mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
openssl_publickey: Do not fail on empty existing file (#33255)
Currently during the check phase, the code considers the file to be a public key if the file exist - which is not necessarily true. This commits aims to ensure that the file is actually a publickey else returns false for the check.
This commit is contained in:
parent
748107d369
commit
32635577a3
3 changed files with 33 additions and 4 deletions
|
@ -211,10 +211,13 @@ class PublicKey(crypto_utils.OpenSSLObject):
|
||||||
if not os.path.exists(self.privatekey_path):
|
if not os.path.exists(self.privatekey_path):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
current_publickey = crypto.dump_publickey(
|
try:
|
||||||
crypto.FILETYPE_ASN1,
|
current_publickey = crypto.dump_publickey(
|
||||||
crypto.load_publickey(crypto.FILETYPE_PEM, open(self.path, 'rb').read())
|
crypto.FILETYPE_ASN1,
|
||||||
)
|
crypto.load_publickey(crypto.FILETYPE_PEM, open(self.path, 'rb').read())
|
||||||
|
)
|
||||||
|
except crypto.Error:
|
||||||
|
return False
|
||||||
|
|
||||||
desired_publickey = crypto.dump_publickey(
|
desired_publickey = crypto.dump_publickey(
|
||||||
crypto.FILETYPE_ASN1,
|
crypto.FILETYPE_ASN1,
|
||||||
|
|
|
@ -48,6 +48,16 @@
|
||||||
privatekey_passphrase: ansible
|
privatekey_passphrase: ansible
|
||||||
register: publickey3_idempotence
|
register: publickey3_idempotence
|
||||||
|
|
||||||
|
- name: Generate empty file that will hold a public key (issue 33072)
|
||||||
|
file:
|
||||||
|
path: '{{ output_dir }}/publickey4.pub'
|
||||||
|
state: touch
|
||||||
|
|
||||||
|
- name: Generate publickey in empty existing file (issue 33072)
|
||||||
|
openssl_publickey:
|
||||||
|
path: '{{ output_dir }}/publickey4.pub'
|
||||||
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||||
|
|
||||||
- import_tasks: ../tests/validate.yml
|
- import_tasks: ../tests/validate.yml
|
||||||
|
|
||||||
when: pyopenssl_version.stdout|version_compare('16.0.0', '>=')
|
when: pyopenssl_version.stdout|version_compare('16.0.0', '>=')
|
||||||
|
|
|
@ -59,3 +59,19 @@
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- not publickey3_idempotence|changed
|
- not publickey3_idempotence|changed
|
||||||
|
|
||||||
|
- name: Validate publickey4 (test - privatekey modulus)
|
||||||
|
shell: 'openssl rsa -noout -modulus -in {{ output_dir }}/privatekey.pem | openssl md5'
|
||||||
|
register: privatekey4_modulus
|
||||||
|
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
|
||||||
|
|
||||||
|
- name: Validate publickey4 (test - publickey modulus)
|
||||||
|
shell: 'openssl rsa -pubin -noout -modulus < {{ output_dir }}/publickey4.pub | openssl md5'
|
||||||
|
register: publickey4_modulus
|
||||||
|
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
|
||||||
|
|
||||||
|
- name: Validate publickey4 (assert)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- publickey4_modulus.stdout == privatekey4_modulus.stdout
|
||||||
|
when: openssl_version.stdout|version_compare('0.9.8zh', '>=')
|
||||||
|
|
Loading…
Reference in a new issue