mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
openssl_* module_utils/crypto.py: add full list of OIDs known to current OpenSSL (#54943)
* Add full list of OIDs known to current OpenSSL. * Remove hardcoded OIDs. * UID -> x500UniqueIdentifier * Reference actual version used. * Don't normalize to lower-case. * Change test back. * Fix typo. * Apply changes suggested by RedHat legal.
This commit is contained in:
parent
0303ea2bfa
commit
c411883618
5 changed files with 1148 additions and 200 deletions
File diff suppressed because it is too large
Load diff
|
@ -1437,14 +1437,14 @@ class AssertOnlyCertificateCryptography(AssertOnlyCertificateBase):
|
|||
return self.cert.signature_algorithm_oid._name
|
||||
|
||||
def _validate_subject(self):
|
||||
expected_subject = Name([NameAttribute(oid=crypto_utils.cryptography_get_name_oid(sub[0]), value=to_text(sub[1]))
|
||||
expected_subject = Name([NameAttribute(oid=crypto_utils.cryptography_name_to_oid(sub[0]), value=to_text(sub[1]))
|
||||
for sub in self.subject])
|
||||
cert_subject = self.cert.subject
|
||||
if not compare_sets(expected_subject, cert_subject, self.subject_strict):
|
||||
return expected_subject, cert_subject
|
||||
|
||||
def _validate_issuer(self):
|
||||
expected_issuer = Name([NameAttribute(oid=crypto_utils.cryptography_get_name_oid(iss[0]), value=to_text(iss[1]))
|
||||
expected_issuer = Name([NameAttribute(oid=crypto_utils.cryptography_name_to_oid(iss[0]), value=to_text(iss[1]))
|
||||
for iss in self.issuer])
|
||||
cert_issuer = self.cert.issuer
|
||||
if not compare_sets(expected_issuer, cert_issuer, self.issuer_strict):
|
||||
|
@ -1494,7 +1494,7 @@ class AssertOnlyCertificateCryptography(AssertOnlyCertificateBase):
|
|||
def _validate_extended_key_usage(self):
|
||||
try:
|
||||
current_ext_keyusage = self.cert.extensions.get_extension_for_class(x509.ExtendedKeyUsage).value
|
||||
usages = [crypto_utils.cryptography_get_ext_keyusage(usage) for usage in self.extended_key_usage]
|
||||
usages = [crypto_utils.cryptography_name_to_oid(usage) for usage in self.extended_key_usage]
|
||||
expected_ext_keyusage = x509.ExtendedKeyUsage(usages)
|
||||
if not compare_sets(expected_ext_keyusage, current_ext_keyusage, self.extended_key_usage_strict):
|
||||
return [eku.value for eku in expected_ext_keyusage], [eku.value for eku in current_ext_keyusage]
|
||||
|
|
|
@ -425,18 +425,18 @@ class CertificateInfoCryptography(CertificateInfo):
|
|||
super(CertificateInfoCryptography, self).__init__(module, 'cryptography')
|
||||
|
||||
def _get_signature_algorithm(self):
|
||||
return crypto_utils.crpytography_oid_to_name(self.cert.signature_algorithm_oid)
|
||||
return crypto_utils.cryptography_oid_to_name(self.cert.signature_algorithm_oid)
|
||||
|
||||
def _get_subject(self):
|
||||
result = dict()
|
||||
for attribute in self.cert.subject:
|
||||
result[crypto_utils.crpytography_oid_to_name(attribute.oid)] = attribute.value
|
||||
result[crypto_utils.cryptography_oid_to_name(attribute.oid)] = attribute.value
|
||||
return result
|
||||
|
||||
def _get_issuer(self):
|
||||
result = dict()
|
||||
for attribute in self.cert.issuer:
|
||||
result[crypto_utils.crpytography_oid_to_name(attribute.oid)] = attribute.value
|
||||
result[crypto_utils.cryptography_oid_to_name(attribute.oid)] = attribute.value
|
||||
return result
|
||||
|
||||
def _get_version(self):
|
||||
|
@ -488,7 +488,7 @@ class CertificateInfoCryptography(CertificateInfo):
|
|||
try:
|
||||
ext_keyusage_ext = self.cert.extensions.get_extension_for_class(x509.ExtendedKeyUsage)
|
||||
return sorted([
|
||||
