Refactor module_utils/crypto.py (#27)

* Refactor module_utils/crypto.py: split up into multiple smaller modules * Remove superfluous files. * Fix sanity errors. * Move CRL entry dumping code to module_utils. * Move obj2txt usage from CRL modules to module_utils/crpyto/cryptography_crl. * Move generic I/O functions to plugins/module_utils/io.py. * Add helper method for retrieving serial number of certificate. * Add compatibility code into __init__.py. * Fix syntax error, and add ignore.txt entries for non-empty __init__.
2026-05-08 06:13:03 +00:00 · 2020-05-12 11:19:42 +02:00
parent 43b6765c00
commit 9a096dd146
32 changed files with 1902 additions and 1373 deletions
--- a/plugins/modules/openssl_csr_info.py
+++ b/plugins/modules/openssl_csr_info.py
@@ -213,9 +213,29 @@ from distutils.version import LooseVersion
 from ansible.module_utils.basic import AnsibleModule, missing_required_lib
 from ansible.module_utils._text import to_native, to_text, to_bytes

-from ansible_collections.community.crypto.plugins.module_utils import crypto as crypto_utils
 from ansible_collections.community.crypto.plugins.module_utils.compat import ipaddress as compat_ipaddress

+from ansible_collections.community.crypto.plugins.module_utils.crypto.basic import (
+    OpenSSLObjectError,
+)
+
+from ansible_collections.community.crypto.plugins.module_utils.crypto.support import (
+    OpenSSLObject,
+    load_certificate_request,
+    get_fingerprint_of_bytes,
+)
+
+from ansible_collections.community.crypto.plugins.module_utils.crypto.cryptography_support import (
+    cryptography_decode_name,
+    cryptography_get_extensions_from_csr,
+    cryptography_oid_to_name,
+)
+
+from ansible_collections.community.crypto.plugins.module_utils.crypto.pyopenssl_support import (
+    pyopenssl_normalize_name,
+    pyopenssl_get_extensions_from_csr,
+)
+
 MINIMAL_CRYPTOGRAPHY_VERSION = '1.3'
 MINIMAL_PYOPENSSL_VERSION = '0.15'

@@ -254,7 +274,7 @@ else:
 TIMESTAMP_FORMAT = "%Y%m%d%H%M%SZ"


-class CertificateSigningRequestInfo(crypto_utils.OpenSSLObject):
+class CertificateSigningRequestInfo(OpenSSLObject):
    def __init__(self, module, backend):
        super(CertificateSigningRequestInfo, self).__init__(
            module.params['path'] or '',
@@ -269,11 +289,11 @@ class CertificateSigningRequestInfo(crypto_utils.OpenSSLObject):
            self.content = self.content.encode('utf-8')

    def generate(self):
-        # Empty method because crypto_utils.OpenSSLObject wants this
+        # Empty method because OpenSSLObject wants this
        pass

    def dump(self):
-        # Empty method because crypto_utils.OpenSSLObject wants this
+        # Empty method because OpenSSLObject wants this
        pass

    @abc.abstractmethod
@@ -322,7 +342,7 @@ class CertificateSigningRequestInfo(crypto_utils.OpenSSLObject):

    def get_info(self):
        result = dict()
-        self.csr = crypto_utils.load_certificate_request(self.path, content=self.content, backend=self.backend)
+        self.csr = load_certificate_request(self.path, content=self.content, backend=self.backend)

        subject = self._get_subject_ordered()
        result['subject'] = dict()
@@ -337,7 +357,7 @@ class CertificateSigningRequestInfo(crypto_utils.OpenSSLObject):

        result['public_key'] = self._get_public_key(binary=False)
        pk = self._get_public_key(binary=True)
-        result['public_key_fingerprints'] = crypto_utils.get_fingerprint_of_bytes(pk) if pk is not None else dict()
+        result['public_key_fingerprints'] = get_fingerprint_of_bytes(pk) if pk is not None else dict()

