* Remove assertonly backend.
* Remove assertonly tests.
* The expired test is basically a test of assertonly.
* Replace assertonly verification by _info + assert.
* Remove vendored copy of ipaddress.
* Forgot an import.
* Remove sanity ignores and checks related to ipaddress.
* Remove octal IPv4 address.
Such IPs are no longer accepted by ipaddress in Python's standard library (CVE-2021-29921).
* Remove unused import.
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Adjust dirName serialization to RFC 4514.
* Adjust deserialization to RFC 4514.
* Add changelog fragment.
* Use Unicode strings, and work around Python 2 and Python 3 differences and problems with old cryptography versions.
* Work with bytes, not Unicode strings, to handle escaping of Unicode endpoints correctly.
* Remove Ubuntu 16.04 (Xenial Xerus) from CI.
* Removing PyOpenSSL backend from everywhere but openssl_pkcs12.
* Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12.
* Add changelog fragment.
* Run all tests on all targets. Remove hack in setup_acme.
* Fix some failing tests.
* OpenSSH tests do not work yet with default image on Ansible 2.9. Let's skip them on the cloud target.
* Make tests pass again.
* Make sure to install *latest* versions of cryptography and pyOpenSSL when not installing system packages, whenever possible.
ci_complete
* Update/fix aliases files.
* Install PyOpenSSL and cryptography from PyPi if target Python != system Python.
* Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling.
* Skip tasks that require properties that aren't always there.
* Only install OpenSSL when not present.
* Improve output.
* Improve get_certificate integration test graceful failing.
* Fix tests.
* Fix assert.
* OpenSSL peculiarities.
* Fix condition.
* Initial commit
* Matching tests to overwritten permissions behavior with cryptography
* Ensuring key validation only occurs when state=present and accomodating CentOS6 restrictions
* Making ssh-keygen behavior explicit by version in tests
* Ensuring cyrptography not excluded in new conditions
* Adding changelog fragment
* Fixing sanity checks
* Improving readability
* Applying review suggestions
* addressing restore_on_failure conflict
* Initial commit
* Fixed CRLF and ed25519 handling on CentOS6
* Separated expected test results for file permissions between backends
* Fixed unprotected key base directory
* Fixed PEM encoded file test
* Initial commit
* Fixing unit tests
* More unit fixes
* Adding changelog fragment
* Minor refactor in Certificate.generate()
* Addressing option case-sensitivity and directive overrides
* Renaming idempotency to regenerate
* updating changelog
* Minor refactoring of default options
* Cleaning up with inline functions
* Fixing false failures when regenerate=fail and improving clarity
* Applying second round of review suggestions
* adding helper for safe atomic moves
* Initial commit
* Fixing units
* Adding changelog fragment
* Enhanced encapsulation of certificate data
* Avoiding failure when path is not parseable
* Diff refactor
* Applying initial review suggestions
* Initial commit
* Adding informational comments
* Adding changelog fragment
* Fixing CRLF changelog fragment
* Refactoring public number parsing and added chaining for writer methods
* Adding more descriptive error for invalid certificate data
* Fixing signature data parsing
* Correcting ed25519 signature type to binary
* Applying initial review suggestions and fixing option-list writer
* Applying review suggestions
* Making OpensshWriter private
* Add first guides for creating certificates.
* Add extra docs check.
* Introduce error to see whether extra checks work.
* Revert "Introduce error to see whether extra checks work."
This reverts commit 8656a158b8.
* Linting.
* Fix copy'n'paste error.
* Refactoring openssh_keypair for multiple backends
* Fixing cryptography backend validations
* Simplifying conditionals and excess variable assignments
* Fixing docs and adding cleanup for integration tests
* Fixing docs and public key validation bugs in crypto backend
* Enhancing cryptogagraphy utils to raise OpenSSHErrors when file not found
* Adding missed copyright and cleanup for idempotency test keys
* Fixing doc style
* Readding crypto/openssh for backwards compatibility
* Adding changelog fragment and final simplifications of conditional statements
* Applied initial review suggestions
* Began refactoring.
* Continue.
* Factor PyOpenSSL backend out.
* Add basic cryptography backend.
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Only run tests when new enough pyOpenSSL or cryptography is around.
* Reduce required pyOpenSSL version from 17.1.0 to 0.15.
I have no idea why 17.1.0 was there (in the tests), and not something smaller.
The module itself did not mention any version.
* Linting.
* Linting.
* Increase compatibility by selecting pyopenssl backend when iter_size or maciter_size is used.
* Improve docs, add changelog fragment.
* Move hackish code to cryptography_support.
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Streamline cert creation.
* Convert range to list.
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Return more public key information.
* Make sure bit size is converted to int first.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Remove no longer necessary code.
* Use correct return value's name.
* Add trailing commas.
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Add openssl_publickey_info module. Share code between openssl_privatekey_info and the new module, and improve documentation of it.
* Move public key loading to support module.
* Require pyOpenSSL 16.0.0 for public key loading.
* Linting.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Integrating openssh module utils with openssh_keypair
* Added explicit PEM formatting for OpenSSH < 7.8
* Adding changelog fragment
* Adding OpenSSL/cryptography dependency for integration tests
* Adding private_key_format option and removing forced cryptography update for CI
* Fixed version check for bcrypt and key_format option name
* Setting no_log=False for private_key_format
* Docs correction and simplification of control flow for private_key_format
* Adding openssh utils and unit tests
* Adding changelog fragment and correcting RSA default size
* Adding changelog fragment
* Added passphrase update, test cases, and check for SSH private key loader
* corrected ecdsa type when loading
* Resolving inital review comments
* Fixed import in unit tests
* Cleaning up validation functions
* Separating private/public key related errors; Adding verify method
* Expressed generate/load functions as classmethods and cleaned up method comments
* Added support for loading asymmetric key pairs of PEM and DER formats
* Refactored loading/generation for Asym keypairs into classmethods
* Rescoped helper functions and classmethods for OpenSSH Keypair
* Corrected docstring for OpenSSH_Keypair.generate()
* Fixed import errors for sanity tests
* Improvements to comparison, key verification, and password validation
* Added comparison tests, simplified password validation, fixed Ed25519 load bug
* Adding additional equivalence tests with passphrases
* Fix wrong usages of ACMEProtocolException.
* Add changelog fragment.
* Fix error handling when content could not be decoded.
* Make sure that content_json is a dict or None.
* Improve acme_inspect's ACMEProtocolException handling.
* Improve error handling.
* Add tests.
* Fix challenge error.
* Add challenges tests.
* Provide content if available.
* Add some order tests.
* Linting.
* Move acme.py to acme/__init__.py to prepare splitup.
* Began moving generic code out.
* Creating backends.
* Update unit tests.
* Move remaining new code out.
* Use new interface.
* Rewrite module init code.
* Add changelog.
* Add BackendException for crypto backend errors.
* Improve / uniformize ACME error reporting.
* Create ACMELegacyAccount for backwards compatibility.
* Split up ACMEAccount into ACMEClient and ACMEAccount.
* Move get_keyauthorization into module_utils.acme.challenges.
* Improve error handling.
* Move challenge and authorization handling code into module_utils.
* Add split_identifier helper.
* Move order code into module_utils.
* Move ACME v2 certificate handling code to module_utils.
* Fix/move ACME v1 certificate retrieval to module_utils as well.
* Refactor alternate chain handling code by splitting it up into simpler functions.
* Make chain matcher creation part of backend.
