 39, 42, 43, 44], "concern": [3, 23, 25, 30, 40], "dest": [3, 5, 7, 9, 24, 41], "fullchain_dest": [3, 6], "forc": [3, 11, 17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 41, 44], "enforc": 3, "even": [3, 4, 11, 16, 17, 18, 25, 26, 30, 34, 40, 41], "remaining_dai": [3, 11], "especi": [3, 30], "addit": [3, 11, 16, 23, 24], "desir": [3, 16], "fullchain": [3, 6, 7], "want": [3, 9, 10, 11, 12, 16, 18, 23, 24, 28, 29, 44], "avoid": [3, 11, 12, 17, 18, 23, 25, 26, 27, 29, 30, 34, 39, 40, 41, 44], "accident": [3, 28, 29, 30, 31], "old": [3, 11, 23, 24, 39, 40, 44], "number": [3, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40, 41, 42, 43, 44], "dai": [3, 11, 12, 14, 39, 40, 41], "left": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "being": [3, 11, 17, 30, 31, 39, 40, 41], "cert_dai": [3, 11], "challenge_data": [3, 5], "retrieve_all_altern": 3, "offer": [3, 9, 10], "These": [3, 15, 21, 23, 24, 28, 38, 42], "togeth": [3, 16, 26], "all_chain": 3, "select_chain": 3, "criteria": 3, "select": [3, 5, 10, 18, 26, 30, 31], "until": [3, 7, 11, 14], "criterium": 3, "header": [3, 5, 6], "determinist": 3, "everi": [3, 11, 12, 18, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 38, 39, 40, 41, 44], "consist": [3, 29], "condit": [3, 14, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "issuer": [3, 7, 14, 21, 22, 23, 24, 38, 39, 40, 42, 43, 44], "authority_key_identifi": [3, 21, 22, 23, 24, 38, 39], "authoritykeyidentifi": [3, 21, 22, 23, 24, 38, 39], "extens": [3, 5, 6, 14, 18, 21, 22, 23, 24, 38, 39, 42, 43, 44], "base": [3, 11, 16, 17, 30, 31], "form": [3, 7, 11, 38, 39], "c4": 3, "a7": 3, "b1": [3, 30, 31, 34], "a4": 3, "7b": 3, "2c": [3, 30, 31, 34], "71": [3, 30, 31, 34], "fa": 3, "db": 3, "e1": [3, 30, 31, 34], "4b": 3, "90": [3, 11, 12, 40, 41], "75": [3, 30, 31, 34], "ff": [3, 21, 22, 23, 24, 28, 29, 32, 33, 38, 39], "15": [3, 6, 11, 26, 40, 41], "60": [3, 11, 12, 30, 31, 34], "85": [3, 30, 31, 34], "89": 3, "would": [3, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "commonnam": [3, 21, 22, 23, 24, 38, 39, 40, 42, 43, 44], "my": [3, 30, 43, 44], "prefer": [3, 21, 22, 28, 38, 39, 42, 43, 44], "root": [3, 11, 14, 15, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "cn": [3, 9, 11, 14, 23, 24, 44], "subject_key_identifi": [3, 21, 22, 23, 24, 38, 39], "subjectkeyidentifi": [3, 21, 22, 38, 39], "a8": 3, "4a": [3, 21, 22, 28, 29, 32, 33, 38, 39], "6a": [3, 30, 31, 34], "63": [3, 11, 21, 22, 28, 29, 32, 33, 38, 39], "04": [3, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "7d": [3, 44], "dd": [3, 17, 21, 22, 23, 24, 30, 31, 34, 38, 39], "ba": [3, 21, 22, 28, 29, 32, 33, 38, 39], "e6": [3, 21, 22, 28, 29, 32, 33, 38, 39], "d1": 3, "39": [3, 30, 31, 34], "b7": 3, "a6": [3, 30, 31, 34], "45": 3, "65": 3, "ef": [3, 30, 31, 34], "f3": 3, "a1": [3, 30, 31, 34], "test_certif": 3, "exclud": [3, 17, 21, 22, 23, 24], "leaf": [3, 7], "ident": [3, 17], "last": [3, 16, 21, 22, 38, 39, 42, 43, 44], "furthest": 3, "awai": 3, "Its": 3, "safe_file_oper": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "strict": [3, 6, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "oper": [3, 11, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "function": [3, 11, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "ensur": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "proper": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "permiss": [3, 11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "corrupt": [3, 11, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 44], "At": [3, 17], "least": [3, 11, 23, 24, 35, 36], "control": [3, 6, 12, 14, 21, 28, 31, 38, 42, 43], "over": 3, "rate": [3, 4], "limit": [3, 4, 16, 17], "8737": [3, 5, 6], "acme_challenge_cert_help": [3, 15], "prepar": [3, 15], "certificate_complete_chain": [3, 15], "find": [3, 7, 12], "acme_certificate_revok": [3, 15], "account_private_kei": 3, "httpd": [3, 4, 5, 6], "crt": [3, 4, 5, 6, 11, 12, 39, 40, 41, 44], "sample_com_challeng": [3, 5], "hashi": 3, "vault": [3, 16, 31], "lookup": [3, 7, 21, 24, 28, 31, 32, 37, 38, 41, 42], "hashi_vault": 3, "secret": [3, 30], "copi": [3, 7, 9, 11, 12, 24, 40, 41], "www": [3, 7, 9, 10, 11, 14, 17, 21, 22, 23, 24, 38, 39, 40, 41], "resource_valu": 3, "item": [3, 5, 23, 37], "loop": [3, 5, 37], "dict2item": 3, "v01": 3, "30": [3, 11, 30, 31, 34], "aw": 3, "route53": 3, "zone": 3, "txt": [3, 12, 17], "ttl": 3, "enclos": 3, "quot": [3, 17, 18, 23, 25, 26, 27, 30, 34, 40], "regex_replac": [3, 23], "map": [3, 11, 23, 39], "challenge_data_dn": 3, "dst": 3, "x3": 3, "cross": 3, "identrust": 3, "As": [3, 17, 18, 23, 25, 26, 27, 30, 34, 40], "long": [3, 12, 14], "switch": 3, "own": [3, 9, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40, 41, 44], "isrg": 3, "x1": 3, "compat": [3, 11, 14, 17, 26], "older": [3, 16, 26, 27, 30, 31, 34, 40], "client": [3, 11, 12, 14, 17, 23, 24, 40, 41, 42, 43, 44], "o": [3, 11, 14, 17, 18, 23, 24, 25, 26, 27, 30, 34, 40], "digit": 3, "signatur": [3, 7, 15, 17, 21, 22, 23, 24, 36, 38, 39, 40, 42, 43, 44], "co": 3, "4": [3, 4, 8, 14, 16, 21, 22, 23, 24, 26, 34, 35, 36, 38, 39, 40], "itself": [3, 44], "concaten": [3, 7], "full_chain": 3, "token": [3, 17], "a5b1c3d2e9f8g7h6": 3, "12345": [3, 6, 21, 22, 38, 39], "2022": [3, 26], "08": [3, 11, 30, 31, 34], "01t01": 3, "02": [3, 11], "34z": 3, "04t01": 3, "03": [3, 11, 23, 25, 26, 27, 30, 34, 40, 44], "45z": 3, "per": [3, 26], "yet": [3, 6], "_acm": 3, "known": [3, 11, 12, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40, 42, 43, 44], "evagxfads6psrb2lav9izf17dt3juxgj": 3, "pct92wr": 3, "oa": 3, "resource_origin": 3, "origin": [3, 11, 14, 21, 22, 23, 25, 26, 27, 30, 34, 38, 39, 40, 44], "produc": 3, "blob": 3, "put": 3, "acmevalid": 3, "x509": 3, "editor": 3, "rfc8737": 3, "b64decod": [3, 9, 41], "jinja": 3, "filter": [3, 22, 29, 33, 39, 43], "extract": [3, 14, 21, 22, 28, 38, 39, 44], "ilirfxkkxa": 3, "17dt3juxgj": 3, "finalization_uri": 3, "michael": 3, "gruener": 3, "mgruener": 3, "exactli": [4, 14, 18, 21, 22, 27, 38, 39], "private_key_src": [4, 5], "private_key_cont": [4, 5, 23, 24, 26, 34], "valu": 4, "private_key_passphras": [4, 5, 27], "revoke_reason": 4, "One": [4, 17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 44], "revoc": [4, 11, 15, 23, 24, 42], "reasoncod": 4, "defin": [4, 10, 11, 12, 13, 16, 23, 24, 30, 31, 40, 41, 44], "rfc5280": [4, 23, 24], "possibl": [4, 11, 14, 21, 22, 38, 39], "unspecifi": [4, 17, 18, 23, 25, 26, 27, 30, 34, 40, 42, 43, 44], "keycompromis": 4, "cacompromis": 4, "affiliationchang": 4, "supersed": [4, 23, 24, 42, 43, 44], "cessationofoper": 4, "certificatehold": 4, "removefromcrl": 4, "9": [4, 14, 15, 18, 30, 31, 39, 40], "privilegewithdrawn": 4, "aacompromis": 4, "return": 4, "alreadi": [4, 11, 12, 16, 17, 18, 23, 24, 25, 26, 30, 34, 40, 41, 43, 44], "unchang": [4, 16], "depend": [4, 8, 11, 14, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "raw": [5, 6, 14, 27, 30, 31], "convert": [5, 15, 18, 21, 22, 28, 30, 31, 38, 39, 42, 43, 44], "simpl": [5, 9, 10], "gener": [5, 7, 11, 15, 16, 21, 22, 27, 29, 33, 35, 36, 38, 39, 43], "dictsort": 5, "sample_com_challenge_cert": 5, "regular_certif": 5, "deliv": 5, "regular": [5, 6], "connect": [5, 6, 14], "except": [5, 6, 14, 18, 21, 22, 23, 24, 26, 30, 31, 38, 39, 44], "challenge_certif": 5, "achiev": 5, "veri": [5, 10, 43], "nginx": [5, 6], "search": 5, "ssl_preread": 5, "ssl_preread_alpn_protocol": 5, "rout": 5, "private_kei": [5, 17, 31], "identifier_typ": 5, "self": [5, 9, 15, 23, 24, 39, 40, 41], "place": [5, 21, 22, 28, 29, 32, 33, 38, 39], "attempt": [6, 18], "encount": 6, "wish": 6, "investig": 6, "sent": [6, 12], "method": [6, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "otherwis": [6, 11, 14, 16, 17, 18, 21, 22, 23, 25, 26, 27, 30, 34, 38, 39, 40, 42, 43, 44], "fail_on_acme_error": 6, "id": [6, 11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "localhost": [6, 14, 23, 41], "m": [6, 14, 17, 23, 24, 39, 40, 41, 44], "acct": 6, "newaccount": 6, "termsofserviceagre": 6, "account_cr": 6, "locat": [6, 11, 12, 40, 43, 44], "account_info": 6, "to_json": 6, "certificate_request": 6, "someth": [6, 26, 39], "went": 6, "wrong": 6, "output_json": 6, "selectattr": 6, "equalto": 6, "http01challeng": 6, "manual": [6, 12], "a85k3x9f91a4": 6, "random": [6, 12], "33417": 6, "keychang": 6, "meta": 6, "caaident": 6, "termsofservic": 6, "le": 6, "sa": 6, "novemb": 6, "2017": 6, "pdf": 6, "websit": 6, "newnonc": 6, "nonc": 6, "neword": 6, "revokecert": 6, "lowercas": 6, "boulder": 6, "cach": 6, "max": 6, "ag": 6, "close": [6, 16], "length": [6, 18, 40], "904": 6, "applic": [6, 11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "cooki": 6, "cookies_str": 6, "wed": 6, "07": [6, 21, 22, 28, 29, 32, 33, 38, 39], "nov": 6, "2018": [6, 11], "12": [6, 14, 15, 23, 24, 25, 30, 31, 34, 40, 41], "34": [6, 21, 22, 28, 29, 32, 33, 38, 39], "56": [6, 30, 31, 34], "gmt": [6, 40, 41], "44": [6, 21, 22, 23, 24, 38, 39], "rel": [6, 17, 23, 24, 39, 40, 41, 44], "msg": [6, 14, 21, 28, 31, 32, 37, 38, 42, 43], "ok": 6, "byte": [6, 16, 21, 22, 23, 24, 38, 39], "pragma": 6, "replai": 6, "1234567890abcdefghijklmnopqrstuvwxyzabcdefgh": 6, "200": 6, "transport": [6, 29], "604800": 6, "46161": 6, "frame": 6, "deni": 6, "pars": [6, 7, 14, 21, 22, 26, 29, 38, 39], "output_text": 6, "text": [6, 11, 12], "see": [7, 9, 14, 16, 17, 18, 44], "note": [7, 9, 16, 17, 21, 22, 25, 26, 27, 28, 29, 30, 31, 38, 42], "input_chain": 7, "intermediate_certif": 7, "filenam": [7, 11, 17, 18, 23, 25, 26, 30, 34, 40, 44], "subdirectori": 7, "scan": 7, "root_certif": 7, "www_ansible_com": 7, "completechain": 7, "join": [7, 14, 21, 28, 38], "complete_chain": 7, "rootchain": 7, "input": [7, 12, 26], "python": [8, 14, 21, 22, 25, 26, 28, 29, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "crypto_inform": 8, "show": [8, 9, 10, 21, 28, 31, 32, 38, 40, 42], "openssl_pres": 8, "usr": [8, 17, 18, 23, 25, 26, 27, 30, 34, 40], "bin": [8, 17, 18, 23, 25, 26, 27, 30, 34, 40], "1m": 8, "version_output": 8, "dec": 8, "2021": 8, "python_cryptography_cap": 8, "python_cryptography_instal": 8, "theoret": 8, "higher": [8, 11, 21, 28, 32, 37, 38, 42], "libssl": 8, "has_dsa": 8, "dsa": [8, 10, 18, 21, 22, 28, 29, 30, 31, 32, 33, 35, 36, 38, 39], "has_dsa_sign": 8, "has_ec": 8, "has_ec_sign": 8, "has_ed25519": 8, "ed25519": [8, 18, 21, 22, 28, 29, 30, 31, 32, 33, 35, 36, 38, 39], "has_ed25519_sign": 8, "has_ed448": 8, "ed448": [8, 21, 22, 28, 29, 30, 31, 32, 33, 35, 36, 38, 39], "has_ed448_sign": 8, "has_rsa": 8, "has_rsa_sign": 8, "has_x25519": 8, "x25519": [8, 10, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "has_x25519_seri": 8, "serial": [8, 11, 14, 17, 21, 22, 23, 24, 38, 39, 42, 43, 44], "has_x448": 8, "x448": [8, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "python_cryptography_import_error": 8, "commun": [9, 10], "crypto": [9, 10], "guid": [9, 10], "exampl": [9, 10], "password": [9, 10, 11, 12, 16, 18, 23, 24, 26, 36, 40, 41, 44], "protect": [9, 10, 16, 18, 23, 24, 30, 31, 34, 36, 40, 41, 44], "secret_ca_passphras": 9, "instruct": [9, 12], "ask": 9, "pai": 9, "commerci": [9, 23, 24], "passphras": [9, 10, 16, 18, 23, 24, 26, 27, 28, 29, 30, 31, 34, 36, 40, 41, 44], "privatekey_path": [9, 10, 22, 23, 24, 26, 33, 34, 35, 36, 39, 40, 41, 44], "privatekey_passphras": [9, 10, 23, 24, 26, 34, 36, 40, 41, 44], "common_nam": [9, 10, 22, 23, 24], "use_common_name_for_san": [9, 23, 24], "san": [9, 10, 11, 23, 24], "don": 9, "basic_constraint": [9, 21, 22, 23, 24, 38, 39], "basic_constraints_crit": [9, 21, 22, 23, 24, 38, 39], "key_usag": [9, 21, 22, 23, 24, 38, 39, 40], "keycertsign": 9, "key_usage_crit": [9, 21, 22, 23, 24, 38, 39], "ca_csr": 9, "x509_certif": [9, 10, 12, 15, 20, 23, 24, 25, 26, 30, 31, 34, 35, 39, 41], "selfsign": [9, 10, 39, 40, 41], "x509_certificate_pip": [9, 15, 23, 24, 30, 31, 34, 39, 40], "server_1": 9, "while": [9, 11, 12, 30, 31, 40, 41], "our": [9, 41], "server_2": 9, "materi": [9, 29, 31], "leav": [9, 29], "respect": [9, 16, 21, 23, 24, 28, 32, 38], "delegate_to": [9, 14, 41], "run_onc": [9, 14], "subject_alt_nam": [9, 10, 11, 21, 22, 23, 24, 28, 38, 39, 40], "ownca": [9, 40, 41], "ownca_path": [9, 40, 41], "ownca_privatekey_path": [9, 40, 41], "ownca_privatekey_passphras": [9, 40, 41], "ownca_not_aft": [9, 40, 41], "365d": [9, 40, 41], "year": [9, 10, 11, 40, 41], "ownca_not_befor": [9, 40, 41], "1d": [9, 30, 31, 34, 39], "yesterdai": 9, "abov": 9, "procedur": 9, "idempot": [9, 16, 17, 26, 31, 40, 41, 44], "extend": [9, 11], "stat": 9, "certificate_exist": 9, "slurp": [9, 41], "els": [9, 26], "kind": 10, "start": [10, 21, 22, 28, 29, 32, 33, 38, 39, 40, 41], "paramet": [10, 15, 32, 37], "4096": [10, 18, 25, 29, 30, 31, 33], "bit": [10, 18, 21, 22, 25, 28, 29, 30, 31, 32, 33, 38, 39], "size": [10, 12, 16, 18, 21, 22, 25, 28, 29, 30, 31, 32, 33, 38, 39], "changem": 10, "proce": 10, "selfsigned_not_aft": [10, 40, 41], "roughli": 10, "selfsigned_not_befor": [10, 40, 41], "now": [10, 11, 17, 40, 41, 44], "properti": 10, "constraint": [10, 23, 24], "organization_nam": [10, 23, 24], "inc": [10, 11], "reissu": 11, "credenti": [11, 12, 40, 41], "organ": [11, 42], "system": [11, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "those": [11, 17, 18, 23, 25, 26, 27, 30, 34, 40], "pyyaml": [11, 12], "11": [11, 12, 14, 17, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40, 44], "additional_email": 11, "receiv": [11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40], "deliveri": 11, "notic": 11, "notif": 11, "backup": [11, 18, 23, 25, 26, 27, 30, 31, 34, 40, 44], "made": [11, 12, 17], "cert_expiri": 11, "compliant": 11, "2020": [11, 17, 18, 23, 25, 26, 27, 30, 34, 40], "23": 11, "23t15": 11, "00": [11, 17, 21, 22, 23, 24, 30, 31, 34, 38, 39, 40, 41], "05z": 11, "request_typ": 11, "issuanc": [11, 40, 41], "subsequ": 11, "initi": [11, 14], "month": [11, 40, 41], "choos": 11, "adjust": [11, 18, 40, 41], "eastern": 11, "est": [11, 40, 41], "unintend": 11, "effect": 11, "pool": 11, "inventori": 11, "model": 11, "cert_lifetim": 11, "lifetim": [11, 40, 41], "cert_typ": 11, "cds_individu": 11, "cds_group": 11, "cds_ent_lit": [11, 40, 41], "cds_ent_pro": [11, 40, 41], "smime_": [11, 40, 41], "p1y": 11, "p2y": 11, "p3y": 11, "standard_ssl": [11, 40, 41], "advantage_ssl": [11, 40, 41], "uc_ssl": [11, 40, 41], "ev_ssl": [11, 40, 41], "wildcard_ssl": [11, 40, 41], "private_ssl": [11, 40, 41], "pd_ssl": [11, 40, 41], "code_sign": 11, "ev_code_sign": 11, "client_id": [11, 12], "under": [11, 12], "primari": [11, 12], "cannot": [11, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 44], "distinguish": 11, "repres": 11, "64": 11, "around": [11, 29], "overrid": [11, 21, 28, 32, 37, 38, 42], "eku": 11, "ou": [11, 14, 23, 24], "organiz": 11, "unit": 11, "replac": [11, 31, 44], "ti": 11, "ct_log": 11, "complianc": 11, "browser": 11, "transpar": 11, "ct": 11, "log": [11, 17, 28, 29, 30, 31], "best": [11, 17, 18, 23, 25, 26, 27, 30, 34, 40], "practic": 11, "techniqu": 11, "owner": [11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "monitor": 11, "elig": [11, 12], "custom_field": 11, "date1": 11, "date2": 11, "date3": 11, "date4": 11, "date5": 11, "dropdown1": 11, "dropdown": 11, "dropdown2": 11, "dropdown3": 11, "dropdown4": 11, "dropdown5": 11, "email1": 11, "email2": 11, "email3": 11, "email4": 11, "email5": 11, "number1": 11, "float": [11, 16], "number2": 11, "number3": 11, "number4": 11, "number5": 11, "text1": 11, "maximum": [11, 21, 22, 28, 29, 32, 33, 38, 39, 40, 41], "500": 11, "charact": 11, "text10": 11, "text11": 11, "text12": 11, "text13": 11, "text14": 11, "text15": 11, "text2": 11, "text3": 11, "text4": 11, "text5": 11, "text6": 11, "text7": 11, "text8": 11, "text9": 11, "server_auth": 11, "client_auth": 11, "server_and_client_auth": 11, "end_user_key_storage_agr": 11, "user": [11, 15, 16, 18, 23, 25, 26, 27, 30, 34, 40, 44], "code": 11, "cryptograph": [11, 15], "hardwar": 11, "csp": 11, "subscript": 11, "acknowledg": 11, "entrust_api_client_cert_key_path": [11, 