??????????????
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 173
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 174
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 175
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 176
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 177
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 178
�
Udac������������@`��s���d��d��l��m��Z��m��Z��m��Z���e��Z��i��d��d��6d��g��d��6d��d��6Z��d��Z��d �Z��d
�Z �d��d��l
�Z
�d��d��l��Z��d��d��l��Z��d��d��l
�Z
�d��d��l��m��Z���d��d
�l��m��Z���d��d��l��m��Z��m��Z���d��d��l��m��Z��m��Z��m��Z���d��d��l��m��Z���d��Z��d��Z��e��Z �y/�d��d��l!�Z!�d��d
�l!�m��Z���e��e!�j"���Z#�Wn#��e$�k
�rJ����e
�j%���Z �e&�Z'�n4�Xe(�Z'�e!�j)�j*�d��k��rr�d��Z+�d��Z,�n��d��Z+�d��Z,�e��Z-�yg�d��d��l.�Z.�d��d��l/�Z.�d��d��l0�Z.�d��d��l1�Z.�d��d��l2�Z.�d��d��l3�Z.�d��d��l4�Z.�e��e.�j"���Z5�Wn#��e$�k
�r�����e
�j%���Z-�e&�Z6�n"�Xe(�Z6�e.�j7�j8�j9�d����Z:�d��Z;�d��e��j<�f��d������YZ=�d��e��j>�f��d������YZ?�d��e?�f��d������YZ@�d��e?�f��d �����YZA�d!���ZB�eC�d"�k��r�eB����n��d��S(#���i����(����t����absolute_importt����divisiont����print_functions����1.1t����metadata_versiont����previewt����statust ���communityt����supported_bysQ2��
---
module: openssl_csr
version_added: '2.4'
short_description: Generate OpenSSL Certificate Signing Request (CSR)
description:
- This module allows one to (re)generate OpenSSL certificate signing requests.
- It uses the pyOpenSSL python library to interact with openssl. This module supports
the subjectAltName, keyUsage, extendedKeyUsage, basicConstraints and OCSP Must Staple
extensions.
- "Please note that the module regenerates existing CSR if it doesn't match the module's
options, or if it seems to be corrupt. If you are concerned that this could overwrite
your existing CSR, consider using the I(backup) option."
- The module can use the cryptography Python library, or the pyOpenSSL Python
library. By default, it tries to detect which one is available. This can be
overridden with the I(select_crypto_backend) option. Please note that the
PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in Ansible 2.13."
requirements:
- Either cryptography >= 1.3
- Or pyOpenSSL >= 0.15
author:
- Yanis Guenane (@Spredzy)
options:
state:
description:
- Whether the certificate signing request should exist or not, taking action if the state is different from what is stated.
type: str
default: present
choices: [ absent, present ]
digest:
description:
- The digest used when signing the certificate signing request with the private key.
type: str
default: sha256
privatekey_path:
description:
- The path to the private key to use when signing the certificate signing request.
- Required if I(state) is C(present).
type: path
privatekey_passphrase:
description:
- The passphrase for the private key.
- This is required if the private key is password protected.
type: str
version:
description:
- The version of the certificate signing request.
- "The only allowed value according to L(RFC 2986,https://tools.ietf.org/html/rfc2986#section-4.1)
is 1."
type: int
default: 1
force:
description:
- Should the certificate signing request be forced regenerated by this ansible module.
type: bool
default: no
path:
description:
- The name of the file into which the generated OpenSSL certificate signing request will be written.
type: path
required: true
subject:
description:
- Key/value pairs that will be present in the subject name field of the certificate signing request.
- If you need to specify more than one value with the same key, use a list as value.
type: dict
version_added: '2.5'
country_name:
description:
- The countryName field of the certificate signing request subject.
type: str
aliases: [ C, countryName ]
state_or_province_name:
description:
- The stateOrProvinceName field of the certificate signing request subject.
type: str
aliases: [ ST, stateOrProvinceName ]
locality_name:
description:
- The localityName field of the certificate signing request subject.
type: str
aliases: [ L, localityName ]
organization_name:
description:
- The organizationName field of the certificate signing request subject.
type: str
aliases: [ O, organizationName ]
organizational_unit_name:
description:
- The organizationalUnitName field of the certificate signing request subject.
type: str
aliases: [ OU, organizationalUnitName ]
common_name:
description:
- The commonName field of the certificate signing request subject.
type: str
aliases: [ CN, commonName ]
email_address:
description:
- The emailAddress field of the certificate signing request subject.
type: str
aliases: [ E, emailAddress ]
subject_alt_name:
description:
- SAN extension to attach to the certificate signing request.
- This can either be a 'comma separated string' or a YAML list.
- Values must be prefixed by their options. (i.e., C(email), C(URI), C(DNS), C(RID), C(IP), C(dirName),
C(otherName) and the ones specific to your CA)
- Note that if no SAN is specified, but a common name, the common
name will be added as a SAN except if C(useCommonNameForSAN) is
set to I(false).
- More at U(https://tools.ietf.org/html/rfc5280#section-4.2.1.6).
type: list
elements: str
aliases: [ subjectAltName ]
subject_alt_name_critical:
description:
- Should the subjectAltName extension be considered as critical.
type: bool
aliases: [ subjectAltName_critical ]
use_common_name_for_san:
description:
- If set to C(yes), the module will fill the common name in for
C(subject_alt_name) with C(DNS:) prefix if no SAN is specified.
type: bool
default: yes
version_added: '2.8'
aliases: [ useCommonNameForSAN ]
key_usage:
description:
- This defines the purpose (e.g. encipherment, signature, certificate signing)
of the key contained in the certificate.
type: list
elements: str
aliases: [ keyUsage ]
key_usage_critical:
description:
- Should the keyUsage extension be considered as critical.
type: bool
aliases: [ keyUsage_critical ]
extended_key_usage:
description:
- Additional restrictions (e.g. client authentication, server authentication)
on the allowed purposes for which the public key may be used.
type: list
elements: str
aliases: [ extKeyUsage, extendedKeyUsage ]
extended_key_usage_critical:
description:
- Should the extkeyUsage extension be considered as critical.
type: bool
aliases: [ extKeyUsage_critical, extendedKeyUsage_critical ]
basic_constraints:
description:
- Indicates basic constraints, such as if the certificate is a CA.
type: list
elements: str
version_added: '2.5'
aliases: [ basicConstraints ]
basic_constraints_critical:
description:
- Should the basicConstraints extension be considered as critical.
type: bool
version_added: '2.5'
aliases: [ basicConstraints_critical ]
ocsp_must_staple:
description:
- Indicates that the certificate should contain the OCSP Must Staple
extension (U(https://tools.ietf.org/html/rfc7633)).
type: bool
version_added: '2.5'
aliases: [ ocspMustStaple ]
ocsp_must_staple_critical:
description:
- Should the OCSP Must Staple extension be considered as critical
- Note that according to the RFC, this extension should not be marked
as critical, as old clients not knowing about OCSP Must Staple
are required to reject such certificates
(see U(https://tools.ietf.org/html/rfc7633#section-4)).
type: bool
version_added: '2.5'
aliases: [ ocspMustStaple_critical ]
select_crypto_backend:
description:
- Determines which crypto backend to use.
- The default choice is C(auto), which tries to use C(cryptography) if available, and falls back to C(pyopenssl).
- If set to C(pyopenssl), will try to use the L(pyOpenSSL,https://pypi.org/project/pyOpenSSL/) library.
- If set to C(cryptography), will try to use the L(cryptography,https://cryptography.io/) library.
- Please note that the C(pyopenssl) backend has been deprecated in Ansible 2.9, and will be removed in Ansible 2.13.
From that point on, only the C(cryptography) backend will be available.
type: str
default: auto
choices: [ auto, cryptography, pyopenssl ]
version_added: '2.8'
backup:
description:
- Create a backup file including a timestamp so you can get the original
CSR back if you overwrote it with a new one by accident.
type: bool
default: no
version_added: "2.8"
create_subject_key_identifier:
description:
- Create the Subject Key Identifier from the public key.
- "Please note that commercial CAs can ignore the value, respectively use a value of
their own choice instead. Specifying this option is mostly useful for self-signed
certificates or for own CAs."
- Note that this is only supported if the C(cryptography) backend is used!
type: bool
default: no
version_added: "2.9"
subject_key_identifier:
description:
- The subject key identifier as a hex string, where two bytes are separated by colons.
- "Example: C(00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33)"
- "Please note that commercial CAs ignore this value, respectively use a value of their
own choice. Specifying this option is mostly useful for self-signed certificates
or for own CAs."
- Note that this option can only be used if I(create_subject_key_identifier) is C(no).
- Note that this is only supported if the C(cryptography) backend is used!
type: str
version_added: "2.9"
authority_key_identifier:
description:
- The authority key identifier as a hex string, where two bytes are separated by colons.
- "Example: C(00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33)"
- If specified, I(authority_cert_issuer) must also be specified.
- "Please note that commercial CAs ignore this value, respectively use a value of their
own choice. Specifying this option is mostly useful for self-signed certificates
or for own CAs."
- Note that this is only supported if the C(cryptography) backend is used!
- The C(AuthorityKeyIdentifier) will only be added if at least one of I(authority_key_identifier),
I(authority_cert_issuer) and I(authority_cert_serial_number) is specified.
type: str
version_added: "2.9"
authority_cert_issuer:
description:
- Names that will be present in the authority cert issuer field of the certificate signing request.
- Values must be prefixed by their options. (i.e., C(email), C(URI), C(DNS), C(RID), C(IP), C(dirName),
C(otherName) and the ones specific to your CA)
- "Example: C(DNS:ca.example.org)"
- If specified, I(authority_key_identifier) must also be specified.
