��
�Udac������������@`��s����d��d��l��m��Z��m��Z��m��Z���e��Z��i��d��d��6d��g��d��6d��d��6Z��d��Z��d �Z��d
�Z �d��d��l
�m��Z��m��Z���d��d��l
�m��Z��m��Z���d��d
�l��m��Z��m��Z���d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��Z��y��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l �Z��d��d��l!�Z��d��d��l"�Z��d��d��l#�Z#�d��d��l$�m%�Z%��e%�e��j&����e%�d�����k��Z'�e��j(�j)�j*����Z+�Wn%��e,�k
�r���Z-��e��j.����Z��e/�Z'�n��Xe��j0�d���d��k��r��d�����Z1�n �d�����Z1�d�����Z2�e3�d��k��r��e2�����n��d��S(����i����(����t����absolute_importt����divisiont����print_functions����1.1t����metadata_versiont����previewt����statust ���communityt����supported_bysA���
---
module: acme_challenge_cert_helper
author: "Felix Fontein (@felixfontein)"
version_added: "2.7"
short_description: Prepare certificates required for ACME challenges such as C(tls-alpn-01)
description:
- "Prepares certificates for ACME challenges such as C(tls-alpn-01)."
- "The raw data is provided by the M(acme_certificate) module, and needs to be
converted to a certificate to be used for challenge validation. This module
provides a simple way to generate the required certificates."
seealso:
- name: Automatic Certificate Management Environment (ACME)
description: The specification of the ACME protocol (RFC 8555).
link: https://tools.ietf.org/html/rfc8555
- name: ACME TLS ALPN Challenge Extension
description: The specification of the C(tls-alpn-01) challenge (RFC 8737).
link: https://www.rfc-editor.org/rfc/rfc8737.html
requirements:
- "cryptography >= 1.3"
options:
challenge:
description:
- "The challenge type."
type: str
required: yes
choices:
- tls-alpn-01
challenge_data:
description:
- "The C(challenge_data) entry provided by M(acme_certificate) for the challenge."
type: dict
required: yes
private_key_src:
description:
- "Path to a file containing the private key file to use for this challenge
certificate."
- "Mutually exclusive with C(private_key_content)."
type: path
private_key_content:
description:
- "Content of the private key to use for this challenge certificate."
- "Mutually exclusive with C(private_key_src)."
type: str
s"���
- name: Create challenges for a given CRT for sample.com
acme_certificate:
account_key_src: /etc/pki/cert/private/account.key
challenge: tls-alpn-01
csr: /etc/pki/cert/csr/sample.com.csr
dest: /etc/httpd/ssl/sample.com.crt
register: sample_com_challenge
- name: Create certificates for challenges
acme_challenge_cert_helper:
challenge: tls-alpn-01
challenge_data: "{{ item.value['tls-alpn-01'] }}"
private_key_src: /etc/pki/cert/key/sample.com.key
loop: "{{ sample_com_challenge.challenge_data | dictsort }}"
register: sample_com_challenge_certs
- name: Install challenge certificates
# We need to set up HTTPS such that for the domain,
# regular_certificate is delivered for regular connections,
# except if ALPN selects the "acme-tls/1"; then, the
# challenge_certificate must be delivered.
# This can for example be achieved with very new versions
# of NGINX; search for ssl_preread and
# ssl_preread_alpn_protocols for information on how to
# route by ALPN protocol.
...:
domain: "{{ item.domain }}"
challenge_certificate: "{{ item.challenge_certificate }}"
regular_certificate: "{{ item.regular_certificate }}"
private_key: /etc/pki/cert/key/sample.com.key
loop: "{{ sample_com_challenge_certs.results }}"
- name: Create certificate for a given CSR for sample.com
acme_certificate:
account_key_src: /etc/pki/cert/private/account.key
challenge: tls-alpn-01
csr: /etc/pki/cert/csr/sample.com.csr
dest: /etc/httpd/ssl/sample.com.crt
data: "{{ sample_com_challenge }}"
s����
domain:
description:
- "The domain the challenge is for. The certificate should be provided if
this is specified in the request's the C(Host) header."
returned: always
type: str
identifier_type:
description:
- "The identifier type for the actual resource identifier. Will be C(dns)
or C(ip)."
returned: always
type: str
version_added: "2.8"
identifier:
description:
- "The identifier for the actual resource. Will be a domain name if the
type is C(dns), or an IP address if the type is C(ip)."
returned: always
type: str
version_added: "2.8"
challenge_certificate:
description:
- "The challenge certificate in PEM format."
returned: always
type: str
regular_certificate:
description:
- "A self-signed certificate for the challenge domain."