12, 40, 41], "entrust_api_client_cert_path": [11, 12, 40, 41], "entrust_api_kei": [11, 12, 40, 41], "entrust_api_specification_path": [11, 12, 40, 41], "configur": [11, 12, 13, 16, 17, 18, 21, 23, 25, 26, 27, 28, 30, 31, 32, 34, 37, 38, 40, 41, 42, 44], "keep": [11, 12, 30, 40, 41], "download": [11, 12, 40, 41], "cloud": [11, 12, 40, 41], "net": [11, 12, 40, 41], "entrustcloud": [11, 12, 40, 41], "cm": [11, 12, 40, 41], "yaml": [11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 41], "entrust_api_us": [11, 12, 40, 41], "usernam": [11, 12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 41, 44], "regardless": 11, "within": [11, 12], "past": [11, 38, 39], "full_chain_path": 11, "unless": [11, 12, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "behavior": [11, 18, 26, 30, 31, 40], "neither": 11, "nor": 11, "reus": 11, "unapprov": 11, "failur": [11, 14], "reserv": 11, "futur": 11, "calcul": 11, "tracking_id": 11, "obtain": [11, 12], "act": [11, 17], "upon": [11, 21, 22, 28, 29, 32, 33, 38, 39], "exmapl": 11, "refer": 11, "validate_onli": 11, "cautiou": 11, "along": 11, "requester_email": 11, "track": [11, 40, 41], "requester_nam": 11, "requester_phon": 11, "phone": [11, 40, 41], "arrai": 11, "subjectaltnam": [11, 23, 24], "understand": [11, 16], "tld": 11, "save": [11, 25], "referenc": 11, "tracking_info": 11, "free": 11, "attach": [11, 23, 24], "partial": 11, "bare": 11, "minimum": [11, 18, 40, 41], "jo": [11, 40], "jdoe": [11, 23, 40], "555": [11, 40], "5555": [11, 40], "apiusernam": [11, 12, 40], "lv": [11, 12, 40], "32": [11, 12, 17, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40], "cd9lnt": [11, 12, 40], "20": [11, 23], "79": [11, 30, 31, 34], "migrat": 11, "2378915": 11, "rather": 11, "overridden": [11, 25, 26], "testcertif": 11, "administr": [11, 12], "via": [11, 40], "itsupport": 11, "jsmith": 11, "admin": [11, 12], "invoic": 11, "25": [11, 30, 31, 34], "342": 11, "sale": 11, "red": 11, "backup_fil": [11, 23, 25, 26, 27, 30, 34, 40, 44], "2019": [11, 17, 23, 25, 26, 27, 30, 34, 40, 41, 44], "09": [11, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 44], "22": [11, 21, 22, 23, 24, 25, 26, 27, 30, 31, 34, 38, 39, 40, 44], "backup_full_chain_fil": 11, "253": 11, "cert_detail": 11, "guarante": 11, "forward": [11, 17], "releas": [11, 17], "take": [11, 17, 18, 21, 22, 23, 25, 28, 29, 30, 32, 33, 34, 38, 39, 40, 42, 43, 44], "howev": [11, 16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "audit": 11, "cert_statu": 11, "expand": 11, "approv": [11, 12], "declin": [11, 12], "na": 11, "pending_quorum": 11, "suspend": 11, "serial_numb": [11, 14, 17, 38, 39, 42, 43, 44], "1235262234164342": 11, "380079": 11, "chri": [11, 12], "trufan": [11, 12], "ctrufan": [11, 12], "verification_method": 12, "domain_statu": 12, "dns_content": 12, "dns_locat": 12, "dns_resource_typ": 12, "web_serv": 12, "file_cont": 12, "file_loc": 12, "e": [12, 23, 24], "were": [12, 14], "pure": 12, "domain_nam": 12, "reverifi": 12, "verification_email": 12, "ownership": [12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "whoi": 12, "construct": 12, "webmast": 12, "hostmast": 12, "postmast": 12, "subdomain": 12, "top": 12, "level": [12, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "example1": 12, "example2": 12, "preconstruct": 12, "namespac": 12, "exact": [12, 44], "verif": 12, "prove": 12, "There": [12, 16], "small": [12, 15], "delai": 12, "typic": 12, "Be": 12, "awar": 12, "mani": [12, 14, 44], "ecs_certif": [12, 15], "revalid": 12, "fewer": [12, 40, 41], "ev": 12, "belong": [12, 23, 24], "expect": [12, 30, 31, 39, 40, 41, 44], "ab23cd41432522ff2526920393982fab": 12, "_pki": 12, "cancel": 12, "initial_verif": 12, "re_verif": 12, "ev_days_remain": 12, "submiss": 12, "never": [12, 14, 17, 18, 30, 31, 40, 41, 44], "greater": [12, 17], "ov_days_remain": 12, "ev_elig": 12, "94": [12, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "ov_elig": 12, "abcd": 12, "ov": 12, "129": 12, "declar": 13, "core": [13, 15], "No": 13, "sni": 14, "proxy_host": 14, "asn1_base64": 14, "asn": [14, 21, 22, 38, 39, 40, 41, 42, 43, 44], "claim": 14, "ca_cert": [14, 41], "cipher": [14, 16, 30, 31], "libressl": 14, "fine": 14, "proxi": 14, "proxy_port": 14, "8080": 14, "server_nam": 14, "starttl": 14, "mysql": 14, "succe": 14, "rdp": 14, "3389": 14, "googl": 14, "443": 14, "expire_dai": 14, "not_aft": [14, 38, 39, 40], "to_datetim": 14, "d": [14, 17, 39, 40, 41, 44], "h": [14, 17, 39, 40, 41, 44], "sz": 14, "ansible_date_tim": 14, "iso8601": 14, "dt": 14, "asn1_data": 14, "surviv": 14, "also": [14, 17, 18, 44], "displai": [14, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "github": [14, 15], "80258": 14, "usual": [14, 17, 21, 22, 38, 39], "malform": [14, 21, 22, 38, 39], "critic": [14, 21, 22, 23, 24, 38, 39, 42, 43, 44], "not_befor": [14, 38, 39, 40], "signature_algorithm": [14, 17, 38, 39, 40], "john": 14, "westcott": 14, "iv": 14, "author": 15, "newer": [15, 17, 30, 31, 35, 36], "matrix": 15, "room": 15, "im": 15, "question": 15, "irc": 15, "channel": [15, 29], "libera": 15, "network": 15, "mail": 15, "project": 15, "subscrib": 15, "acm": [15, 40], "requir": [15, 32, 37], "send": [15, 26, 42, 43], "direct": 15, "crypto_info": 15, "capabl": 15, "entrust": [15, 40, 41], "ecs_domain": 15, "get_certif": 15, "port": [15, 17], "luks_devic": 15, "luk": 15, "devic": 15, "openssh_cert": 15, "openssh": [15, 34], "openssh_keypair": [15, 34], "openssl_csr_info": [15, 23, 24, 40], "openssl_dhparam": [15, 23, 24, 26, 30, 31, 34, 40, 41], "diffi": [15, 23, 24, 26, 30, 31, 34, 40, 41], "hellman": [15, 23, 24, 26, 30, 31, 34, 40, 41], "openssl_pkcs12": [15, 23, 24, 25, 30, 31, 34, 40, 41], "pkc": [15, 17, 23, 24, 25, 30, 31, 34, 40, 41], "archiv": [15, 23, 24, 25, 30, 31, 34, 40, 41], "openssl_privatekey_convert": 15, "openssl_privatekey_info": [15, 30, 31, 33, 40], "openssl_publickei": [15, 23, 24, 25, 26, 27, 30, 31, 33, 40, 41], "openssl_publickey_info": 15, "openssl_signatur": [15, 35], "openssl_signature_info": [15, 36], "x509_certificate_info": [15, 19, 40], "509": [15, 43], "x509_crl": [15, 43], "crl": [15, 23, 24], "x509_crl_info": 15, "split_pem": 15, "split": 15, "destroi": 16, "open": 16, "cryptsetup": 16, "wipef": 16, "lsblk": 16, "blkid": 16, "label": [16, 21, 22, 28, 38, 39, 42, 43, 44], "uuid": 16, "pre": [16, 26], "kernel": 16, "ae": [16, 30, 31, 34], "plain": 16, "spec": 16, "essiv": 16, "cbc": 16, "sha256": [16, 18, 21, 22, 23, 24, 28, 29, 30, 31, 32, 33, 34, 38, 39, 40, 41, 44], "dev": 16, "sda1": 16, "force_remove_last_kei": 16, "bewar": 16, "hash": [16, 21, 22, 28, 29, 32, 33, 38, 39], "setup": 16, "scheme": 16, "volum": 16, "digest": [16, 23, 24, 40, 41, 42, 43, 44], "keyfil": 16, "unlock": 16, "plaintext": 16, "danger": 16, "keysiz": [16, 30], "luks2": 16, "later": 16, "luks1": 16, "new_keyfil": 16, "add": [16, 17, 18, 23, 25, 26, 27, 30, 34, 40], "keyslot": 16, "new_passphras": 16, "pbkdf": 16, "deriv": 16, "argon2i": 16, "argon2id": 16, "pbkdf2": 16, "iteration_count": 16, "iter": 16, "count": 16, "iteration_tim": 16, "millisecond": 16, "memori": 16, "cost": 16, "kilobyt": 16, "argon": 16, "parallel": 16, "thread": 16, "perf_no_read_workqueu": 16, "bypass": 16, "dm": 16, "crypt": 16, "intern": 16, "workqueu": 16, "synchron": 16, "perf_no_write_workqueu": 16, "perf_same_cpu_crypt": 16, "cpu": 16, "io": 16, "unbound": 16, "balanc": 16, "perf_submit_from_crypt_cpu": 16, "offload": 16, "separ": [16, 17, 21, 22, 23, 24, 38, 39], "situat": [16, 18, 30, 31], "block": [16, 31], "singl": 16, "degrad": 16, "significantli": 16, "persist": 16, "metadata": 16, "them": [16, 25, 34], "next": [16, 29], "remove_keyfil": 16, "filesystem": [16, 17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "remove_passphras": 16, "sector_s": 16, "sector": 16, "lock": 16, "suffic": 16, "explicit": 16, "With": 16, "loop0": 16, "mycrypt": 16, "keyfile2": 16, "personallabelnam": 16, "03ecd578": 16, "fad4": 16, "4e6c": 16, "9348": 16, "842e3e8fa340": 16, "suppli": 16, "c1da9a58": 16, "2fde": 16, "4256": 16, "9d9f": 16, "6ab008b4dd1b": 16, "jan": 16, "pokorni": 16, "japokorn": 16, "regener": [17, 18, 23, 24, 25, 26, 30, 31, 34, 40, 41, 44], "ssh": [17, 18], "keygen": [17, 18], "attr": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "flag": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "look": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "man": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "page": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "chattr": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "lsattr": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "equival": [17, 18, 30], "fed": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "chown": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "preserv": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "ignore_timestamp": [17, 40, 41, 44], "valid_from": 17, "valid_to": 17, "meet": 17, "chmod": [17, 18, 23, 25, 26, 27, 30, 34, 40], "rememb": [17, 18, 23, 25, 26, 27, 30, 34, 40], "octal": [17, 18, 23, 25, 26, 27, 30, 34, 40], "zero": [17, 18, 23, 25, 26, 27, 30, 34, 40], "parser": [17, 18, 23, 25, 26, 27, 30, 34, 40], "0644": [17, 18, 23, 25, 26, 27, 30, 34, 40], "01777": [17, 18, 23, 25, 26, 27, 30, 34, 40], "644": [17, 18, 23, 25, 26, 27, 30, 34, 40], "1777": [17, 18, 23, 25, 26, 27, 30, 34, 40], "convers": [17, 18, 23, 25, 26, 27, 30, 34, 40], "rule": [17, 18, 23, 25, 26, 27, 30, 34, 40], "decim": [17, 18, 23, 25, 26, 27, 30, 34, 40], "unexpect": [17, 18, 23, 25, 26, 27, 30, 34, 40], "rwx": [17, 18, 23, 25, 26, 27, 30, 34, 40], "rw": [17, 18, 23, 25, 26, 27, 30, 34, 40], "g": [17, 18, 21, 22, 23, 25, 26, 27, 28, 29, 30, 32, 33, 34, 38, 39, 40], "r": [17, 18, 22, 23, 25, 26, 27, 29, 30, 33, 34, 39, 40], "umask": [17, 18, 23, 25, 26, 27, 30, 34, 40], "newli": [17, 18, 23, 25, 26, 27, 30, 34, 40], "cve": [17, 18, 23, 25, 26, 27, 30, 34, 40], "1736": [17, 18, 23, 25, 26, 27, 30, 34, 40], "clear": 17, "shell": 17, "agent": 17, "permit": [17, 21, 22, 23, 24], "pty": 17, "alloc": 17, "rc": 17, "sshd": 17, "x11": 17, "address_list": 17, "comma": 17, "netmask": 17, "pair": [17, 23, 24, 44], "cidr": 17, "numer": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "confus": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "pkcs11_provid": 17, "resid": 17, "share": 17, "libpkcs11": 17, "signing_kei": 17, "princip": 17, "By": [17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 44], "public_kei": [17, 18, 21, 22, 28, 29, 38, 39, 40], "unread": 17, "partial_idempot": [17, 18, 30, 31], "valid_at": [17, 39, 40], "full_idempot": [17, 18, 30, 31], "compar": 17, "selevel": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "selinux": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "context": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "ml": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "mc": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "sometim": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "rang": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "_default": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "portion": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "polici": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "keyrevocationlist": 17, "again": [17, 42, 43], "serol": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "role": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "setyp": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "seuser": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "sha": 17, "refus": 17, "sha2": 17, "512": 17, "correspond": [17, 18, 30, 31], "sshd_config": 17, "casignaturealgorithm": 17, "keyword": [17, 31, 39, 40], "prior": 17, "unsafe_writ": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "influenc": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "atom": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "prevent": [17, 18, 23, 25, 26, 27, 29, 30, 34, 40, 44], "inconsist": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "just": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "broken": [17, 18, 23, 25, 26, 27, 30, 31, 34, 40, 44], "docker": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "mount": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "insid": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "unsaf": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "manner": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "doesn": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "race": [17, 18, 23, 25, 26, 27, 30, 34, 40, 44], "use_ag": 17, "interpret": [17, 39, 40, 41, 44], "utc": [17, 39, 40, 41, 43, 44], "mainli": 17, "timespec": [17, 39, 40, 41, 44], "NOT": [17, 31, 40, 41, 44], "absolut": [17, 22, 29, 33, 39, 40, 41, 43, 44], "yyyi": 17, "mm": 17, "ddthh": 17, "ss": 17, "hh": 17, "w": [17, 22, 29, 33, 39, 40, 41, 44], "32w1d2h": [17, 39, 40, 41, 44], "1970": 17, "01t00": 17, "earlier": [17, 40, 41], "express": 17, "comparison": 17, "forev": 17, "pub": [17, 18, 33], "week": [17, 39], "32w": 17, "2w": 17, "examplehost": 17, "21": 17, "2001": 17, "tmp": [17, 18, 35, 36], "bla": 17, "ca_public_kei": 17, "info": [17, 21, 22, 38, 39], "l": [17, 23, 24], "f": 17, "david": [17, 18], "kainz": [17, 18], "lolcub": [17, 18], "rsa1": 18, "ecdsa": [18, 35, 36], "opensshbin": 18, "decrypt": [18, 26], "private_key_format": 18, "pkcs1": [18, 27, 30, 31], "keypair": 18, "pkcs8": [18, 27, 30, 31], "conform": [18, 30, 31], "unknown": [18, 21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "therefor": 18, "1024": 18, "2048": [18, 25, 26, 30, 31], "suffici": 18, "fip": 18, "186": 18, "three": [18, 39, 40, 41, 44], "384": 18, "521": 18, "fix": 18, "id_ssh_rsa": 18, "super_secret_password": 18, "id_ssh_dsa": 18, "fingerprint": [18, 21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "r4yczxihvjedh2olfjvgi6y5xaytdcwk8vxkyzvyyfm": 18, "aaaab3nza": 18, "vel4e3xcw": 18, "name_encod": [21, 22, 28, 38, 39, 42, 43, 44], "idna": [21, 22, 28, 38, 39, 42, 43, 44], "key1": [21, 28, 38, 42], "value1": [21, 28, 38, 42], "key2": [21, 28, 38, 42], "value2": [21, 28, 38, 42], "idna2008": [21, 22, 28, 38, 39, 42, 43, 44], "idna2003": [21, 22, 28, 38, 39, 42, 43, 44], "unicod": [21, 22, 28, 38, 39, 42, 43, 44], "alt": [21, 28, 38], "authority_cert_issu": [21, 22, 23, 24, 38, 39], "idn": [21, 22, 38, 39, 42, 43, 44], "handl": [21, 22, 38, 39, 42, 43, 44], "authority_cert_serial_numb": [21, 22, 23, 24, 38, 39], "hexadecim": [21, 22, 38, 39], "33": [21, 22, 23, 24, 28, 29, 30, 31, 32, 33, 34, 38, 39], "55": [21, 22, 23, 24, 38, 39], "66": [21, 22, 23, 24, 30, 31, 34, 38, 39], "77": [21, 22, 23, 24, 30, 31, 34, 38, 39], "88": [21, 22, 23, 24, 30, 31, 34, 38, 39], "99": [21, 22, 23, 24, 30, 31, 34, 38, 39], "aa": [21, 22, 23, 24, 28, 29, 32, 33, 38, 39], "bb": [21, 22, 23, 24, 38, 39], "cc": [21, 22, 23, 24, 30, 31, 34, 38, 39], "ee": [21, 22, 23, 24, 30, 31, 34, 38, 39], "pathlen": [21, 22, 38, 39], "extended_key_usag": [21, 22, 23, 24, 38, 39, 40], "biometr": [21, 22, 38, 39], "dvc": [21, 22, 38, 39, 40], "stamp": [21, 22, 38, 39], "extended_key_usage_crit": [21, 22, 23, 24, 38, 39], "extensions_by_oid": [21, 22, 38, 39, 40], "oid": [21, 22, 38, 39], "24": [21, 22, 30, 31, 34, 38, 39], "mamcaqu": [21, 22, 38, 39], "der": [21, 22, 38, 39, 42, 43, 44], "encipher": [21, 22, 23, 24, 38, 39, 40], "name_constraints_crit": [21, 22, 23, 24], "name_constraint": [21, 22], "name_constraints_exclud": [21, 22, 23, 24], "subtre": [21, 22, 23, 24], "name_constraints_permit": [21, 22, 23, 24], "somedomain": [21, 22, 23, 24], "ocsp_must_stapl": [21, 22, 23, 24, 38, 39], "ocsp": [21, 22, 23, 24, 38, 39], "stapl": [21, 22, 23, 24, 38, 39], "ocsp_must_staple_crit": [21, 22, 23, 24, 38, 39], "begin": [21, 22, 28, 29, 38, 39], "miicijanbgkqhkig9w0baqefaaocag8a": [21, 28, 38], "public_key_data": [21, 22, 38, 39], "ecc": [21, 22, 28, 29, 30, 31, 32, 33, 38, 39], "_valu": [21, 28, 32, 38], "public_key_typ": [21, 22, 38, 39], "expon": [21, 22, 28, 29, 32, 33, 38, 39], "exponent_s": [21, 22, 28, 29, 32, 33, 38, 39], "subgroup": [21, 22, 28, 29, 32, 33, 38, 39], "span": [21, 22, 28, 29, 32, 33, 38, 39], "prime": [21, 22, 28, 29, 32, 33, 38, 39], "modulu": [21, 22, 28, 29, 32, 33, 38, 39], "arithmet": [21, 22, 28, 29, 32, 33, 38, 39], "q": [21, 22, 28, 29, 32, 33, 38, 39], "divid": [21, 22, 28, 29, 32, 33, 38, 39], "coordin": [21, 22, 28, 29, 32, 33, 38, 39], "publicli": [21, 22, 28, 29, 32, 33, 38, 39], "whose": [21, 22, 28, 29, 32, 33, 38, 39, 41], "discret": [21, 22, 28, 29, 32, 33, 38, 39], "logarithm": [21, 22, 28, 29, 32, 33, 38, 39], "public_key_fingerprint": [21, 22, 28, 29, 38, 39], "comput": [21, 22, 28, 29, 32, 33, 38, 39], "d4": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "b3": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "6d": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "c8": [21, 22, 28, 29, 32, 33, 38, 39], "ce": [21, 22, 28, 29, 32, 33, 38, 39], "4e": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "f6": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "29": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "4d": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "92": [21, 22, 28, 29, 32, 33, 38, 39], "a3": [21, 22, 28, 29, 32, 33, 38, 39], "b0": [21, 22, 28, 29, 32, 33, 38, 39], "c2": [21, 22, 28, 29, 32, 33, 38, 39], "bd": [21, 22, 28, 29, 32, 33, 38, 39], "bf": [21, 22, 28, 29, 32, 33, 38, 39], "43": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "0f": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "51": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "95": [21, 22, 28, 29, 32, 33, 38, 39], "2f": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "sha512": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "f7": [21, 22, 28, 29, 32, 33, 38, 39], "f0": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "8b": [21, 22, 28, 29, 32, 33, 38, 39], "5f": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "f9": [21, 22, 28, 29, 32, 33, 38, 39], "61": [21, 22, 28, 29, 32, 33, 38, 39], "0a": [21, 22, 28, 29, 32, 33, 38, 39], "68": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "f1": [21, 22, 28, 29, 30, 31, 32, 33, 34, 38, 39], "signature_valid": [21, 22], "repeat": [21, 22, 26, 38, 39, 42, 43, 44], "emailaddress": [21, 22, 23, 24, 38, 39], "subject_alt_name_crit": [21, 22, 23, 24, 38, 39], "subject_ord": [21, 22, 23, 24, 38, 39, 40], "tupl": [21, 22, 23, 24, 38, 39, 42, 43, 44], "low": [21, 28, 32, 37, 38, 42], "high": [21, 28, 32, 37, 38, 42], "prioriti": [21, 28, 32, 37, 38, 42], "lower": [21, 28, 32, 37, 38, 42], "interact": [22, 29, 33, 39, 40, 41], "remot": [22, 29, 33, 39, 40, 41, 43, 44], "load": [22, 27, 29, 33, 39], "variant": [22, 29, 33, 39, 43], "dump": [22, 26, 29, 33, 39], "nmiicijanbgkqhkig9w0baqefaaocag8a": [22, 29, 39], "yani": [22, 23, 24, 29, 30, 31, 34, 39, 40, 41], "guenan": [22, 23, 24, 29, 30, 31, 34, 39, 40, 41], "spredzi": [22, 23, 24, 29, 30, 31, 34, 39, 40, 41], "seem": [23, 24, 40], "overwrit": [23, 25, 30, 40], "keyusag": [23, 24], "extendedkeyusag": [23, 24], "basicconstraint": [23, 24], "That": [23, 24], "rid": [23, 24], "dirnam": [23, 24], "othernam": [23, 24], "ones": [23, 24, 25], "mostli": [23, 24], "hex": [23, 24], "colon": [23, 24], "overwrot": [23, 25, 26, 27, 30, 34, 40, 44], "accid": [23, 25, 26, 27, 30, 34, 40, 44], "basicconstraints_crit": [23, 24], "country_nam": [23, 24], "c": [23, 24], "countrynam": [23, 24], "create_subject_key_identifi": [23, 24], "crl_distribution_point": [23, 24], "distribut": [23, 24], "crl_issuer": [23, 24], "full_nam": [23, 24], "relative_nam": [23, 24], "key_compromis": [23, 24, 42, 43, 44], "ca_compromis": [23, 24, 42, 43, 44], "affiliation_chang": [23, 24, 42, 43, 44], "cessation_of_oper": [23, 24, 42, 43, 44], "certificate_hold": [23, 24, 42, 43, 44], "privilege_withdrawn": [23, 24, 42, 43, 44], "aa_compromis": [23, 24, 42, 43, 44], "email_address": [23, 24], "extkeyusag": [23, 24], "extkeyusage_crit": [23, 24], "extendedkeyusage_crit": [23, 24], "keyusage_crit": [23, 24], "locality_nam": [23, 24], "localitynam": [23, 24], "ocspmuststapl": [23, 24], "rfc7633": [23, 24], "ocspmuststaple_crit": [23, 24], "reject": [23, 24], "organizationnam": [23, 24, 38, 39, 42, 43, 44], "organizational_unit_nam": [23, 24], "organizationalunitnam": [23, 24], "privatekey_cont": [23, 24, 26, 34, 36, 40, 41, 44], "return_cont": [23, 25, 26, 30, 34, 40, 44], "state_or_province_nam": [23, 24], "st": [23, 24], "stateorprovincenam": [23, 24], "compon": [23, 24, 44], "subjectaltname_crit": [23, 24], "row": [23, 24, 44], "usecommonnameforsan": [23, 24], "fill": [23, 24], "2986": [23, 24], "unsupport": [23, 24], "inlin": [23, 24, 34, 41], "fr": 23, "dynam": 23, "with_dict": 23, "dns_server": 23, "special": 23, "digitalsignatur": [23, 24], "keyagr": [23, 24], "clientauth": [23, 24], "winrm": 23, "auth": 23, "311": 23, "utf8": 23, "pathlenconstraint": [23, 24], "privatekei": [23, 24, 26, 27, 30, 31, 34, 44], "dh": 25, "param": 25, "detect": [25, 26], "Or": 25, "dhparam": 25, "thom": 25, "wigger": 25, "thomwigg": 25, "pyopenssl": 26, "iter_s": 26, "maciter_s": 26, "export": [26, 27, 30, 31], "certificate_path": [26, 35, 36], "encryption_level": 26, "compatibility2022": 26, "softwar": 26, "38": [26, 30, 31, 34], "friendly_nam": 26, "friendli": 26, "50000": 26, "other_certif": 26, "ca_certif": 26, "other_certificates_parse_al": 26, "pkcs12": 26, "mechan": 26, "safe": 26, "addition": 26, "backward": 26, "opt": 26, "p12": 26, "raclett": 26, "ca_bundl": 26, "bundl": [26, 37], "0600": [26, 27, 30], "regen": 26, "guillaum": 26, "delpierr": 26, "gdelpierr": 26, "dest_passphras": 27, "dest_path": 27, "src_content": 27, "src_path": 27, "src_passphras": 27, "return_private_key_data": [28, 29], "private_data": [28, 29], "public_data": [28, 29, 32, 33], "fake": 29, "key_is_consist": 29, "check_consist": 29, "potenti": 29, "side": 29, "attack": 29, "machin": [29, 40, 41], "can_load_kei": 29, "can_parse_kei": 29, "eddsa": [30, 31], "particular": 30, "maxim": [30, 31], "interoper": [30, 31], "secp384r1": [30, 31], "secp256r1": [30, 31], "iana": [30, 31], "registri": [30, 31], "secp224r1": [30, 31], "secp256k1": [30, 31], "secp521r1": [30, 31], "discourag": [30, 31], "secp192r1": [30, 31], "brainpoolp256r1": [30, 31], "brainpoolp384r1": [30, 31], "brainpoolp512r1": [30, 31], "sect163k1": [30, 31], "sect163r2": [30, 31], "sect233k1": [30, 31], "sect233r1": [30, 31], "sect283k1": [30, 31], "sect283r1": [30, 31], "sect409k1": [30, 31], "sect409r1": [30, 31], "sect571k1": [30, 31], "sect571r1": [30, 31], "tradit": [30, 31], "auto_ignor": [30, 31], "mismatch": [30, 31], "format_mismatch": [30, 31], "everyth": [30, 31, 44], "treat": [30, 39, 44], "appropri": 30, "care": 30, "shown": 30, "reference_appendic": 30, "faq": 30, "minim": [30, 31], "hashlib": [30, 31, 34], "md5": [30, 31, 34], "84": [30, 31, 34], "72": [30, 31, 34], "8d": [30, 31, 34], "b5": [30, 31, 34], "6c": [30, 31, 34], "37": [30, 31, 34], "83": [30, 31, 34], "f5": [30, 31, 34], "4c": [30, 31, 34], "sha1": [30, 31, 34], "7c": [30, 31, 34], "5d": [30, 31, 34], "eb": [30, 31, 34], "41": [30, 31, 34], "7e": [30, 31, 34], "1a": [30, 31, 34], "c7": [30, 31, 34], "f8": [30, 31, 34], "sha224": [30, 31, 34], "19": [30, 31, 34], "ac": [30, 31, 34], "ed": [30, 31, 34], "18": [30, 31, 34, 40, 41], "50": [30, 31, 34], "d3": [30, 31, 34], "06": [30, 31, 34, 40, 41], "5c": [30, 31, 34], "b2": [30, 31, 34], "91": [30, 31, 34], "52": [30, 31, 34], "8c": [30, 31, 34], "cb": [30, 31, 34], "d5": [30, 31, 34], "e9": [30, 31, 34], "9b": [30, 31, 34], "46": [30, 31, 34], "ab": [30, 31, 34], "70": [30, 31, 34], "cf": [30, 31, 34], "76": [30, 31, 34], "4f": [30, 31, 34], "57": [30, 31, 34], "6e": [30, 31, 34], "97": [30, 31, 34], "df": [30, 31, 34], "de": [30, 31, 34], "sha384": [30, 31, 34], "d9": [30, 31, 34], "40": [30, 31, 34], "59": [30, 31, 34], "c3": [30, 31, 34], "a2": [30, 31, 34], "e4": [30, 31, 34], "0b": [30, 31, 34], "1c": [30, 31, 34], "0c": [30, 31, 34], "9e": [30, 31, 34], "af": [30, 31, 34], "da": [30, 31, 34], "2e": [30, 31, 34], "c0": [30, 31, 34], "9a": [30, 31, 34], "3a": [30, 31, 34], "3d": [30, 31, 34], "fd": [30, 31, 34], "5e": [30, 31, 34], "48": [30, 31, 34], "9f": [30, 31, 34], "fe": [30, 31, 34], "7f": [30, 31, 34], "3f": [30, 31, 34], "cd": [30, 31, 34], "a5": [30, 31, 34], "e7": [30, 31, 34], "13": [30, 31, 34, 44], "82": [30, 31, 34], "87": [30, 31, 34], "1f": [30, 31, 34], "28": [30, 31, 34], "53": [30, 31, 34], "86": [30, 31, 34], "69": [30, 31, 34], "35": [30, 31, 34], "1e": [30, 31, 34], "consol": 31, "relat": 31, "content_base64": 31, "return_current_kei": 31, "value_specified_in_no_log_paramet": 31, "async": 31, "reveal": 31, "TO": 31, "OR": 31, "IN": 31, "mozilla": 31, "sop": 31, "sops_encrypt": 31, "content_text": 31, "overwritten": 31, "set_fact": 31, "publickei": 34, "certificate_cont": [35, 41], "example_fil": [35, 36], "sig": [35, 36], "patrick": [35, 36], "pichler": [35, 36], "aveexi": [35, 36], "marku": [35, 36, 39, 40, 41], "teufelberg": [35, 36, 39, 40, 41], "markusteufelberg": [35, 36, 39, 40, 41], "word": [38, 39, 43], "whole": [38, 39], "issuer_ord": [38, 39, 42, 43, 44], "issuer_uri": [38, 39], "20190413202428z": [38, 39, 40, 42, 43, 44], "20190331202428z": [38, 39, 40, 44], "ocsp_uri": [38, 39], "respond": [38, 39], "1234": [38, 39, 42, 43, 44], "sha256withrsaencrypt": [38, 39, 40, 42, 43, 44], "openssl_certificate_info": 39, "short": [39, 40], "redirect": [39, 40], "fqcn": [39, 40], "dict": 39, "pattern": [39, 40, 41, 43, 44], "yyyymmddhhmmssz": [39, 40, 41, 43, 44], "csr_path": [39, 40, 41], "tomorrow": 39, "point_1": 39, "point_2": 39, "3w": 39, "notion": [40, 41], "openssl_certif": 40, "intend": [40, 41], "tini": 40, "acme_accountkey_path": 40, "accountkei": 40, "acme_chain": 40, "acme_challenge_path": 40, "3chost": 40, "3e": 40, "80": 40, "job": 40, "entrust_cert_typ": [40, 41], "entrust_not_aft": [40, 41], "stop": [40, 41], "365": [40, 41], "cover": [40, 41], "entrust_requester_email": [40, 41], "entrust_requester_nam": [40, 41], "entrust_requester_phon": [40, 41], "better": [40, 41], "ownca_cont": [40, 41], "ownca_create_authority_key_identifi": [40, 41], "ownca_create_subject_key_identifi": [40, 41], "ski": [40, 41], "create_if_not_provid": [40, 41], "always_cr": [40, 41], "never_cr": [40, 41], "ownca_digest": [40, 41], "On": [40, 41], "maco": [40, 41], "onward": [40, 41], "825": [40, 41], "appl": [40, 41], "en": [40, 41], "ht210176": [40, 41], "3650d": [40, 41], "ownca_privatekey_cont": [40, 41], "resp": [40, 41], "ownca_vers": [40, 41], "nowadai": [40, 41], "almost": [40, 41], "emul": 40, "selfsigned_create_subject_key_identifi": [40, 41], "selfsigned_digest": [40, 41], "selfsigned_notaft": [40, 41], "selfsigned_notbefor": [40, 41], "selfsigned_vers": [40, 41], "minut": [40, 41, 44], "mandatori": [40, 41, 44], "dedic": [40, 41], "onc": [40, 41, 44], "ansible_ca": 40, "assertonli": 40, "invalid_at": 40, "valid_in": 40, "one_day_ten_hour": 40, "1d10h": 40, "fixed_timestamp": 40, "20200331202428z": 40, "ten_second": 40, "result_csr": 40, "result_privatekei": 40, "sha512withrsaencrypt": 40, "subject_strict": 40, "issuer_strict": 40, "has_expir": 40, "key_usage_strict": 40, "extended_key_usage_strict": 40, "subject_alt_name_strict": 40, "ownca_cert": 41, "ownca_privatekei": 41, "hunter2": 41, "the_csr": 41, "list_revoked_certif": [42, 43], "larg": [42, 43], "enumer": [42, 43], "last_upd": [42, 43, 44], "next_upd": [42, 43, 44], "revoked_certif": [42, 43, 44], "invalidity_d": [42, 43, 44], "suspect": [42, 43, 44], "compromis": [42, 43, 44], "becam": [42, 43, 44], "invalidity_date_crit": [42, 43, 44], "issuer_crit": [42, 43, 44], "remove_from_crl": [42, 43, 44], "reason_crit": [42, 43, 44], "revocation_d": [42, 43, 44], "crl_mode": 44, "interest": 44, "collis": 44, "combin": 44, "2345": 44, "20191013152910z": 44, "20191001000000z": 44, "20191010010203z": 44}, "objects": {}, "objtypes": {}, "objnames": {}, "titleterms": {"commun": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "crypto": [0, 1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "acme_account_fact": 0, "acme_account_info": 1, "modul": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 15, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "retriev": [1, 8, 21, 28, 32, 38, 42, 43], "inform": [1, 21, 22, 28, 29, 32, 33, 38, 39, 42, 43], "acm": [1, 2, 3, 4, 5, 6], "account": [1, 2], "synopsi": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "requir": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "paramet": [1, 2, 3, 4, 5, 6, 7, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44], "attribut": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 22, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 36, 39, 40, 41, 43, 44], "note": [1, 2, 3, 4, 6, 11, 12, 14, 18, 23, 24, 35, 36, 39, 40, 41, 43, 44], "see": [1, 2, 3, 4, 5, 6, 11, 12, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43], "also": [1, 2, 3, 4, 5, 6, 11, 12, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43], "exampl": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "return": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "valu": [1, 2, 3, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "author": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "collect": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "link": [1, 2, 3, 4, 5, 6, 7, 8, 11, 12, 14, 16, 17, 18, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44], "acme_account": 2, "creat": [2, 3, 9, 10], "modifi": 2, "delet": 2, "acme_certif": 3, "ssl": [3, 11], "tl": [3, 5, 11], "certif": [3, 4, 5, 7, 9, 10, 11, 12, 14, 17, 21, 22, 23, 24, 38, 39, 40, 41, 43, 44], "protocol": [3, 4], "acme_certificate_revok": 4, "revok": 4, "acme_challenge_cert_help": 5, "prepar": 5, "challeng": 5, "alpn": 5, "01": 5, "acme_inspect": 6, "send": 6, "direct": 6, "request": [6, 11, 12, 21, 22, 23, 24], "an": [6, 34], "server": 6, "certificate_complete_chain": 7, "complet": 7, "chain": 7, "given": 7, "set": [7, 9], "untrust": 7, "root": 7, "crypto_info": 8, "cryptograph": 8, "capabl": 8, "how": [9, 10], "small": 9, "ca": 9, "up": 9, "us": 9, "sign": [9, 10, 21, 22, 23, 24, 36], "self": 10, "ecs_certif": 11, "entrust": [11, 12], "servic": [11, 12], "ec": [11, 12], "api": [11, 12], "ecs_domain": 12, "valid": 12, "domain": 12, "index": [13, 15], "all": 13, "environ": 13, "variabl": 13, "get_certif": 14, "get": 14, "from": [14, 21, 28, 32, 34, 38, 42], "host": [14, 17], "port": 14, "descript": 15, "scenario": 15, "guid": 15, "plugin": 15, "filter": [15, 21, 28, 32, 37, 38, 42], "luks_devic": 16, "manag": 16, "encrypt": 16, "luk": 16, "devic": 16, "openssh_cert": 17, "gener": [17, 18, 23, 24, 25, 26, 30, 31, 34, 40, 41, 44], "openssh": [17, 18], "user": 17, "openssh_keypair": 18, "privat": [18, 27, 28, 29, 30, 31, 34], "public": [18, 32, 33, 34], "kei": [18, 27, 28, 29, 30, 31, 32, 33, 34], "openssl_certificate_info": 19, "openssl_certif": 20, "openssl_csr_info": [21, 22], "openssl": [21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41], "csr": [21, 22, 23, 24], "input": [21, 28, 32, 37, 38, 42], "keyword": [21, 28, 38, 42], "provid": [22, 29, 33, 39], "openssl_csr": 23, "openssl_csr_pip": 24, "openssl_dhparam": 25, "diffi": 25, "hellman": 25, "openssl_pkcs12": 26, "pkc": 26, "12": 26, "archiv": 26, "openssl_privatekey_convert": 27, "convert": 27, "openssl_privatekey_info": [28, 29], "openssl_privatekei": 30, "openssl_privatekey_pip": 31, "without": 31, "disk": 31, "access": 31, "openssl_publickey_info": [32, 33], "pem": [32, 37, 38, 42], "format": [32, 38, 42], "openssl_publickei": 34, "its": 34, "openssl_signature_info": 35, "verifi": 35, "signatur": 35, "openssl_signatur": 36, "data": 36, "split_pem": 37, "split": 37, "file": 37, "content": 37, "multipl": 37, "object": 37, "x509_certificate_info": [38, 39], "x": [38, 39, 42], "509": [38, 39, 42], "x509_certif": 40, "check": [40, 41], "x509_certificate_pip": 41, "x509_crl_info": [42, 43], "crl": [42, 43, 44], "revoc": [43, 