Revert all non-bugfixes merged since the last release.

Revert "Fix documentation. (#751)" Revert "ACME modules: simplify code, refactor argspec handling code, move csr/csr_content to own docs fragment (#750)" Revert "Refactor and extend argument spec helper, use for ACME modules (#749)" Revert "Avoid exception if certificate has no AKI in acme_certificate. (#748)" Revert "ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (#747)" Revert "Add acme_certificate_renewal_info module (#746)" Revert "Refactor time code, add tests, fix bug when parsing absolute timestamps that omit seconds (#745)" Revert "Add tests for acme_certificate_deactivate_authz module. (#744)" Revert "Create acme_certificate_deactivate_authz module (#741)" Revert "acme_certificate: allow to request renewal of a certificate according to ARI (#739)" Revert "Implement basic acme_ari_info module. (#732)" Revert "Add function for retrieval of ARI information. (#738)" Revert "acme module utils: add functions for parsing Retry-After header values and computation of ARI certificate IDs (#737)" Revert "Implement certificate information retrieval code in the ACME backends. (#736)" Revert "Split up the default acme docs fragment to allow modules ot not need account data. (#735)" This reverts commits 5e59c5261e, aa82575a78, f3c9cb7a8a, f82b335916, 553ab45f46, 59606d48ad, 0a15be1017, 9501a28a93, d906914737, 33d278ad8f, 6d4fc589ae, 9614b09f7a, af5f4b57f8, c6fbe58382, and afe7f7522c.
2026-05-07 05:43:06 +00:00 · 2024-05-11 16:06:52 +02:00
parent f43fa94549
commit 82251c2d80
66 changed files with 299 additions and 2908 deletions
--- a/plugins/module_utils/crypto/math.py
+++ b/plugins/module_utils/crypto/math.py
@@ -110,9 +110,6 @@ if sys.version_info[0] >= 3:
    def _convert_int_to_bytes(count, no):
        return no.to_bytes(count, byteorder='big')

-    def _convert_bytes_to_int(data):
-        return int.from_bytes(data, byteorder='big', signed=False)
-
    def _to_hex(no):
        return hex(no)[2:]
 else:
@@ -125,12 +122,6 @@ else:
            raise Exception('Number {1} needs more than {0} bytes!'.format(count, n))
        return ('0' * (2 * count - len(h)) + h).decode('hex')

-    def _convert_bytes_to_int(data):
-        v = 0
-        for x in data:
-            v = (v << 8) | ord(x)
-        return v
-
    def _to_hex(no):
        return '%x' % no

@@ -164,10 +155,3 @@ def convert_int_to_hex(no, digits=None):
    if digits is not None and len(value) < digits:
        value = '0' * (digits - len(value)) + value
    return value
-
-
-def convert_bytes_to_int(data):
-    """
-    Convert a byte string to an unsigned integer in network byte order.
-    """
-    return _convert_bytes_to_int(data)
--- a/plugins/module_utils/crypto/module_backends/certificate.py
+++ b/plugins/module_utils/crypto/module_backends/certificate.py
@@ -15,10 +15,10 @@ import traceback
 from ansible.module_utils import six
 from ansible.module_utils.basic import missing_required_lib

-from ansible_collections.community.crypto.plugins.module_utils.argspec import ArgumentSpec
-
 from ansible_collections.community.crypto.plugins.module_utils.version import LooseVersion

+from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.common import ArgumentSpec
+
 from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
    OpenSSLObjectError,
    OpenSSLBadPassphraseError,
--- a/plugins/module_utils/crypto/module_backends/certificate_entrust.py
+++ b/plugins/module_utils/crypto/module_backends/certificate_entrust.py
@@ -18,6 +18,8 @@ from ansible_collections.community.crypto.plugins.module_utils.ecs.api import EC

 from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
    load_certificate,
+    get_now_datetime,
+    get_relative_time_option,
 )

 from ansible_collections.community.crypto.plugins.module_utils.crypto.cryptography_support import (
@@ -32,11 +34,6 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.module_bac
    CertificateProvider,
 )

-from ansible_collections.community.crypto.plugins.module_utils.time import (
-    get_now_datetime,
-    get_relative_time_option,
-)
-
 try:
    from cryptography.x509.oid import NameOID
 except ImportError:
--- a/plugins/module_utils/crypto/module_backends/certificate_info.py
+++ b/plugins/module_utils/crypto/module_backends/certificate_info.py
@@ -23,6 +23,7 @@ from ansible_collections.community.crypto.plugins.module_utils.version import Lo
 from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
    load_certificate,
    get_fingerprint_of_bytes,
+    get_now_datetime,
 )

 from ansible_collections.community.crypto.plugins.module_utils.crypto.cryptography_support import (
@@ -39,10 +40,6 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.module_bac
    get_publickey_info,
 )

-from ansible_collections.community.crypto.plugins.module_utils.time import (
-    get_now_datetime,
-)
-
 MINIMAL_CRYPTOGRAPHY_VERSION = '1.6'