- "Please note that commercial CAs ignore this value, respectively use a value of their
own choice. Specifying this option is mostly useful for self-signed certificates
or for own CAs."
- Note that this is only supported if the C(cryptography) backend is used!
- The C(AuthorityKeyIdentifier) will only be added if at least one of I(authority_key_identifier),
I(authority_cert_issuer) and I(authority_cert_serial_number) is specified.
type: list
elements: str
version_added: "2.9"
authority_cert_serial_number:
description:
- The authority cert serial number.
- Note that this is only supported if the C(cryptography) backend is used!
- "Please note that commercial CAs ignore this value, respectively use a value of their
own choice. Specifying this option is mostly useful for self-signed certificates
or for own CAs."
- The C(AuthorityKeyIdentifier) will only be added if at least one of I(authority_key_identifier),
I(authority_cert_issuer) and I(authority_cert_serial_number) is specified.
type: int
version_added: "2.9"
extends_documentation_fragment:
- files
notes:
- If the certificate signing request already exists it will be checked whether subjectAltName,
keyUsage, extendedKeyUsage and basicConstraints only contain the requested values, whether
OCSP Must Staple is as requested, and if the request was signed by the given private key.
seealso:
- module: openssl_certificate
- module: openssl_dhparam
- module: openssl_pkcs12
- module: openssl_privatekey
- module: openssl_publickey
s���
- name: Generate an OpenSSL Certificate Signing Request
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
common_name: www.ansible.com
- name: Generate an OpenSSL Certificate Signing Request with a passphrase protected private key
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
privatekey_passphrase: ansible
common_name: www.ansible.com
- name: Generate an OpenSSL Certificate Signing Request with Subject information
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
country_name: FR
organization_name: Ansible
email_address: jdoe@ansible.com
common_name: www.ansible.com
- name: Generate an OpenSSL Certificate Signing Request with subjectAltName extension
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
subject_alt_name: 'DNS:www.ansible.com,DNS:m.ansible.com'
- name: Generate an OpenSSL CSR with subjectAltName extension with dynamic list
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
with_dict:
dns_server:
- www.ansible.com
- m.ansible.com
- name: Force regenerate an OpenSSL Certificate Signing Request
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
force: yes
common_name: www.ansible.com
- name: Generate an OpenSSL Certificate Signing Request with special key usages
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
common_name: www.ansible.com
key_usage:
- digitalSignature
- keyAgreement
extended_key_usage:
- clientAuth
- name: Generate an OpenSSL Certificate Signing Request with OCSP Must Staple
openssl_csr:
path: /etc/ssl/csr/www.ansible.com.csr
privatekey_path: /etc/ssl/private/ansible.com.pem
common_name: www.ansible.com
ocsp_must_staple: yes
s���
privatekey:
description: Path to the TLS/SSL private key the CSR was generated for
returned: changed or success
type: str
sample: /etc/ssl/private/ansible.com.pem
filename:
description: Path to the generated Certificate Signing Request
returned: changed or success
type: str
sample: /etc/ssl/csr/www.ansible.com.csr
subject:
description: A list of the subject tuples attached to the CSR
returned: changed or success
type: list
elements: list
sample: "[('CN', 'www.ansible.com'), ('O', 'Ansible')]"
subjectAltName:
description: The alternative names this CSR is valid for
returned: changed or success
type: list
elements: str
sample: [ 'DNS:www.ansible.com', 'DNS:m.ansible.com' ]
keyUsage:
description: Purpose for which the public key may be used
returned: changed or success
type: list
elements: str
sample: [ 'digitalSignature', 'keyAgreement' ]
extendedKeyUsage:
description: Additional restriction on the public key purposes
returned: changed or success
type: list
elements: str
sample: [ 'clientAuth' ]
basicConstraints:
description: Indicates if the certificate belongs to a CA
returned: changed or success
type: list
elements: str
sample: ['CA:TRUE', 'pathLenConstraint:0']
ocsp_must_staple:
description: Indicates whether the certificate has the OCSP
Must Staple feature enabled
returned: changed or success
type: bool
sample: false
backup_file:
description: Name of backup file created.
returned: changed and if I(backup) is C(yes)
type: str
sample: /path/to/www.ansible.com.csr.2019-03-09@11:22~
N(����t����LooseVersion(����t����crypto(����t
���AnsibleModulet����missing_required_lib(����t ���to_nativet����to_bytest����to_text(����t ���ipaddresss����0.15s����1.3i����t
���tlsfeaturet����status_requests����1.3.6.1.5.5.7.1.24s����DER:30:03:02:01:05s����0����t����CertificateSigningRequestErrorc������������B`��s����e��Z��RS(����(����t����__name__t
���__module__(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR�������s������t����CertificateSigningRequestBasec������������B`��sn���e��Z��d����Z��e��j��d������Z��d����Z��e��j��d������Z��e��j��d������Z��e �d����Z
�d����Z��d����Z��RS(����c��������
���C`��s���t��t��|����j��|��j��d���|��j��d���|��j��d���|��j�����|��j��d���|��_��|��j��d���|��_��|��j��d���|��_��|��j��d���|��_��|��j��d���|��_ �|��j��d ��|��_
�|��j��d
��|��_��|��j��d���|��_��|��j��d���|��_
�|��j��d
��|��_��|��j��d���|��_��|��j��d���|��_��|��j��d���|��_��|��j��d���|��_��|��j��d���|��_��|��j��d���|��_��|��j��d���|��_��|��j��d���|��_��|��j��d���|��_��d��|��_��d��|��_��|��j��r�|��j��d��k �r�|��j��d��d�����n��|��j��d���|��_��d��|��_��d��|��j��d���f��d��|��j��d���f��d��|��j��d���f��d �|��j��d!��f��d"�|��j��d#��f��d$�|��j��d%��f��d&�|��j��d'��f��g��|��_��|��j��d(��rf�|��j��t��j �|��j��d(�����|��_��n��g��|��j��D]$�}��|��d)��rp�|��d*��|��d)��f��^��qp�|��_��|��j ��r�|��j��d+��r�x<�|��j��D].�}��|��d*��d2�k��r�d-�|��d)���g��|��_ �Pq�q�Wn��|��j��d��k �rU�y%�t!�j"�|��j��j#�d.�d/�����|��_��WqU��t$�k
�rQ��}���t%�d0�j&�|��������qU�Xn��|��j��d��k �r�y%�t!�j"�|��j��j#�d.�d/�����|��_��Wq��t$�k
�r��}���t%�d1�j&�|��������q�Xn��d��S(3���Nt����patht����statet����forcet����digestt����privatekey_patht����privatekey_passphraset����versiont����subject_alt_namet����subject_alt_name_criticalt ���key_usaget����key_usage_criticalt����extended_key_usaget����extended_key_usage_criticalt����basic_constraintst����basic_constraints_criticalt����ocsp_must_staplet����ocsp_must_staple_criticalt����create_subject_key_identifiert����subject_key_identifiert����authority_key_identifiert����authority_cert_issuert����authority_cert_serial_numbert����msgsS���subject_key_identifier cannot be specified if create_subject_key_identifier is truet����backupt����Ct����country_namet����STt����state_or_province_namet����Lt
���locality_namet����Ot����organization_namet����OUt����organizational_unit_namet����CNt����common_namet����emailAddresst
���email_addresst����subjecti����i����t����use_common_name_for_sant
���commonNames����DNS:%st����:t����s(���Cannot parse subject_key_identifier: {0}s*���Cannot parse authority_key_identifier: {0}(����R>���R8���('���t����superR����t����__init__t����paramst
���check_modeR����R����R����R����t����subjectAltNamet����subjectAltName_criticalt����keyUsaget����keyUsage_criticalt����extendedKeyUsaget����extendedKeyUsage_criticalt����basicConstraintst����basicConstraints_criticalt����ocspMustStaplet����ocspMustStaple_criticalR'���R(���R)���R*���R+���t����Nonet����requestt
���privatekeyt ���fail_jsonR-���t����backup_fileR<���t����crypto_utilst����parse_name_fieldt����binasciit ���unhexlifyt����replacet ���ExceptionR����t����format(����t����selft����modulet����entryt����subt����e(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyRB������sn�������
�
�
�
��������������������������������������� � ������� ���������������
�#�7���������������%���������%���c������������C`��s����d��S(����N(����(����R[���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt
���_generate_csr����s������c������������C`��s���|��j��|��d��t�����s��|��j��rh�|��j����}��|��j��rL�|��j��|��j����|��_��n��t��j �|��|�����t
�|��_��n��|��j��|��j
���}��|��j��|��t����r�t
�|��_��n��d��S(����s)���Generate the certificate signing request.t����perms_requiredN(����t����checkt����FalseR����R`���R-���t����backup_localR����RS���RT���t
���write_filet����Truet����changedt����load_file_common_argumentsRC���t����set_fs_attributes_if_different(����R[���R\���t����resultt ���file_args(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����generate����s���������� �����������c������������C`��s����d��S(����N(����(����R[���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_load_private_key'���s������c������������C`��s����d��S(����N(����(����R[���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt
���_check_csr+���s������c������������C`��s9���t��t��|����j��|��|����}��|��j�����|��s/�t��S|��j����S(����s,���Ensure the resource is in its desired state.(����RA���R����Rb���Rm���Rc���Rn���(����R[���R\���Ra���t����state_and_perms(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyRb���/���s
�������
�����c������������C`��s;���|��j��r!�|��j��|��j����|��_��n��t��t��|����j��|�����d��S(����N(����R-���Rd���R����RS���RA���R����t����remove(����R[���R\���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyRp���:���s������ ���c������������C`��s}���i �|��j��d��6|��j��d��6|��j��d��6|��j��d��6|��j��d��6|��j��d��6|��j��d��6|��j��d��6|��j��d �6}��|��j �ry�|��j �|��d
����s������R@���t����errorst����surrogate_or_strictt����,(����t����nextR����t����splitt����stripR���RE���R���t����get_criticalRF���Rc���Rf���(����R���t����altnames_extt����altnameR���t����name(����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_subjectAltName���s����������F� �=���������c�������� ���S`��s����g��|��D]��}��|��j����|��k��r��|��^��q��}��|���r8�|��sE�|��rI�|���rI�t��S|���r[�|���r[�t��Sg��t��|��d�����j��d����D]'�}��t��j��j��j��t �|��j
�������^��qu�}��g��|��D]!�}��t��j��j��j��t �|������^��q�}��t��|����t��|����k��o�|��d���j����|��k��Sd��S(����Ni����R���(
���R���Rc���Rf���R���R���R{���R|���R}���R~���R
���R���R���R���(����R���t����extNamet����expectedt����criticalR���t
���usages_extt����usaget����current(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_keyUsage_���s������+���������G�.�c�������� ����`��s���g��|��D]��}��|��j����d��k��r��|��^��q��}��|���r;���j��sK�|��rO���j���rO�t��S|���rd���j���rd�t��St��j��d��t��d��j����j����j��d������}��|��d���j����|��j����k��o�|��d���j �����j
�k��Sd��S(����NRG���s����, Rw���i����(����R���RG���Rc���Rf���R ���R���R���R���t����get_dataR���RH���(����R���R���R���t����expected_ext(����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_keyUsage���s������+� �������*�c�������������`��s������|��d����j����j����S(����NRI���(����RI���RJ���(����R���(����R���R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_extenededKeyUsage���s������c�������������`��s������|��d����j����j����S(����NRK���(����RK���RL���(����R���(����R���R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_basicConstraints���s������c�������������`��s���g��|��D]6�}��t��|��j������t��k��r��t��|����t��k��r��|��^��q��}��t��j��j��d��k��r�|��j��g��|��D]0�}��|��j����d��k��rb�|��j����d��k��rb�|��^��qb����n����j �r�t
�|����d��k��o�|��d���j������j��k��St
�|����d��k��Sd��S(����Ni����t����UNDEFs����0����i����(
���R
���R���R���R���R{���t����SSLt����OPENSSL_VERSION_NUMBERt����extendR���RM���R���R���RN���(����R���R���t����oms_ext(����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_ocspMustStaple���s������C���G� �)�c�������������`��sF���|��j����}����|����oE���|����oE���|����oE���|����oE���|����S(����N(����t����get_extensions(����R���R���(����R���R���R���R���R���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_extensions���s������������c�������������`��s0���y��|��j����j����SWn���t��j��k
�r+����t��SXd��S(����N(����t����verifyRQ���R ���R���Rc���(����R���(����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_signature���s������������t����backendt ���pyopenssl(����RT���t����load_certificate_requestR����RY���Rc���(����R[���R���R���R���R���t����dummy(����(����R���R���R���R���R���R���R[���sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyRn������s���������� ��������
������������(����R����R����RB���R`���Rm���R���Rn���(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyRu���S���s
����� � 2 �
t%���CertificateSigningRequestCryptographyc������������B`��s,���e��Z��d����Z��d����Z��d����Z��d����Z��RS(����c������������C`��sW���t��t��|����j��|�����t��j��j��j����|��_��|��|��_��|��j �d��k��rS�|��j
�d�����n��d��S(����Ni����s_���The cryptography backend only supports version 1. (The only valid value according to RFC 2986.)(����RA���R���RB���t����cryptographyt����hazmatt����backendst����default_backendt����cryptography_backendR\���R����t����warn(����R[���R\���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyRB������s
��������� ���c�������� ���C`��s���t��j��j����}��y[�|��j��t��j��j��g��|��j��D]2�}��t��j��j��t��j��|��d�����t �|��d�������^��q+�����}��Wn���t
�k
�r��}���t��|������n��X|��j��r�|��j
�t��j��j��g��|��j��D]��}��t��j��|����^��q���d��|��j����}��n��|��j��r��t��j��|��j����}��|��j
�t��j��j��|����d��|��j����}��n��|��j��rr�g��|��j��D]��}��t��j��|����^��q0�}��|��j
�t��j��j��|����d��|��j����}��n��|��j��r�i��}��t��j��|��j����\��}��} �|��j
�t��j��j��|��| ���d��|��j����}��n��|��j��r@�y4�|��j
�t��j��j��t��j��j��j��g����d��|��j ���}��Wq@��t!�k
�r<��}
��|��j
�t��j��j"�t#�t$���d��|��j ���}��q@�Xn��|��j%�ry�|��j
�t��j��j&�j'�|��j(�j)�����d��t*���}��n6�|��j+�d��k �r�|��j
�t��j��j&�|��j+���d��t*���}��n��|��j-�d��k �s�|��j.�d��k �s�|��j/�d��k �rI�d��}��|��j.�d��k �r��g��|��j.�D]��}��t��j��|����^��q�}��n��|��j
�t��j��j0�|��j-�|��|��j/���d��t*���}��n��d��}
�t��j1�|��j(���r?�|��j2�d��k��r�t��j3�j4�j5�j6���}
�q?�|��j2�d��k��r�t��j3�j4�j5�j7���}
�q?�|��j2�d��k��r�t��j3�j4�j5�j8���}
�q?�|��j2�d��k��r�t��j3�j4�j5�j9���}
�q?�|��j2�d��k��r$�t��j3�j4�j5�j:���}
�q?�t��d �j;�|��j2�������n��y"�|��j<�|��j(�|
�|��j=���|��_>�WnJ��t?�k
�r��}���t@�|����d
�k��r�|
�d��k��r�|��jA�jB�d��d�����n����n��X|��j>�jC�t��j3�j4�jD�jE�jF���S(
���Ni����i����R���t����sha256t����sha384t����sha512t����sha1t����md5s����Unsupported digest "{0}"s.���Algorithm must be a registered hash algorithm.R,���sG���Signing with Ed25519 and Ed448 keys requires cryptography 2.8 or newer.(G���R���t����x509t ���CertificateSigningRequestBuildert����subject_namet����NameR<���t
���NameAttributeRT���t����cryptography_name_to_oidR����t
���ValueErrorR����RE���t
���add_extensiont����SubjectAlternativeNamet����cryptography_get_nameRF���RG���t#���cryptography_parse_key_usage_paramst����KeyUsageRH���RI���t����ExtendedKeyUsageRJ���RK���t"���cryptography_get_basic_constraintst����BasicConstraintsRL���RM���t
���TLSFeaturet����TLSFeatureTypeR����RN���t����AttributeErrort����UnrecognizedExtensiont����CRYPTOGRAPHY_MUST_STAPLE_NAMEt����CRYPTOGRAPHY_MUST_STAPLE_VALUER'���t����SubjectKeyIdentifiert����from_public_keyRQ���t
���public_keyRc���R(���RO���R)���R*���R+���t����AuthorityKeyIdentifiert)���cryptography_key_needs_digest_for_signingR����R���t
���primitivest����hashest����SHA256t����SHA384t����SHA512t����SHA1t����MD5RZ���R���R���RP���t ���TypeErrorR���R\���RR���t����public_bytest
���serializationt����Encodingt����PEM(����R[���R���R]���R_���R���RC���R���R���t����cat����path_lengthR���t����issuerst����nR����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR`������sx�����������L����� ���(��� ���'� �%�'� �����*� ���4��������� ���������'�-�����(�����������������������������������"���������c�������� ���C`��s���yj�t��|��j��d����R�}��t��j��j��j��j��|��j����|��j��d��k��rE�d��n��t
�|��j����d��|��j����|��_��Wd��QXWn���t
�k
�r��}���t��|������n��Xd��S(����Nt����rbR���(����t����openR����R���R���R���R���t����load_pem_private_keyt����readR����RO���R
���R���RQ���RY���R����(����R[���t����fR_���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyRm���J���s������������ �$�����c�������������`��s������f��d����}��d����������f��d����������f��d����������f��d����������f��d����������f��d����������f��d����������f��d �������������������f��d
���}����f��d����}��y��t��j����j��d��d
���}��Wn���t��k
�r��}���t��SX|��|����o��|��|����o��|��|����S(����Nc�������������`��sq���g����j��D]#�}��t��j��|��d�����|��d���f��^��q
�}��g��|��j��D]��}��|��j��|��j��f��^��q=�}��t��|����t��|����k��S(����Ni����i����(����R<���RT���R���t����oidt����valueR���(����R���R]���R<���R^���R���(����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR���V���s������3�(�c�������������`��s����t����f��d����|��D��d����S(����Nc������������3`��s'���|��]��}��t��|��j������r��|��V�q��d��S(����N(����t
���isinstanceR ���(����R���R���(����t����exttype(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pys ���]���s������(����R���RO���(����R���R����(����(����R����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_find_extension[���s����������c�������������`��s�����|��t��j��j����}��|��r=�g��|��j��D]��}��t��|����^��q%�n��g��}����j��rw�g����j��D]!�}��t��t��j��|������^��qV�n��g��}��t��|����t��|����k��r�t �S|��r�|��j
���j��k��r�t �Sn��t��S(����N(
