From 71aeb79c378fb3225286f685abb5b2dce182d101 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Tue, 18 May 2021 20:08:15 +0200 Subject: [PATCH 1/6] Return more public key information. --- changelogs/fragments/233-public-key-info.yml | 3 + .../module_backends/certificate_info.py | 20 ++++++ .../crypto/module_backends/csr_info.py | 20 ++++++ plugins/modules/openssl_csr_info.py | 71 +++++++++++++++++++ plugins/modules/x509_certificate_info.py | 71 +++++++++++++++++++ .../targets/openssl_csr_info/tasks/impl.yml | 2 + .../x509_certificate_info/tasks/impl.yml | 2 + 7 files changed, 189 insertions(+) create mode 100644 changelogs/fragments/233-public-key-info.yml diff --git a/changelogs/fragments/233-public-key-info.yml b/changelogs/fragments/233-public-key-info.yml new file mode 100644 index 000000000..42c36a6f6 --- /dev/null +++ b/changelogs/fragments/233-public-key-info.yml @@ -0,0 +1,3 @@ +minor_changes: +- "openssl_csr_info - now returns ``public_key_type`` and ``public_key_data`` (https://github.com/ansible-collections/community.crypto/pull/233)." +- "x509_certificate_info - now returns ``public_key_type`` and ``public_key_data`` (https://github.com/ansible-collections/community.crypto/pull/233)." diff --git a/plugins/module_utils/crypto/module_backends/certificate_info.py b/plugins/module_utils/crypto/module_backends/certificate_info.py index 42c136d1b..88565cf97 100644 --- a/plugins/module_utils/crypto/module_backends/certificate_info.py +++ b/plugins/module_utils/crypto/module_backends/certificate_info.py @@ -39,6 +39,10 @@ pyopenssl_normalize_name_attribute, ) +from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.publickey_info import ( + get_publickey_info, +) + MINIMAL_CRYPTOGRAPHY_VERSION = '1.6' MINIMAL_PYOPENSSL_VERSION = '0.15' @@ -137,6 +141,10 @@ def get_not_after(self): def _get_public_key(self, binary): pass + @abc.abstractmethod + def _get_public_key_object(self): + pass + @abc.abstractmethod def _get_subject_key_identifier(self): pass @@ -189,6 +197,12 @@ def get_info(self): pk = self._get_public_key(binary=True) result['public_key_fingerprints'] = get_fingerprint_of_bytes(pk) if pk is not None else dict() + public_key_info = get_publickey_info(self.module, self.backend, key=self._get_public_key_object()) + result.update({ + 'public_key_type': public_key_info['type'], + 'public_key_data': public_key_info['public_data'], + }) + result['fingerprints'] = get_fingerprint_of_bytes(self._get_der_bytes()) if self.backend != 'pyopenssl': @@ -336,6 +350,9 @@ def _get_public_key(self, binary): serialization.PublicFormat.SubjectPublicKeyInfo ) + def _get_public_key_object(self): + return self.cert.public_key() + def _get_subject_key_identifier(self): try: ext = self.cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier) @@ -471,6 +488,9 @@ def _get_public_key(self, binary): self.module.warn('Your pyOpenSSL version does not support dumping public keys. ' 'Please upgrade to version 16.0 or newer, or use the cryptography backend.') + def _get_public_key_object(self): + return self.cert.get_pubkey() + def _get_subject_key_identifier(self): # Won't be implemented return None diff --git a/plugins/module_utils/crypto/module_backends/csr_info.py b/plugins/module_utils/crypto/module_backends/csr_info.py index 6d27acf22..a9155d465 100644 --- a/plugins/module_utils/crypto/module_backends/csr_info.py +++ b/plugins/module_utils/crypto/module_backends/csr_info.py @@ -37,6 +37,10 @@ pyopenssl_parse_name_constraints, ) +from ansible_collections.community.crypto.plugins.module_utils.crypto.module_backends.publickey_info import ( + get_publickey_info, +) + MINIMAL_CRYPTOGRAPHY_VERSION = '1.3' MINIMAL_PYOPENSSL_VERSION = '0.15' @@ -116,6 +120,10 @@ def _get_name_constraints(self): def _get_public_key(self, binary): pass + @abc.abstractmethod + def _get_public_key_object(self): + pass + @abc.abstractmethod def _get_subject_key_identifier(self): pass @@ -156,6 +164,12 @@ def get_info(self): pk = self._get_public_key(binary=True) result['public_key_fingerprints'] = get_fingerprint_of_bytes(pk) if pk is not None else dict() + public_key_info = get_publickey_info(self.module, self.backend, key=self._get_public_key_object()) + result.update({ + 'public_key_type': public_key_info['type'], + 'public_key_data': public_key_info['public_data'], + }) + if self.backend != 'pyopenssl': ski = self._get_subject_key_identifier() if ski is not None: @@ -288,6 +302,9 @@ def _get_public_key(self, binary): serialization.PublicFormat.SubjectPublicKeyInfo ) + def _get_public_key_object(self): + return self.csr.public_key() + def _get_subject_key_identifier(self): try: ext = self.csr.extensions.get_extension_for_class(x509.SubjectKeyIdentifier) @@ -394,6 +411,9 @@ def _get_public_key(self, binary): self.module.warn('Your pyOpenSSL version does not support dumping public keys. ' 'Please upgrade to version 16.0 or newer, or use the cryptography backend.') + def _get_public_key_object(self): + return self.csr.get_pubkey() + def _get_subject_key_identifier(self): # Won't be implemented return None diff --git a/plugins/modules/openssl_csr_info.py b/plugins/modules/openssl_csr_info.py index f744a60c1..0a34e62dc 100644 --- a/plugins/modules/openssl_csr_info.py +++ b/plugins/modules/openssl_csr_info.py @@ -183,6 +183,77 @@ returned: success type: str sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..." +public_key_type: + description: + - The CSR's public key's type. + - One of C(RSA), C(DSA), C(ECC), C(Ed25519), C(X25519), C(Ed448), or C(X448). + - Will start with C(unknown) if the key type cannot be determined. + returned: success + type: str + version_added: 1.7.0 + sample: RSA +public_key_data: + description: + - Public key data. Depends on the public key's type. + returned: success + type: dict + version_added: 1.7.0 + contains: + size: + description: + - Bit size of modulus (RSA) or prime number (DSA). + type: int + returned: When C(type=RSA) or C(type=DSA) + modulus: + description: + - The RSA key's modulus. + type: int + returned: When C(type=RSA) + exponent: + description: + - The RSA key's public exponent. + type: int + returned: When C(type=RSA) + p: + description: + - The C(p) value for DSA. + - This is the prime modulus upon which arithmetic takes place. + type: int + returned: When C(type=DSA) + q: + description: + - The C(q) value for DSA. + - This is a prime that divides C(p - 1), and at the same time the order of the subgroup of the + multiplicative group of the prime field used. + type: int + returned: When C(type=DSA) + g: + description: + - The C(g) value for DSA. + - This is the element spanning the subgroup of the multiplicative group of the prime field used. + type: int + returned: When C(type=DSA) + curve: + description: + - The curve's name for ECC. + type: str + returned: When C(type=ECC) + exponent_size: + description: + - The maximum number of bits of a private key. This is basically the bit size of the subgroup used. + type: int + returned: When C(type=ECC) + x: + description: + - The C(x) coordinate for the public point on the elliptic curve. + type: int + returned: When C(type=ECC) + y: + description: + - For C(type=ECC), this is the C(y) coordinate for the public point on the elliptic curve. + - For C(type=DSA), this is the publicly known group element whose discrete logarithm w.r.t. C(g) is the private key. + type: int + returned: When C(type=DSA) or C(type=ECC) public_key_fingerprints: description: - Fingerprints of CSR's public key. diff --git a/plugins/modules/x509_certificate_info.py b/plugins/modules/x509_certificate_info.py index 18aaf4c07..8a0748322 100644 --- a/plugins/modules/x509_certificate_info.py +++ b/plugins/modules/x509_certificate_info.py @@ -227,6 +227,77 @@ returned: success type: str sample: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A..." +public_key_type: + description: + - The certificate's public key's type. + - One of C(RSA), C(DSA), C(ECC), C(Ed25519), C(X25519), C(Ed448), or C(X448). + - Will start with C(unknown) if the key type cannot be determined. + returned: success + type: str + version_added: 1.7.0 + sample: RSA +public_key_data: + description: + - Public key data. Depends on the public key's type. + returned: success + type: dict + version_added: 1.7.0 + contains: + size: + description: + - Bit size of modulus (RSA) or prime number (DSA). + type: int + returned: When C(type=RSA) or C(type=DSA) + modulus: + description: + - The RSA key's modulus. + type: int + returned: When C(type=RSA) + exponent: + description: + - The RSA key's public exponent. + type: int + returned: When C(type=RSA) + p: + description: + - The C(p) value for DSA. + - This is the prime modulus upon which arithmetic takes place. + type: int + returned: When C(type=DSA) + q: + description: + - The C(q) value for DSA. + - This is a prime that divides C(p - 1), and at the same time the order of the subgroup of the + multiplicative group of the prime field used. + type: int + returned: When C(type=DSA) + g: + description: + - The C(g) value for DSA. + - This is the element spanning the subgroup of the multiplicative group of the prime field used. + type: int + returned: When C(type=DSA) + curve: + description: + - The curve's name for ECC. + type: str + returned: When C(type=ECC) + exponent_size: + description: + - The maximum number of bits of a private key. This is basically the bit size of the subgroup used. + type: int + returned: When C(type=ECC) + x: + description: + - The C(x) coordinate for the public point on the elliptic curve. + type: int + returned: When C(type=ECC) + y: + description: + - For C(type=ECC), this is the C(y) coordinate for the public point on the elliptic curve. + - For C(type=DSA), this is the publicly known group element whose discrete logarithm w.r.t. C(g) is the private key. + type: int + returned: When C(type=DSA) or C(type=ECC) public_key_fingerprints: description: - Fingerprints of certificate's public key. diff --git a/tests/integration/targets/openssl_csr_info/tasks/impl.yml b/tests/integration/targets/openssl_csr_info/tasks/impl.yml index bc9037ebb..dc8d694ee 100644 --- a/tests/integration/targets/openssl_csr_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr_info/tasks/impl.yml @@ -14,6 +14,8 @@ - result.subject.organizationalUnitName == 'ACME Department' - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered" - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered" + - result.public_key_type == 'RSA' + - result.public_key_data.size == default_rsa_key_size - name: "({{ select_crypto_backend }}) Check SubjectKeyIdentifier and AuthorityKeyIdentifier" assert: diff --git a/tests/integration/targets/x509_certificate_info/tasks/impl.yml b/tests/integration/targets/x509_certificate_info/tasks/impl.yml index 91838bd4a..3ceddfb2d 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/impl.yml @@ -17,6 +17,8 @@ - result.subject.organizationalUnitName == 'ACME Department' - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered" - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered" + - result.public_key_type == 'RSA' + - result.public_key_data.size == default_rsa_key_size_certifiates - name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier assert: From 40077e4fa0fb5134fd2b55a1b48efb32715ca537 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Tue, 18 May 2021 20:18:29 +0200 Subject: [PATCH 2/6] Make sure bit size is converted to int first. --- tests/integration/targets/x509_certificate_info/tasks/impl.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/targets/x509_certificate_info/tasks/impl.yml b/tests/integration/targets/x509_certificate_info/tasks/impl.yml index 3ceddfb2d..90f8e70fa 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/impl.yml @@ -18,7 +18,7 @@ - "['organizationalUnitName', 'Crypto Department'] in result.subject_ordered" - "['organizationalUnitName', 'ACME Department'] in result.subject_ordered" - result.public_key_type == 'RSA' - - result.public_key_data.size == default_rsa_key_size_certifiates + - result.public_key_data.size == (default_rsa_key_size_certifiates | int) - name: Check SubjectKeyIdentifier and AuthorityKeyIdentifier assert: From bad97caef3d0330bae3df44582c3cec1d3b479c7 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Wed, 19 May 2021 06:58:31 +0200 Subject: [PATCH 3/6] Apply suggestions from code review Co-authored-by: Ajpantuso --- .../module_utils/crypto/module_backends/certificate_info.py | 3 +-- plugins/module_utils/crypto/module_backends/csr_info.py | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/plugins/module_utils/crypto/module_backends/certificate_info.py b/plugins/module_utils/crypto/module_backends/certificate_info.py index 88565cf97..feeeb19be 100644 --- a/plugins/module_utils/crypto/module_backends/certificate_info.py +++ b/plugins/module_utils/crypto/module_backends/certificate_info.py @@ -194,13 +194,12 @@ def