crypto_utils.crpytography_oid_to_name(eku) for eku in ext_keyusage_ext.value
|
||||
crypto_utils.cryptography_oid_to_name(eku) for eku in ext_keyusage_ext.value
|
||||
]), ext_keyusage_ext.critical
|
||||
except cryptography.x509.ExtensionNotFound:
|
||||
return None, False
|
||||
|
|
|
@ -649,7 +649,7 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
|
|||
csr = cryptography.x509.CertificateSigningRequestBuilder()
|
||||
try:
|
||||
csr = csr.subject_name(cryptography.x509.Name([
|
||||
cryptography.x509.NameAttribute(crypto_utils.cryptography_get_name_oid(entry[0]), to_text(entry[1])) for entry in self.subject
|
||||
cryptography.x509.NameAttribute(crypto_utils.cryptography_name_to_oid(entry[0]), to_text(entry[1])) for entry in self.subject
|
||||
]))
|
||||
except ValueError as e:
|
||||
raise CertificateSigningRequestError(e)
|
||||
|
@ -664,7 +664,7 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
|
|||
csr = csr.add_extension(cryptography.x509.KeyUsage(**params), critical=self.keyUsage_critical)
|
||||
|
||||
if self.extendedKeyUsage:
|
||||
usages = [crypto_utils.cryptography_get_ext_keyusage(usage) for usage in self.extendedKeyUsage]
|
||||
usages = [crypto_utils.cryptography_name_to_oid(usage) for usage in self.extendedKeyUsage]
|
||||
csr = csr.add_extension(cryptography.x509.ExtendedKeyUsage(usages), critical=self.extendedKeyUsage_critical)
|
||||
|
||||
if self.basicConstraints:
|
||||
|
@ -713,7 +713,7 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
|
|||
|
||||
def _check_csr(self):
|
||||
def _check_subject(csr):
|
||||
subject = [(crypto_utils.cryptography_get_name_oid(entry[0]), entry[1]) for entry in self.subject]
|
||||
subject = [(crypto_utils.cryptography_name_to_oid(entry[0]), entry[1]) for entry in self.subject]
|
||||
current_subject = [(sub.oid, sub.value) for sub in csr.subject]
|
||||
return set(subject) == set(current_subject)
|
||||
|
||||
|
@ -751,7 +751,7 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
|
|||
def _check_extenededKeyUsage(extensions):
|
||||
current_usages_ext = _find_extension(extensions, cryptography.x509.ExtendedKeyUsage)
|
||||
current_usages = [str(usage) for usage in current_usages_ext.value] if current_usages_ext else []
|
||||
usages = [str(crypto_utils.cryptography_get_ext_keyusage(usage)) for usage in self.extendedKeyUsage] if self.extendedKeyUsage else []
|
||||
usages = [str(crypto_utils.cryptography_name_to_oid(usage)) for usage in self.extendedKeyUsage] if self.extendedKeyUsage else []
|
||||
if set(current_usages) != set(usages):
|
||||
return False
|
||||
if usages:
|
||||
|
|
|
@ -294,7 +294,7 @@ class CertificateSigningRequestInfoCryptography(CertificateSigningRequestInfo):
|
|||
def _get_subject(self):
|
||||
result = dict()
|
||||
for attribute in self.csr.subject:
|
||||
result[crypto_utils.crpytography_oid_to_name(attribute.oid)] = attribute.value
|
||||
result[crypto_utils.cryptography_oid_to_name(attribute.oid)] = attribute.value
|
||||
return result
|
||||
|
||||
def _get_key_usage(self):
|
||||
|
@ -339,7 +339,7 @@ class CertificateSigningRequestInfoCryptography(CertificateSigningRequestInfo):
|
|||
try:
|
||||
ext_keyusage_ext = self.csr.extensions.get_extension_for_class(x509.ExtendedKeyUsage)
|
||||
return sorted([
|
||||
crypto_utils.crpytography_oid_to_name(eku) for eku in ext_keyusage_ext.value
|
||||
crypto_utils.cryptography_oid_to_name(eku) for eku in ext_keyusage_ext.value
|
||||
]), ext_keyusage_ext.critical
|
||||
except cryptography.x509.ExtensionNotFound:
|
||||
return None, False
|
||||
|
|
Loading…
Reference in a new issue