VhHddlmZmZmZeZdZdZdZddl Z ddl Z ddl m Z m Z ddlmZddlmZmZdd lmZmZdd lmZmZmZdd lmZmZdd lmZd ZdZ dZ! ddl"Z"ddl#m$Z$ddl%m&Z'ee"jPZ)dZ*GddeZ-GddeZ.dZ/e0dk(re/yy#e+$re jXZ!dZ*YAwxYw))absolute_importdivisionprint_functiona module: openssl_publickey short_description: Generate an OpenSSL public key from its private key description: - This module allows one to (re)generate public keys from their private keys. - Public keys are generated in PEM or OpenSSH format. Private keys must be OpenSSL PEM keys. B(OpenSSH private keys are not supported), use the M(community.crypto.openssh_keypair) module to manage these. - The module uses the cryptography Python library. requirements: - cryptography >= 1.2.3 (older versions might work as well) - Needs cryptography >= 1.4 if O(format) is C(OpenSSH) author: - Yanis Guenane (@Spredzy) - Felix Fontein (@felixfontein) extends_documentation_fragment: - ansible.builtin.files - community.crypto.attributes - community.crypto.attributes.files attributes: check_mode: support: full diff_mode: support: full safe_file_operations: support: full idempotent: support: partial details: - The module is not idempotent if O(force=true). options: state: description: - Whether the public key should exist or not, taking action if the state is different from what is stated. type: str default: present choices: [absent, present] force: description: - Should the key be regenerated even it it already exists. type: bool default: false format: description: - The format of the public key. type: str default: PEM choices: [OpenSSH, PEM] path: description: - Name of the file in which the generated TLS/SSL public key will be written. type: path required: true privatekey_path: description: - Path to the TLS/SSL private key from which to generate the public key. - Either O(privatekey_path) or O(privatekey_content) must be specified, but not both. If O(state) is V(present), one of them is required. type: path privatekey_content: description: - The content of the TLS/SSL private key from which to generate the public key. - Either O(privatekey_path) or O(privatekey_content) must be specified, but not both. If O(state) is V(present), one of them is required. type: str version_added: '1.0.0' privatekey_passphrase: description: - The passphrase for the private key. type: str backup: description: - Create a backup file including a timestamp so you can get the original public key back if you overwrote it with a different one by accident. type: bool default: false select_crypto_backend: description: - Determines which crypto backend to use. - The default choice is V(auto), which tries to use C(cryptography) if available. - If set to V(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. type: str default: auto choices: [auto, cryptography] return_content: description: - If set to V(true), will return the (current or generated) public key's content as RV(publickey). type: bool default: false version_added: '1.0.0' seealso: - module: community.crypto.x509_certificate - module: community.crypto.x509_certificate_pipe - module: community.crypto.openssl_csr - module: community.crypto.openssl_csr_pipe - module: community.crypto.openssl_dhparam - module: community.crypto.openssl_pkcs12 - module: community.crypto.openssl_privatekey - module: community.crypto.openssl_privatekey_pipe a --- - name: Generate an OpenSSL public key in PEM format community.crypto.openssl_publickey: path: /etc/ssl/public/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem - name: Generate an OpenSSL public key in PEM format from an inline key community.crypto.openssl_publickey: path: /etc/ssl/public/ansible.com.pem privatekey_content: "{{ private_key_content }}" - name: Generate an OpenSSL public key in OpenSSH v2 format community.crypto.openssl_publickey: path: /etc/ssl/public/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem format: OpenSSH - name: Generate an OpenSSL public key with a passphrase protected private key community.crypto.openssl_publickey: path: /etc/ssl/public/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem privatekey_passphrase: ansible - name: Force regenerate an OpenSSL public key if it already exists community.crypto.openssl_publickey: path: /etc/ssl/public/ansible.com.pem privatekey_path: /etc/ssl/private/ansible.com.pem force: true - name: Remove an OpenSSL public key community.crypto.openssl_publickey: path: /etc/ssl/public/ansible.com.pem state: absent a privatekey: description: - Path to the TLS/SSL private key the public key was generated from. - Will be V(none) if the private key has been provided in O(privatekey_content). returned: changed or success type: str sample: /etc/ssl/private/ansible.com.pem format: description: The format of the public key (PEM, OpenSSH, ...). returned: changed or success type: str sample: PEM filename: description: Path to the generated TLS/SSL public key file. returned: changed or success type: str sample: /etc/ssl/public/ansible.com.pem fingerprint: description: - The fingerprint of the public key. Fingerprint will be generated for each hashlib.algorithms available. returned: changed or success type: dict sample: md5: "84:75:71:72:8d:04:b5:6c:4d:37:6d:66:83:f5:4c:29" sha1: "51:cc:7c:68:5d:eb:41:43:88:7e:1a:ae:c7:f8:24:72:ee:71:f6:10" sha224: "b1:19:a6:6c:14:ac:33:1d:ed:18:50:d3:06:5c:b2:32:91:f1:f1:52:8c:cb:d5:75:e9:f5:9b:46" sha256: "41:ab:c7:cb:d5:5f:30:60:46:99:ac:d4:00:70:cf:a1:76:4f:24:5d:10:24:57:5d:51:6e:09:97:df:2f:de:c7" sha384: "85:39:50:4e:de:d9:19:33:40:70:ae:10:ab:59:24:19:51:c3:a2:e4:0b:1c:b1:6e:dd:b3:0c:d9:9e:6a:46:af:da:18:f8:ef:ae:2e:c0:9a:75:2c:9b:b3:0f:3a:5f:3d" sha512: "fd:ed:5e:39:48:5f:9f:fe:7f:25:06:3f:79:08:cd:ee:a5:e7:b3:3d:13:82:87:1f:84:e1:f5:c7:28:77:53:94:86:56:38:69:f0:d9:35:22:01:1e:a6:60:...:0f:9b" backup_file: description: Name of backup file created. returned: changed and if O(backup) is V(true) type: str sample: /path/to/publickey.pem.2019-03-09@11:22~ publickey: description: The (current or generated) public key's content. returned: if O(state) is V(present) and O(return_content) is V(true) type: str version_added: '1.0.0' N) AnsibleModulemissing_required_lib) to_native)OpenSSLBadPassphraseErrorOpenSSLObjectError)PublicKeyParseErrorget_publickey_info) OpenSSLObjectget_fingerprintload_privatekey)load_file_if_exists write_file) LooseVersionz1.2.3z1.4)default_backend) serializationTFc eZdZy)PublicKeyErrorN)__name__ __module__ __qualname__v/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_publickey.pyrrsrrcLeZdZfdZdZdZdZdfd ZfdZdZ xZ S) PublicKeyctt| |jd|jd|jd|j||_|jd|_|jd|_|jd|_|j |jjd|_|jd|_ d|_ d|_ |jd |_ i|_||_|jd |_d|_|j%d|_|j%d|_y) Npathstateforceformatprivatekey_pathprivatekey_contentutf-8privatekey_passphrasereturn_contentbackup)superr__init__params check_modemoduler#r$r%encoder' privatekeypublickey_bytesr( fingerprintbackendr) backup_file _get_info diff_before diff_after)selfr.r3 __class__s rr+zPublicKey.__init__s i' MM& ! MM' " MM' "      mmH- %}}->?"(--0D"E  " " .