Add ability to identify ed25519 complete chains.

ansible-collections · Jul 8, 2024 · c03fff0 · c03fff0
1 parent 518847a
commit c03fff0
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/plugins/modules/certificate_complete_chain.py b/plugins/modules/certificate_complete_chain.py
@@ -150,6 +150,7 @@
     import cryptography.hazmat.primitives.serialization
     import cryptography.hazmat.primitives.asymmetric.rsa
     import cryptography.hazmat.primitives.asymmetric.ec
+    import cryptography.hazmat.primitives.asymmetric.ed25519
     import cryptography.hazmat.primitives.asymmetric.padding
     import cryptography.hazmat.primitives.hashes
     import cryptography.hazmat.primitives.asymmetric.utils
@@ -196,6 +197,11 @@ def is_parent(module, cert, potential_parent):
                 cert.cert.tbs_certificate_bytes,
                 cryptography.hazmat.primitives.asymmetric.ec.ECDSA(cert.cert.signature_hash_algorithm),
             )
+        elif isinstance(public_key, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey):
+            public_key.verify(
+                cert.cert.signature,
+                cert.cert.tbs_certificate_bytes
+            )
         else:
             # Unknown public key type
             module.warn('Unknown public key type "{0}"'.format(public_key))