 CRYPTOGRAPHY_IMP_ERR = None
--- a/plugins/module_utils/crypto/module_backends/certificate_ownca.py
+++ b/plugins/module_utils/crypto/module_backends/certificate_ownca.py
@@ -22,6 +22,7 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.basic impo
 from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
    load_privatekey,
    load_certificate,
+    get_relative_time_option,
    select_message_digest,
 )

@@ -44,10 +45,6 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.module_bac
    CertificateProvider,
 )

-from ansible_collections.community.crypto.plugins.module_utils.time import (
-    get_relative_time_option,
-)
-
 try:
    import cryptography
    from cryptography import x509
--- a/plugins/module_utils/crypto/module_backends/certificate_selfsigned.py
+++ b/plugins/module_utils/crypto/module_backends/certificate_selfsigned.py
@@ -14,6 +14,7 @@ import os
 from random import randrange

 from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
+    get_relative_time_option,
    select_message_digest,
 )

@@ -34,10 +35,6 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.module_bac
    CertificateProvider,
 )

-from ansible_collections.community.crypto.plugins.module_utils.time import (
-    get_relative_time_option,
-)
-
 try:
    import cryptography
    from cryptography import x509
--- a/plugins/module_utils/crypto/module_backends/common.py
+++ b/plugins/module_utils/crypto/module_backends/common.py
@@ -10,19 +10,26 @@ __metaclass__ = type

 from ansible.module_utils.basic import AnsibleModule

-from ansible_collections.community.crypto.plugins.module_utils.argspec import ArgumentSpec as _ArgumentSpec

+class ArgumentSpec:
+    def __init__(self, argument_spec, mutually_exclusive=None, required_together=None, required_one_of=None, required_if=None, required_by=None):
+        self.argument_spec = argument_spec
+        self.mutually_exclusive = mutually_exclusive or []
+        self.required_together = required_together or []
+        self.required_one_of = required_one_of or []
+        self.required_if = required_if or []
+        self.required_by = required_by or {}

-class ArgumentSpec(_ArgumentSpec):
    def create_ansible_module_helper(self, clazz, args, **kwargs):
-        result = super(ArgumentSpec, self).create_ansible_module_helper(clazz, args, **kwargs)
-        result.deprecate(
-            "The crypto.module_backends.common module utils is deprecated and will be removed from community.crypto 3.0.0."
-            " Use the argspec module utils from community.crypto instead.",
-            version='3.0.0',
-            collection_name='community.crypto',
-        )
-        return result
+        return clazz(
+            *args,
+            argument_spec=self.argument_spec,
+            mutually_exclusive=self.mutually_exclusive,
+            required_together=self.required_together,
+            required_one_of=self.required_one_of,
+            required_if=self.required_if,
+            required_by=self.required_by,
+            **kwargs)

-
-__all__ = ('AnsibleModule', 'ArgumentSpec')
+    def create_ansible_module(self, **kwargs):
+        return self.create_ansible_module_helper(AnsibleModule, (), **kwargs)
--- a/plugins/module_utils/crypto/module_backends/csr.py
+++ b/plugins/module_utils/crypto/module_backends/csr.py
@@ -17,8 +17,6 @@ from ansible.module_utils import six
 from ansible.module_utils.basic import missing_required_lib
 from ansible.module_utils.common.text.converters import to_native, to_text

-from ansible_collections.community.crypto.plugins.module_utils.argspec import ArgumentSpec
-
 from ansible_collections.community.crypto.plugins.module_utils.version import LooseVersion

 from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
@@ -51,6 +49,8 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.module_bac
    get_csr_info,
 )

+from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.common import ArgumentSpec
+

 MINIMAL_CRYPTOGRAPHY_VERSION = '1.3'

--- a/plugins/module_utils/crypto/module_backends/privatekey.py
+++ b/plugins/module_utils/crypto/module_backends/privatekey.py
@@ -17,8 +17,6 @@ from ansible.module_utils import six
 from ansible.module_utils.basic import missing_required_lib
 from ansible.module_utils.common.text.converters import to_bytes

-from ansible_collections.community.crypto.plugins.module_utils.argspec import ArgumentSpec
-
 from ansible_collections.community.crypto.plugins.module_utils.version import LooseVersion

 from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
@@ -44,6 +42,8 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.module_bac
    get_privatekey_info,
 )

+from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.common import ArgumentSpec
+

 MINIMAL_CRYPTOGRAPHY_VERSION = '1.2.3'

--- a/plugins/module_utils/crypto/module_backends/privatekey_convert.py
+++ b/plugins/module_utils/crypto/module_backends/privatekey_convert.py
@@ -15,14 +15,12 @@ from ansible.module_utils import six
 from ansible.module_utils.basic import missing_required_lib
 from ansible.module_utils.common.text.converters import to_bytes