���R���R���R���R ���R���RE���RT���R���R���Rc���R���RF���Rf���(����R���t����current_altnames_extR���t����current_altnamesR���(����R����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR���a���s��������.�:�����������c�������������`��s�����|��t��j��j����}����j��s(�|��d��k��S|��d��k��r8�t��St��j����j����}��x2�|��D]*�}��t��|��j �d��|�����|��|���k��rQ�t��SqQ�W|��j
���j��k��r�t��St��S(����Nt����_(
���R���R���R���RG���RO���Rc���RT���R���t����getattrR ���R���RH���Rf���(����R���t����current_keyusage_extRC���t����param(����R����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR���l���s�������� �
�������
� �������c�������������`��s�����|��t��j��j����}��|��r=�g��|��j��D]��}��t��|����^��q%�n��g��}����j��rw�g����j��D]!�}��t��t��j��|������^��qV�n��g��}��t��|����t��|����k��r�t �S|��r�|��j
���j��k��r�t �Sn��t��S(����N(
���R���R���R���R ���R���RI���RT���R���R���Rc���R���RJ���Rf���(����R���t����current_usages_extR���t����current_usagesR���(����R����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR���z���s��������.�:�����������c�������������`��s�����|��t��j��j����}��|��r'�|��j��j��n��t��}��|��r?�|��j��j��n��d��}��t��j ���j
���\��}��}��|��|��k��rm�t��S|��|��k��r}�t��S��j
�r�|��d��k �o�|��j����j��k��S|��d��k��Sd��S(����N(
���R���R���R���R ���R���Rc���R����RO���RT���R���RK���R���RL���(����R���t����bc_extt
���current_cat����current_path_lengthR���R����(����R����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR������s���������������������� ���c�������������`��s���y����|��t��j��j����}��t��}��Wn2��t��k
�rS��}���t��d����|��D��d����}��t��}��n��X��j��r�|���sv�|��j ���j
�k��rz�t��S|��r�t��j��j��j��|��j
�k��S|��j
�j
�t��k��Sn
�|��d��k��Sd��S(����Nc������������s`��s'���|��]��}��|��j��j��t��k��r��|��V�q��d��S(����N(����R ���R����R���(����R���R���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pys ������s������(����R���R���R���Rf���R���R���RO���Rc���RM���R���RN���R���R����R ���R���(����R���t����tlsfeature_extt����has_tlsfeatureR���(����R����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR������s����������
�����
� �
� �����������c�������������`��s�����|��t��j��j����}����j��s-���j��d��k �r�|���s=�|��j��rA�t��S��j��r{�t��j��j��j����j �j
�����j��}��|��j��j��|��k��S|��j��j����j��k��Sn
�|��d��k��Sd��S(����N(
���R���R���R���R'���R(���RO���R���Rc���R���RQ���R���R����R ���(����R���R���R����(����R����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_subject_key_identifier���s�������������� �!�����c�������������`��s������|��t��j��j����}����j��d��k �sB���j��d��k �sB���j��d��k �r
�|���sR�|��j��rV�t��Sd��}��d��}����j��d��k �r�g����j��D]��}��t �t
�j��|������^��q{�}��n��|��j��j��d��k �r�g��|��j��j��D]��}��t �|����^��q�}��n��|��j��j
���j��k��o��|��|��k��o��|��j��j����j��k��S|��d��k��Sd��S(����N(����R���R���R���R)���RO���R*���R+���R���Rc���R���RT���R���R ���t����key_identifier(����R���R���t����acit����csr_aciR����(����R����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����_check_authority_key_identifier���s��������-�����������.���(�������c�������������`��s[���|��j��}����|����oZ���|����oZ���|����oZ���|����oZ���|����oZ���|����oZ���|����S(����N(����R���(����R���R���(����R����R���R���R���R���R���R����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR������s
����� �������c�������������`��s���|��j��s
�t��S|��j����j��t��j��j��j��j��j �t��j��j��j��j
�j����}����j��j����j��t��j��j��j��j��j �t��j��j��j��j
�j����}��|��|��k��S(����N(
���t����is_signature_validRc���R���R���R���R���R���R���R���R���t����PublicFormatt����SubjectPublicKeyInfoRQ���(����R���t����key_at����key_b(����R[���(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR������s������ ���������������R���R���(����RT���R���R����RY���Rc���(����R[���R���R���R���R���R���(����( ���R����R���R���R���R���R���R����R����R[���sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyRn���U���s ������� ������������
��!�����������(����R����R����RB���R`���Rm���Rn���(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyR������s������ � N �c��������M���C`��sI���t��d��t��d��t��d��d��d��d��d��d��d��g����d �t��d��d��d��d
���d��t��d��d����d
