Vha)ddlmZmZmZeZdZdZdZddl Z ddl m Z ddl m Z ddlmZmZdd lmZdd lmZmZGd d eZd Zedk(reyy))absolute_importdivisionprint_functiona module: openssl_privatekey short_description: Generate OpenSSL private keys description: - This module allows one to (re)generate OpenSSL private keys. - The default mode for the private key file will be V(0600) if O(mode) is not explicitly set. - Please note that the module regenerates private keys if they do not match the module's options. In particular, if you provide another passphrase (or specify none), change the keysize, and so on, the private key will be regenerated. If you are concerned that this could B(overwrite your private key), consider using the O(backup) option. author: - Yanis Guenane (@Spredzy) - Felix Fontein (@felixfontein) extends_documentation_fragment: - ansible.builtin.files - community.crypto.attributes - community.crypto.attributes.files - community.crypto.module_privatekey attributes: check_mode: support: full safe_file_operations: support: full options: state: description: - Whether the private key should exist or not, taking action if the state is different from what is stated. type: str default: present choices: [absent, present] force: description: - Should the key be regenerated even if it already exists. type: bool default: false path: description: - Name of the file in which the generated TLS/SSL private key will be written. It will have V(0600) mode if O(mode) is not explicitly set. type: path required: true format: version_added: '1.0.0' format_mismatch: version_added: '1.0.0' backup: description: - Create a backup file including a timestamp so you can get the original private key back if you overwrote it with a new one by accident. type: bool default: false return_content: description: - If set to V(true), will return the (current or generated) private key's content as RV(privatekey). - Note that especially if the private key is not encrypted, you have to make sure that the returned value is treated appropriately and not accidentally written to logs, and so on! Use with care! - Use Ansible's C(no_log) task option to avoid the output being shown. See also U(https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-keep-secret-data-in-my-playbook). type: bool default: false version_added: '1.0.0' regenerate: version_added: '1.0.0' seealso: - module: community.crypto.openssl_privatekey_pipe - module: community.crypto.openssl_privatekey_info aI --- - name: Generate an OpenSSL private key with the default values (4096 bits, RSA) community.crypto.openssl_privatekey: path: /etc/ssl/private/ansible.com.pem - name: Generate an OpenSSL private key with the default values (4096 bits, RSA) and a passphrase community.crypto.openssl_privatekey: path: /etc/ssl/private/ansible.com.pem passphrase: ansible cipher: auto - name: Generate an OpenSSL private key with a different size (2048 bits) community.crypto.openssl_privatekey: path: /etc/ssl/private/ansible.com.pem size: 2048 - name: Force regenerate an OpenSSL private key if it already exists community.crypto.openssl_privatekey: path: /etc/ssl/private/ansible.com.pem force: true - name: Generate an OpenSSL private key with a different algorithm (DSA) community.crypto.openssl_privatekey: path: /etc/ssl/private/ansible.com.pem type: DSA - name: Generate an OpenSSL private key with elliptic curve cryptography (ECC) community.crypto.openssl_privatekey: path: /etc/ssl/private/ansible.com.pem type: ECC curve: secp256r1 a3 size: description: Size (in bits) of the TLS/SSL private key. returned: changed or success type: int sample: 4096 type: description: Algorithm used to generate the TLS/SSL private key. returned: changed or success type: str