From c5991b970f42e8ea3fce7ef534e3c863f13fc954 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Fri, 5 Apr 2019 22:18:30 +0200 Subject: [PATCH] openssl_certificate_info, openssl_csr: fix wrong exception, and little refactoring (#54922) * Fix wrong exception name. * Use crypto_utils.load_certificate_request() to load CSRs with both backends. --- lib/ansible/modules/crypto/openssl_certificate_info.py | 4 ++-- lib/ansible/modules/crypto/openssl_csr.py | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/ansible/modules/crypto/openssl_certificate_info.py b/lib/ansible/modules/crypto/openssl_certificate_info.py index f0937207a0..d098fae410 100644 --- a/lib/ansible/modules/crypto/openssl_certificate_info.py +++ b/lib/ansible/modules/crypto/openssl_certificate_info.py @@ -282,7 +282,7 @@ def get_relative_time_option(input_string, input_name): if result.startswith("+") or result.startswith("-"): return crypto_utils.convert_relative_to_datetime(result) if result is None: - raise crypto_utils.CertificateError( + raise crypto_utils.OpenSSLObjectError( 'The timespec "%s" for %s is not valid' % input_string, input_name) for date_fmt in ['%Y%m%d%H%M%SZ', '%Y%m%d%H%MZ', '%Y%m%d%H%M%S%z', '%Y%m%d%H%M%z']: @@ -293,7 +293,7 @@ def get_relative_time_option(input_string, input_name): pass if not isinstance(result, datetime.datetime): - raise crypto_utils.CertificateError( + raise crypto_utils.OpenSSLObjectError( 'The time spec "%s" for %s is invalid' % (input_string, input_name) ) diff --git a/lib/ansible/modules/crypto/openssl_csr.py b/lib/ansible/modules/crypto/openssl_csr.py index d9932bf532..b3fd25cd33 100644 --- a/lib/ansible/modules/crypto/openssl_csr.py +++ b/lib/ansible/modules/crypto/openssl_csr.py @@ -632,7 +632,7 @@ class CertificateSigningRequestPyOpenSSL(CertificateSigningRequestBase): return False try: - csr = crypto_utils.load_certificate_request(self.path) + csr = crypto_utils.load_certificate_request(self.path, backend='pyopenssl') except Exception as dummy: return False @@ -819,8 +819,7 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase): return key_a == key_b try: - with open(self.path, 'rb') as f: - csr = cryptography.x509.load_pem_x509_csr(f.read(), self.cryptography_backend) + csr = crypto_utils.load_certificate_request(self.path, backend='cryptography') except Exception as dummy: return False