-from ansible_collections.community.crypto.plugins.module_utils.argspec import ArgumentSpec
+from ansible_collections.community.crypto.plugins.module_utils.version import LooseVersion

 from ansible_collections.community.crypto.plugins.module_utils.io import (
    load_file,
 )

-from ansible_collections.community.crypto.plugins.module_utils.version import LooseVersion
-
 from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
    CRYPTOGRAPHY_HAS_X25519,
    CRYPTOGRAPHY_HAS_X448,
@@ -39,6 +37,8 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import
    identify_private_key_format,
 )

+from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.common import ArgumentSpec
+

 MINIMAL_CRYPTOGRAPHY_VERSION = '1.2.3'

--- a/plugins/module_utils/crypto/support.py
+++ b/plugins/module_utils/crypto/support.py
@@ -9,25 +9,19 @@ __metaclass__ = type


 import abc
+import datetime
 import errno
 import hashlib
 import os
+import re

 from ansible.module_utils import six
-from ansible.module_utils.common.text.converters import to_bytes
+from ansible.module_utils.common.text.converters import to_native, to_bytes

 from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import (
    identify_pem_format,
 )

-from ansible_collections.community.crypto.plugins.module_utils.time import (  # noqa: F401, pylint: disable=unused-import
-    # These imports are for backwards compatibility
-    get_now_datetime,
-    ensure_utc_timezone,
-    convert_relative_to_datetime,
-    get_relative_time_option,
-)
-
 try:
    from OpenSSL import crypto
    HAS_PYOPENSSL = True
@@ -285,6 +279,86 @@ def parse_ordered_name_field(input_list, name_field_name):
    return result


+def get_now_datetime(with_timezone):
+    if with_timezone:
+        return datetime.datetime.now(tz=datetime.timezone.utc)
+    return datetime.datetime.utcnow()
+
+
+def ensure_utc_timezone(timestamp):
+    if timestamp.tzinfo is not None:
+        return timestamp
+    return timestamp.astimezone(datetime.timezone.utc)
+
+
+def convert_relative_to_datetime(relative_time_string, with_timezone=False):
+    """Get a datetime.datetime or None from a string in the time format described in sshd_config(5)"""
+
+    parsed_result = re.match(
+        r"^(?P<prefix>[+-])((?P<weeks>\d+)[wW])?((?P<days>\d+)[dD])?((?P<hours>\d+)[hH])?((?P<minutes>\d+)[mM])?((?P<seconds>\d+)[sS]?)?$",
+        relative_time_string)
+
+    if parsed_result is None or len(relative_time_string) == 1:
+        # not matched or only a single "+" or "-"
+        return None
+
+    offset = datetime.timedelta(0)
+    if parsed_result.group("weeks") is not None:
+        offset += datetime.timedelta(weeks=int(parsed_result.group("weeks")))
+    if parsed_result.group("days") is not None:
+        offset += datetime.timedelta(days=int(parsed_result.group("days")))
+    if parsed_result.group("hours") is not None:
+        offset += datetime.timedelta(hours=int(parsed_result.group("hours")))
+    if parsed_result.group("minutes") is not None:
+        offset += datetime.timedelta(
+            minutes=int(parsed_result.group("minutes")))
+    if parsed_result.group("seconds") is not None:
+        offset += datetime.timedelta(
+            seconds=int(parsed_result.group("seconds")))
+
+    now = get_now_datetime(with_timezone=with_timezone)
+    if parsed_result.group("prefix") == "+":
+        return now + offset
+    else:
+        return now - offset
+
+
+def get_relative_time_option(input_string, input_name, backend='cryptography', with_timezone=False):
+    """Return an absolute timespec if a relative timespec or an ASN1 formatted
+       string is provided.
+
+       The return value will be a datetime object for the cryptography backend,
+       and a ASN1 formatted string for the pyopenssl backend."""
+    result = to_native(input_string)
+    if result is None:
+        raise OpenSSLObjectError(
+            'The timespec "%s" for %s is not valid' %
+            input_string, input_name)
+    # Relative time
+    if result.startswith("+") or result.startswith("-"):
+        result_datetime = convert_relative_to_datetime(result, with_timezone=with_timezone)
+        if backend == 'pyopenssl':
+            return result_datetime.strftime("%Y%m%d%H%M%SZ")
+        elif backend == 'cryptography':
+            return result_datetime
+    # Absolute time
+    if backend == 'cryptography':
+        for date_fmt in ['%Y%m%d%H%M%SZ', '%Y%m%d%H%MZ', '%Y%m%d%H%M%S%z', '%Y%m%d%H%M%z']:
+            try:
+                res = datetime.datetime.strptime(result, date_fmt)
+            except ValueError:
+                pass
+            else:
+                if with_timezone:
+                    res = res.astimezone(datetime.timezone.utc)
+                return res
+
+        raise OpenSSLObjectError(
+            'The time spec "%s" for %s is invalid' %
+            (input_string, input_name)
+        )
+
+
 def select_message_digest(digest_string):
    digest = None
    if digest_string == 'sha256':