openssl_pkcs12: allow to specify certificate bundles in other_certificates (#166)

* Rename identify.py to pem.py. * Move split PEM list code to pem.py crypto module_utils. * Extend and use global certificate splitting code in acme_certificate. * openssl_pkcs12: allow to load multiple certificates from files mentioned in other_certificates. * Add changelog and module_utils redirect. * Remove old check. * Fix typo. * Apply suggestions from code review Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Add example. Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2026-05-06 13:22:58 +00:00 · 2021-01-26 10:21:49 +01:00
parent d8ccebce60
commit c7ef362d7a
12 changed files with 134 additions and 46 deletions
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@@ -124,6 +124,10 @@ import traceback
 from ansible.module_utils.basic import AnsibleModule, missing_required_lib
 from ansible.module_utils._text import to_bytes

+from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import (
+    split_pem_list,
+)
+
 CRYPTOGRAPHY_IMP_ERR = None
 try:
    import cryptography
@@ -194,27 +198,17 @@ def parse_PEM_list(module, text, source, fail_on_error=True):
    Parse concatenated PEM certificates. Return list of ``Certificate`` objects.
    '''
    result = []
-    lines = text.splitlines(True)
-    current = None
-    for line in lines:
-        if line.strip():
-            if line.startswith('-----BEGIN '):
-                current = [line]
-            elif current is not None:
-                current.append(line)
-                if line.startswith('-----END '):
-                    cert_pem = ''.join(current)
-                    current = None
-                    # Try to load PEM certificate
-                    try:
-                        cert = cryptography.x509.load_pem_x509_certificate(to_bytes(cert_pem), _cryptography_backend)
-                        result.append(Certificate(cert_pem, cert))
-                    except Exception as e:
-                        msg = 'Cannot parse certificate #{0} from {1}: {2}'.format(len(result) + 1, source, e)
-                        if fail_on_error:
-                            module.fail_json(msg=msg)
-                        else:
-                            module.warn(msg)
+    for cert_pem in split_pem_list(text):
+        # Try to load PEM certificate
+        try:
+            cert = cryptography.x509.load_pem_x509_certificate(to_bytes(cert_pem), _cryptography_backend)
+            result.append(Certificate(cert_pem, cert))
+        except Exception as e:
+            msg = 'Cannot parse certificate #{0} from {1}: {2}'.format(len(result) + 1, source, e)
+            if fail_on_error:
+                module.fail_json(msg=msg)
+            else:
+                module.warn(msg)
    return result