��
�Udac������������@`��s����d��d��l��m��Z��m��Z��m��Z���e��Z��i��d��d��6d��g��d��6d��d��6Z��d��Z��d �Z��d
�Z �d��d��l
�Z
�d��d��l��Z��d��d��l��m
�Z
�m��Z���d��d
�l��m��Z���d��Z��y��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��Z��d��d��l��m��Z���e��e��j�����e��d�����k��Z �e��j!�j"�j#����Z$�Wn%��e%�k
�rv��Z&��e��j'����Z��e(�Z �n��Xd��e)�f��d��������YZ*�d�����Z+�e,�d�����Z-�e,�d�����Z.�d��e)�f��d��������YZ/�d�����Z0�d�����Z1�e2�d��k��r��e1�����n��d��S(����i����(����t����absolute_importt����divisiont����print_functions����1.1t����metadata_versiont����previewt����statust ���communityt����supported_bysz ��
---
module: certificate_complete_chain
author: "Felix Fontein (@felixfontein)"
version_added: "2.7"
short_description: Complete certificate chain given a set of untrusted and root certificates
description:
- "This module completes a given chain of certificates in PEM format by finding
intermediate certificates from a given set of certificates, until it finds a root
certificate in another given set of certificates."
- "This can for example be used to find the root certificate for a certificate chain
returned by M(acme_certificate)."
- "Note that this module does I(not) check for validity of the chains. It only
checks that issuer and subject match, and that the signature is correct. It
ignores validity dates and key usage completely. If you need to verify that a
generated chain is valid, please use C(openssl verify ...)."
requirements:
- "cryptography >= 1.5"
options:
input_chain:
description:
- A concatenated set of certificates in PEM format forming a chain.
- The module will try to complete this chain.
type: str
required: yes
root_certificates:
description:
- "A list of filenames or directories."
- "A filename is assumed to point to a file containing one or more certificates
in PEM format. All certificates in this file will be added to the set of
root certificates."
- "If a directory name is given, all files in the directory and its
subdirectories will be scanned and tried to be parsed as concatenated
certificates in PEM format."
- "Symbolic links will be followed."
type: list
elements: path
required: yes
intermediate_certificates:
description:
- "A list of filenames or directories."
- "A filename is assumed to point to a file containing one or more certificates
in PEM format. All certificates in this file will be added to the set of
root certificates."
- "If a directory name is given, all files in the directory and its
subdirectories will be scanned and tried to be parsed as concatenated
certificates in PEM format."
- "Symbolic links will be followed."
type: list
elements: path
default: []
s����
# Given a leaf certificate for www.ansible.com and one or more intermediate
# certificates, finds the associated root certificate.
- name: Find root certificate
certificate_complete_chain:
input_chain: "{{ lookup('file', '/etc/ssl/csr/www.ansible.com-fullchain.pem') }}"
root_certificates:
- /etc/ca-certificates/
register: www_ansible_com
- name: Write root certificate to disk
copy:
dest: /etc/ssl/csr/www.ansible.com-root.pem
content: "{{ www_ansible_com.root }}"
# Given a leaf certificate for www.ansible.com, and a list of intermediate
# certificates, finds the associated root certificate.
- name: Find root certificate
certificate_complete_chain:
input_chain: "{{ lookup('file', '/etc/ssl/csr/www.ansible.com.pem') }}"
intermediate_certificates:
- /etc/ssl/csr/www.ansible.com-chain.pem
root_certificates:
- /etc/ca-certificates/
register: www_ansible_com
- name: Write complete chain to disk
copy:
dest: /etc/ssl/csr/www.ansible.com-completechain.pem
content: "{{ ''.join(www_ansible_com.complete_chain) }}"
- name: Write root chain (intermediates and root) to disk
copy:
dest: /etc/ssl/csr/www.ansible.com-rootchain.pem
content: "{{ ''.join(www_ansible_com.chain) }}"
s����
root:
description:
- "The root certificate in PEM format."
returned: success
type: str
chain:
description:
- "The chain added to the given input chain. Includes the root certificate."
- "Returned as a list of PEM certificates."
returned: success
type: list
elements: str
complete_chain:
description:
- "The completed chain, including leaf, all intermediates, and root."
