Make all module_utils and plugin_utils private (#887)

* Add leading underscore. Remove deprecated module utils.

* Document module and plugin utils as private. Add changelog fragment.

* Convert relative to absolute imports.

* Remove unnecessary imports.

plugins/module_utils/_crypto/module_backends/crl_info.py

@@ -0,0 +1,124 @@
+# Copyright (c) 2020, Felix Fontein <felix@fontein.de>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Note that this module util is **PRIVATE** to the collection. It can have breaking changes at any time.
+# Do not use this from other collections or standalone plugins/modules!
+
+from __future__ import annotations
+
+import typing as t
+
+from ansible_collections.community.crypto.plugins.module_utils._crypto.cryptography_crl import (
+    TIMESTAMP_FORMAT,
+    cryptography_decode_revoked_certificate,
+    cryptography_dump_revoked,
+    cryptography_get_signature_algorithm_oid_from_crl,
+)
+from ansible_collections.community.crypto.plugins.module_utils._crypto.cryptography_support import (
+    cryptography_oid_to_name,
+)
+from ansible_collections.community.crypto.plugins.module_utils._crypto.pem import (
+    identify_pem_format,
+)
+from ansible_collections.community.crypto.plugins.module_utils._cryptography_dep import (
+    COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION,
+    assert_required_cryptography_version,
+)
+
+
+if t.TYPE_CHECKING:
+    from ansible.module_utils.basic import AnsibleModule
+    from ansible_collections.community.crypto.plugins.plugin_utils._action_module import (
+        AnsibleActionModule,
+    )
+    from ansible_collections.community.crypto.plugins.plugin_utils._filter_module import (
+        FilterModuleMock,
+    )
+    from cryptography.hazmat.primitives.asymmetric.types import (
+        PrivateKeyTypes,
+    )
+
+    GeneralAnsibleModule = t.Union[AnsibleModule, AnsibleActionModule, FilterModuleMock]
+
+
+# crypto_utils
+
+MINIMAL_CRYPTOGRAPHY_VERSION = COLLECTION_MINIMUM_CRYPTOGRAPHY_VERSION
+
+try:
+    from cryptography import x509
+except ImportError:
+    pass
+
+
+class CRLInfoRetrieval:
+    def __init__(
+        self,
+        module: GeneralAnsibleModule,
+        content: bytes,
+        list_revoked_certificates: bool = True,
+    ) -> None:
+        # content must be a bytes string
+        self.module = module
+        self.content = content
+        self.list_revoked_certificates = list_revoked_certificates
+        self.name_encoding = module.params.get("name_encoding", "ignore")
+
+    def get_info(self) -> dict[str, t.Any]:
+        self.crl_pem = identify_pem_format(self.content)
+        try:
+            if self.crl_pem:
+                self.crl = x509.load_pem_x509_crl(self.content)
+            else:
+                self.crl = x509.load_der_x509_crl(self.content)
+        except ValueError as e:
+            self.module.fail_json(msg=f"Error while decoding CRL: {e}")
+
+        result: dict[str, t.Any] = {
+            "changed": False,
+            "format": "pem" if self.crl_pem else "der",
+            "last_update": None,
+            "next_update": None,
+            "digest": None,
+            "issuer_ordered": None,
+            "issuer": None,
+        }
+
+        result["last_update"] = self.crl.last_update.strftime(TIMESTAMP_FORMAT)
+        result["next_update"] = (
+            self.crl.next_update.strftime(TIMESTAMP_FORMAT)
+            if self.crl.next_update
+            else None
+        )
+        result["digest"] = cryptography_oid_to_name(
+            cryptography_get_signature_algorithm_oid_from_crl(self.crl)
+        )
+        issuer = []
+        for attribute in self.crl.issuer:
+            issuer.append([cryptography_oid_to_name(attribute.oid), attribute.value])
+        result["issuer_ordered"] = issuer
+        result["issuer"] = {}
+        for k, v in issuer:
+            result["issuer"][k] = v
+        if self.list_revoked_certificates:
+            result["revoked_certificates"] = []
+            for cert in self.crl:
+                entry = cryptography_decode_revoked_certificate(cert)
+                result["revoked_certificates"].append(
+                    cryptography_dump_revoked(entry, idn_rewrite=self.name_encoding)
+                )
+
+        return result
+
+
+def get_crl_info(
+    module: GeneralAnsibleModule, content: bytes, list_revoked_certificates: bool = True
+) -> dict[str, t.Any]:
+    assert_required_cryptography_version(
+        module, minimum_cryptography_version=MINIMAL_CRYPTOGRAPHY_VERSION
+    )
+    info = CRLInfoRetrieval(
+        module, content, list_revoked_certificates=list_revoked_certificates
+    )
+    return info.get_info()