44], "list": [43, 44], "x509_crl": 44}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 8, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1, "sphinx": 57}, "alltitles": {"community.crypto.acme_account_facts": [[0, "community-crypto-acme-account-facts"]], "community.crypto.acme_account_info module \u2013 Retrieves information on ACME accounts": [[1, "community-crypto-acme-account-info-module-retrieves-information-on-acme-accounts"]], "Synopsis": [[1, "synopsis"], [2, "synopsis"], [3, "synopsis"], [4, "synopsis"], [5, "synopsis"], [6, "synopsis"], [7, "synopsis"], [8, "synopsis"], [11, "synopsis"], [12, "synopsis"], [14, "synopsis"], [16, "synopsis"], [17, "synopsis"], [18, "synopsis"], [21, "synopsis"], [22, "synopsis"], [23, "synopsis"], [24, "synopsis"], [25, "synopsis"], [26, "synopsis"], [27, "synopsis"], [28, "synopsis"], [29, "synopsis"], [30, "synopsis"], [31, "synopsis"], [32, "synopsis"], [33, "synopsis"], [34, "synopsis"], [35, "synopsis"], [36, "synopsis"], [37, "synopsis"], [38, "synopsis"], [39, "synopsis"], [40, "synopsis"], [41, "synopsis"], [42, "synopsis"], [43, "synopsis"], [44, "synopsis"]], "Requirements": [[1, "requirements"], [2, "requirements"], [3, "requirements"], [4, "requirements"], [5, "requirements"], [6, "requirements"], [7, "requirements"], [11, "requirements"], [12, "requirements"], [14, "requirements"], [16, "requirements"], [17, "requirements"], [18, "requirements"], [21, "requirements"], [22, "requirements"], [23, "requirements"], [24, "requirements"], [25, "requirements"], [26, "requirements"], [27, "requirements"], [28, "requirements"], [29, "requirements"], [30, "requirements"], [31, "requirements"], [33, "requirements"], [34, "requirements"], [35, "requirements"], [36, "requirements"], [38, "requirements"], [39, "requirements"], [40, "requirements"], [41, "requirements"], [42, "requirements"], [43, "requirements"], [44, "requirements"]], "Parameters": [[1, "parameters"], [2, "parameters"], [3, "parameters"], [4, "parameters"], [5, "parameters"], [6, "parameters"], [7, "parameters"], [11, "parameters"], [12, "parameters"], [14, "parameters"], [16, "parameters"], [17, "parameters"], [18, "parameters"], [22, "parameters"], [23, "parameters"], [24, "parameters"], [25, "parameters"], [26, "parameters"], [27, "parameters"], [29, "parameters"], [30, "parameters"], [31, "parameters"], [33, "parameters"], [34, "parameters"], [35, "parameters"], [36, "parameters"], [39, "parameters"], [40, "parameters"], [41, "parameters"], [43, "parameters"], [44, "parameters"]], "Attributes": [[1, "attributes"], [2, "attributes"], [3, "attributes"], [4, "attributes"], [5, "attributes"], [6, "attributes"], [7, "attributes"], [8, "attributes"], [11, "attributes"], [12, "attributes"], [14, "attributes"], [16, "attributes"], [17, "attributes"], [18, "attributes"], [22, "attributes"], [23, "attributes"], [24, "attributes"], [25, "attributes"], [26, "attributes"], [27, "attributes"], [29, "attributes"], [30, "attributes"], [31, "attributes"], [33, "attributes"], [34, "attributes"], [35, "attributes"], [36, "attributes"], [39, "attributes"], [40, "attributes"], [41, "attributes"], [43, "attributes"], [44, "attributes"]], "Notes": [[1, "notes"], [2, "notes"], [3, "notes"], [4, "notes"], [6, "notes"], [11, "notes"], [12, "notes"], [14, "notes"], [18, "notes"], [23, "notes"], [24, "notes"], [35, "notes"], [36, "notes"], [39, "notes"], [40, "notes"], [41, "notes"], [43, "notes"], [44, "notes"]], "See Also": [[1, "see-also"], [2, "see-also"], [3, "see-also"], [4, "see-also"], [5, "see-also"], [6, "see-also"], [11, "see-also"], [12, "see-also"], [21, "see-also"], [22, "see-also"], [23, "see-also"], [24, "see-also"], [25, "see-also"], [26, "see-also"], [27, "see-also"], [28, "see-also"], [29, "see-also"], [30, "see-also"], [31, "see-also"], [32, "see-also"], [33, "see-also"], [34, "see-also"], [35, "see-also"], [36, "see-also"], [38, "see-also"], [39, "see-also"], [40, "see-also"], [41, "see-also"], [42, "see-also"], [43, "see-also"]], "Examples": [[1, "examples"], [2, "examples"], [3, "examples"], [4, "examples"], [5, "examples"], [6, "examples"], [7, "examples"], [8, "examples"], [11, "examples"], [12, "examples"], [14, "examples"], [16, "examples"], [17, "examples"], [18, "examples"], [21, "examples"], [22, "examples"], [23, "examples"], [24, "examples"], [25, "examples"], [26, "examples"], [27, "examples"], [28, "examples"], [29, "examples"], [30, "examples"], [31, "examples"], [32, "examples"], [33, "examples"], [34, "examples"], [35, "examples"], [36, "examples"], [37, "examples"], [38, "examples"], [39, "examples"], [40, "examples"], [41, "examples"], [42, "examples"], [43, "examples"], [44, "examples"]], "Return Values": [[1, "return-values"], [2, "return-values"], [3, "return-values"], [5, "return-values"], [6, "return-values"], [7, "return-values"], [8, "return-values"], [11, "return-values"], [12, "return-values"], [14, "return-values"], [16, "return-values"], [17, "return-values"], [18, "return-values"], [22, "return-values"], [23, "return-values"], [24, "return-values"], [25, "return-values"], [26, "return-values"], [27, "return-values"], [29, "return-values"], [30, "return-values"], [31, "return-values"], [33, "return-values"], [34, "return-values"], [35, "return-values"], [36, "return-values"], [39, "return-values"], [40, "return-values"], [41, "return-values"], [43, "return-values"], [44, "return-values"]], "Authors": [[1, "authors"], [2, "authors"], [3, "authors"], [4, "authors"], [5, "authors"], [6, "authors"], [7, "authors"], [8, "authors"], [11, "authors"], [12, "authors"], [14, "authors"], [16, "authors"], [17, "authors"], [18, "authors"], [21, "authors"], [22, "authors"], [23, "authors"], [24, "authors"], [25, "authors"], [26, "authors"], [27, "authors"], [28, "authors"], [29, "authors"], [30, "authors"], [31, "authors"], [32, "authors"], [33, "authors"], [34, "authors"], [35, "authors"], [36, "authors"], [37, "authors"], [38, "authors"], [39, "authors"], [40, "authors"], [41, "authors"], [42, "authors"], [43, "authors"], [44, "authors"]], "Collection links": [[1, "collection-links"], [2, "collection-links"], [3, "collection-links"], [4, "collection-links"], [5, "collection-links"], [6, "collection-links"], [7, "collection-links"], [8, "collection-links"], [11, "collection-links"], [12, "collection-links"], [14, "collection-links"], [16, "collection-links"], [17, "collection-links"], [18, "collection-links"], [21, "collection-links"], [22, "collection-links"], [23, "collection-links"], [24, "collection-links"], [25, "collection-links"], [26, "collection-links"], [27, "collection-links"], [28, "collection-links"], [29, "collection-links"], [30, "collection-links"], [31, "collection-links"], [32, "collection-links"], [33, "collection-links"], [34, "collection-links"], [35, "collection-links"], [36, "collection-links"], [37, "collection-links"], [38, "collection-links"], [39, "collection-links"], [40, "collection-links"], [41, "collection-links"], [42, "collection-links"], [43, "collection-links"], [44, "collection-links"]], "community.crypto.acme_account module \u2013 Create, modify or delete ACME accounts": [[2, "community-crypto-acme-account-module-create-modify-or-delete-acme-accounts"]], "community.crypto.acme_certificate module \u2013 Create SSL/TLS certificates with the ACME protocol": [[3, "community-crypto-acme-certificate-module-create-ssl-tls-certificates-with-the-acme-protocol"]], "community.crypto.acme_certificate_revoke module \u2013 Revoke certificates with the ACME protocol": [[4, "community-crypto-acme-certificate-revoke-module-revoke-certificates-with-the-acme-protocol"]], "community.crypto.acme_challenge_cert_helper module \u2013 Prepare certificates required for ACME challenges such as tls-alpn-01": [[5, "community-crypto-acme-challenge-cert-helper-module-prepare-certificates-required-for-acme-challenges-such-as-tls-alpn-01"]], "community.crypto.acme_inspect module \u2013 Send direct requests to an ACME server": [[6, "community-crypto-acme-inspect-module-send-direct-requests-to-an-acme-server"]], "community.crypto.certificate_complete_chain module \u2013 Complete certificate chain given a set of untrusted and root certificates": [[7, "community-crypto-certificate-complete-chain-module-complete-certificate-chain-given-a-set-of-untrusted-and-root-certificates"]], "community.crypto.crypto_info module \u2013 Retrieve cryptographic capabilities": [[8, "community-crypto-crypto-info-module-retrieve-cryptographic-capabilities"]], "How to create a small CA": [[9, "how-to-create-a-small-ca"]], "Set up the CA": [[9, "set-up-the-ca"]], "Use the CA to sign a certificate": [[9, "use-the-ca-to-sign-a-certificate"]], "How to create self-signed certificates": [[10, "how-to-create-self-signed-certificates"]], "community.crypto.ecs_certificate module \u2013 Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API": [[11, "community-crypto-ecs-certificate-module-request-ssl-tls-certificates-with-the-entrust-certificate-services-ecs-api"]], "community.crypto.ecs_domain module \u2013 Request validation of a domain with the Entrust Certificate Services (ECS) API": [[12, "community-crypto-ecs-domain-module-request-validation-of-a-domain-with-the-entrust-certificate-services-ecs-api"]], "Index of all Collection Environment Variables": [[13, "index-of-all-collection-environment-variables"]], "community.crypto.get_certificate module \u2013 Get a certificate from a host:port": [[14, "community-crypto-get-certificate-module-get-a-certificate-from-a-host-port"]], "Community.Crypto": [[15, "community-crypto"]], "Description": [[15, "description"]], "Communication": [[15, "communication"]], "Scenario Guides": [[15, "scenario-guides"]], "Plugin Index": [[15, "plugin-index"]], "Modules": [[15, "modules"]], "Filter Plugins": [[15, "filter-plugins"]], "community.crypto.luks_device module \u2013 Manage encrypted (LUKS) devices": [[16, "community-crypto-luks-device-module-manage-encrypted-luks-devices"]], "community.crypto.openssh_cert module \u2013 Generate OpenSSH host or user certificates.": [[17, "community-crypto-openssh-cert-module-generate-openssh-host-or-user-certificates"]], "community.crypto.openssh_keypair module \u2013 Generate OpenSSH private and public keys": [[18, "community-crypto-openssh-keypair-module-generate-openssh-private-and-public-keys"]], "community.crypto.openssl_certificate_info": [[19, "community-crypto-openssl-certificate-info"]], "community.crypto.openssl_certificate": [[20, "community-crypto-openssl-certificate"]], "community.crypto.openssl_csr_info filter \u2013 Retrieve information from OpenSSL Certificate Signing Requests (CSR)": [[21, "community-crypto-openssl-csr-info-filter-retrieve-information-from-openssl-certificate-signing-requests-csr"]], "Input": [[21, "input"], [28, "input"], [32, "input"], [37, "input"], [38, "input"], [42, "input"]], "Keyword parameters": [[21, "keyword-parameters"], [28, "keyword-parameters"], [38, "keyword-parameters"], [42, "keyword-parameters"]], "Return Value": [[21, "return-value"], [28, "return-value"], [32, "return-value"], [37, "return-value"], [38, "return-value"], [42, "return-value"]], "community.crypto.openssl_csr_info module \u2013 Provide information of OpenSSL Certificate Signing Requests (CSR)": [[22, "community-crypto-openssl-csr-info-module-provide-information-of-openssl-certificate-signing-requests-csr"]], "community.crypto.openssl_csr module \u2013 Generate OpenSSL Certificate Signing Request (CSR)": [[23, "community-crypto-openssl-csr-module-generate-openssl-certificate-signing-request-csr"]], "community.crypto.openssl_csr_pipe module \u2013 Generate OpenSSL Certificate Signing Request (CSR)": [[24, "community-crypto-openssl-csr-pipe-module-generate-openssl-certificate-signing-request-csr"]], "community.crypto.openssl_dhparam module \u2013 Generate OpenSSL Diffie-Hellman Parameters": [[25, "community-crypto-openssl-dhparam-module-generate-openssl-diffie-hellman-parameters"]], "community.crypto.openssl_pkcs12 module \u2013 Generate OpenSSL PKCS#12 archive": [[26, "community-crypto-openssl-pkcs12-module-generate-openssl-pkcs-12-archive"]], "community.crypto.openssl_privatekey_convert module \u2013 Convert OpenSSL private keys": [[27, "community-crypto-openssl-privatekey-convert-module-convert-openssl-private-keys"]], "community.crypto.openssl_privatekey_info filter \u2013 Retrieve information from OpenSSL private keys": [[28, "community-crypto-openssl-privatekey-info-filter-retrieve-information-from-openssl-private-keys"]], "community.crypto.openssl_privatekey_info module \u2013 Provide information for OpenSSL private keys": [[29, "community-crypto-openssl-privatekey-info-module-provide-information-for-openssl-private-keys"]], "community.crypto.openssl_privatekey module \u2013 Generate OpenSSL private keys": [[30, "community-crypto-openssl-privatekey-module-generate-openssl-private-keys"]], "community.crypto.openssl_privatekey_pipe module \u2013 Generate OpenSSL private keys without disk access": [[31, "community-crypto-openssl-privatekey-pipe-module-generate-openssl-private-keys-without-disk-access"]], "community.crypto.openssl_publickey_info filter \u2013 Retrieve information from OpenSSL public keys in PEM format": [[32, "community-crypto-openssl-publickey-info-filter-retrieve-information-from-openssl-public-keys-in-pem-format"]], "community.crypto.openssl_publickey_info module \u2013 Provide information for OpenSSL public keys": [[33, "community-crypto-openssl-publickey-info-module-provide-information-for-openssl-public-keys"]], "community.crypto.openssl_publickey module \u2013 Generate an OpenSSL public key from its private key.": [[34, "community-crypto-openssl-publickey-module-generate-an-openssl-public-key-from-its-private-key"]], "community.crypto.openssl_signature_info module \u2013 Verify signatures with openssl": [[35, "community-crypto-openssl-signature-info-module-verify-signatures-with-openssl"]], "community.crypto.openssl_signature module \u2013 Sign data with openssl": [[36, "community-crypto-openssl-signature-module-sign-data-with-openssl"]], "community.crypto.split_pem filter \u2013 Split PEM file contents into multiple objects": [[37, "community-crypto-split-pem-filter-split-pem-file-contents-into-multiple-objects"]], "community.crypto.x509_certificate_info filter \u2013 Retrieve information from X.509 certificates in PEM format": [[38, "community-crypto-x509-certificate-info-filter-retrieve-information-from-x-509-certificates-in-pem-format"]], "community.crypto.x509_certificate_info module \u2013 Provide information of OpenSSL X.509 certificates": [[39, "community-crypto-x509-certificate-info-module-provide-information-of-openssl-x-509-certificates"]], "community.crypto.x509_certificate module \u2013 Generate and/or check OpenSSL certificates": [[40, "community-crypto-x509-certificate-module-generate-and-or-check-openssl-certificates"]], "community.crypto.x509_certificate_pipe module \u2013 Generate and/or check OpenSSL certificates": [[41, "community-crypto-x509-certificate-pipe-module-generate-and-or-check-openssl-certificates"]], "community.crypto.x509_crl_info filter \u2013 Retrieve information from X.509 CRLs in PEM format": [[42, "community-crypto-x509-crl-info-filter-retrieve-information-from-x-509-crls-in-pem-format"]], "community.crypto.x509_crl_info module \u2013 Retrieve information on Certificate Revocation Lists (CRLs)": [[43, "community-crypto-x509-crl-info-module-retrieve-information-on-certificate-revocation-lists-crls"]], "community.crypto.x509_crl module \u2013 Generate Certificate Revocation Lists (CRLs)": [[44, "community-crypto-x509-crl-module-generate-certificate-revocation-lists-crls"]]}, "indexentries": {}}) \ No newline at end of file diff --git a/pr/600/split_pem_filter.html b/pr/600/split_pem_filter.html index 98786350..6e191170 100644 --- a/pr/600/split_pem_filter.html +++ b/pr/600/split_pem_filter.html @@ -14,6 +14,8 @@ + + @@ -161,7 +163,7 @@