&*&=&=&D&DW&MD #%+]]3J%K"#$mm,<= mmH- >>$/...rc | tStd} |jt|j|j|dd|d<|S#t $r&}|j|j Yd}~|Sd}~wt$rY|SwxYw)NF) can_parse_keyT)contentprefer_one_fingerprintr;)dictupdater r.r3r result Exception)r8datar@excs rr5zPublicKey._get_info s <6ME*  MM"KKtTX  '+F? #  # & MM#** % %     s7A B A== B  B c t|j|j|j|j|_|jdk(r|j dk(rZ|j jjtjjtjjS|j jjtjjtjjSy)Nr r< passphraser3 cryptographyOpenSSH)rr$r%r'r3r0r# public_key public_bytescrypto_serializationEncodingrH PublicFormatPEMSubjectPublicKeyInfo)r8r.s r_create_publickeyzPublicKey._create_publickeys)%%++11LL   <<> ){{i'113@@(1199(55== 113@@(1155(55JJ *rc\|jAtjj|jst d|jz|j |dr |jrz |j|}|j||_ |jr||_ |jr |j|j|_t!||d|_t+|j|j|j,|j.|_|j3|j4}|j7|drd|_y|j9|drd|_yy#t$$r}t |d}~wt&t(f$r}t |d}~wwxYw)zGenerate the public key.Nz!The private key %s does not existF)perms_requiredTrEr )r%osr existsr$rcheckr"rPr5r7r(r1r) backup_localr4rchangedr IOErrorOSErrorrr'r3r2load_file_common_argumentsr,check_file_absent_if_check_modeset_fs_attributes_if_different)r8r.publickey_contentrC file_argss rgeneratezPublicKey.generate0st  " " *277>>$BVBV3W 3d6J6JJ zz&z74:: *$($:$:6$B!"&..1B"C&&+ F  F+ F&&F+cRtt |}fd}|s|S|S)z,Ensure the resource is in its desired state.cj*tjjjsy t jd5}|j }dddjx__ jr|_ jdk(r҉jdk(rbtj|t!}|j#tj$j&tj(j&}natj*|t!}|j#tj$j,tj(j.} j3}||k(S#1swY2xYw#t0$rYywxYw#t4$r}t7|d}~wwxYw)NFrbrGrH)r3)r%rSr rTr$openreadr5r6r7r(r1r3r#rKload_ssh_public_keyrrJrLrHrMload_pem_public_keyrNrOrArPr r) public_key_fhr]current_publickeydesired_publickeyrCr.r8s r_check_privatekeyz*PublicKey.check.._check_privatekeyZs&&.rww~~$$8 $))T*=m(5(:(:(<%=59^^DU5VV 4?&&+1{{i/,@,T,T-7H-)->,J,J099AA0==EE-) -A,T,T-7H-)->,J,J099==0==RR-) *$($:$:6$B!%(99 9?==.   - *$S)) *sBFF DF:F,FF F)(F), G5 GG)r*rrU)r8r.rRstate_and_permsrjr9s`` rrUzPublicKey.checkUs2 46v~N& :P" " ""rc|jr |j|j|_tt ||y)N)r)rVr r4r*rremove)r8r.r9s rrmzPublicKey.removes0 ;;%22499=D  i%f-rc|j|j|j|j|jd}|j r|j |d<|j rT|jt|jd|_|jr|jjdnd|d<t|j|j|d <|S) z'Serialize the object into a dictionary.)r0filenamer#rWr2r4NT) ignore_errorsr& publickey)beforeafterdiff) r$r r#rWr2r4r(r1rdecoder>r6r7)r8r@s rdumpzPublicKey.dumps.. kk||++     $($4$4F= !   ##+':IIT($9=8L8L$$++G4RV ; ##// v  r)T) rrrr+r5rPr_rUrmrv __classcell__)r9s@rrrs(/4"&# J0#d. rrcLtttddddgtddtdd td tdd tdd dd gtdd tddtdddgdtdd d d ddddgd fgddgf}t}|jddk(rt}|jd}|dk(rDt xrt t|k\}|rd}|dk(r!|jdj||jddk(r|dk7r|jd|dk(r5t s/|jtdj|ttjj|jdxsd}tjj|s|j|d|z  t!||}|j"dk(rf|j$rH|j'}|jd!xs|j)| |d"<|j*d#i||j-|nn|j$rQ|j'}tjj/|jd|d"<|j*d#i||j1||j'}|j*d#i|y#t2$r%}|jt5|Yd}~yd}~wwxYw)$Nstrpresentabsent)typedefaultchoicesboolF)r|r}r T)r|required)r|)r|no_logrNrHautorG)r|r~r}) r!r"r r$r%r#r'r)select_crypto_backendr(r!r$r%) argument_specsupports_check_modeadd_file_common_args required_ifmutually_exclusiver#rz?Cannot detect the required Python library cryptography (>= {0}))msgz1Format OpenSSH requires the cryptography backend.zcryptography >= {0})r exception.z@The directory '%s' does not exist or the file is not a directory)namerr"rWr)rr>MINIMAL_CRYPTOGRAPHY_VERSIONr,$MINIMAL_CRYPTOGRAPHY_VERSION_OPENSSHCRYPTOGRAPHY_FOUNDCRYPTOGRAPHY_VERSIONr fail_jsonr#rCRYPTOGRAPHY_IMP_ERRrSr dirnameisdirrr!r-rvrU exit_jsonr_rTrmr r)r.minimal_cryptography_versionr3can_use_cryptographybase_dirrIr@rCs rmainrs# E9y(>STFE26D1 f-#t<UEIu;MN"&E$"?VU3"&V^$0IPQ. !   ()001MN/  wwv}}V45<H 77== "R  -vw/   y (  #*$*MM'$:%*BRBRC?y!!  *6*    '  #*$&GGNN6==3H$Iy!   *6*   f %""6" -Ys^,,-s#DK55 L#>LL#__main__)1 __future__rrrr| __metaclass__ DOCUMENTATIONEXAMPLESRETURNrS tracebackansible.module_utils.basicrr+ansible.module_utils.common.text.convertersrFansible_collections.community.crypto.plugins.module_utils.crypto.basicr r _ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.publickey_infor r Hansible_collections.community.crypto.plugins.module_utils.crypto.supportr rrrsA@ b H" H( T JA  '',$ <T' (@(@A  ' v vr\-~ zFG /9//1s"B##B>=B>