[BUG] x509_v2 private key issues

[lkubb]

Description

1. x509_v2.create_private_key cannot write an encrypted private key in PEM format to a passed path.
2. x509_v2.verify_private_key does not respect a passed passphrase parameter.
3. x509_v2.encode_private_key erroneously expects a hydrated private key object.
4. x509_v2.encode_private_key cannot read an encrypted private key.

Setup
irrelevant

Steps to Reproduce the behavior
(1)

• salt-call x509.create_private_key path=/tmp/privkey passphrase=hunter1

(2) Fix 1, then

• rerun (1)
• salt-call x509.create_certificate path=/tmp/cert signing_private_key=/tmp/privkey signing_private_key_passphrase=hunter1
• salt-call x509.verify_private_key /tmp/privkey /tmp/cert passphrase=hunter1

(3)

• salt-call x509.create_private_key path=/tmp/privkey
• salt-call x509.encode_private_key /tmp/privkey

(4) Evident from its parameters missing a private_key_passphrase one.

Expected behavior
Success.

Screenshots
1: PEM does not contain a single entry of type (?:RSA )?PRIVATE KEY:
2: Passed invalid arguments: Private key is encrypted. Please provide a password..
3: AttributeError: 'str' object has no attribute 'private_bytes'
4: Passed invalid arguments: Private key is encrypted. Please provide a password..

Versions Report

salt --versions-report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)

Salt Version:
          Salt: 3006.1

Python Version:
        Python: 3.10.11 (main, May  5 2023, 02:31:54) [GCC 11.2.0]

Dependency Versions:
          cffi: 1.14.6
      cherrypy: unknown
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.2
       libgit2: Not Installed
  looseversion: 1.0.2
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     packaging: 22.0
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.9.8
        pygit2: Not Installed
  python-gnupg: 0.4.8
        PyYAML: 5.4.1
         PyZMQ: 23.2.0
        relenv: 0.12.3
         smmap: Not Installed
       timelib: 0.2.4
       Tornado: 4.5.3
           ZMQ: 4.3.4

System Versions:
          dist: rocky 9.1 Blue Onyx
        locale: utf-8
       machine: x86_64
       release: 5.14.0-162.12.1.el9_1.0.1.x86_64
        system: Linux
       version: Rocky Linux 9.1 Blue Onyx

Additional small issues:

• x509.private_key_managed reports a new keysize as None if a key with a non-default keysize is implicitly changed to have the default one
• x509.create_certificate overwrite docs are confusing
• x509.encode_private_key parameter docs are wrong
• _create_certificate_local calls builder.sign twice. Luckily, this does not result in two different certificates to be issued (verified in testing), but it's still ugly.

[Ch3LL]

closed by #64598