- "Returned as a list of PEM certificates."
returned: success
type: list
elements: str
N(����t
���AnsibleModulet����missing_required_lib(����t����to_bytes(����t����LooseVersions����1.5t����Certificatec������������B`��s����e��Z��d��Z��d�����Z��RS(����s-���
Stores PEM with parsed certificate.
c������������C`��sA���|��j��d�����p��|��j��d�����s+�|��d���}��n��|��|��_��|��|��_��d��S(����Ns����
s����
(����t����endswitht����pemt����cert(����t����selfR����R����(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt����__init__����s��������
� �(����t����__name__t
���__module__t����__doc__R����(����(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyR��������s��������c������������C`��sO���|��j��j��|��j��j��k��r��t��S|��j��j�����}��y��t��|��t��j��j��j �j
�j�����r��|��j��|��j��j
�|��j��j��t��j��j��j �j��j�����|��j��j������nu�t��|��t��j��j��j �j��j�����r��|��j��|��j��j
�|��j��j��t��j��j��j �j��j��|��j��j���������n��|��j��d��j��|���������t��St��SWnE��t��j��j��k
�r���}���t��S�t��k
�rJ��}���|��j��d��d��j��|���������n��Xd��S(����sb���
Tests whether the given certificate has been issued by the potential parent certificate.
s����Unknown public key type "{0}"t����msgs*���Unknown error on signature validation: {0}N(����R����t����issuert����subjectt����Falset
���public_keyt
���isinstancet����cryptographyt����hazmatt
���primitivest
���asymmetrict����rsat����RSAPublicKeyt����verifyt ���signaturet����tbs_certificate_bytest����paddingt����PKCS1v15t����signature_hash_algorithmt����ect����EllipticCurvePublicKeyt����ECDSAt����warnt����formatt����Truet
���exceptionst����InvalidSignaturet ���Exceptiont ���fail_json(����t����moduleR����t����potential_parentR����t����dummyt����e(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt ���is_parent����s,����������������� � ��������� � �%�������������c������������C`��s-���g��}��|��j��t�����}��d��}��x��|��D]��}��|��j�����r"�|��j��d�����rO�|��g��}��q%�|��d��k �r%�|��j��|������|��j��d�����r"�d��j��|�����}��d��}��y5�t��j��j �t
�|�����t�����} �|��j��t��|��| ��������Wq���t
�k
�r���}
��d��j��t��|�����d���|��|
����}��|��r��|��j��d��|������q��|��j��|������q��Xq"�q%�q"�q"�W|��S(����sV���
Parse concatenated PEM certificates. Return list of ``Certificate`` objects.
s����-----BEGIN s ���-----END t����s+���Cannot parse certificate #{0} from {1}: {2}i����R����N(����t
���splitlinesR,���t����Nonet����stript
���startswitht����appendt����joinR����t����x509t����load_pem_x509_certificateR
���t����_cryptography_backendR����R/���R+���t����lenR0���R*���(����R1���t����textt����sourcet
���fail_on_errort����resultt����linest����currentt����linet����cert_pemR����R4���R����(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt����parse_PEM_list����s*�����������
���������
�����������������������c������������C`��s����yD�t��|��d������/�}��t��|��|��j�����j��d�����d��|��d��|�����SWd��QXWnO��t��k
�r���}���d��j��|��|�����}��|��r��|��j��d��|������q��|��j��|������g��Sn��Xd��S(����s_���
Load concatenated PEM certificates from file. Return list of ``Certificate`` objects.
t����rbs����utf-8RB���RC���Ns%���Cannot read certificate file {0}: {1}R����(����t����openRI���t����readt����decodeR/���R+���R0���R*���(����R1���t����pathRC���t����fR4���R����(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt
���load_PEM_list����s����������2���������
�t����CertificateSetc������������B`��s2���e��Z��d��Z��d�����Z��d�����Z��d�����Z��d�����Z��RS(����s^���
Stores a set of certificates. Allows to search for parent (issuer of a certificate).
c������������C`��s%���|��|��_��t�����|��_��t�����|��_��d��S(����N(����R1���t����sett����certificatest����dictt����certificate_by_issuer(����R����R1���(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyR��������s������ ���c������������C`��sP���t��|��j��|��d��t�����}��x1�|��D])�}��|��j��j��|������|��|��j��|��j��j��<q��Wd��S(����NRC���(����RP���R1���R����RS���t����addRU���R����R����(����R����RN���t����certsR����(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt
���_load_file����s��������
���c������������C`��s����t��|��d��d�����}��t��j��j��|�����r}�xc�t��j��|��d��t�����D]<�\��}��}��}��x*�|��D]"�}��|��j��t��j��j��|��|���������qP�Wq:�Wn
�|��j��|������d��S(����sL���
Load lists of PEM certificates from a file or a directory.