- "If no existing certificate exists, can be used to set-up
https in the first place if that is needed for providing
the challenge."
returned: always
type: str
(����t����ModuleFailExceptiont ���read_file(����t
���AnsibleModulet����missing_required_lib(����t����to_bytest����to_textN(����t����LooseVersions����1.3i����c������������C`��s;���t��|�����d��k��r!�t��d��������n��t��d��t��|�����g�����|���S(����Ni����s4���Cannot handle octet strings with more than 128 bytesi����(����t����lenR����t����bytes(����t����octet_string(����(����sZ���/usr/lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_challenge_cert_helper.pyt����encode_octet_string����s����������c������������C`��s9���t��|�����d��k��r!�t��d��������n��d��t��t��|���������|���S(����Ni����s4���Cannot handle octet strings with more than 128 bytess�����(����R����R����t����chr(����R����(����(����sZ���/usr/lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_challenge_cert_helper.pyR��������s����������c������������C`��s:���t��d��t��d��t��d��d��d��t��d��d��g�����d��t��d��d �d��t�����d
�t��d��d�����d��t��d��d��d
�t��������d��d
�d��g��f��d��d
�d��g��f�����}��t��s��|��j��d��t��d�����d��t������n��yg�|��j��d���}��|��j��d���}��|��j��j��d�����}��|��d��k��r��t
�|��j��d
�����}��n��t��|�����}��y(�t��j
�j��j��j��|��d��d��d��t�����}��Wn(��t��k
�r[��}���t��d��j��|�����������n��Xt��|��d������}��t��|��j��d��d��|��d����������j��d��d�����\��}��}��t��j��j��g������} �}
�t��j��j�����}��t��j��j�����t��j��d��d������}��|��d��k��r��t��j��j��|�����}
�n?�|��d��k��r-�t��j��j��t��j��|��������}
�n��t��d��j��|�����������t��j��j ����j!�| ����j"�|
����j#�|��j#�������j$�t��j��j%�������j&�|�����j'�|�����j(�t��j��j)�|
�g�����d �t*����j+�|��t��j
�j��j,�j-����t�����}��|��d��k��r��t.�j/�|��d!�����}��t��j��j ����j!�| ����j"�|
����j#�|��j#�������j$�t��j��j%�������j&�|�����j'�|�����j(�t��j��j)�|
�g�����d �t*����j(�t��j��j0�t��j��j1�d"����t2�|��������d �t�����j+�|��t��j
�j��j,�j-����t�����}��n��|��j3�d#�t��d$�|��d%�|��d&�|��d'�|��j4�t��j
�j��j��j5�j6����d(�|��j4�t��j
�j��j��j5�j6��������Wn ��t��k
�r5��}���|��j7�|������n��Xd��S()���Nt
���argument_spect ���challenget����typet����strt����requiredt����choicess����tls-alpn-01t����challenge_datat����dictt����private_key_srct����patht����private_key_contentt����no_logt����required_one_oft����mutually_exclusivet����msgs����cryptography >= 1.3t ���exceptiont����passwordt����backends$���Error while loading private key: {0}t����resourcet����resource_originals����dns:t����:i����t����daysi
���t����dnst����ips!���Unsupported identifier type "{0}"t����criticalt����resource_values����1.3.6.1.5.5.7.1.31t����changedt����domaint����identifier_typet
���identifiert����challenge_certificatet����regular_certificate(8���R
���R����t����Truet����HAS_CRYPTOGRAPHYt ���fail_jsonR����t����CRYPTOGRAPHY_IMP_ERRt����paramst����gett����NoneR ���R����t����cryptographyt����hazmatt
���primitivest
���serializationt����load_pem_private_keyt����_cryptography_backendt ���ExceptionR����t����formatR
���t����splitt����x509t����Namet����datetimet����utcnowt ���timedeltat����DNSNamet ���IPAddresst ���ipaddresst
���ip_addresst����CertificateBuildert����subject_namet����issuer_namet
���public_keyt
���serial_numbert����random_serial_numbert����not_valid_beforet����not_valid_aftert
���add_extensiont����SubjectAlternativeNamet����Falset����signt����hashest����SHA256t����base64t ���b64decodet����UnrecognizedExtensiont����ObjectIdentifierR����t ���exit_jsont����public_bytest����Encodingt����PEMt����do_fail(����t����moduleR����R����R����t����private_keyt����eR/���R0���R1���t����subjectt����issuerRS���RT���t����sanR3���t����valueR2���(����(����sZ���/usr/lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_challenge_cert_helper.pyt����main����s����������������������������
�
�����������(�������2������������������� � ����� � ��� ����� ������� � ����� � ��� � ����� ������� �����������#���t����__main__(4���t
���__future__R����R����R����R����t
���__metaclass__t����ANSIBLE_METADATAt
���DOCUMENTATIONt����EXAMPLESt����RETURNt����ansible.module_utils.acmeR����R ���t����ansible.module_utils.basicR
���R����t����ansible.module_utils._textR����R
���R[���RF���t����syst ���tracebackR:���R7���R;���t����cryptography.hazmat.backendst,���cryptography.hazmat.primitives.serializationt-���cryptography.hazmat.primitives.asymmetric.rsat,���cryptography.hazmat.primitives.asymmetric.ect1���cryptography.hazmat.primitives.asymmetric.paddingt%���cryptography.hazmat.primitives.hashest/���cryptography.hazmat.primitives.asymmetric.utilst����cryptography.x509t����cryptography.x509.oidRK���t����distutils.versionR����t����__version__R5���R<���t����backendst����default_backendR@���t����ImportErrort����dummyt
���format_excRW���t����version_infoR����Rk���t����__name__(����(����(����sZ���/usr/lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_challenge_cert_helper.pyt����<module>����sN�������
�
�
/�*�$����������������������������������������������������
����� � o��
Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]
Anons79 Mini Shell