openssl_certificate: fix passphrase handling for cryptography backend (#56155)
* Make sure passphrase is bytes string.
* Fix typo.
* Add more passphrase tests.
* Fix test names.
* Add changelog.
(cherry picked from commit 7a957ba64a
)
This commit is contained in:
parent
7333af4fbb
commit
a07ed8530f
5 changed files with 75 additions and 5 deletions
|
@ -0,0 +1,2 @@
|
|||
bugfixes:
|
||||
- "openssl_certificate - fix private key passphrase handling for ``cryptography`` backend."
|
|
@ -168,7 +168,7 @@ def load_privatekey(path, passphrase=None, check_passphrase=True, content=None,
|
|||
elif backend == 'cryptography':
|
||||
try:
|
||||
result = load_pem_private_key(priv_key_detail,
|
||||
passphrase,
|
||||
None if passphrase is None else to_bytes(passphrase),
|
||||
cryptography_backend())
|
||||
except TypeError as dummy:
|
||||
raise OpenSSLBadPassphraseError('Wrong or empty passphrase provided for private key')
|
||||
|
|
|
@ -3,6 +3,13 @@
|
|||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/ca_privatekey.pem'
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate CA privatekey with passphrase
|
||||
openssl_privatekey:
|
||||
path: '{{ output_dir }}/ca_privatekey_pw.pem'
|
||||
passphrase: hunter2
|
||||
cipher: auto
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/ca_csr.csr'
|
||||
|
@ -14,6 +21,18 @@
|
|||
- 'CA:TRUE'
|
||||
basic_constraints_critical: yes
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate CA CSR (privatekey passphrase)
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/ca_csr_pw.csr'
|
||||
privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem'
|
||||
privatekey_passphrase: hunter2
|
||||
subject:
|
||||
commonName: Example CA
|
||||
useCommonNameForSAN: no
|
||||
basic_constraints:
|
||||
- 'CA:TRUE'
|
||||
basic_constraints_critical: yes
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/ca_cert.pem'
|
||||
|
@ -23,6 +42,16 @@
|
|||
selfsigned_digest: sha256
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned CA certificate (privatekey passphrase)
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/ca_cert_pw.pem'
|
||||
csr_path: '{{ output_dir }}/ca_csr_pw.csr'
|
||||
privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem'
|
||||
privatekey_passphrase: hunter2
|
||||
provider: selfsigned
|
||||
selfsigned_digest: sha256
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/ownca_cert.pem'
|
||||
|
@ -164,6 +193,18 @@
|
|||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: ownca_certificate_ecc
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate selfsigned certificate (privatekey passphrase)
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/ownca_cert_ecc_2.pem'
|
||||
csr_path: '{{ output_dir }}/csr_ecc.csr'
|
||||
ownca_path: '{{ output_dir }}/ca_cert_pw.pem'
|
||||
ownca_privatekey_path: '{{ output_dir }}/ca_privatekey_pw.pem'
|
||||
ownca_privatekey_passphrase: hunter2
|
||||
provider: ownca
|
||||
ownca_digest: sha256
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: selfsigned_certificate_passphrase
|
||||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 1)
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/ownca_cert_pw1.pem'
|
||||
|
@ -179,7 +220,7 @@
|
|||
|
||||
- name: (OwnCA, {{select_crypto_backend}}) Generate ownca certificate (failed passphrase 2)
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/ownca_cert_pw1.pem'
|
||||
path: '{{ output_dir }}/ownca_cert_pw2.pem'
|
||||
csr_path: '{{ output_dir }}/csr_ecc.csr'
|
||||
ownca_path: '{{ output_dir }}/ca_cert.pem'
|
||||
ownca_privatekey_path: '{{ output_dir }}/privatekeypw.pem'
|
||||
|
|
|
@ -176,6 +176,25 @@
|
|||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: selfsigned_certificate_ecc
|
||||
|
||||
- name: (Selfsigned, {{select_crypto_backend}}) Generate CSR (privatekey passphrase)
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr_pass.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
|
||||
privatekey_passphrase: hunter2
|
||||
subject:
|
||||
commonName: www.example.com
|
||||
|
||||
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (privatekey passphrase)
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/cert_pass.pem'
|
||||
csr_path: '{{ output_dir }}/csr_pass.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
|
||||
privatekey_passphrase: hunter2
|
||||
provider: selfsigned
|
||||
selfsigned_digest: sha256
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: selfsigned_certificate_passphrase
|
||||
|
||||
- name: (Selfsigned, {{select_crypto_backend}}) Generate selfsigned certificate (failed passphrase 1)
|
||||
openssl_certificate:
|
||||
path: '{{ output_dir }}/cert_pw1.pem'
|
||||
|
|
|
@ -249,7 +249,15 @@
|
|||
cipher: auto
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
- name: Generate publickey - PEM format
|
||||
- name: Generate CSR with privatekey passphrase
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr_pw.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
|
||||
privatekey_passphrase: hunter2
|
||||
select_crypto_backend: '{{ select_crypto_backend }}'
|
||||
register: passphrase_1
|
||||
|
||||
- name: Generate CSR (failed passphrase 1)
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr_pw1.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
|
@ -258,7 +266,7 @@
|
|||
ignore_errors: yes
|
||||
register: passphrase_error_1
|
||||
|
||||
- name: Generate publickey - PEM format
|
||||
- name: Generate CSR (failed passphrase 2)
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr_pw2.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
|
||||
|
@ -267,7 +275,7 @@
|
|||
ignore_errors: yes
|
||||
register: passphrase_error_2
|
||||
|
||||
- name: Generate publickey - PEM format
|
||||
- name: Generate CSR (failed passphrase 3)
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr_pw3.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekeypw.pem'
|
||||
|
|
Loading…
Reference in a new issue