    community.crypto.split_pem filter – Split PEM file contents into multiple objects

    Note

    -

    This filter plugin is part of the community.crypto collection (version 2.14.0).

    +

    This filter plugin is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto.

    To use it in a playbook, specify: community.crypto.split_pem.

    diff --git a/pr/600/x509_certificate_info_filter.html b/pr/600/x509_certificate_info_filter.html index ba87de0a..3fe3d5b0 100644 --- a/pr/600/x509_certificate_info_filter.html +++ b/pr/600/x509_certificate_info_filter.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.x509_certificate_info filter – Retrieve information from X.509 certificates in PEM format

    Note

    -

    This filter plugin is part of the community.crypto collection (version 2.14.0).

    +

    This filter plugin is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this filter plugin, see Requirements for details.

    @@ -193,7 +195,7 @@ see

    Requirements

    The below requirements are needed on the local controller node that executes this filter.

    @@ -232,10 +234,10 @@ example: input

    string

    How to encode names (DNS names, URIs, email addresses) in return values.

    -

    ignore will use the encoding returned by the backend.

    -

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    -

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    -

    Note that idna and unicode require the idna Python library to be installed.

    +

    ignore will use the encoding returned by the backend.

    +

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    +

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    +

    Note that idna and unicode require the idna Python library to be installed.

    Choices:

    • "ignore" ← (default)

      • @@ -293,8 +295,8 @@ example: input

      list / elements=string

    The certificate’s authority cert issuer as a list of general names.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

    @@ -304,7 +306,7 @@ example: input

    integer

    The certificate’s authority cert serial number.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    Returned: success

    Sample: 12345

    @@ -314,8 +316,8 @@ example: input

    string

    The certificate’s authority key identifier.

    -

    The identifier is returned in hexadecimal, with : used to separate bytes.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    The identifier is returned in hexadecimal, with : used to separate bytes.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    Returned: success

    Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

    @@ -324,7 +326,7 @@ example: input

    basic_constraints

    list / elements=string

    -

    Entries in the basic_constraints extension, or none if extension is not present.

    +

    Entries in the basic_constraints extension, or none if extension is not present.

    Returned: success

    Sample: ["CA:TRUE", "pathlen:1"]

    @@ -349,7 +351,7 @@ example: input

    extended_key_usage

    list / elements=string

    -

    Entries in the extended_key_usage extension, or none if extension is not present.

    +

    Entries in the extended_key_usage extension, or none if extension is not present.

    Returned: success

    Sample: ["Biometric Info", "DVCS", "Time Stamping"]

    @@ -422,7 +424,7 @@ example: input

    issuer_uri

    string

    -

    The Issuer URI, if included in the certificate. Will be none if no issuer URI is included.

    +

    The Issuer URI, if included in the certificate. Will be none if no issuer URI is included.

    Returned: success

    @@ -430,7 +432,7 @@ example: input

    key_usage

    string

    -

    Entries in the key_usage extension, or none if extension is not present.

    +

    Entries in the key_usage extension, or none if extension is not present.

    Returned: success

    Sample: "['Key Agreement', 'Data Encipherment']"

    @@ -465,7 +467,7 @@ example: input

    ocsp_must_staple

    boolean

    -

    true if the OCSP Must Staple extension is present, none otherwise.

    +

    true if the OCSP Must Staple extension is present, none otherwise.

    Returned: success

    @@ -481,7 +483,7 @@ example: input

    ocsp_uri

    string

    -

    The OCSP responder URI, if included in the certificate. Will be none if no OCSP responder URI is included.

    +

    The OCSP responder URI, if included in the certificate. Will be none if no OCSP responder URI is included.

    Returned: success

    @@ -507,7 +509,7 @@ example: input

    string

    The curve’s name for ECC.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When _value.public_key_type=ECC

    @@ -515,7 +517,7 @@ example: input

    integer

    The RSA key’s public exponent.

    -

    Returned: When public_key_type=RSA

    +

    Returned: When _value.public_key_type=RSA

    @@ -523,7 +525,7 @@ example: input

    integer

    The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When _value.public_key_type=ECC

    @@ -532,7 +534,7 @@ example: input

    The g value for DSA.

    This is the element spanning the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When _value.public_key_type=DSA

    @@ -540,7 +542,7 @@ example: input

    integer

    The RSA key’s modulus.

    -

    Returned: When public_key_type=RSA

    +

    Returned: When _value.public_key_type=RSA

    @@ -549,7 +551,7 @@ example: input

    The p value for DSA.

    This is the prime modulus upon which arithmetic takes place.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When _value.public_key_type=DSA

    @@ -558,7 +560,7 @@ example: input

    The q value for DSA.

    This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When _value.public_key_type=DSA

    @@ -566,7 +568,7 @@ example: input

    integer

    Bit size of modulus (RSA) or prime number (DSA).

    -

    Returned: When public_key_type=RSA or public_key_type=DSA

    +

    Returned: When _value.public_key_type=RSA or _value.public_key_type=DSA

    @@ -574,16 +576,16 @@ example: input

    integer

    The x coordinate for the public point on the elliptic curve.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When _value.public_key_type=ECC

    y

    integer

    -

    For public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

    -

    For public_key_type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    -

    Returned: When public_key_type=DSA or public_key_type=ECC

    +

    For _value.public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

    +

    For _value.public_key_type=DSA, this is the publicly known group element whose discrete logarithm with respect to g is the private key.

    +

    Returned: When _value.public_key_type=DSA or _value.public_key_type=ECC

    @@ -601,8 +603,8 @@ example: input

    string

    The certificate’s public key’s type.

    -

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    -

    Will start with unknown if the key type cannot be determined.

    +

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    +

    Will start with unknown if the key type cannot be determined.

    Returned: success

    Sample: "RSA"

    @@ -639,8 +641,8 @@ example: input

    subject_alt_name

    list / elements=string

    -

    Entries in the subject_alt_name extension, or none if extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Entries in the subject_alt_name extension, or none if extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

    @@ -658,8 +660,8 @@ example: input

    string

    The certificate’s subject key identifier.

    -

    The identifier is returned in hexadecimal, with : used to separate bytes.

    -

    Is none if the SubjectKeyIdentifier extension is not present.

    +

    The identifier is returned in hexadecimal, with : used to separate bytes.

    +

    Is none if the SubjectKeyIdentifier extension is not present.

    Returned: success

    Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

    diff --git a/pr/600/x509_certificate_info_module.html b/pr/600/x509_certificate_info_module.html index 7dfc4df2..44c06e8a 100644 --- a/pr/600/x509_certificate_info_module.html +++ b/pr/600/x509_certificate_info_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

    community.crypto.x509_certificate_info module – Provide information of OpenSSL X.509 certificates

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -188,14 +190,14 @@ see

  • This module allows one to query information on OpenSSL certificates.

  • It uses the cryptography python library to interact with OpenSSL.

    • -

  • Note that this module was called openssl_certificate_info when included directly in Ansible up to version 2.9. When moved to the collection community.crypto, it was renamed to community.crypto.x509_certificate_info. From Ansible 2.10 on, it can still be used by the old short name (or by ansible.builtin.openssl_certificate_info), which redirects to community.crypto.x509_certificate_info. When using FQCNs or when using the collections keyword, the new name community.crypto.x509_certificate_info should be used to avoid a deprecation warning.

    • +

  • Note that this module was called openssl_certificate_info when included directly in Ansible up to version 2.9. When moved to the collection community.crypto, it was renamed to community.crypto.x509_certificate_info. From Ansible 2.10 on, it can still be used by the old short name (or by ansible.builtin.openssl_certificate_info), which redirects to community.crypto.x509_certificate_info. When using FQCNs or when using the collections keyword, the new name community.crypto.x509_certificate_info should be used to avoid a deprecation warning.

    • Requirements

    The below requirements are needed on the host that executes this module.

    @@ -214,7 +216,7 @@ see added in community.crypto 1.0.0

    Content of the X.509 certificate in PEM format.

    -

    Either path or content must be specified, but not both.

    +

    Either path or content must be specified, but not both.

    @@ -222,10 +224,10 @@ see

    string

    How to encode names (DNS names, URIs, email addresses) in return values.

    -

    ignore will use the encoding returned by the backend.

    -

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    -

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    -

    Note that idna and unicode require the idna Python library to be installed.

    +

    ignore will use the encoding returned by the backend.

    +

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    +

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    +

    Note that idna and unicode require the idna Python library to be installed.

    Choices:

    • "ignore" ← (default)

      • @@ -239,7 +241,8 @@ see

      path

    Remote absolute path where the certificate file is loaded from.

    -

    Either path or content must be specified, but not both.

    +

    Either path or content must be specified, but not both.

    +

    PEM and DER formats are supported.

    @@ -247,8 +250,8 @@ see

    string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -260,10 +263,10 @@ see

    valid_at

    dictionary

    -

    A dict of names mapping to time specifications. Every time specified here will be checked whether the certificate is valid at this point. See the valid_at return value for informations on the result.

    +

    A dict of names mapping to time specifications. Every time specified here will be checked whether the certificate is valid at this point. See the valid_at return value for informations on the result.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h), and ASN.1 TIME (in other words, pattern YYYYMMDDHHMMSSZ). Note that all timestamps will be treated as being in UTC.

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h), and ASN.1 TIME (in other words, pattern YYYYMMDDHHMMSSZ). Note that all timestamps will be treated as being in UTC.

    @@ -318,7 +321,7 @@ see community.crypto.x509_certificate_pipe

    Generate and/or check OpenSSL certificates.

    -
    community.crypto.x509_certificate_info filter

    A filter variant of this module.

    +
    community.crypto.x509_certificate_info filter plugin

    A filter variant of this module.

    @@ -359,7 +362,7 @@ see     register: result - name: Validate that certificate is valid tomorrow, but not in three weeks - assert: + ansible.builtin.assert: that: - result.valid_at.point_1 # valid in one day - not result.valid_at.point_2 # not valid in three weeks @@ -381,8 +384,8 @@ see

    list / elements=string

    The certificate’s authority cert issuer as a list of general names.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

    @@ -392,7 +395,7 @@ see

    integer

    The certificate’s authority cert serial number.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    Returned: success

    Sample: 12345

    @@ -402,8 +405,8 @@ see

    string

    The certificate’s authority key identifier.

    -

    The identifier is returned in hexadecimal, with : used to separate bytes.

    -

    Is none if the AuthorityKeyIdentifier extension is not present.

    +

    The identifier is returned in hexadecimal, with : used to separate bytes.

    +

    Is none if the AuthorityKeyIdentifier extension is not present.

    Returned: success

    Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

    @@ -412,7 +415,7 @@ see

    basic_constraints

    list / elements=string

    -

    Entries in the basic_constraints extension, or none if extension is not present.

    +

    Entries in the basic_constraints extension, or none if extension is not present.

    Returned: success

    Sample: ["CA:TRUE", "pathlen:1"]

    @@ -437,7 +440,7 @@ see

    extended_key_usage

    list / elements=string

    -

    Entries in the extended_key_usage extension, or none if extension is not present.

    +

    Entries in the extended_key_usage extension, or none if extension is not present.

    Returned: success

    Sample: ["Biometric Info", "DVCS", "Time Stamping"]

    @@ -512,7 +515,7 @@ see

    string

    added in community.crypto 2.9.0

    -

    The Issuer URI, if included in the certificate. Will be none if no issuer URI is included.

    +

    The Issuer URI, if included in the certificate. Will be none if no issuer URI is included.

    Returned: success

    @@ -520,7 +523,7 @@ see

    key_usage

    string

    -

    Entries in the key_usage extension, or none if extension is not present.

    +

    Entries in the key_usage extension, or none if extension is not present.

    Returned: success

    Sample: "['Key Agreement', 'Data Encipherment']"

    @@ -555,7 +558,7 @@ see

    ocsp_must_staple

    boolean

    -

    true if the OCSP Must Staple extension is present, none otherwise.

    +

    true if the OCSP Must Staple extension is present, none otherwise.

    Returned: success

    @@ -571,7 +574,7 @@ see

    ocsp_uri

    string

    -

    The OCSP responder URI, if included in the certificate. Will be none if no OCSP responder URI is included.

    +

    The OCSP responder URI, if included in the certificate. Will be none if no OCSP responder URI is included.

    Returned: success

    @@ -598,7 +601,7 @@ see

    string

    The curve’s name for ECC.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When public_key_type=ECC

    @@ -606,7 +609,7 @@ see

    integer

    The RSA key’s public exponent.

    -

    Returned: When public_key_type=RSA

    +

    Returned: When public_key_type=RSA

    @@ -614,7 +617,7 @@ see

    integer

    The maximum number of bits of a private key. This is basically the bit size of the subgroup used.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When public_key_type=ECC

    @@ -623,7 +626,7 @@ see

    The g value for DSA.

    This is the element spanning the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When public_key_type=DSA

    @@ -631,7 +634,7 @@ see

    integer

    The RSA key’s modulus.

    -

    Returned: When public_key_type=RSA

    +

    Returned: When public_key_type=RSA

    @@ -640,7 +643,7 @@ see

    The p value for DSA.

    This is the prime modulus upon which arithmetic takes place.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When public_key_type=DSA

    @@ -649,7 +652,7 @@ see

    The q value for DSA.

    This is a prime that divides p - 1, and at the same time the order of the subgroup of the multiplicative group of the prime field used.

    -

    Returned: When public_key_type=DSA

    +

    Returned: When public_key_type=DSA

    @@ -657,7 +660,7 @@ see

    integer

    Bit size of modulus (RSA) or prime number (DSA).

    -

    Returned: When public_key_type=RSA or public_key_type=DSA

    +

    Returned: When public_key_type=RSA or public_key_type=DSA

    @@ -665,16 +668,16 @@ see

    integer

    The x coordinate for the public point on the elliptic curve.

    -

    Returned: When public_key_type=ECC

    +

    Returned: When public_key_type=ECC

    y

    integer

    -

    For public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

    -

    For public_key_type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    -

    Returned: When public_key_type=DSA or public_key_type=ECC

    +

    For public_key_type=ECC, this is the y coordinate for the public point on the elliptic curve.

    +

    For public_key_type=DSA, this is the publicly known group element whose discrete logarithm w.r.t. g is the private key.

    +

    Returned: When public_key_type=DSA or public_key_type=ECC

    @@ -693,8 +696,8 @@ see added in community.crypto 1.7.0

    The certificate’s public key’s type.

    -

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    -

    Will start with unknown if the key type cannot be determined.

    +

    One of RSA, DSA, ECC, Ed25519, X25519, Ed448, or X448.

    +

    Will start with unknown if the key type cannot be determined.

    Returned: success

    Sample: "RSA"

    @@ -731,8 +734,8 @@ see

    subject_alt_name

    list / elements=string

    -

    Entries in the subject_alt_name extension, or none if extension is not present.

    -

    See name_encoding for how IDNs are handled.

    +

    Entries in the subject_alt_name extension, or none if extension is not present.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:www.ansible.com", "IP:1.2.3.4"]

    @@ -750,8 +753,8 @@ see

    string

    The certificate’s subject key identifier.

    -

    The identifier is returned in hexadecimal, with : used to separate bytes.

    -

    Is none if the SubjectKeyIdentifier extension is not present.

    +

    The identifier is returned in hexadecimal, with : used to separate bytes.

    +

    Is none if the SubjectKeyIdentifier extension is not present.

    Returned: success

    Sample: "00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33"

    @@ -769,7 +772,7 @@ see

    valid_at

    dictionary

    -

    For every time stamp provided in the valid_at option, a boolean whether the certificate is valid at that point in time or not.

    +

    For every time stamp provided in the valid_at option, a boolean whether the certificate is valid at that point in time or not.

    Returned: success

    diff --git a/pr/600/x509_certificate_module.html b/pr/600/x509_certificate_module.html index 3e3bf66d..34eeab8e 100644 --- a/pr/600/x509_certificate_module.html +++ b/pr/600/x509_certificate_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

    community.crypto.x509_certificate module – Generate and/or check OpenSSL certificates

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -186,11 +188,11 @@ see

    Synopsis

      -

    • It implements a notion of provider (one of selfsigned, ownca, acme, and entrust) for your certificate.

      • +

    • It implements a notion of provider (one of selfsigned, ownca, acme, and entrust) for your certificate.

    • It uses the cryptography python library to interact with OpenSSL.

      • -

    • Note that this module was called openssl_certificate when included directly in Ansible up to version 2.9. When moved to the collection community.crypto, it was renamed to community.crypto.x509_certificate. From Ansible 2.10 on, it can still be used by the old short name (or by ansible.builtin.openssl_certificate), which redirects to community.crypto.x509_certificate. When using FQCNs or when using the collections keyword, the new name community.crypto.x509_certificate should be used to avoid a deprecation warning.

      • -

    • Please note that the module regenerates existing certificate if it does not match the module’s options, or if it seems to be corrupt. If you are concerned that this could overwrite your existing certificate, consider using the backup option.

      • -

    • The ownca provider is intended for generating an OpenSSL certificate signed with your own CA (Certificate Authority) certificate (self-signed certificate).

      • +

    • Note that this module was called openssl_certificate when included directly in Ansible up to version 2.9. When moved to the collection community.crypto, it was renamed to community.crypto.x509_certificate. From Ansible 2.10 on, it can still be used by the old short name (or by ansible.builtin.openssl_certificate), which redirects to community.crypto.x509_certificate. When using FQCNs or when using the collections keyword, the new name community.crypto.x509_certificate should be used to avoid a deprecation warning.

      • +

    • Please note that the module regenerates existing certificate if it does not match the module’s options, or if it seems to be corrupt. If you are concerned that this could overwrite your existing certificate, consider using the backup option.

      • +

    • The ownca provider is intended for generating an OpenSSL certificate signed with your own CA (Certificate Authority) certificate (self-signed certificate).

    • This module allows one to (re)generate OpenSSL certificates.

    @@ -198,8 +200,8 @@ see

    Requirements

    The below requirements are needed on the host that executes this module.

      -

    • acme-tiny >= 4.0.0 (if using the acme provider)

      • -

    • cryptography >= 1.6 (if using selfsigned or ownca provider)

      • +

    • acme-tiny >= 4.0.0 (if using the acme provider)

      • +

    • cryptography >= 1.6 (if using selfsigned or ownca provider)

    @@ -215,8 +217,8 @@ see

    acme_accountkey_path

    path

    -

    The path to the accountkey for the acme provider.

    -

    This is only used by the acme provider.

    +

    The path to the accountkey for the acme provider.

    +

    This is only used by the acme provider.

    @@ -224,8 +226,8 @@ see

    boolean

    Include the intermediate certificate to the generated certificate

    -

    This is only used by the acme provider.

    -

    Note that this is only available for older versions of acme-tiny. New versions include the chain automatically, and setting acme_chain to true results in an error.

    +

    This is only used by the acme provider.

    +

    Note that this is only available for older versions of acme-tiny. New versions include the chain automatically, and setting acme_chain to true results in an error.

    Choices:

    • false ← (default)

      • @@ -237,8 +239,8 @@ see

    acme_challenge_path

    path

    -

    The path to the ACME challenge directory that is served on http://<HOST>:80/.well-known/acme-challenge/

    -

    This is only used by the acme provider.

    +

    The path to the ACME challenge directory that is served on http://%3CHOST%3E:80/.well-known/acme-challenge/

    +

    This is only used by the acme provider.

    @@ -281,7 +283,7 @@ see added in community.crypto 1.0.0

    Content of the Certificate Signing Request (CSR) used to generate this certificate.

    -

    This is mutually exclusive with csr_path.

    +

    This is mutually exclusive with csr_path.

    @@ -289,7 +291,7 @@ see

    path

    Path to the Certificate Signing Request (CSR) used to generate this certificate.

    -

    This is mutually exclusive with csr_content.

    +

    This is mutually exclusive with csr_content.

    @@ -297,8 +299,8 @@ see

    path

    The path to the private key of the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -306,8 +308,8 @@ see

    path

    The path to the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -315,8 +317,8 @@ see

    string

    The key (password) for authentication to the Entrust Certificate Services (ECS) API.

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -325,7 +327,7 @@ see

    The path to the specification file defining the Entrust Certificate Services (ECS) API configuration.

    You can use this to keep a local copy of the specification to avoid downloading it every time the module is used.

    -

    This is only used by the entrust provider.

    +

    This is only used by the entrust provider.

    Default: "https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml"

    @@ -334,8 +336,8 @@ see

    string

    The username for authentication to the Entrust Certificate Services (ECS) API.

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -343,7 +345,7 @@ see

    string

    Specify the type of certificate requested.

    -

    This is only used by the entrust provider.

    +

    This is only used by the entrust provider.

    Choices:

    @@ -382,8 +384,8 @@ see

    string

    The email of the requester of the certificate (for tracking purposes).

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -391,8 +393,8 @@ see

    string

    The name of the requester of the certificate (for tracking purposes).

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -400,8 +402,8 @@ see

    string

    The phone number of the requester of the certificate (for tracking purposes).

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -430,7 +432,7 @@ see added in community.crypto 2.0.0

    Whether the “not before” and “not after” timestamps should be ignored for idempotency checks.

    -

    It is better to keep the default value true when using relative timestamps (like +0s for now).

    +

    It is better to keep the default value true when using relative timestamps (like +0s for now).

    Choices:

    Content of the CA (Certificate Authority) certificate.

    -

    This is only used by the ownca provider.

    -

    This is mutually exclusive with ownca_path.

    +

    This is only used by the ownca provider.

    +

    This is mutually exclusive with ownca_path.

    @@ -467,7 +469,7 @@ see

    Create a Authority Key Identifier from the CA’s certificate. If the CSR provided a authority key identifier, it is ignored.

    The Authority Key Identifier is generated from the CA certificate’s Subject Key Identifier, if available. If it is not available, the CA certificate’s public key will be used.

    -

    This is only used by the ownca provider.

    +

    This is only used by the ownca provider.

    Note that this is only supported if the cryptography backend is used!

    Choices:

    Whether to create the Subject Key Identifier (SKI) from the public key.

    -

    A value of create_if_not_provided (default) only creates a SKI when the CSR does not provide one.

    -

    A value of always_create always creates a SKI. If the CSR provides one, that one is ignored.

    -

    A value of never_create never creates a SKI. If the CSR provides one, that one is used.

    -

    This is only used by the ownca provider.

    +

    A value of create_if_not_provided (default) only creates a SKI when the CSR does not provide one.

    +

    A value of always_create always creates a SKI. If the CSR provides one, that one is ignored.

    +

    A value of never_create never creates a SKI. If the CSR provides one, that one is used.

    +

    This is only used by the ownca provider.

    Note that this is only supported if the cryptography backend is used!

    Choices:

      @@ -498,8 +500,8 @@ see

    ownca_digest

    string

    -

    The digest algorithm to be used for the ownca certificate.

    -

    This is only used by the ownca provider.

    +

    The digest algorithm to be used for the ownca certificate.

    +

    This is only used by the ownca provider.

    Default: "sha256"

    @@ -510,10 +512,10 @@ see

    The point in time at which the certificate stops being valid.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    If this value is not specified, the certificate will stop being valid 10 years from now.

    -

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    -

    This is only used by the ownca provider.

    +

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    +

    This is only used by the ownca provider.

    On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. Please see https://support.apple.com/en-us/HT210176 for more details.

    Default: "+3650d"

    @@ -525,10 +527,10 @@ see

    The point in time the certificate is valid from.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    If this value is not specified, the certificate will start being valid from now.

    -

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    -

    This is only used by the ownca provider.

    +

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    +

    This is only used by the ownca provider.

    Default: "+0s"

    @@ -537,8 +539,8 @@ see

    path

    Remote absolute path of the CA (Certificate Authority) certificate.

    -

    This is only used by the ownca provider.

    -

    This is mutually exclusive with ownca_content.

    +

    This is only used by the ownca provider.

    +

    This is mutually exclusive with ownca_content.

    @@ -547,16 +549,16 @@ see added in community.crypto 1.0.0

    Content of the CA (Certificate Authority) private key to use when signing the certificate.

    -

    This is only used by the ownca provider.

    -

    This is mutually exclusive with ownca_privatekey_path.

    +

    This is only used by the ownca provider.

    +

    This is mutually exclusive with ownca_privatekey_path.

    ownca_privatekey_passphrase

    string

    -

    The passphrase for the ownca_privatekey_path resp. ownca_privatekey_content.

    -

    This is only used by the ownca provider.

    +

    The passphrase for the ownca_privatekey_path resp. ownca_privatekey_content.

    +

    This is only used by the ownca provider.

    @@ -564,17 +566,17 @@ see

    path

    Path to the CA (Certificate Authority) private key to use when signing the certificate.

    -

    This is only used by the ownca provider.

    -

    This is mutually exclusive with ownca_privatekey_content.

    +

    This is only used by the ownca provider.

    +

    This is mutually exclusive with ownca_privatekey_content.

    ownca_version

    integer

    -

    The version of the ownca certificate.

    -

    Nowadays it should almost always be 3.

    -

    This is only used by the ownca provider.

    +

    The version of the ownca certificate.