sample: RSA curve: description: Elliptic curve used to generate the TLS/SSL private key. returned: changed or success, and O(type) is V(ECC) type: str sample: secp256r1 filename: description: Path to the generated TLS/SSL private key file. returned: changed or success type: str sample: /etc/ssl/private/ansible.com.pem fingerprint: description: - The fingerprint of the public key. Fingerprint will be generated for each C(hashlib.algorithms) available. returned: changed or success type: dict sample: md5: "84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29" sha1: "51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10" sha224: "b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46" sha256: "41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7" sha384: "85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d" sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b" backup_file: description: Name of backup file created. returned: changed and if O(backup) is V(true) type: str sample: /path/to/privatekey.pem.2019-03-09@11:22~ privatekey: description: - The (current or generated) private key's content. - Will be Base64-encoded if the key is in raw format. returned: if O(state) is V(present) and O(return_content) is V(true) type: str version_added: '1.0.0' N) to_native)OpenSSLObjectError)get_privatekey_argument_specselect_backend) OpenSSLObject)load_file_if_exists write_filec4eZdZfdZdZfdZdZxZS)PrivateKeyModulectt| |jd|jd|jd|j||_|jd|_|jrd|_|jd|_ d|_ |jdd|jd<|jt|j|y) Npathstateforcereturn_contentalwaysbackupmode0600)superr__init__params check_modemodule_backendrr regenerater backup_file set_existingr r)selfmoduler __class__s w/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_privatekey.pyrzPrivateKeyModule.__init__s . MM& ! MM' " MM' "     -$mm,<= ::(0N %mmH-  == ($*FMM& !##$7 6$JKcj|jjr|js|jr |j |j |_|jj|jj}|jr||_ t||dd|_ n|jjr|js|jr |j |j |_|jj|jj}|jr||_ t||dd|_ |j|j }|j#|drd|_ y|j%||j|_ y)zGenerate a keypair.iTrN)rneeds_regenerationrr backup_localrrgenerate_private_keyget_private_key_datarprivatekey_bytesr changedneeds_conversionconvert_private_keyload_file_common_argumentsrcheck_file_absent_if_check_modeset_fs_attributes_if_different)r r!privatekey_data file_argss r#generatezPrivateKeyModule.generatesO    1 1 3??;;'-':':499'ED$##88:"&"5"5"J"J"L&&,;D)6?E:DL  1 1 3??;;'-':':499'ED$##779"&"5"5"J"J"L&&,;D)6?E:DL55fmmD  1 1)F2C DDL!@@4<<DLr$c|jjd|jr,|js |j |j |_tt|'|y)N) rrrrr'rrrrremove)r r!r"s r#r5zPrivateKeyModule.removesK ((. ;;t%22499=D  ,V4r$c|jj|j}|j|d<|j|d<|j r|j |d<|S)z'Serialize the object into a dictionary.) include_keyfilenamer+r)rdumprrr+r)r results r#r9zPrivateKeyModule.dumps]$$))d6I6I)J!YYz LLy   $($4$4F= ! r$)__name__ __module__ __qualname__rr3r5r9 __classcell__)r"s@r#rrsL( D5 r$rc ,t}|jjttddddgtddtdd tddtdd |j d d }t j j|jdxsd }t j j|s|j|d|zt||jd\}} t||}|jdk(r|j|n|j||j!}|j"di|y#t$$r%}|jt'|Yd}~yd}~wwxYw)Nstrpresentabsent)typedefaultchoicesboolF)rCrDrT)rCrequired)rrrrr)supports_check_modeadd_file_common_args.z>The directory %s does not exist or the file is not a directory)namemsgselect_crypto_backend)r!backend)rL)r argument_specupdatedictcreate_ansible_moduleosrdirnamerisdir fail_jsonr rrr3r5r9 exit_jsonrr)rPr!base_dirrNr private_keyr:excs r#mainr\st02M&& E9y(>STFE26D1VU3VU;   0 0 !1F wwv}}V45<H 77== "P  - 56G^ -&v~>    )   (   v &!!#"6" -Ys^,,-sA E%% F.FF__main__) __future__rrrrC __metaclass__ DOCUMENTATIONEXAMPLESRETURNrT+ansible.module_utils.common.text.convertersrFansible_collections.community.crypto.plugins.module_utils.crypto.basicr[ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.privatekeyrr Hansible_collections.community.crypto.plugins.module_utils.crypto.supportr rhssA@ A F D- ^ A G}GT)-X zFr$