diff --git a/plugins/modules/pfsense_ca.py b/plugins/modules/pfsense_ca.py index 0c1fb471..1dde9151 100644 --- a/plugins/modules/pfsense_ca.py +++ b/plugins/modules/pfsense_ca.py @@ -422,17 +422,18 @@ def _update(self): (dummy, stdout, stderr) = ('', '', '') if self.params['state'] == 'present': if self.params['method'] == 'existing': - # ca_import will base64 encode the cert + key and will fix 'caref' for CAs that reference each other + # ca_import will base64 encode the cert + key and will fix 'caref' for CAs that reference each other # $ca needs to be an existing reference (particularly 'refid' must be set) before calling ca_import - # key and serial are optional arguments. TODO - handle key and serial + # key and serial are optional arguments. TODO - handle key and serial (dummy, stdout, stderr) = self.pfsense.phpshell(""" - $ca =& lookup_ca('{refid}')['item']; + $caent =& lookup_ca('{refid}'); + $ca =& $caent['item']; ca_import($ca, '{cert}'); + config_set_path("ca/{{$caent['idx']}}", $ca); write_config('Update CA reference'); ca_setup_trust_store(); cert_restart_services(ca_get_all_services('{refid}'));""".format(refid=self.target_elt.find('refid').text, cert=base64.b64decode(self.target_elt.find('crt').text.encode()).decode())) - if self.refresh_crls: (dummy, crl_stdout, crl_stderr) = self.pfsense.phpshell(""" require_once("openvpn.inc"); diff --git a/plugins/modules/pfsense_cert.py b/plugins/modules/pfsense_cert.py index d2043c3a..19636458 100644 --- a/plugins/modules/pfsense_cert.py +++ b/plugins/modules/pfsense_cert.py @@ -340,17 +340,21 @@ def _log_fields(self, before=None): def _update(self): if self.params['state'] == 'present': if self.params['method'] == 'import': + prv_node = self.target_elt.find('prv') + raw_key = base64.b64decode(prv_node.text.encode()).decode() if (prv_node is not None and prv_node.text) else "" # import certificate return self.pfsense.phpshell(""" require_once('certs.inc'); - $cert =& lookup_cert('{refid}'); + $certent = lookup_cert('{refid}'); + $cert = $certent['item']; cert_import($cert, '{cert}', '{key}'); + config_set_path("cert/{{$certent['idx']}}", $cert); $savemsg = sprintf(gettext("Imported certificate %s"), $cert['descr']); write_config($savemsg); cert_restart_services(cert_get_all_services('{refid}')); """.format(refid=self.target_elt.find('refid').text, cert=base64.b64decode(self.target_elt.find('crt').text.encode()).decode(), - key=base64.b64decode(self.target_elt.find('prv').text.encode()).decode())) + key=raw_key)) else: # generate internal certificate return self.pfsense.phpshell("""