Anons79 Mini Shell

Directory : /lib/python2.7/site-packages/ansible/modules/crypto/acme/
Upload File :
Current File : //lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_certificate_revoke.pyc

�
�Udac@`s�ddlmZmZmZeZidd6dgd6dd6ZdZd	Zd
Z	ddl
mZmZm
Z
mZmZddlmZd
�Zedkr�e�ndS(i(tabsolute_importtdivisiontprint_functions1.1tmetadata_versiontpreviewtstatust	communitytsupported_bysa
---
module: acme_certificate_revoke
author: "Felix Fontein (@felixfontein)"
version_added: "2.7"
short_description: Revoke certificates with the ACME protocol
description:
   - "Allows to revoke certificates issued by a CA supporting the
      L(ACME protocol,https://tools.ietf.org/html/rfc8555),
      such as L(Let's Encrypt,https://letsencrypt.org/)."
notes:
   - "Exactly one of C(account_key_src), C(account_key_content),
      C(private_key_src) or C(private_key_content) must be specified."
   - "Trying to revoke an already revoked certificate
      should result in an unchanged status, even if the revocation reason
      was different than the one specified here. Also, depending on the
      server, it can happen that some other error is returned if the
      certificate has already been revoked."
seealso:
  - name: The Let's Encrypt documentation
    description: Documentation for the Let's Encrypt Certification Authority.
                 Provides useful information for example on rate limits.
    link: https://letsencrypt.org/docs/
  - name: Automatic Certificate Management Environment (ACME)
    description: The specification of the ACME protocol (RFC 8555).
    link: https://tools.ietf.org/html/rfc8555
  - module: acme_inspect
    description: Allows to debug problems.
extends_documentation_fragment:
  - acme
options:
  certificate:
    description:
      - "Path to the certificate to revoke."
    type: path
    required: yes
  account_key_src:
    description:
      - "Path to a file containing the ACME account RSA or Elliptic Curve
         key."
      - "RSA keys can be created with C(openssl rsa ...). Elliptic curve keys can
         be created with C(openssl ecparam -genkey ...). Any other tool creating
         private keys in PEM format can be used as well."
      - "Mutually exclusive with C(account_key_content)."
      - "Required if C(account_key_content) is not used."
    type: path
  account_key_content:
    description:
      - "Content of the ACME account RSA or Elliptic Curve key."
      - "Note that exactly one of C(account_key_src), C(account_key_content),
         C(private_key_src) or C(private_key_content) must be specified."
      - "I(Warning): the content will be written into a temporary file, which will
         be deleted by Ansible when the module completes. Since this is an
         important private key — it can be used to change the account key,
         or to revoke your certificates without knowing their private keys
         —, this might not be acceptable."
      - "In case C(cryptography) is used, the content is not written into a
         temporary file. It can still happen that it is written to disk by
         Ansible in the process of moving the module with its argument to
         the node where it is executed."
    type: str
  private_key_src:
    description:
      - "Path to the certificate's private key."
      - "Note that exactly one of C(account_key_src), C(account_key_content),
         C(private_key_src) or C(private_key_content) must be specified."
    type: path
  private_key_content:
    description:
      - "Content of the certificate's private key."
      - "Note that exactly one of C(account_key_src), C(account_key_content),
         C(private_key_src) or C(private_key_content) must be specified."
      - "I(Warning): the content will be written into a temporary file, which will
         be deleted by Ansible when the module completes. Since this is an
         important private key — it can be used to change the account key,
         or to revoke your certificates without knowing their private keys
         —, this might not be acceptable."
      - "In case C(cryptography) is used, the content is not written into a
         temporary file. It can still happen that it is written to disk by
         Ansible in the process of moving the module with its argument to
         the node where it is executed."
    type: str
  revoke_reason:
    description:
      - "One of the revocation reasonCodes defined in
         L(Section 5.3.1 of RFC5280,https://tools.ietf.org/html/rfc5280#section-5.3.1)."
      - "Possible values are C(0) (unspecified), C(1) (keyCompromise),
         C(2) (cACompromise), C(3) (affiliationChanged), C(4) (superseded),
         C(5) (cessationOfOperation), C(6) (certificateHold),
         C(8) (removeFromCRL), C(9) (privilegeWithdrawn),
         C(10) (aACompromise)"
    type: int
sf
- name: Revoke certificate with account key
  acme_certificate_revoke:
    account_key_src: /etc/pki/cert/private/account.key
    certificate: /etc/httpd/ssl/sample.com.crt