    +

    Nowadays it should almost always be 3.

    +

    This is only used by the ownca provider.

    Default: 3

    @@ -600,14 +602,14 @@ see added in community.crypto 1.0.0

    Content of the private key to use when signing the certificate.

    -

    This is mutually exclusive with privatekey_path.

    +

    This is mutually exclusive with privatekey_path.

    privatekey_passphrase

    string

    -

    The passphrase for the privatekey_path resp. privatekey_content.

    +

    The passphrase for the privatekey_path resp. privatekey_content.

    This is required if the private key is password protected.

    @@ -616,7 +618,7 @@ see

    path

    Path to the private key to use when signing the certificate.

    -

    This is mutually exclusive with privatekey_content.

    +

    This is mutually exclusive with privatekey_content.

    @@ -624,8 +626,8 @@ see

    string

    Name of the provider to use to generate/retrieve the OpenSSL certificate. Please see the examples on how to emulate it with community.crypto.x509_certificate_info, community.crypto.openssl_csr_info, community.crypto.openssl_privatekey_info and ansible.builtin.assert.

    -

    The entrust provider was added for Ansible 2.9 and requires credentials for the Entrust Certificate Services (ECS) API.

    -

    Required if state is present.

    +

    The entrust provider was added for Ansible 2.9 and requires credentials for the Entrust Certificate Services (ECS) API.

    +

    Required if state is present.

    Choices:

    • "acme"

      • @@ -640,7 +642,7 @@ see

      boolean

      added in community.crypto 1.0.0

    -

    If set to true, will return the (current or generated) certificate’s content as certificate.

    +

    If set to true, will return the (current or generated) certificate’s content as certificate.

    Choices:

    • false ← (default)

      • @@ -653,8 +655,8 @@ see

      string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -676,10 +678,10 @@ see

      string

    Whether to create the Subject Key Identifier (SKI) from the public key.

    -

    A value of create_if_not_provided (default) only creates a SKI when the CSR does not provide one.

    -

    A value of always_create always creates a SKI. If the CSR provides one, that one is ignored.

    -

    A value of never_create never creates a SKI. If the CSR provides one, that one is used.

    -

    This is only used by the selfsigned provider.

    +

    A value of create_if_not_provided (default) only creates a SKI when the CSR does not provide one.

    +

    A value of always_create always creates a SKI. If the CSR provides one, that one is ignored.

    +

    A value of never_create never creates a SKI. If the CSR provides one, that one is used.

    +

    This is only used by the selfsigned provider.

    Note that this is only supported if the cryptography backend is used!

    Choices:

      @@ -694,7 +696,7 @@ see

      string

    Digest algorithm to be used when self-signing the certificate.

    -

    This is only used by the selfsigned provider.

    +

    This is only used by the selfsigned provider.

    Default: "sha256"

    @@ -707,10 +709,10 @@ see

    The point in time at which the certificate stops being valid.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    If this value is not specified, the certificate will stop being valid 10 years from now.

    -

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    -

    This is only used by the selfsigned provider.

    +

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    +

    This is only used by the selfsigned provider.

    On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. Please see https://support.apple.com/en-us/HT210176 for more details.

    Default: "+3650d"

    @@ -724,10 +726,10 @@ see

    The point in time the certificate is valid from.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    If this value is not specified, the certificate will start being valid from now.

    -

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    -

    This is only used by the selfsigned provider.

    +

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    +

    This is only used by the selfsigned provider.

    Default: "+0s"

    @@ -735,9 +737,9 @@ see

    selfsigned_version

    integer

    -

    Version of the selfsigned certificate.

    -

    Nowadays it should almost always be 3.

    -

    This is only used by the selfsigned provider.

    +

    Version of the selfsigned certificate.

    +

    Nowadays it should almost always be 3.

    +

    This is only used by the selfsigned provider.

    Default: 3

    @@ -840,8 +842,8 @@ see

  • All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern.

  • Date specified should be UTC. Minutes and seconds are mandatory.

    • -

  • For security reason, when you use ownca provider, you should NOT run community.crypto.x509_certificate on a target machine, but on a dedicated CA machine. It is recommended not to store the CA private key on the target machine. Once signed, the certificate can be moved to the target machine.

    • -

  • For the selfsigned provider, csr_path and csr_content are optional. If not provided, a certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created.

    • +

  • For security reason, when you use ownca provider, you should NOT run community.crypto.x509_certificate on a target machine, but on a dedicated CA machine. It is recommended not to store the CA private key on the target machine. Once signed, the certificate can be moved to the target machine.

    • +

  • For the selfsigned provider, csr_path and csr_content are optional. If not provided, a certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created.

    • @@ -943,7 +945,8 @@ see path: /etc/ssl/csr/ansible.com.key register: result_privatekey -- assert: +- name: Check conditions on certificate, CSR, and private key + ansible.builtin.assert: that: # When private key was specified for assertonly, this was checked: - result.public_key == result_privatekey.public_key @@ -997,7 +1000,7 @@ see

    string

    Name of backup file created.

    -

    Returned: changed and if backup is true

    +

    Returned: changed and if backup is true

    Sample: "/path/to/www.ansible.com.crt.2019-03-09@11:22~"

    @@ -1007,7 +1010,7 @@ see added in community.crypto 1.0.0

    The (current or generated) certificate’s content.

    -

    Returned: if state is present and return_content is true

    +

    Returned: if state is present and return_content is true

    diff --git a/pr/600/x509_certificate_pipe_module.html b/pr/600/x509_certificate_pipe_module.html index ccd70aa3..fc8ff399 100644 --- a/pr/600/x509_certificate_pipe_module.html +++ b/pr/600/x509_certificate_pipe_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

    community.crypto.x509_certificate_pipe module – Generate and/or check OpenSSL certificates

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -187,10 +189,9 @@ see

    Synopsis

      -

    • It implements a notion of provider (ie. selfsigned, ownca, entrust) for your certificate.

      • +

    • It implements a notion of provider (one of selfsigned, ownca, entrust) for your certificate.

    • It uses the cryptography python library to interact with OpenSSL.

      • -

    • Please note that the module regenerates an existing certificate if it does not match the module’s options, or if it seems to be corrupt. If you are concerned that this could overwrite your existing certificate, consider using the backup option.

      • -

    • The ownca provider is intended for generating an OpenSSL certificate signed with your own CA (Certificate Authority) certificate (self-signed certificate).

      • +

    • The ownca provider is intended for generating an OpenSSL certificate signed with your own CA (Certificate Authority) certificate (self-signed certificate).

    • This module allows one to (re)generate OpenSSL certificates.

    @@ -198,7 +199,7 @@ see

    Requirements

    The below requirements are needed on the host that executes this module.

      -

    • cryptography >= 1.6 (if using selfsigned or ownca provider)

      • +

    • cryptography >= 1.6 (if using selfsigned or ownca provider)

    @@ -222,7 +223,7 @@ see

    string

    Content of the Certificate Signing Request (CSR) used to generate this certificate.

    -

    This is mutually exclusive with csr_path.

    +

    This is mutually exclusive with csr_path.

    @@ -230,7 +231,7 @@ see

    path

    Path to the Certificate Signing Request (CSR) used to generate this certificate.

    -

    This is mutually exclusive with csr_content.

    +

    This is mutually exclusive with csr_content.

    @@ -238,8 +239,8 @@ see

    path

    The path to the private key of the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -247,8 +248,8 @@ see

    path

    The path to the client certificate used to authenticate to the Entrust Certificate Services (ECS) API.

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -256,8 +257,8 @@ see

    string

    The key (password) for authentication to the Entrust Certificate Services (ECS) API.

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -266,7 +267,7 @@ see

    The path to the specification file defining the Entrust Certificate Services (ECS) API configuration.

    You can use this to keep a local copy of the specification to avoid downloading it every time the module is used.

    -

    This is only used by the entrust provider.

    +

    This is only used by the entrust provider.

    Default: "https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml"

    @@ -275,8 +276,8 @@ see

    string

    The username for authentication to the Entrust Certificate Services (ECS) API.

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -284,7 +285,7 @@ see

    string

    Specify the type of certificate requested.

    -

    This is only used by the entrust provider.

    +

    This is only used by the entrust provider.

    Choices:

    @@ -323,8 +324,8 @@ see

    string

    The email of the requester of the certificate (for tracking purposes).

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -332,8 +333,8 @@ see

    string

    The name of the requester of the certificate (for tracking purposes).

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -341,8 +342,8 @@ see

    string

    The phone number of the requester of the certificate (for tracking purposes).

    -

    This is only used by the entrust provider.

    -

    This is required if the provider is entrust.

    +

    This is only used by the entrust provider.

    +

    This is required if the provider is entrust.

    @@ -363,7 +364,7 @@ see added in community.crypto 2.0.0

    Whether the “not before” and “not after” timestamps should be ignored for idempotency checks.

    -

    It is better to keep the default value true when using relative timestamps (like +0s for now).

    +

    It is better to keep the default value true when using relative timestamps (like +0s for now).

    Choices:

    Content of the CA (Certificate Authority) certificate.

    -

    This is only used by the ownca provider.

    -

    This is mutually exclusive with ownca_path.

    +

    This is only used by the ownca provider.

    +

    This is mutually exclusive with ownca_path.

    @@ -386,7 +387,7 @@ see

    Create a Authority Key Identifier from the CA’s certificate. If the CSR provided a authority key identifier, it is ignored.

    The Authority Key Identifier is generated from the CA certificate’s Subject Key Identifier, if available. If it is not available, the CA certificate’s public key will be used.

    -

    This is only used by the ownca provider.

    +

    This is only used by the ownca provider.

    Note that this is only supported if the cryptography backend is used!

    Choices:

    Whether to create the Subject Key Identifier (SKI) from the public key.

    -

    A value of create_if_not_provided (default) only creates a SKI when the CSR does not provide one.

    -

    A value of always_create always creates a SKI. If the CSR provides one, that one is ignored.

    -

    A value of never_create never creates a SKI. If the CSR provides one, that one is used.

    -

    This is only used by the ownca provider.

    +

    A value of create_if_not_provided (default) only creates a SKI when the CSR does not provide one.

    +

    A value of always_create always creates a SKI. If the CSR provides one, that one is ignored.

    +

    A value of never_create never creates a SKI. If the CSR provides one, that one is used.

    +

    This is only used by the ownca provider.

    Note that this is only supported if the cryptography backend is used!

    Choices:

      @@ -417,8 +418,8 @@ see

    ownca_digest

    string

    -

    The digest algorithm to be used for the ownca certificate.

    -

    This is only used by the ownca provider.

    +

    The digest algorithm to be used for the ownca certificate.

    +

    This is only used by the ownca provider.

    Default: "sha256"

    @@ -429,10 +430,10 @@ see

    The point in time at which the certificate stops being valid.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    If this value is not specified, the certificate will stop being valid 10 years from now.

    -

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    -

    This is only used by the ownca provider.

    +

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    +

    This is only used by the ownca provider.

    On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. Please see https://support.apple.com/en-us/HT210176 for more details.

    Default: "+3650d"

    @@ -444,10 +445,10 @@ see

    The point in time the certificate is valid from.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    If this value is not specified, the certificate will start being valid from now.

    -

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    -

    This is only used by the ownca provider.

    +

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    +

    This is only used by the ownca provider.

    Default: "+0s"

    @@ -456,8 +457,8 @@ see

    path

    Remote absolute path of the CA (Certificate Authority) certificate.

    -

    This is only used by the ownca provider.

    -

    This is mutually exclusive with ownca_content.

    +

    This is only used by the ownca provider.

    +

    This is mutually exclusive with ownca_content.

    @@ -465,16 +466,16 @@ see

    string

    Content of the CA (Certificate Authority) private key to use when signing the certificate.

    -

    This is only used by the ownca provider.

    -

    This is mutually exclusive with ownca_privatekey_path.

    +

    This is only used by the ownca provider.

    +

    This is mutually exclusive with ownca_privatekey_path.

    ownca_privatekey_passphrase

    string

    -

    The passphrase for the ownca_privatekey_path resp. ownca_privatekey_content.

    -

    This is only used by the ownca provider.

    +

    The passphrase for the ownca_privatekey_path resp. ownca_privatekey_content.

    +

    This is only used by the ownca provider.

    @@ -482,17 +483,17 @@ see

    path

    Path to the CA (Certificate Authority) private key to use when signing the certificate.

    -

    This is only used by the ownca provider.

    -

    This is mutually exclusive with ownca_privatekey_content.

    +

    This is only used by the ownca provider.

    +

    This is mutually exclusive with ownca_privatekey_content.

    ownca_version

    integer

    -

    The version of the ownca certificate.

    -

    Nowadays it should almost always be 3.

    -

    This is only used by the ownca provider.

    +

    The version of the ownca certificate.

    +

    Nowadays it should almost always be 3.

    +

    This is only used by the ownca provider.

    Default: 3

    @@ -501,14 +502,14 @@ see

    string

    Content of the private key to use when signing the certificate.

    -

    This is mutually exclusive with privatekey_path.

    +

    This is mutually exclusive with privatekey_path.

    privatekey_passphrase

    string

    -

    The passphrase for the privatekey_path resp. privatekey_content.

    +

    The passphrase for the privatekey_path resp. privatekey_content.

    This is required if the private key is password protected.

    @@ -517,7 +518,7 @@ see

    path

    Path to the private key to use when signing the certificate.

    -

    This is mutually exclusive with privatekey_content.

    +

    This is mutually exclusive with privatekey_content.

    @@ -525,7 +526,7 @@ see

    string / required

    Name of the provider to use to generate/retrieve the OpenSSL certificate.

    -

    The entrust provider requires credentials for the Entrust Certificate Services (ECS) API.

    +

    The entrust provider requires credentials for the Entrust Certificate Services (ECS) API.

    Choices:

    • "entrust"

      • @@ -539,8 +540,8 @@ see

      string

    Determines which crypto backend to use.

    -

    The default choice is auto, which tries to use cryptography if available.

    -

    If set to cryptography, will try to use the cryptography library.

    +

    The default choice is auto, which tries to use cryptography if available.

    +

    If set to cryptography, will try to use the cryptography library.

    Choices:

    • "auto" ← (default)

      • @@ -553,10 +554,10 @@ see

      string

    Whether to create the Subject Key Identifier (SKI) from the public key.

    -

    A value of create_if_not_provided (default) only creates a SKI when the CSR does not provide one.

    -

    A value of always_create always creates a SKI. If the CSR provides one, that one is ignored.

    -

    A value of never_create never creates a SKI. If the CSR provides one, that one is used.

    -

    This is only used by the selfsigned provider.

    +

    A value of create_if_not_provided (default) only creates a SKI when the CSR does not provide one.

    +

    A value of always_create always creates a SKI. If the CSR provides one, that one is ignored.

    +

    A value of never_create never creates a SKI. If the CSR provides one, that one is used.

    +

    This is only used by the selfsigned provider.

    Note that this is only supported if the cryptography backend is used!

    Choices:

      @@ -571,7 +572,7 @@ see

      string

    Digest algorithm to be used when self-signing the certificate.

    -

    This is only used by the selfsigned provider.

    +

    This is only used by the selfsigned provider.

    Default: "sha256"

    @@ -584,10 +585,10 @@ see

    The point in time at which the certificate stops being valid.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    If this value is not specified, the certificate will stop being valid 10 years from now.

    -

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    -

    This is only used by the selfsigned provider.

    +

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    +

    This is only used by the selfsigned provider.

    On macOS 10.15 and onwards, TLS server certificates must have a validity period of 825 days or fewer. Please see https://support.apple.com/en-us/HT210176 for more details.

    Default: "+3650d"

    @@ -601,10 +602,10 @@ see

    The point in time the certificate is valid from.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    If this value is not specified, the certificate will start being valid from now.

    -

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    -

    This is only used by the selfsigned provider.

    +

    Note that this value is not used to determine whether an existing certificate should be regenerated. This can be changed by setting the ignore_timestamps option to false. Please note that you should avoid relative timestamps when setting ignore_timestamps=false.

    +

    This is only used by the selfsigned provider.

    Default: "+0s"

    @@ -612,9 +613,9 @@ see

    selfsigned_version

    integer

    -

    Version of the selfsigned certificate.

    -

    Nowadays it should almost always be 3.

    -

    This is only used by the selfsigned provider.

    +

    Version of the selfsigned certificate.

    +

    Nowadays it should almost always be 3.

    +

    This is only used by the selfsigned provider.

    Default: 3

    @@ -657,8 +658,8 @@ see

  • All ASN.1 TIME values should be specified following the YYYYMMDDHHMMSSZ pattern.

  • Date specified should be UTC. Minutes and seconds are mandatory.

    • -

  • For security reason, when you use ownca provider, you should NOT run community.crypto.x509_certificate on a target machine, but on a dedicated CA machine. It is recommended not to store the CA private key on the target machine. Once signed, the certificate can be moved to the target machine.

    • -

  • For the selfsigned provider, csr_path and csr_content are optional. If not provided, a certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created.

    • +

  • For security reason, when you use ownca provider, you should NOT run community.crypto.x509_certificate on a target machine, but on a dedicated CA machine. It is recommended not to store the CA private key on the target machine. Once signed, the certificate can be moved to the target machine.