t����errorst����surrogate_or_strictt����followlinksN(����R
���t����osRN���t����isdirt����walkR,���RX���R<���(����R����RN���t����b_patht ���directoryR3���t����filest����file(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt����load����s����������%�
�'�c������������C`��sD���|��j��j��|��j��j�����}��|��d��k �r@�t��|��j��|��|�����r@�|��Sn��d��S(����se���
Search for the parent (issuer) of a certificate. Return ``None`` if none was found.
N(����RU���t����getR����R����R8���R5���R1���(����R����R����R2���(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt����find_parent����s
�������������(����R����R����R����R����RX���Rc���Re���(����(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyRQ�������s
������� � � �c������������C`��s
���t��|��j�����S(����sQ���
Return human readable representation of certificate for error messages.
(����t����strR����(����R����(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt����format_cert����s������c����
�������C`��s����t��d��t��d��t��d��d��d��t�����d��t��d��d��d��t��d��d ����d
�t��d��d��d��g��d��d �������d��t�����}��t��s��|��j��d
�t��d�����d��t������n��t��|��|��j��d���d��d�����}��t �|�����d��k��r��|��j��d
�d������n��x��t
�|�����D]v�\��}��}��|��d��k��r��t��|��|��|��d����|�����sL�|��j��d
�d��d���j��|��t
�|��|��d�������|��d���t
�|������������qL�q��q��Wt��|�����}��x"�|��j��d
��D]��}��|��j��|������qj�Wt��|�����}��x"�|��j��d���D]��}��|��j��|������q��W|��d���}��g��}��xz�|��r>�|��j��|�����} �| �r��|��j��| �����Pn��|��j��|�����}
�|
�r��|��j��|
�����|
�}��q��|��j��d
�d��j��t
�|������������q��W|��|���}��|��j��d��t��d��|��d���j��d��g��|��D]��}��|��j��^��ql�d��g��|��D]��}��|��j��^��q������d��S(����Nt
���argument_spect����input_chaint����typeRf���t����requiredt����root_certificatest����listt����elementsRN���t����intermediate_certificatest����defaultt����supports_check_modeR����s����cryptography >= 1.5t ���exceptionRB���s����input chaini����s1���Input chain must contain at least one certificatei����s?���Cannot verify input chain: certificate #{2}: {3} is not issuer s����of certificate #{0}: {1}i����s/���Cannot complete chain. Stuck at certificate {0}t����changedt����roott����chaint����complete_chain(����R����RT���R,���t����HAS_CRYPTOGRAPHYR0���R ���t����CRYPTOGRAPHY_IMP_ERRRI���t����paramsR@���t ���enumerateR5���R+���Rg���RQ���Rc���Re���R;���t ���exit_jsonR����R����(
���R1���Ru���t����it����parentt
���intermediatesRN���t����rootsRF���t ���completedRt���t����intermediateRv���R����(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt����main!���sP��������������� �������������������<�������������
��� �����
�������
� �#�
� ���
���t����__main__(3���t
���__future__R����R����R����Rj���t
���__metaclass__t����ANSIBLE_METADATAt
���DOCUMENTATIONt����EXAMPLESt����RETURNR\���t ���tracebackt����ansible.module_utils.basicR����R ���t����ansible.module_utils._textR
���R8���Rx���R����t����cryptography.hazmat.backendst,���cryptography.hazmat.primitives.serializationt-���cryptography.hazmat.primitives.asymmetric.rsat,���cryptography.hazmat.primitives.asymmetric.ect1���cryptography.hazmat.primitives.asymmetric.paddingt%���cryptography.hazmat.primitives.hashest/���cryptography.hazmat.primitives.asymmetric.utilst����cryptography.x509t����cryptography.x509.oidt����distutils.versionR����t����__version__Rw���R����t����backendst����default_backendR?���t����ImportErrorR3���t
���format_excR����t����objectR����R5���R,���RI���RP���RQ���Rg���R����R����(����(����(����sU���/usr/lib/python2.7/site-packages/ansible/modules/crypto/certificate_complete_chain.pyt����<module>����sL�������
�
�
6�#����������������������������������������������
��� "�����' � <��
Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]
Anons79 Mini Shell