- name: Revoke certificate with certificate's private key
  acme_certificate_revoke:
    private_key_src: /etc/httpd/ssl/sample.com.key
    certificate: /etc/httpd/ssl/sample.com.crt
t
(tModuleFailExceptiontACMEAccountt	nopad_b64t
pem_to_dertset_crypto_backend(t
AnsibleModulec!C`s!tdtdtddddg�dtddd	t�d
tdd�dtdddd
�dtdddddddg�dtdddt�dtdd�dtddd	t�dtdddt�dtdd�dtddddddddg��dddddgfdddddgfd t�}t|�|jjd�sl|jd!d"d#d$�ny�t|�}t	|jjd��}t
|�}i|d6}|jjd�dk	r�|jjd�|d%<n|jjd�dkr|jd&}d&|d'<n
|jd(}|jjd�}|jjd�}|sL|r�|j
||�\}}|r}td)|��ni|d*d*6|d+d+6}	|j||d,|d-|	�\}
}nc|jd.t�\}}
|r�td/��n|
dkrtd0d1��n|j||�\}
}|d2d3kr�t}|
jd�d4krWt}nZ|jjd�dkrxd5}nd6}|
jd�|kr�|
jd7�d8kr�t}n|r�|jd9t�ntd:j|d2|
���n|jd9t�Wn tk
r}|j|�nXdS(;Nt
argument_spectaccount_key_srcttypetpathtaliasestaccount_keytaccount_key_contenttstrtno_logtaccount_uritacme_directorytdefaults2https://acme-staging.api.letsencrypt.org/directorytacme_versiontintitchoicesitvalidate_certstbooltprivate_key_srctprivate_key_contenttcertificatetrequiredt
revoke_reasontselect_crypto_backendtautotopenssltcryptographytrequired_one_oftmutually_exclusivetsupports_check_modetwarningsHDisabling certificate validation for communications with ACME endpoint. sEThis should only be done for testing against a local ACME server for s:development purposes, but *never* for production purposes.treasonsrevoke-certtresourcet
revokeCerts#error while parsing private key: %stalgtjwktkey_datat
jws_headertallow_creationsUnwanted account creationtmsgs)Account does not exist or is deactivated.Ri�s)urn:ietf:params:acme:error:alreadyRevokedsurn:acme:error:malformeds$urn:ietf:params:acme:error:malformedtdetailsCertificate already revokedtchangeds#Error revoking certificate: {0} {1}(RtdicttTruetFalseR
tparamstgettwarnR
RRtNonet	directoryt	parse_keyR	tsend_signed_requestt
setup_accounttAssertionErrort	exit_jsontformattdo_fail(tmoduletaccountR"tpayloadtendpointtprivate_keyR!terrortprivate_key_dataR3tresulttinfotcreatedtaccount_datatalready_revokedt
error_typete((sW/usr/lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_certificate_revoke.pytmain�s�!'	
	



'		*	t__main__N(t
__future__RRRRt
__metaclass__tANSIBLE_METADATAt
DOCUMENTATIONtEXAMPLEStRETURNtansible.module_utils.acmeR	R
RRR
tansible.module_utils.basicRRUt__name__(((sW/usr/lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_certificate_revoke.pyt<module>s


_(	_

Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]