Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl_pkcs12: cannot re-create pkcs12 with no private key #103

Closed
Zeroji opened this issue Aug 20, 2020 · 0 comments · Fixed by #109
Closed

openssl_pkcs12: cannot re-create pkcs12 with no private key #103

Zeroji opened this issue Aug 20, 2020 · 0 comments · Fixed by #109

Comments

@Zeroji
Copy link

Zeroji commented Aug 20, 2020

Original issue from Ansible github: https:/ansible/ansible/issues/59945

SUMMARY

When generating a PKCS12 keystore without a private key, if the file exists, parsing it fails

ISSUE TYPE
  • Bug Report
COMPONENT NAME

openssl_pkcs12 (likely caused by https:/ansible-collections/community.crypto/blob/main/plugins/modules/openssl_pkcs12.py#L363)

ANSIBLE VERSION
ansible 2.9.6
  config file = /home/redacted/dev/redacted/ansible.cfg
  configured module search path = ['/home/redacted/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/redacted/.local/lib/python3.6/site-packages/ansible
  executable location = /home/redacted/.local/bin/ansible
  python version = 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]
CONFIGURATION
ANSIBLE_NOCOWS(env: ANSIBLE_NOCOWS) = True
DEFAULT_CALLBACK_WHITELIST(/home/redacted/dev/redacted/ansible.cfg) = ['timer']
DEFAULT_FILTER_PLUGIN_PATH(/home/redacted/dev/redacted/ansible.cfg) = ['/home/redacted/dev/redacted/filter_plugins']
DEFAULT_LOG_PATH(/home/redacted/dev/redacted/ansible.cfg) = /var/log/ansible.log
DEFAULT_ROLES_PATH(/home/redacted/dev/redacted/ansible.cfg) = ['/home/redacted/dev/redacted/roles']
DEFAULT_STDOUT_CALLBACK(/home/redacted/dev/redacted/ansible.cfg) = yaml
OS / ENVIRONMENT

Ubuntu 18.04 inside WSL1 on Windows 10, but issue has been reproduced across various platforms (mainly CentOS 7.7)

STEPS TO REPRODUCE


EXPECTED RESULTS


    

  • Create a PFX/P12 file with only certificates ("other_certificates")
    • 

  • Try to parse the file or run the export again over the same file
    • 



openssl_pkcs12:
    path: "{{ truststore_path }}"
    name: truststore
    other_certificates: "{{ cacert_path }}"


ACTUAL RESULTS


PyOpenSSL fails to dump the private key (which is None when parsed from p12)


      File "/tmp/ansible_openssl_pkcs12_payload_tfn6ujgx/ansible_openssl_pkcs12_payload.zip/ansible/modules/crypto/openssl_pkcs12.py", line 449, in <module>
      File "/tmp/ansible_openssl_pkcs12_payload_tfn6ujgx/ansible_openssl_pkcs12_payload.zip/ansible/modules/crypto/openssl_pkcs12.py", line 412, in main
      File "/tmp/ansible_openssl_pkcs12_payload_tfn6ujgx/ansible_openssl_pkcs12_payload.zip/ansible/modules/crypto/openssl_pkcs12.py", line 246, in check
      File "/tmp/ansible_openssl_pkcs12_payload_tfn6ujgx/ansible_openssl_pkcs12_payload.zip/ansible/modules/crypto/openssl_pkcs12.py", line 341, in parse
      File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1899, in dump_privatekey
        raise TypeError("pkey must be a PKey")
    TypeError: pkey must be a PKey






















 













Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment









 







Assignees



No one assigned







Labels




None yet










Projects







None yet


 







Milestone


No milestone















1 participant





@Zeroji