        if self.backend != 'pyopenssl':
            ski = self._get_subject_key_identifier()
@@ -373,7 +393,7 @@ class CertificateSigningRequestInfoCryptography(CertificateSigningRequestInfo):
    def _get_subject_ordered(self):
        result = []
        for attribute in self.csr.subject:
-            result.append([crypto_utils.cryptography_oid_to_name(attribute.oid), attribute.value])
+            result.append([cryptography_oid_to_name(attribute.oid), attribute.value])
        return result

    def _get_key_usage(self):
@@ -418,7 +438,7 @@ class CertificateSigningRequestInfoCryptography(CertificateSigningRequestInfo):
        try:
            ext_keyusage_ext = self.csr.extensions.get_extension_for_class(x509.ExtendedKeyUsage)
            return sorted([
-                crypto_utils.cryptography_oid_to_name(eku) for eku in ext_keyusage_ext.value
+                cryptography_oid_to_name(eku) for eku in ext_keyusage_ext.value
            ]), ext_keyusage_ext.critical
        except cryptography.x509.ExtensionNotFound:
            return None, False
@@ -452,7 +472,7 @@ class CertificateSigningRequestInfoCryptography(CertificateSigningRequestInfo):
    def _get_subject_alt_name(self):
        try:
            san_ext = self.csr.extensions.get_extension_for_class(x509.SubjectAlternativeName)
-            result = [crypto_utils.cryptography_decode_name(san) for san in san_ext.value]
+            result = [cryptography_decode_name(san) for san in san_ext.value]
            return result, san_ext.critical
        except cryptography.x509.ExtensionNotFound:
            return None, False
@@ -475,13 +495,13 @@ class CertificateSigningRequestInfoCryptography(CertificateSigningRequestInfo):
            ext = self.csr.extensions.get_extension_for_class(x509.AuthorityKeyIdentifier)
            issuer = None
            if ext.value.authority_cert_issuer is not None:
-                issuer = [crypto_utils.cryptography_decode_name(san) for san in ext.value.authority_cert_issuer]
+                issuer = [cryptography_decode_name(san) for san in ext.value.authority_cert_issuer]
            return ext.value.key_identifier, issuer, ext.value.authority_cert_serial_number
        except cryptography.x509.ExtensionNotFound:
            return None, None, None

    def _get_all_extensions(self):
-        return crypto_utils.cryptography_get_extensions_from_csr(self.csr)
+        return cryptography_get_extensions_from_csr(self.csr)

    def _is_signature_valid(self):
        return self.csr.is_signature_valid
@@ -496,7 +516,7 @@ class CertificateSigningRequestInfoPyOpenSSL(CertificateSigningRequestInfo):
    def __get_name(self, name):
        result = []
        for sub in name.get_components():
-            result.append([crypto_utils.pyopenssl_normalize_name(sub[0]), to_text(sub[1])])
+            result.append([pyopenssl_normalize_name(sub[0]), to_text(sub[1])])
        return result

    def _get_subject_ordered(self):
@@ -506,7 +526,7 @@ class CertificateSigningRequestInfoPyOpenSSL(CertificateSigningRequestInfo):
        for extension in self.csr.get_extensions():
            if extension.get_short_name() == short_name:
                result = [
-                    crypto_utils.pyopenssl_normalize_name(usage.strip()) for usage in to_text(extension, errors='surrogate_or_strict').split(',')
+                    pyopenssl_normalize_name(usage.strip()) for usage in to_text(extension, errors='surrogate_or_strict').split(',')
                ]
                return sorted(result), bool(extension.get_critical())
        return None, False
@@ -581,7 +601,7 @@ class CertificateSigningRequestInfoPyOpenSSL(CertificateSigningRequestInfo):
        return None, None, None

    def _get_all_extensions(self):
-        return crypto_utils.pyopenssl_get_extensions_from_csr(self.csr)
+        return pyopenssl_get_extensions_from_csr(self.csr)

    def _is_signature_valid(self):
        try:
@@ -654,7 +674,7 @@ def main():

        result = certificate.get_info()
        module.exit_json(**result)
-    except crypto_utils.OpenSSLObjectError as exc:
+    except OpenSSLObjectError as exc:
        module.fail_json(msg=to_native(exc))