Merge pull request #24 from Venafi/release-fix

Fixing key types
Venafi · Nov 20, 2019 · d465e6a · d465e6a
2 parents 2e3a735 + 34fc342
commit d465e6a
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 9 deletions.
diff --git a/library/venafi_certificate.py b/library/venafi_certificate.py
@@ -26,7 +26,7 @@
 
 HAS_VCERT = HAS_CRYPTOGRAPHY = True
 try:
-    from vcert import CertificateRequest, Connection
+    from vcert import CertificateRequest, Connection, KeyType
 except ImportError:
     HAS_VCERT = False
 try:
@@ -370,13 +370,13 @@ def _check_private_key_correct(self):
                                key_password=self.privatekey_passphrase)
         key_type = {"RSA": "rsa", "ECDSA": "ec", "EC": "ec"}. \
             get(self.privatekey_type)
-        if key_type and key_type != r.key_type:
+        if key_type and key_type != r.key_type.key_type:
             return False
         if key_type == "rsa" and self.privatekey_size:
-            if self.privatekey_size != r.key_length:
+            if self.privatekey_size != r.key_type.option:
                 return False
         if key_type == "ec" and self.privatekey_curve:
-            if self.privatekey_curve != r.key_curve:
+            if self.privatekey_curve != r.key_type.option:
                 return False
         return True
 
@@ -400,9 +400,16 @@ def enroll(self):
                 self.module.fail_json(msg=(
                     "Failed to determine key type: %s."
                     "Must be RSA or ECDSA" % self.privatekey_type))
-            request.key_type = key_type
-            request.key_curve = self.privatekey_curve
-            request.key_length = self.privatekey_size
+            if key_type == "rsa":
+                request.key_type = KeyType(KeyType.RSA,
+                                           self.privatekey_size)
+            elif key_type == "ecdsa" or "ec":
+                request.key_type = KeyType(KeyType.ECDSA,
+                                           self.privatekey_curve)
+            else:
+                self.module.fail_json(msg=(
+                    "Failed to determine key type: %s."
+                    "Must be RSA or ECDSA" % self.privatekey_type))
 
         request.ip_addresses = self.ip_addresses
         request.san_dns = self.san_dns

diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml
@@ -6,7 +6,7 @@
     - name: "Set CN fact"
       set_fact:
         cn: "{{ 10000|random }}"
-
+#TODO: make test cases of ECDSA, minimum variables, maximum variables
 - name: Converge
   hosts: all
   vars:
@@ -18,6 +18,8 @@
     certificate_cert_path: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.pem"
     certificate_chain_path: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.chain.pem"
     certificate_privatekey_path: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.key"
+    certificate_privatekey_type: "RSA"
+    certificate_privatekey_size: 4096
     certificate_csr_path: "{{ certificate_cert_dir }}/{{ certificate_common_name }}.csr"
 
     # Where to execute venafi_certificate module. If set to false certificate will be
@@ -39,7 +41,7 @@
     - name: "Install vcert for verification"
       pip:
         name:
-          - vcert
+          - git+https://github.com/Venafi/vcert-python.git@fix-tpp-zone-configuration-parser
 
     - name: "Verify Venafi certificate on remote host"
       venafi_certificate: