Sha256: e8c1cabe2ef93350bf900bbef4faac66fcf79984e46fb2a4a0eb8db2702e7570
Contents?: true
Size: 1.66 KB
Versions: 3
Compression:
Stored size: 1.66 KB
Contents
# Description: ChefVault::Certificate class
# Copyright 2013, Nordstrom, Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
class ChefVault
class Certificate
attr_accessor :name
def initialize(data_bag, name, chef_config_file)
@name = name
@data_bag = data_bag
if chef_config_file
chef = ChefVault::ChefOffline.new(chef_config_file)
chef.connect
end
end
def decrypt_contents
# use the private client_key file to create a decryptor
private_key = open(Chef::Config[:client_key]).read
private_key = OpenSSL::PKey::RSA.new(private_key)
begin
keys = Chef::DataBagItem.load(@data_bag, "#{name}_keys")
rescue
throw "Could not find data bag item #{name}_keys in data bag #{@data_bag}"
end
unless keys[Chef::Config[:node_name]]
throw "#{name} is not encrypted for you! Rebuild the certificate data bag"
end
node_key = Base64.decode64(keys[Chef::Config[:node_name]])
shared_secret = private_key.private_decrypt(node_key)
certificate = Chef::EncryptedDataBagItem.load(@data_bag, @name, shared_secret)
certificate["contents"]
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| chef-vault-1.2.5 | lib/chef-vault/certificate.rb |
| chef-vault-1.2.4 | lib/chef-vault/certificate.rb |
| chef-vault-1.2.3 | lib/chef-vault/certificate.rb |