get_info(self): result['expired'] = not_after < datetime.datetime.utcnow() result['public_key'] = self._get_public_key(binary=False) - pk = self._get_public_key(binary=True) - result['public_key_fingerprints'] = get_fingerprint_of_bytes(pk) if pk is not None else dict() public_key_info = get_publickey_info(self.module, self.backend, key=self._get_public_key_object()) result.update({ 'public_key_type': public_key_info['type'], 'public_key_data': public_key_info['public_data'], + 'public_key_fingerprints': public_key_info['fingerprints'] }) result['fingerprints'] = get_fingerprint_of_bytes(self._get_der_bytes()) diff --git a/plugins/module_utils/crypto/module_backends/csr_info.py b/plugins/module_utils/crypto/module_backends/csr_info.py index a9155d465..3e17b783a 100644 --- a/plugins/module_utils/crypto/module_backends/csr_info.py +++ b/plugins/module_utils/crypto/module_backends/csr_info.py @@ -161,13 +161,12 @@ def get_info(self): ) = self._get_name_constraints() result['public_key'] = self._get_public_key(binary=False) - pk = self._get_public_key(binary=True) - result['public_key_fingerprints'] = get_fingerprint_of_bytes(pk) if pk is not None else dict() public_key_info = get_publickey_info(self.module, self.backend, key=self._get_public_key_object()) result.update({ 'public_key_type': public_key_info['type'], 'public_key_data': public_key_info['public_data'], + 'public_key_fingerprints': public_key_info['fingerprints'] }) if self.backend != 'pyopenssl': From 1c616feb1dc240c145ac041fa575c189341d2437 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Wed, 19 May 2021 07:03:00 +0200 Subject: [PATCH 4/6] Remove no longer necessary code. --- .../module_backends/certificate_info.py | 21 ++++++++----------- .../crypto/module_backends/csr_info.py | 21 ++++++++----------- 2 files changed, 18 insertions(+), 24 deletions(-) diff --git a/plugins/module_utils/crypto/module_backends/certificate_info.py b/plugins/module_utils/crypto/module_backends/certificate_info.py index feeeb19be..78f1b9c6b 100644 --- a/plugins/module_utils/crypto/module_backends/certificate_info.py +++ b/plugins/module_utils/crypto/module_backends/certificate_info.py @@ -138,7 +138,7 @@ def get_not_after(self): pass @abc.abstractmethod - def _get_public_key(self, binary): + def _get_public_key_pem(self): pass @abc.abstractmethod @@ -193,7 +193,7 @@ def get_info(self): result['not_after'] = not_after.strftime(TIMESTAMP_FORMAT) result['expired'] = not_after < datetime.datetime.utcnow() - result['public_key'] = self._get_public_key(binary=False) + result['public_key'] = self._get_public_key_pem() public_key_info = get_publickey_info(self.module, self.backend, key=self._get_public_key_object()) result.update({ @@ -343,10 +343,10 @@ def get_not_before(self): def get_not_after(self): return self.cert.not_valid_after - def _get_public_key(self, binary): + def _get_public_key_pem(self): return self.cert.public_key().public_bytes( - serialization.Encoding.DER if binary else serialization.Encoding.PEM, - serialization.PublicFormat.SubjectPublicKeyInfo + serialization.Encoding.PEM, + serialization.PublicFormat.SubjectPublicKeyInfo, ) def _get_public_key_object(self): @@ -466,20 +466,17 @@ def get_not_after(self): time_string = to_native(self.cert.get_notAfter()) return datetime.datetime.strptime(time_string, "%Y%m%d%H%M%SZ") - def _get_public_key(self, binary): + def _get_public_key_pem(self): try: return crypto.dump_publickey( - crypto.FILETYPE_ASN1 if binary else crypto.FILETYPE_PEM, - self.cert.get_pubkey() + crypto.FILETYPE_PEM, + self.cert.get_pubkey(), ) except AttributeError: try: # pyOpenSSL < 16.0: bio = crypto._new_mem_buf() - if binary: - rc = crypto._lib.i2d_PUBKEY_bio(bio, self.cert.get_pubkey()._pkey) - else: - rc = crypto._lib.PEM_write_bio_PUBKEY(bio, self.cert.get_pubkey()._pkey) + rc = crypto._lib.PEM_write_bio_PUBKEY(bio, self.cert.get_pubkey()._pkey) if rc != 1: crypto._raise_current_error() return crypto._bio_to_string(bio) diff --git a/plugins/module_utils/crypto/module_backends/csr_info.py b/plugins/module_utils/crypto/module_backends/csr_info.py index 3e17b783a..d537217c3 100644 --- a/plugins/module_utils/crypto/module_backends/csr_info.py +++ b/plugins/module_utils/crypto/module_backends/csr_info.py @@ -117,7 +117,7 @@ def _get_name_constraints(self): pass @abc.abstractmethod - def _get_public_key(self, binary): + def _get_public_key_pem(self): pass @abc.abstractmethod @@ -160,7 +160,7 @@ def get_info(self): result['name_constraints_critical'], ) = self._get_name_constraints() - result['public_key'] = self._get_public_key(binary=False) + result['public_key'] = self._get_public_key_pem() public_key_info = get_publickey_info(self.module, self.backend, key=self._get_public_key_object()) result.update({ @@ -295,10 +295,10 @@ def _get_name_constraints(self): except cryptography.x509.ExtensionNotFound: return None, None, False - def _get_public_key(self, binary): + def _get_public_key_pem(self): return self.csr.public_key().public_bytes( - serialization.Encoding.DER if binary else serialization.Encoding.PEM, - serialization.PublicFormat.SubjectPublicKeyInfo + serialization.Encoding.PEM, + serialization.PublicFormat.SubjectPublicKeyInfo, ) def _get_public_key_object(self): @@ -390,19 +390,16 @@ def _get_name_constraints(self): return permitted, excluded, bool(extension.get_critical()) return None, None, False - def _get_public_key(self, binary): + def _get_public_key_pem(self): try: return crypto.dump_publickey( - crypto.FILETYPE_ASN1 if binary else crypto.FILETYPE_PEM, - self.csr.get_pubkey() + crypto.FILETYPE_PEM, + self.csr.get_pubkey(), ) except AttributeError: try: bio = crypto._new_mem_buf() - if binary: - rc = crypto._lib.i2d_PUBKEY_bio(bio, self.csr.get_pubkey()._pkey) - else: - rc = crypto._lib.PEM_write_bio_PUBKEY(bio, self.csr.get_pubkey()._pkey) + rc = crypto._lib.PEM_write_bio_PUBKEY(bio, self.csr.get_pubkey()._pkey) if rc != 1: crypto._raise_current_error() return crypto._bio_to_string(bio) From a6053e55b8040534043a43ab49c75fcecb7962ad Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Wed, 19 May 2021 07:03:18 +0200 Subject: [PATCH 5/6] Use correct return value's name. --- plugins/modules/openssl_csr_info.py | 24 ++++++++++++------------ plugins/modules/x509_certificate_info.py | 24 ++++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/plugins/modules/openssl_csr_info.py b/plugins/modules/openssl_csr_info.py index 0a34e62dc..103ef2a2e 100644 --- a/plugins/modules/openssl_csr_info.py +++ b/plugins/modules/openssl_csr_info.py @@ -203,57 +203,57 @@ description: - Bit size of modulus (RSA) or prime number (DSA). type: int - returned: When C(type=RSA) or C(type=DSA) + returned: When C(public_key_type=RSA) or C(public_key_type=DSA) modulus: description: - The RSA key's modulus. type: int - returned: When C(type=RSA) + returned: When C(public_key_type=RSA) exponent: description: - The RSA key's public exponent. type: int - returned: When C(type=RSA) + returned: When C(public_key_type=RSA) p: description: - The C(p) value for DSA. - This is the prime modulus upon which arithmetic takes place. type: int - returned: When C(type=DSA) + returned: When C(public_key_type=DSA) q: description: - The C(q) value for DSA. - This is a prime that divides C(p - 1), and at the same time the order of the subgroup of the multiplicative group of the prime field used. type: int - returned: When C(type=DSA) + returned: When C(public_key_type=DSA) g: description: - The C(g) value for DSA. - This is the element spanning the subgroup of the multiplicative group of the prime field used. type: int - returned: When C(type=DSA) + returned: When C(public_key_type=DSA) curve: description: - The curve's name for ECC. type: str - returned: When C(type=ECC) + returned: When C(public_key_type=ECC) exponent_size: description: - The maximum number of bits of a private key. This is basically the bit size of the subgroup used. type: int - returned: When C(type=ECC) + returned: When C(public_key_type=ECC) x: description: - The C(x) coordinate for the public point on the elliptic curve. type: int - returned: When C(type=ECC) + returned: When C(public_key_type=ECC) y: description: - - For C(type=ECC), this is the C(y) coordinate for the public point on the elliptic curve. - - For C(type=DSA), this is the publicly known group element whose discrete logarithm w.r.t. C(g) is the private key. + - For C(public_key_type=ECC), this is the C(y) coordinate for the public point on the elliptic curve. + - For C(public_key_type=DSA), this is the publicly known group element whose discrete logarithm w.r.t. C(g) is the private