    • +

  • For the selfsigned provider, csr_path and csr_content are optional. If not provided, a certificate without any information (Subject, Subject Alternative Names, Key Usage, etc.) is created.

    • diff --git a/pr/600/x509_crl_info_filter.html b/pr/600/x509_crl_info_filter.html index 0c58013f..f3476829 100644 --- a/pr/600/x509_crl_info_filter.html +++ b/pr/600/x509_crl_info_filter.html @@ -14,6 +14,8 @@ + + @@ -163,7 +165,7 @@

    community.crypto.x509_crl_info filter – Retrieve information from X.509 CRLs in PEM format

    Note

    -

    This filter plugin is part of the community.crypto collection (version 2.14.0).

    +

    This filter plugin is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this filter plugin, see Requirements for details.

    @@ -192,7 +194,7 @@ see

    Requirements

    The below requirements are needed on the local controller node that executes this filter.

    @@ -231,7 +233,7 @@ example: input

    boolean

    added in community.crypto 1.7.0

    -

    If set to false, the list of revoked certificates is not included in the result.

    +

    If set to false, the list of revoked certificates is not included in the result.

    This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again.

    Choices:

      @@ -245,10 +247,10 @@ example: input

      string

    How to encode names (DNS names, URIs, email addresses) in return values.

    -

    ignore will use the encoding returned by the backend.

    -

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    -

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    -

    Note that idna and unicode require the idna Python library to be installed.

    +

    ignore will use the encoding returned by the backend.

    +

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    +

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    +

    Note that idna and unicode require the idna Python library to be installed.

    Choices:

    • "ignore" ← (default)

      • @@ -314,8 +316,13 @@ example: input

    format

    string

    -

    Whether the CRL is in PEM format (pem) or in DER format (der).

    +

    Whether the CRL is in PEM format (pem) or in DER format (der).

    Returned: success

    +

    Can only return:

    +
      +

    • "pem"

      • +

    • "der"

      • +

    Sample: "pem"

    @@ -325,7 +332,7 @@ example: input

    The CRL’s issuer.

    Note that for repeated values, only the last one will be returned.

    -

    See name_encoding for how IDNs are handled.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}

    @@ -362,7 +369,7 @@ example: input

    list / elements=dictionary

    List of certificates to be revoked.

    -

    Returned: success if list_revoked_certificates=true

    +

    Returned: success if list_revoked_certificates=true

    @@ -389,7 +396,7 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

    list / elements=string

    The certificate’s issuer.

    -

    See name_encoding for how IDNs are handled.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:ca.example.org"]

    @@ -408,8 +415,20 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

    string

    The value for the revocation reason extension.

    -

    One of unspecified, key_compromise, ca_compromise, affiliation_changed, superseded, cessation_of_operation, certificate_hold, privilege_withdrawn, aa_compromise, and remove_from_crl.

    Returned: success

    +

    Can only return:

    +
      +

    • "unspecified"

      • +

    • "key_compromise"

      • +

    • "ca_compromise"

      • +

    • "affiliation_changed"

      • +

    • "superseded"

      • +

    • "cessation_of_operation"

      • +

    • "certificate_hold"

      • +

    • "privilege_withdrawn"

      • +

    • "aa_compromise"

      • +

    • "remove_from_crl"

      • +

    Sample: "key_compromise"

    diff --git a/pr/600/x509_crl_info_module.html b/pr/600/x509_crl_info_module.html index f45820d5..37c8e00d 100644 --- a/pr/600/x509_crl_info_module.html +++ b/pr/600/x509_crl_info_module.html @@ -14,6 +14,8 @@ + + @@ -165,7 +167,7 @@

    community.crypto.x509_crl_info module – Retrieve information on Certificate Revocation Lists (CRLs)

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -194,7 +196,7 @@ see

    Requirements

    The below requirements are needed on the host that executes this module.

    @@ -212,7 +214,7 @@ see

    string

    Content of the X.509 CRL in PEM format, or Base64-encoded X.509 CRL.

    -

    Either path or content must be specified, but not both.

    +

    Either path or content must be specified, but not both.

    @@ -220,7 +222,7 @@ see

    boolean

    added in community.crypto 1.7.0

    -

    If set to false, the list of revoked certificates is not included in the result.

    +

    If set to false, the list of revoked certificates is not included in the result.

    This is useful when retrieving information on large CRL files. Enumerating all revoked certificates can take some time, including serializing the result as JSON, sending it to the Ansible controller, and decoding it again.

    Choices:

      @@ -234,10 +236,10 @@ see

      string

    How to encode names (DNS names, URIs, email addresses) in return values.

    -

    ignore will use the encoding returned by the backend.

    -

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    -

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    -

    Note that idna and unicode require the idna Python library to be installed.

    +

    ignore will use the encoding returned by the backend.

    +

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    +

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    +

    Note that idna and unicode require the idna Python library to be installed.

    Choices:

    • "ignore" ← (default)

      • @@ -251,7 +253,7 @@ see

      path

    Remote absolute path where the generated CRL file should be created or is already located.

    -

    Either path or content must be specified, but not both.

    +

    Either path or content must be specified, but not both.

    @@ -304,7 +306,7 @@ see
    community.crypto.x509_crl

    Generate Certificate Revocation Lists (CRLs).

    -
    community.crypto.x509_crl_info filter

    A filter variant of this module.

    +
    community.crypto.x509_crl_info filter plugin

    A filter variant of this module.

    @@ -351,8 +353,13 @@ see

    format

    string

    -

    Whether the CRL is in PEM format (pem) or in DER format (der).

    +

    Whether the CRL is in PEM format (pem) or in DER format (der).

    Returned: success

    +

    Can only return:

    +
      +

    • "pem"

      • +

    • "der"

      • +

    Sample: "pem"

    @@ -362,7 +369,7 @@ see

    The CRL’s issuer.

    Note that for repeated values, only the last one will be returned.

    -

    See name_encoding for how IDNs are handled.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}

    @@ -399,7 +406,7 @@ see

    list / elements=dictionary

    List of certificates to be revoked.

    -

    Returned: success if list_revoked_certificates=true

    +

    Returned: success if list_revoked_certificates=true

    @@ -426,7 +433,7 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

    list / elements=string

    The certificate’s issuer.

    -

    See name_encoding for how IDNs are handled.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:ca.example.org"]

    @@ -445,8 +452,20 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

    string

    The value for the revocation reason extension.

    -

    One of unspecified, key_compromise, ca_compromise, affiliation_changed, superseded, cessation_of_operation, certificate_hold, privilege_withdrawn, aa_compromise, and remove_from_crl.

    Returned: success

    +

    Can only return:

    +
      +

    • "unspecified"

      • +

    • "key_compromise"

      • +

    • "ca_compromise"

      • +

    • "affiliation_changed"

      • +

    • "superseded"

      • +

    • "cessation_of_operation"

      • +

    • "certificate_hold"

      • +

    • "privilege_withdrawn"

      • +

    • "aa_compromise"

      • +

    • "remove_from_crl"

      • +

    Sample: "key_compromise"

    diff --git a/pr/600/x509_crl_module.html b/pr/600/x509_crl_module.html index bf54cf05..a6bfc9de 100644 --- a/pr/600/x509_crl_module.html +++ b/pr/600/x509_crl_module.html @@ -14,6 +14,8 @@ + + @@ -164,7 +166,7 @@

    community.crypto.x509_crl module – Generate Certificate Revocation Lists (CRLs)

    Note

    -

    This module is part of the community.crypto collection (version 2.14.0).

    +

    This module is part of the community.crypto collection (version 2.14.1).

    To install it, use: ansible-galaxy collection install community.crypto. You need further requirements to be able to use this module, see Requirements for details.

    @@ -193,7 +195,7 @@ see

    Requirements

    The below requirements are needed on the host that executes this module.

    @@ -236,10 +238,10 @@ see added in community.crypto 2.13.0

    Defines how to process entries of existing CRLs.

    -

    If set to generate, makes sure that the CRL has the exact set of revoked certificates as specified in revoked_certificates.

    -

    If set to update, makes sure that the CRL contains the revoked certificates from revoked_certificates, but can also contain other revoked certificates. If the CRL file already exists, all entries from the existing CRL will also be included in the new CRL. When using update, you might be interested in setting ignore_timestamps to true.

    -

    The default value is generate.

    -

    This parameter was called mode before community.crypto 2.13.0. It has been renamed to avoid a collision with the common mode parameter for setting the CRL file’s access mode.

    +

    If set to generate, makes sure that the CRL has the exact set of revoked certificates as specified in revoked_certificates.

    +

    If set to update, makes sure that the CRL contains the revoked certificates from revoked_certificates, but can also contain other revoked certificates. If the CRL file already exists, all entries from the existing CRL will also be included in the new CRL. When using update, you might be interested in setting ignore_timestamps to true.

    +

    The default value is generate.

    +

    This parameter was called mode before community.crypto 2.13.0. It has been renamed to avoid a collision with the common mode parameter for setting the CRL file’s access mode.

    Choices:

    • "generate"

      • @@ -272,7 +274,7 @@ see

      string

    Whether the CRL file should be in PEM or DER format.

    -

    If an existing CRL file does match everything but format, it will be converted to the correct format instead of regenerated.

    +

    If an existing CRL file does match everything but format, it will be converted to the correct format instead of regenerated.

    Choices:

    • "pem" ← (default)

      • @@ -292,7 +294,7 @@ see

    ignore_timestamps

    boolean

    -

    Whether the timestamps last_update, next_update and revocation_date (in revoked_certificates) should be ignored for idempotency checks. The timestamp invalidity_date in revoked_certificates will never be ignored.

    +

    Whether the timestamps last_update, next_update and revoked_certificates[].revocation_date should be ignored for idempotency checks. The timestamp revoked_certificates[].invalidity_date will never be ignored.

    Use this in combination with relative timestamps for these values to get idempotency.

    Choices:

    @@ -319,8 +321,8 @@ see

    A list of dictionaries, where every dictionary must contain one key/value pair. This key/value pair will be present in the issuer name field of the CRL.

    If you want to specify more than one value with the same key in a row, you can use a list as value.

    -

    One of issuer and issuer_ordered is required if state is present.

    -

    Mutually exclusive with issuer.

    +

    One of issuer and issuer_ordered is required if state is present.

    +

    Mutually exclusive with issuer.

    @@ -330,8 +332,8 @@ see

    The point in time from which this CRL can be trusted.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    -

    Note that if using relative time this module is NOT idempotent, except when ignore_timestamps is set to true.

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Note that if using relative time this module is NOT idempotent, except when ignore_timestamps is set to true.

    Default: "+0s"

    @@ -339,8 +341,8 @@ see

    mode

    string

    -

    This parameter has been renamed to crl_mode. The old name mode is now deprecated and will be removed in community.crypto 3.0.0. Replace usage of this parameter with crl_mode.

    -

    Note that from community.crypto 3.0.0 on, mode will be used for the CRL file’s mode.

    +

    This parameter has been renamed to crl_mode. The old name mode is now deprecated and will be removed in community.crypto 3.0.0. Replace usage of this parameter with crl_mode.

    +

    Note that from community.crypto 3.0.0 on, mode will be used for the CRL file’s mode.

    Choices:

    • "generate"

      • @@ -353,10 +355,10 @@ see

      string

    How to encode names (DNS names, URIs, email addresses) in return values.

    -

    ignore will use the encoding returned by the backend.

    -

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    -

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    -

    Note that idna and unicode require the idna Python library to be installed.

    +

    ignore will use the encoding returned by the backend.

    +

    idna will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails.

    +

    unicode will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails.

    +

    Note that idna and unicode require the idna Python library to be installed.

    Choices:

    • "ignore" ← (default)

      • @@ -369,12 +371,12 @@ see

    next_update

    string

    -

    The absolute latest point in time by which this issuer is expected to have issued another CRL. Many clients will treat a CRL as expired once next_update occurs.

    +

    The absolute latest point in time by which this issuer is expected to have issued another CRL. Many clients will treat a CRL as expired once next_update occurs.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    -

    Note that if using relative time this module is NOT idempotent, except when ignore_timestamps is set to true.

    -

    Required if state is present.

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Note that if using relative time this module is NOT idempotent, except when ignore_timestamps is set to true.

    +

    Required if state is present.

    @@ -398,14 +400,14 @@ see

    string

    The content of the CA’s private key to use when signing the CRL.

    -

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    +

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    privatekey_passphrase

    string

    -

    The passphrase for the privatekey_path.

    +

    The passphrase for the privatekey_path.

    This is required if the private key is password protected.

    @@ -414,14 +416,14 @@ see

    path

    Path to the CA’s private key to use when signing the CRL.

    -

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    +

    Either privatekey_path or privatekey_content must be specified if state is present, but not both.

    return_content

    boolean

    -

    If set to true, will return the (current or generated) CRL’s content as crl.

    +

    If set to true, will return the (current or generated) CRL’s content as crl.

    Choices:

    • false ← (default)

      • @@ -434,7 +436,7 @@ see

      list / elements=dictionary

    List of certificates to be revoked.

    -

    Required if state is present.

    +

    Required if state is present.

    @@ -443,7 +445,7 @@ see

    Content of a certificate in PEM format.

    The serial number and issuer will be extracted from the certificate.

    -

    Mutually exclusive with path and serial_number. One of these three options must be specified.

    +

    Mutually exclusive with revoked_certificates[].path and revoked_certificates[].serial_number. One of these three options must be specified.

    @@ -453,8 +455,8 @@ see

    The point in time it was known/suspected that the private key was compromised or that the certificate otherwise became invalid.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    -

    Note that if using relative time this module is NOT idempotent. This will NOT change when ignore_timestamps is set to true.

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Note that if using relative time this module is NOT idempotent. This will NOT change when ignore_timestamps is set to true.

    @@ -474,7 +476,7 @@ see

    list / elements=string

    The certificate’s issuer.

    -

    Example: DNS:ca.example.org

    +

    Example: DNS:ca.example.org

    @@ -495,7 +497,7 @@ see

    Path to a certificate in PEM format.

    The serial number and issuer will be extracted from the certificate.

    -

    Mutually exclusive with content and serial_number. One of these three options must be specified.

    +

    Mutually exclusive with revoked_certificates[].content and revoked_certificates[].serial_number. One of these three options must be specified.

    @@ -537,8 +539,8 @@ see

    The point in time the certificate was revoked.

    Time can be specified either as relative time or as absolute timestamp.

    Time will always be interpreted as UTC.

    -

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    -

    Note that if using relative time this module is NOT idempotent, except when ignore_timestamps is set to true.

    +

    Valid format is [+-]timespec | ASN.1 TIME where timespec can be an integer + [w | d | h | m | s] (for example +32w1d2h).

    +

    Note that if using relative time this module is NOT idempotent, except when ignore_timestamps is set to true.

    Default: "+0s"

    @@ -547,7 +549,7 @@ see

    integer

    Serial number of the certificate.

    -

    Mutually exclusive with path and content. One of these three options must be specified.

    +

    Mutually exclusive with revoked_certificates[].path and revoked_certificates[].content. One of these three options must be specified.

    @@ -700,7 +702,7 @@ see

    string

    Name of backup file created.

    -

    Returned: changed and if backup is true

    +

    Returned: changed and if backup is true

    Sample: "/path/to/my-ca.crl.2019-03-09@11:22~"

    @@ -709,8 +711,8 @@ see

    string

    The (current or generated) CRL’s content.

    -

    Will be the CRL itself if format is pem, and Base64 of the CRL if format is der.

    -

    Returned: if state is present and return_content is true

    +

    Will be the CRL itself if format is pem, and Base64 of the CRL if format is der.

    +

    Returned: if state is present and return_content is true

    @@ -735,8 +737,13 @@ see

    format

    string

    -

    Whether the CRL is in PEM format (pem) or in DER format (der).

    +

    Whether the CRL is in PEM format (pem) or in DER format (der).

    Returned: success

    +

    Can only return:

    +
      +

    • "pem"

      • +

    • "der"

      • +

    Sample: "pem"

    @@ -746,7 +753,7 @@ see

    The CRL’s issuer.

    Note that for repeated values, only the last one will be returned.

    -

    See name_encoding for how IDNs are handled.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: {"commonName": "ca.example.com", "organizationName": "Ansible"}

    @@ -819,7 +826,7 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

    list / elements=string

    The certificate’s issuer.

    -

    See name_encoding for how IDNs are handled.

    +

    See name_encoding for how IDNs are handled.

    Returned: success

    Sample: ["DNS:ca.example.org"]

    @@ -838,8 +845,20 @@ or that the certificate otherwise became invalid as ASN.1 TIME.

    string

    The value for the revocation reason extension.

    -

    One of unspecified, key_compromise, ca_compromise, affiliation_changed, superseded, cessation_of_operation, certificate_hold, privilege_withdrawn, aa_compromise, and remove_from_crl.

    Returned: success

    +

    Can only return:

    +
      +

    • "unspecified"

      • +

    • "key_compromise"

      • +

    • "ca_compromise"

      • +

    • "affiliation_changed"

      • +

    • "superseded"

      • +

    • "cessation_of_operation"

      • +

    • "certificate_hold"

      • +

    • "privilege_withdrawn"

      • +

    • "aa_compromise"

      • +

    • "remove_from_crl"

      • +

    Sample: "key_compromise"