community / community.crypto / 2.18.0 / filter / openssl_csr_info Retrieve information from OpenSSL Certificate Signing Requests (CSR) | "added in version" 2.10.0 of community.crypto" Authors: Felix Fontein (@felixfontein)community.crypto.openssl_csr_info (2.18.0) — filter
Install with ansible-galaxy collection install community.crypto:==2.18.0
collections: - name: community.crypto version: 2.18.0
Provided an OpenSSL Certificate Signing Requests (CSR), retrieve information.
This is a filter version of the M(community.crypto.openssl_csr_info) module.
- name: Show the Subject Alt Names of the CSR ansible.builtin.debug: msg: >- {{ ( lookup('ansible.builtin.file', '/path/to/cert.csr') | community.crypto.openssl_csr_info ).subject_alt_name | join(', ') }}
_input: description: - The content of the OpenSSL CSR. required: true type: string name_encoding: choices: - ignore - idna - unicode default: ignore description: - How to encode names (DNS names, URIs, email addresses) in return values. - V(ignore) will use the encoding returned by the backend. - V(idna) will convert all labels of domain names to IDNA encoding. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 encoding fails. - V(unicode) will convert all labels of domain names to Unicode. IDNA2008 will be preferred, and IDNA2003 will be used if IDNA2008 decoding fails. - B(Note) that V(idna) and V(unicode) require the L(idna Python library,https://pypi.org/project/idna/) to be installed. type: str
_value: contains: authority_cert_issuer: description: - The CSR's authority cert issuer as a list of general names. - Is V(none) if the C(AuthorityKeyIdentifier) extension is not present. - See O(name_encoding) for how IDNs are handled. elements: str returned: success sample: - DNS:www.ansible.com - IP:1.2.3.4 type: list authority_cert_serial_number: description: - The CSR's authority cert serial number. - Is V(none) if the C(AuthorityKeyIdentifier) extension is not present. - This return value is an B(integer). If you need the serial numbers as a colon-separated hex string, such as C(11:22:33), you need to convert it to that form with P(community.crypto.to_serial#filter). returned: success sample: 12345 type: int authority_key_identifier: description: - The CSR's authority key identifier. - The identifier is returned in hexadecimal, with V(:) used to separate bytes. - Is V(none) if the C(AuthorityKeyIdentifier) extension is not present. returned: success sample: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33 type: str basic_constraints: description: Entries in the C(basic_constraints) extension, or V(none) if extension is not present. elements: str returned: success sample: - CA:TRUE - pathlen:1 type: list basic_constraints_critical: description: Whether the C(basic_constraints) extension is critical. returned: success type: bool extended_key_usage: description: Entries in the C(extended_key_usage) extension, or V(none) if extension is not present. elements: str returned: success sample: - Biometric Info - DVCS - Time Stamping type: list extended_key_usage_critical: description: Whether the C(extended_key_usage) extension is critical. returned: success type: bool extensions_by_oid: contains: critical: description: Whether the extension is critical. returned: success type: bool value: description: - The Base64 encoded value (in DER format) of the extension. - B(Note) that depending on the C(cryptography) version used, it is not possible to extract the ASN.1 content of the extension, but only to provide the re-encoded content of the extension in case it was parsed by C(cryptography). This should usually result in exactly the same value, except if the original extension value was malformed. returned: success sample: MAMCAQU= type: str description: Returns a dictionary for every extension OID returned: success sample: 1.3.6.1.5.5.7.1.24: critical: false value: MAMCAQU= type: dict key_usage: description: Entries in the C(key_usage) extension, or V(none) if extension is not present. returned: success sample: - Key Agreement - Data Encipherment type: str key_usage_critical: description: Whether the C(key_usage) extension is critical. returned: success type: bool name_constraints_critical: description: - Whether the C(name_constraints) extension is critical. - Is V(none) if extension is not present. returned: success type: bool name_constraints_excluded: description: - List of excluded subtrees the CA cannot sign certificates for. - Is V(none) if extension is not present. - See