From d3f3f464857263b9f7af54671273294d1f99f6d8 Mon Sep 17 00:00:00 2001 From: Aleksandr Rykalin Date: Wed, 20 Nov 2019 13:16:17 +0300 Subject: [PATCH 1/3] Set key type and size for molecule --- molecule/default/playbook.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index af6f9eb..3029cdc 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -6,7 +6,7 @@ - name: "Set CN fact" set_fact: cn: "{{ 10000|random }}" - +#TODO: make test cases of ECDSA, minimum variables, maximum variables - name: Converge hosts: all vars: @@ -18,6 +18,8 @@ certificate_cert_path: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem" certificate_chain_path: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem" certificate_privatekey_path: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.key" + certificate_privatekey_type: "RSA" + certificate_privatekey_size: 4096 certificate_csr_path: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.csr" # Where to execute venafi_certificate module. If set to false certificate will be From 566472c374e4dfbc172bf42c47a618993f9278b6 Mon Sep 17 00:00:00 2001 From: Aleksandr Rykalin Date: Wed, 20 Nov 2019 15:34:15 +0300 Subject: [PATCH 2/3] Fixing key types acording to new vcert --- library/venafi_certificate.py | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/library/venafi_certificate.py b/library/venafi_certificate.py index a8e6360..0ea5d25 100644 --- a/library/venafi_certificate.py +++ b/library/venafi_certificate.py @@ -26,7 +26,7 @@ HAS_VCERT = HAS_CRYPTOGRAPHY = True try: - from vcert import CertificateRequest, Connection + from vcert import CertificateRequest, Connection, KeyType except ImportError: HAS_VCERT = False try: @@ -370,13 +370,13 @@ def _check_private_key_correct(self): key_password=self.privatekey_passphrase) key_type = {"RSA": "rsa", "ECDSA": "ec", "EC": "ec"}. \ get(self.privatekey_type) - if key_type and key_type != r.key_type: + if key_type and key_type != r.key_type.key_type: return False if key_type == "rsa" and self.privatekey_size: - if self.privatekey_size != r.key_length: + if self.privatekey_size != r.key_type.option: return False if key_type == "ec" and self.privatekey_curve: - if self.privatekey_curve != r.key_curve: + if self.privatekey_curve != r.key_type.option: return False return True @@ -400,9 +400,16 @@ def enroll(self): self.module.fail_json(msg=( "Failed to determine key type: %s." "Must be RSA or ECDSA" % self.privatekey_type)) - request.key_type = key_type - request.key_curve = self.privatekey_curve - request.key_length = self.privatekey_size + if key_type == "rsa": + request.key_type = KeyType(KeyType.RSA, + self.privatekey_size) + elif key_type == "ecdsa" or "ec": + request.key_type = KeyType(KeyType.ECDSA, + self.privatekey_curve) + else: + self.module.fail_json(msg=( + "Failed to determine key type: %s." + "Must be RSA or ECDSA" % self.privatekey_type)) request.ip_addresses = self.ip_addresses request.san_dns = self.san_dns From 34fc34253ca91301ca58c7f8941e13d7ac326cab Mon Sep 17 00:00:00 2001 From: Aleksandr Rykalin Date: Wed, 20 Nov 2019 15:48:41 +0300 Subject: [PATCH 3/3] update vcert version --- molecule/default/playbook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 3029cdc..16b405a 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -41,7 +41,7 @@ - name: "Install vcert for verification" pip: name: - - vcert + - git+https://github.com/Venafi/vcert-python.git@fix-tpp-zone-configuration-parser - name: "Verify Venafi certificate on remote host" venafi_certificate: