mirror of
https://github.com/valitydev/salt.git
synced 2024-11-08 01:18:58 +00:00
fix csr bugs and pep8
This commit is contained in:
Clint Armstrong
parent
36dcf5f3da
commit
6a8046970e
@ -974,7 +974,7 @@ def create_crl( # pylint: disable=too-many-arguments,too-many-locals
|
||||
OpenSSL.crypto.FILETYPE_PEM,
|
||||
get_pem_entry(signing_cert, pem_type='CERTIFICATE'))
|
||||
signing_private_key = _get_private_key_obj(signing_private_key,
|
||||
passphrase=signing_private_key_passphrase).as_pem(cipher=None)
|
||||
passphrase=signing_private_key_passphrase).as_pem(cipher=None)
|
||||
key = OpenSSL.crypto.load_privatekey(
|
||||
OpenSSL.crypto.FILETYPE_PEM,
|
||||
get_pem_entry(signing_private_key))
|
||||
@ -1593,9 +1593,11 @@ def create_csr(path=None, text=False, **kwargs):
|
||||
kwargs['private_key_passphrase'] = None
|
||||
if 'public_key_passphrase' not in kwargs:
|
||||
kwargs['public_key_passphrase'] = None
|
||||
if kwargs['public_key_passphrase'] and not kwargs['private_key_passphrase']:
|
||||
if kwargs['public_key_passphrase'] and not kwargs[
|
||||
'private_key_passphrase']:
|
||||
kwargs['private_key_passphrase'] = kwargs['public_key_passphrase']
|
||||
if kwargs['private_key_passphrase'] and not kwargs['public_key_passphrase']:
|
||||
if kwargs['private_key_passphrase'] and not kwargs[
|
||||
'public_key_passphrase']:
|
||||
kwargs['public_key_passphrase'] = kwargs['private_key_passphrase']
|
||||
|
||||
csr.set_pubkey(get_public_key(kwargs['public_key'],
|
||||
@ -1619,6 +1621,9 @@ def create_csr(path=None, text=False, **kwargs):
|
||||
critical = True
|
||||
extval = extval[9:]
|
||||
|
||||
if extname == 'subjectKeyIdentifier' and 'hash' in extval:
|
||||
extval = extval.replace('hash', _get_pubkey_hash(csr))
|
||||
|
||||
if extname == 'subjectAltName':
|
||||
extval = extval.replace('IP Address', 'IP')
|
||||
|
||||
|
||||
@ -227,7 +227,7 @@ def _get_file_args(name, **kwargs):
|
||||
|
||||
|
||||
def _check_private_key(name, bits=2048, passphrase=None,
|
||||
overwrite=False, new=False):
|
||||
new=False, overwrite=False):
|
||||
current_bits = 0
|
||||
if os.path.isfile(name):
|
||||
try:
|
||||
@ -236,10 +236,10 @@ def _check_private_key(name, bits=2048, passphrase=None,
|
||||
except salt.exceptions.SaltInvocationError:
|
||||
pass
|
||||
except RSAError:
|
||||
if overwrite:
|
||||
pass
|
||||
raise salt.exceptions.CommandExecutionError(
|
||||
'The provided passphrase cannot decrypt the private key.')
|
||||
if not overwrite:
|
||||
raise salt.exceptions.CommandExecutionError(
|
||||
'The provided passphrase cannot decrypt the private key.')
|
||||
pass
|
||||
|
||||
return current_bits == bits and not new
|
||||
|
||||
@ -301,7 +301,8 @@ def private_key_managed(name,
|
||||
'''
|
||||
file_args, kwargs = _get_file_args(name, **kwargs)
|
||||
new_key = False
|
||||
if _check_private_key(name, bits, passphrase, overwrite, new):
|
||||
if _check_private_key(
|
||||
name, bits=bits, passphrase=passphrase, new=new, overwrite=overwrite):
|
||||
file_args['contents'] = __salt__['x509.get_pem_entry'](
|
||||
name, pem_type='RSA PRIVATE KEY')
|
||||
else:
|
||||
@ -344,7 +345,12 @@ def csr_managed(name,
|
||||
- L: Salt Lake City
|
||||
- keyUsage: 'critical dataEncipherment'
|
||||
'''
|
||||
old = __salt__['x509.read_csr'](name)
|
||||
try:
|
||||
old = __salt__['x509.read_csr'](name)
|
||||
except salt.exceptions.SaltInvocationError:
|
||||
old = '{0} is not a valid csr.'.format(name)
|
||||
pass
|
||||
|
||||
file_args, kwargs = _get_file_args(name, **kwargs)
|
||||
file_args['contents'] = __salt__['x509.create_csr'](text=True, **kwargs)
|
||||
|
||||
@ -439,10 +445,10 @@ def certificate_managed(name,
|
||||
private_key_args['new'] = False
|
||||
|
||||
if _check_private_key(private_key_args['name'],
|
||||
private_key_args['bits'],
|
||||
private_key_args['passphrase'],
|
||||
private_key_args['overwrite'],
|
||||
private_key_args['new']):
|
||||
bits=private_key_args['bits'],
|
||||
passphrase=private_key_args['passphrase'],
|
||||
new=private_key_args['new'],
|
||||
overwrite=private_key_args['overwrite']):
|
||||
private_key = __salt__['x509.get_pem_entry'](
|
||||
private_key_args['name'], pem_type='RSA PRIVATE KEY')
|
||||
else:
|
||||
@ -568,6 +574,7 @@ def certificate_managed(name,
|
||||
|
||||
def crl_managed(name,
|
||||
signing_private_key,
|
||||
signing_private_key_passphrase=None,
|
||||
signing_cert=None,
|
||||
revoked=None,
|
||||
days_valid=100,
|
||||
@ -585,6 +592,9 @@ def crl_managed(name,
|
||||
The private key that will be used to sign this crl. This is
|
||||
usually your CA's private key.
|
||||
|
||||
signing_private_key_passphrase:
|
||||
Passphrase to decrypt the private key.
|
||||
|
||||
signing_cert:
|
||||
The certificate of the authority that will be used to sign this crl.
|
||||
This is usually your CA's certificate.
|
||||
@ -654,7 +664,7 @@ def crl_managed(name,
|
||||
else:
|
||||
current = '{0} does not exist.'.format(name)
|
||||
|
||||
new_crl = __salt__['x509.create_crl'](text=True, signing_private_key=signing_private_key,
|
||||
new_crl = __salt__['x509.create_crl'](text=True, signing_private_key=signing_private_key, signing_private_key_passphrase=signing_private_key_passphrase,
|
||||
signing_cert=signing_cert, revoked=revoked, days_valid=days_valid, digest=digest, include_expired=include_expired)
|
||||
|
||||
new = __salt__['x509.read_crl'](crl=new_crl)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user