key. type: int - returned: When C(type=DSA) or C(type=ECC) + returned: When C(public_key_type=DSA) or C(public_key_type=ECC) public_key_fingerprints: description: - Fingerprints of CSR's public key. diff --git a/plugins/modules/x509_certificate_info.py b/plugins/modules/x509_certificate_info.py index 8a0748322..9c93039bf 100644 --- a/plugins/modules/x509_certificate_info.py +++ b/plugins/modules/x509_certificate_info.py @@ -247,57 +247,57 @@ description: - Bit size of modulus (RSA) or prime number (DSA). type: int - returned: When C(type=RSA) or C(type=DSA) + returned: When C(public_key_type=RSA) or C(public_key_type=DSA) modulus: description: - The RSA key's modulus. type: int - returned: When C(type=RSA) + returned: When C(public_key_type=RSA) exponent: description: - The RSA key's public exponent. type: int - returned: When C(type=RSA) + returned: When C(public_key_type=RSA) p: description: - The C(p) value for DSA. - This is the prime modulus upon which arithmetic takes place. type: int - returned: When C(type=DSA) + returned: When C(public_key_type=DSA) q: description: - The C(q) value for DSA. - This is a prime that divides C(p - 1), and at the same time the order of the subgroup of the multiplicative group of the prime field used. type: int - returned: When C(type=DSA) + returned: When C(public_key_type=DSA) g: description: - The C(g) value for DSA. - This is the element spanning the subgroup of the multiplicative group of the prime field used. type: int - returned: When C(type=DSA) + returned: When C(public_key_type=DSA) curve: description: - The curve's name for ECC. type: str - returned: When C(type=ECC) + returned: When C(public_key_type=ECC) exponent_size: description: - The maximum number of bits of a private key. This is basically the bit size of the subgroup used. type: int - returned: When C(type=ECC) + returned: When C(public_key_type=ECC) x: description: - The C(x) coordinate for the public point on the elliptic curve. type: int - returned: When C(type=ECC) + returned: When C(public_key_type=ECC) y: description: - - For C(type=ECC), this is the C(y) coordinate for the public point on the elliptic curve. - - For C(type=DSA), this is the publicly known group element whose discrete logarithm w.r.t. C(g) is the private key. + - For C(public_key_type=ECC), this is the C(y) coordinate for the public point on the elliptic curve. + - For C(public_key_type=DSA), this is the publicly known group element whose discrete logarithm w.r.t. C(g) is the private key. type: int - returned: When C(type=DSA) or C(type=ECC) + returned: When C(public_key_type=DSA) or C(public_key_type=ECC) public_key_fingerprints: description: - Fingerprints of certificate's public key. From 4797c1a0237fb78f8fa995d226048c46720cc11c Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Wed, 19 May 2021 07:04:54 +0200 Subject: [PATCH 6/6] Add trailing commas. --- plugins/module_utils/crypto/module_backends/certificate_info.py | 2 +- plugins/module_utils/crypto/module_backends/csr_info.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/module_utils/crypto/module_backends/certificate_info.py b/plugins/module_utils/crypto/module_backends/certificate_info.py index 78f1b9c6b..f329d1684 100644 --- a/plugins/module_utils/crypto/module_backends/certificate_info.py +++ b/plugins/module_utils/crypto/module_backends/certificate_info.py @@ -199,7 +199,7 @@ def get_info(self): result.update({ 'public_key_type': public_key_info['type'], 'public_key_data': public_key_info['public_data'], - 'public_key_fingerprints': public_key_info['fingerprints'] + 'public_key_fingerprints': public_key_info['fingerprints'], }) result['fingerprints'] = get_fingerprint_of_bytes(self._get_der_bytes()) diff --git a/plugins/module_utils/crypto/module_backends/csr_info.py b/plugins/module_utils/crypto/module_backends/csr_info.py index d537217c3..7fc8fcefb 100644 --- a/plugins/module_utils/crypto/module_backends/csr_info.py +++ b/plugins/module_utils/crypto/module_backends/csr_info.py @@ -166,7 +166,7 @@ def get_info(self): result.update({ 'public_key_type': public_key_info['type'], 'public_key_data': public_key_info['public_data'], - 'public_key_fingerprints': public_key_info['fingerprints'] + 'public_key_fingerprints': public_key_info['fingerprints'], }) if self.backend != 'pyopenssl':