Vh+&jddlmZmZmZeZdZdZdZddl Z ddl Z ddl Z ddl m Z dZdZ ddlZddlZddlZe ej&ZdZdd lmZmZdd lmZdd lmZmZm Z m!Z!m"Z"m#Z#dd l$m%Z%m&Z&Gdde%Z'Gdde'Z(dZ)e*dk(re)yy#e$re j.Zd ZYgwxYw))absolute_importdivisionprint_functiona module: openssl_signature version_added: 1.1.0 short_description: Sign data with openssl description: - This module allows one to sign data using a private key. - The module uses the cryptography Python library. requirements: - cryptography >= 1.4 (some key types require newer versions) author: - Patrick Pichler (@aveexy) - Markus Teufelberger (@MarkusTeufelberger) extends_documentation_fragment: - community.crypto.attributes attributes: check_mode: support: full details: - This action does not modify state. diff_mode: support: none idempotent: support: partial details: - Signature algorithms are generally not deterministic. Thus the generated signature can change from one invocation to the next. options: privatekey_path: description: - The path to the private key to use when signing. - Either O(privatekey_path) or O(privatekey_content) must be specified, but not both. type: path privatekey_content: description: - The content of the private key to use when signing the certificate signing request. - Either O(privatekey_path) or O(privatekey_content) must be specified, but not both. type: str privatekey_passphrase: description: - The passphrase for the private key. - This is required if the private key is password protected. type: str path: description: - The file to sign. - This file will only be read and not modified. type: path required: true select_crypto_backend: description: - Determines which crypto backend to use. - The default choice is V(auto), which tries to use C(cryptography) if available. - If set to V(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. type: str default: auto choices: [auto, cryptography] notes: - "When using the C(cryptography) backend, the following key types require at least the following C(cryptography) version:\n RSA keys: C(cryptography) >= 1.4\nDSA and ECDSA keys: C(cryptography) >= 1.5\ned448 and ed25519 keys: C(cryptography) >= 2.6." seealso: - module: community.crypto.openssl_signature_info - module: community.crypto.openssl_privatekey a --- - name: Sign example file community.crypto.openssl_signature: privatekey_path: private.key path: /tmp/example_file register: sig - name: Verify signature of example file community.crypto.openssl_signature_info: certificate_path: cert.pem path: /tmp/example_file signature: "{{ sig.signature }}" register: verify - name: Make sure the signature is valid ansible.builtin.assert: that: - verify.valid zU signature: description: Base64 encoded signature. returned: success type: str N) LooseVersionz1.4TF) AnsibleModulemissing_required_lib) to_native)CRYPTOGRAPHY_HAS_DSA_SIGNCRYPTOGRAPHY_HAS_EC_SIGNCRYPTOGRAPHY_HAS_ED448_SIGNCRYPTOGRAPHY_HAS_ED25519_SIGNCRYPTOGRAPHY_HAS_RSA_SIGNOpenSSLObjectError) OpenSSLObjectload_privatekeyc*eZdZfdZdZdZxZS) SignatureBasec@tt| |jddd|j||_|jd|_|jd|_|j |jjd|_|jd|_ y) NpathpresentF)rstateforce check_modeprivatekey_pathprivatekey_contentzutf-8privatekey_passphrase) superr__init__paramsrbackendrrencoderselfmoduler __class__s v/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/crypto/plugins/modules/openssl_signature.pyrzSignatureBase.__init__s mT+v&(( ,  %}}->?"(--0D"E  " " .&*&=&=&D&DW&MD #%+]]3J%K"cyNr#s r&generatezSignatureBase.generate r'cyr)r*r+s r&dumpzSignatureBase.dumpr-r')__name__ __module__ __qualname__rr,r/ __classcell__r%s@r&rrsL   r'rc$eZdZfdZdZxZS)SignatureCryptographyc.tt| ||yr))rr6rr"s r&rzSignatureCryptography.__init__s #T3FGDr'ctjjjjj }tjjj j}t} t|jd5}|j}dddt|j|j|j|j }d}t"rTt%|tjjjj&j(r|j+|}t,rt%|tjjjj.j0rM|j+tjjjj.j3|}t4rSt%|tjjjj6j8r|j+}t:rSt%|tjjjj<j>r|j+}t@rUt%|tjjjjBjDr|j+||}|/|jFjIdjKtLtOjP||d<|S#1swYxYw#tR$r}tU|d}~wwxYw)Nrb)rcontent passphraser z6Unsupported key type. Your cryptography version is {0}msg signature)+ cryptographyhazmat primitives asymmetricpaddingPKCS1v15hashesSHA256dictopenrreadrrrrr r isinstancedsa DSAPrivateKeysignr ecEllipticCurvePrivateKeyECDSAr ed25519Ed25519PrivateKeyr ed448Ed448PrivateKeyrrsa RSAPrivateKeyr$ fail_jsonformatCRYPTOGRAPHY_VERSIONbase64 b64encode Exceptionr) r#_padding_hashresultf_in private_keyr>es r&runzSignatureCryptography.runs&&11<<DDMMO##..55<<>= (dii& !ffh *))//55 KI( ''22==AAOO!, 0 0e = {0})r<zcryptography >= {0})r= exceptionr*)rrGosrisfilerrWrXCRYPTOGRAPHY_FOUNDrYrMINIMAL_CRYPTOGRAPHY_VERSIONrCRYPTOGRAPHY_IMP_ERRr6rd exit_jsonrr )r$r can_use_cryptography_signr_excs r&mainr}s  f-#t<"&E$"?6D1"&V^$>&--/ 0v&-44V]]65JK  mm34G&  S$ 5Q(RR  $G f    X&56   - n $%  ,-445QR3 ! *&':E"6" -Ys^,,-s&A,F GF<<G__main__)+ __future__rrrrf __metaclass__ DOCUMENTATIONEXAMPLESRETURNrZrt tracebackAansible_collections.community.crypto.plugins.module_utils.versionrrwrxr?1cryptography.hazmat.primitives.asymmetric.padding%cryptography.hazmat.primitives.hashes __version__rYrv ImportError format_excansible.module_utils.basicrr+ansible.module_utils.common.text.convertersr Fansible_collections.community.crypto.plugins.module_utils.crypto.basicr r r r rrHansible_collections.community.crypto.plugins.module_utils.crypto.supportrrrr6r}r0r*r'r&rsA@ ? B *   % <0' (@(@A JA  M 8H(MH(V8-v zFq/9//1sBB21B2