O(name_encoding) for how IDNs are handled. elements: str returned: success sample: - email:.com type: list name_constraints_permitted: description: List of permitted subtrees to sign certificates for. elements: str returned: success sample: - email:.somedomain.com type: list ocsp_must_staple: description: V(true) if the OCSP Must Staple extension is present, V(none) otherwise. returned: success type: bool ocsp_must_staple_critical: description: Whether the C(ocsp_must_staple) extension is critical. returned: success type: bool public_key: description: CSR's public key in PEM format returned: success sample: '-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A...' type: str public_key_data: contains: curve: description: - The curve's name for ECC. returned: When RV(_value.public_key_type=ECC) type: str exponent: description: - The RSA key's public exponent. returned: When RV(_value.public_key_type=RSA) type: int exponent_size: description: - The maximum number of bits of a private key. This is basically the bit size of the subgroup used. returned: When RV(_value.public_key_type=ECC) type: int g: description: - The C(g) value for DSA. - This is the element spanning the subgroup of the multiplicative group of the prime field used. returned: When RV(_value.public_key_type=DSA) type: int modulus: description: - The RSA key's modulus. returned: When RV(_value.public_key_type=RSA) type: int p: description: - The C(p) value for DSA. - This is the prime modulus upon which arithmetic takes place. returned: When RV(_value.public_key_type=DSA) type: int q: description: - The C(q) value for DSA. - This is a prime that divides C(p - 1), and at the same time the order of the subgroup of the multiplicative group of the prime field used. returned: When RV(_value.public_key_type=DSA) type: int size: description: - Bit size of modulus (RSA) or prime number (DSA). returned: When RV(_value.public_key_type=RSA) or RV(_value.public_key_type=DSA) type: int x: description: - The C(x) coordinate for the public point on the elliptic curve. returned: When RV(_value.public_key_type=ECC) type: int y: description: - For RV(_value.public_key_type=ECC), this is the C(y) coordinate for the public point on the elliptic curve. - For RV(_value.public_key_type=DSA), this is the publicly known group element whose discrete logarithm with respect to C(g) is the private key. returned: When RV(_value.public_key_type=DSA) or RV(_value.public_key_type=ECC) type: int description: - Public key data. Depends on the public key's type. returned: success type: dict public_key_fingerprints: description: - Fingerprints of CSR's public key. - For every hash algorithm available, the fingerprint is computed. returned: success sample: '{''sha256'': ''d4:b3:aa:6d:c8:04:ce:4e:ba:f6:29:4d:92:a3:94:b0:c2:ff:bd:bf:33:63:11:43:34:0f:51:b0:95:09:2f:63'', ''sha512'': ''f7:07:4a:f0:b0:f0:e6:8b:95:5f:f9:e6:61:0a:32:68:f1...' type: dict public_key_type: description: - The CSR's public key's type. - One of V(RSA), V(DSA), V(ECC), V(Ed25519), V(X25519), V(Ed448), or V(X448). - Will start with C(unknown) if the key type cannot be determined. returned: success sample: RSA type: str signature_valid: description: - Whether the CSR's signature is valid. - In case the check returns V(false), the module will fail. returned: success type: bool subject: description: - The CSR's subject as a dictionary. - Note that for repeated values, only the last one will be returned. returned: success sample: commonName: www.example.com emailAddress: test@example.com type: dict subject_alt_name: description: - Entries in the C(subject_alt_name) extension, or V(none) if extension is not present. - See O(name_encoding) for how IDNs are handled. elements: str returned: success sample: - DNS:www.ansible.com - IP:1.2.3.4 type: list subject_alt_name_critical: description: Whether the C(subject_alt_name) extension is critical. returned: success type: bool subject_key_identifier: description: - The CSR's subject key identifier. - The identifier is returned in hexadecimal, with V(:) used to separate bytes. - Is V(none) if the C(SubjectKeyIdentifier) extension is not present. returned: success sample: 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00:11:22:33 type: str subject_ordered: description: The CSR's subject as an ordered list of tuples. elements: list returned: success sample: - - commonName - www.example.com - - emailAddress: test@example.com type: list description: - Information on the certificate. type: dict