�t��d��d��d��t����d��t��d��d��d��d����d��t��d��d��d��t����d��t��d��d��d��t����d��t��d��d����d��t��d��d��d��d��d��g����d��t��d��d��d��d��d��g����d��t��d��d��d��d��d �g����d!�t��d��d��d��d"�d#�g����d$�t��d��d��d��d%�d&�g����d'�t��d��d��d��d(�d)�g����d*�t��d��d��d��d+�d,�g����d-�t��d��d.�d/�d��d��d0�g����d1�t��d��d��d��t��d��d2�g����d3�t��d��d��d��t��d��d4�g����d5�t��d��d.�d/�d��d��d6�g����d7�t��d��d��d��t��d��d8�g����d9�t��d��d.�d/�d��d��d:�d;�g����d<�t��d��d��d��t��d��d=�d>�g����d?�t��d��d.�d/�d��d��d@�g����dA�t��d��d��d��t��d��dB�g����dC�t��d��d��d��t��d��dD�g����dE�t��d��d��d��t��d��dF�g����dG�t��d��d��d��t����dH�t��d��d��d��t����dI�t��d��d����dJ�t��d��d����dK�t��d��d.�d/�d����dL�t��d��d����dM�t��d��d��d��dN�d��dN�dO�dP�g�����!dQ�db�g��dR�d��d��d��g��f��g��dS�t��dT�t����}��t��j��j��|��j��d�����p�dU�}��t��j��j��|����s�|��j �dV�|��dW�dX�|������n��|��j��dM��}��|��dN�k��rd�t
�o�t��t��t
���k��}��t��o��t��t��t����k��}��|��r'�dO�}��n��|��r6�dP�}��n��|��dN�k��rd�|��j �dW�dY�j��t
�t�������qd�n��y�|��dP�k��r�t��s�|��j �dW�t��dZ�j��t������d[�t�����n��y��t��t��j��d\����Wn!��t��k
�r����|��j �dW�d]����n��X|��j��d^�d��d_����t��|����}��nI�|��dO�k��rD�t
�s5�|��j �dW�t��d`�j��t
�����d[�t�����n��t��|����}��n��|��j��d���d��k��r�|��j��r�|��j����}��|��j��d���p�|��j��|�����|��da�<|��j��|�����n��|��j �|�����nO�|��j��r�|��j����}��t��j��j!�|��j��d�����|��da�<|��j��|�����n��|��j"�|�����|��j����}��|��j��|�����Wn,��t#�j$�k
�rD��}���|��j �dW�t%�|�������n��Xd��S(c���Nt
���argument_specR����t����typeR���t����defaultt����presentt����choicest����absentR����R���R����R����R����t����no_logR����t����inti����R����t����boolt����requiredR<���t����dictR/���t����aliasesR.���t����countryNameR1���R0���t����stateOrProvinceNameR3���R2���t����localityNameR5���R4���t����organizationNameR7���R6���t����organizationalUnitNameR9���R8���R>���R;���t����ER:���R����t����listt����elementsRE���R����RF���R=���t����useCommonNameForSANR����RG���R ���RH���R!���t����extKeyUsageRI���R"���t����extKeyUsage_criticalRJ���R#���RK���R$���RL���R%���RM���R&���RN���R-���R'���R(���R)���R*���R+���t����select_crypto_backendt����autoR���R���t����required_togethert����required_ift����add_file_common_argst����supports_check_modet����.R���R,���s>���The directory %s does not exist or the file is not a directorys]���Can't detect any of the required Python libraries cryptography (>= {0}) or PyOpenSSL (>= {1})s����pyOpenSSL >= {0}t ���exceptionR���s1���You need to have PyOpenSSL>=0.15 to generate CSRssK���The module is using the PyOpenSSL backend. This backend has been deprecateds����2.13s����cryptography >= {0}Rg���(����R*���R+���(&���R
���R.���Rf���Rc���t����osR����t����dirnameRC���t����isdirRR���t����CRYPTOGRAPHY_FOUNDt����CRYPTOGRAPHY_VERSIONR����t����MINIMAL_CRYPTOGRAPHY_VERSIONt����PYOPENSSL_FOUNDt����PYOPENSSL_VERSIONt����MINIMAL_PYOPENSSL_VERSIONRZ���R����t����PYOPENSSL_IMP_ERRR����R ���Rx���R���t ���deprecateRu���t����CRYPTOGRAPHY_IMP_ERRR���RD���Rr���Rb���t ���exit_jsonRl���t����existsRp���RT���t����OpenSSLObjectErrorR����(����R\���t����base_dirR���t����can_use_cryptographyt����can_use_pyopensslR���Rj���R���(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt����main���s���������!���������������������������������������!�!���������������������'� ����� �������
��������� ��� �����������������
�����
�������������
����� ���!����� �������
�������t����__main__(D���t
���__future__R����R����R����R%���t
���__metaclass__t����ANSIBLE_METADATAt
���DOCUMENTATIONt����EXAMPLESt����RETURNRs���RV���RC���t ���tracebackt����distutils.versionR����t����ansible.module_utilsR ���RT���t����ansible.module_utils.basicR
���R����t����ansible.module_utils._textR����R
���R����t����ansible.module_utils.compatR����R���RK���RH���RO���RL���R{���t����__version__RJ���t����ImportErrort
���format_excRc���RI���Rf���R���R���R���R���RN���R���t����cryptography.x509t����cryptography.x509.oidt����cryptography.exceptionst����cryptography.hazmat.backendst,���cryptography.hazmat.primitives.serializationt%���cryptography.hazmat.primitives.hashesRG���RF���R���R����t����ObjectIdentifierR���R���RQ���R����t
���OpenSSLObjectR����Ru���R���RU���R����(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/modules/crypto/openssl_csr.pyt��������sp�������
�
�
���A�6����������������������������������
���
������� �������������������������
���
������������ i��