Vh:ddlmZmZmZeZdZdZdZddl Z ddl Z ddl Z ddl Z ddl Z ddlmZmZddlmZddlmZdd lmZmZdd lmZd ZdZ ddlZddlZddlZddlZddl ZeejBZ"d Z#Gdde&Z'Gdde(Z)Gdde)Z*Gdde)Z+Gdde)Z,dZ-e.dk(re-yy#e$$re jJZd Z#YbwxYw))absolute_importdivisionprint_functiona7 module: openssl_dhparam short_description: Generate OpenSSL Diffie-Hellman Parameters description: - This module allows one to (re)generate OpenSSL DH-params. - This module uses file common arguments to specify generated file permissions. - Please note that the module regenerates existing DH params if they do not match the module's options. If you are concerned that this could overwrite your existing DH params, consider using the O(backup) option. - The module can use the cryptography Python library, or the C(openssl) executable. By default, it tries to detect which one is available. This can be overridden with the O(select_crypto_backend) option. requirements: - Either cryptography >= 2.0 - Or OpenSSL binary C(openssl) author: - Thom Wiggers (@thomwiggers) extends_documentation_fragment: - ansible.builtin.files - community.crypto.attributes - community.crypto.attributes.files attributes: check_mode: support: full diff_mode: support: none safe_file_operations: support: full idempotent: support: partial details: - The module is not idempotent if O(force=true). options: state: description: - Whether the parameters should exist or not, taking action if the state is different from what is stated. type: str default: present choices: [absent, present] size: description: - Size (in bits) of the generated DH-params. type: int default: 4096 force: description: - Should the parameters be regenerated even it it already exists. type: bool default: false path: description: - Name of the file in which the generated parameters will be saved. type: path required: true backup: description: - Create a backup file including a timestamp so you can get the original DH params back if you overwrote them with new ones by accident. type: bool default: false select_crypto_backend: description: - Determines which crypto backend to use. - The default choice is V(auto), which tries to use C(cryptography) if available, and falls back to C(openssl). - If set to V(openssl), will try to use the OpenSSL C(openssl) executable. - If set to V(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. type: str default: auto choices: [auto, cryptography, openssl] version_added: "1.0.0" return_content: description: - If set to V(true), will return the (current or generated) DH parameter's content as RV(dhparams). type: bool default: false version_added: "1.0.0" seealso: - module: community.crypto.x509_certificate - module: community.crypto.openssl_csr - module: community.crypto.openssl_pkcs12 - module: community.crypto.openssl_privatekey - module: community.crypto.openssl_publickey a --- - name: Generate Diffie-Hellman parameters with the default size (4096 bits) community.crypto.openssl_dhparam: path: /etc/ssl/dhparams.pem - name: Generate DH Parameters with a different size (2048 bits) community.crypto.openssl_dhparam: path: /etc/ssl/dhparams.pem size: 2048 - name: Force regenerate an DH parameters if they already exist community.crypto.openssl_dhparam: path: /etc/ssl/dhparams.pem force: true aq size: description: Size (in bits) of the Diffie-Hellman parameters. returned: changed or success type: int sample: 4096 filename: description: Path to the generated Diffie-Hellman parameters. returned: changed or success type: str sample: /etc/ssl/dhparams.pem backup_file: description: Name of backup file created. returned: changed and if O(backup) is V(true) type: str sample: /path/to/dhparams.pem.2019-03-09@11:22~ dhparams: description: The (current or generated) DH params' content. returned: if O(state) is V(present) and O(return_content) is V(true) type: str version_added: "1.0.0" N) AnsibleModulemissing_required_lib) to_native) count_bits)load_file_if_exists write_file) LooseVersionz2.0TFc eZdZy)DHParameterErrorN)__name__ __module__ __qualname__t/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_dhparam.pyrrsrrcxeZdZdZej dZdZdZdZ ej dZ dZ dZ y ) DHParameterBasec|jd|_|jd|_|jd|_|jd|_d|_|jd|_|jd|_d|_y)NstatepathsizeforceFreturn_contentbackup) paramsrrrrchangedrr backup_fileselfmodules r__init__zDHParameterBase.__init__ss]]7+ MM&) MM&) ]]7+  $mm,<=mmH- rcy Actually generate the DH params.Nrr!s r _do_generatezDHParameterBase._do_generate rcd}|js|j|s|j|d}|j|sd}||_y)zGenerate DH params.FTN)r_check_params_validr(_check_fs_attributesr)r"r#rs rgeneratezDHParameterBase.generatesN ::T55f=   f %G((0G rc |jr |j|j|_ t j |jd|_y#t$r%}|jt|Yd}~yd}~wwxYw)NTmsg) r backup_localrr osremoverOSError fail_jsonr)r"r#excs rr3zDHParameterBase.removesd ;;%22499=D  1 IIdii DL 1   3  0 0 1s&A BA>>Bcd|jry|j|xr|j|S)z,Ensure the resource is in its desired state.F)rr+r,r!s rcheckzDHParameterBase.checks- ::''/UD4M4Mf4UUrcy,Check if the params are in the correct stateNrr!s rr+z#DHParameterBase._check_params_validr)rc|j|j}|j|dry|j|d S)z8Checks (and changes if not in check mode!) fs attributesrF)load_file_common_argumentsrcheck_file_absent_if_check_modeset_fs_attributes_if_different)r"r# file_argss rr,z$DHParameterBase._check_fs_attributessB55fmmD  1 1)F2C D88EJJJrc|j|j|jd}|jr|j|d<|jr/t |jd}|r|j dnd|d<|S)z'Serialize the object into a dictionary.)rfilenamerr T) ignore_errorszutf-8Ndhparams)rrrr rr decode)r"resultcontents rdumpzDHParameterBase.dumpspII ||    $($4$4F= !   )$))4HG2 2 ;;%22499=D  Y   rwwv6 8R S Y   TYYPSTUPV!W  X X Ys?AD E+EEc4|jddddd|jg}|j|d\}}}t|}|dk7ryt j d |}|syt |jd }d |vs d t|vry||jk(S) r;r_z-checkz-textz-nooutz-inFr`rzParameters:\s+\((\d+) bit\).*WARNING) r]rrgrresearchintgroupr) r"r#rmrnoutrprFmatchbitss rr+z&DHParameterOpenSSL._check_params_valid's         II ))'E)B C3 7 :FC5;;q>"  )y~"=tyy  rrUrWs@rrYrYs@Y$!rrYc*eZdZfdZdZdZxZS)DHParameterCryptographyctt| |tjj j |_yrN)rOr}r$ cryptographyhazmatbackendsdefault_backendcrypto_backendrPs rr$z DHParameterCryptography.__init__Hs0 %t5f=*11::JJLrctjjjjj d|j |j}|jtjjjjjtjjjjj}|jr |j|j |_t%||y)r') generatorkey_sizebackend)encodingformatN)rr primitives asymmetricdhgenerate_parametersrrparameter_bytes serializationEncodingPEMParameterFormatPKCS3rr1rr r )r"r#rrFs rr(z$DHParameterCryptography._do_generateLs$$//::==QQYY''R  ''!((33AAJJNN&&11??OOUU(  ;;%22499=D 66"rcz t|jd5}|j}dddtjj j j|j}t|jj}||jk(S#1swYzxYw#t$rYywxYw)r;rbN)rF)openrreadrrrrload_pem_parametersrrjr parameter_numberspr)r"r#fdatarr{s rr+z+DHParameterCryptography._check_params_valid^s dii& !vvx !((33AAUUd11VF &224667tyy      s(B.B"AB."B+'B.. B:9B:rUrWs@rr}r}FsM#$ !rr}ctttddddgtddtdd td d tdd tdd gdtdd d d }tjj |j d xsd}tjj |s|j|d|z|j ddk(rF|j d}|d k(retxrtttk\}|jdd du}|rd}n|rd}|d k(r%|jdjt|dk(r t|}nU|dk(rEts3|jtdjtt t#|}n t%d|j&rH|j)}|j dxs|j+| |d<|j,d i| |j/|nt5|}|j&rQ|j)}tjj7|j d |d<|j,d i|tjj7|j d r |j9||j)}|j,d i|y#t0$r%}|jt3|Yd}~Ld}~wwxYw#t:$r%}|jt3|Yd}~}d}~wwxYw)!z Main functionrfpresentabsent)typedefaultchoicesrwi)rrboolFrT)rrequiredauto)rrr[)rrrrrselect_crypto_backendr) argument_specsupports_check_modeadd_file_common_args.z@The directory '%s' does not exist or the file is not a directory)namer0rrr[NrzdCannot detect either the required Python library cryptography (>= {0}) or the OpenSSL binary opensslr/zcryptography >= {0})r0 exceptionzInternal error: unknown backendrrr)rdictr2rdirnamerisdirr5CRYPTOGRAPHY_FOUNDCRYPTOGRAPHY_VERSIONr MINIMAL_CRYPTOGRAPHY_VERSIONr\rrYrCRYPTOGRAPHY_IMP_ERRr}AssertionError check_moderHr8 exit_jsonr-rrrLexistsr3rj)r#base_dirrcan_use_cryptographycan_use_opensslr_rFr6s rmainrnsE9x>ST5$/FE26D1VU3"&F4W# VU;  !!F wwv}}V45<H 77== "R  }}W*-- 78 f #W(L9U,VV !%11)UC4OO$( #&   8f9: ! i (0G  &%  ,-445QR3 ! .f5G !BC C   \\^F & g 6 SgmmF>S:SF9  F   &v & 1   V $$F+   \\^F "v}}V/D EF9  F   &v & 77>>&--/ 0 5v&\\^FFv%  1   3  0 0 1 5  Ys^ 44 5s0K9L*9 L'L""L'* M3MM__main__)/ __future__rrrr __metaclass__ DOCUMENTATIONEXAMPLESRETURNrIr2rurb tracebackansible.module_utils.basicrr+ansible.module_utils.common.text.convertersrEansible_collections.community.crypto.plugins.module_utils.crypto.mathr rsA@ P d " . JA % "'77' (@(@A  y LfL^    4!4!n%!o%!P[| zFK /9//1s&B>>CC