cookbooks/openssl/providers/x509.rb in from-scratch-0.1.1 vs cookbooks/openssl/providers/x509.rb in from-scratch-0.2.0
- old
+ new
@@ -1,55 +1,65 @@
#
# x509 self signed cert provider
#
# Author:: Jesse Nelson <spheromak@gmail.com>
#
-require 'openssl'
+include OpenSSLCookbook::Helpers
+
use_inline_resources
+def whyrun_supported?
+ true
+end
+
attr_reader :key_file, :key, :cert, :ef
-action :create do
- unless ::File.exists? new_resource.name
- create_keys
- cert_content = cert.to_pem
- key_content = key.to_pem
+action :create do
+ converge_by("Create #{@new_resource}") do
+ unless ::File.exist? new_resource.name
+ create_keys
+ cert_content = cert.to_pem
+ key_content = key.to_pem
- file new_resource.name do
- action :create_if_missing
- mode new_resource.mode
- owner new_resource.owner
- group new_resource.group
- content cert_content
- end
+ file new_resource.name do
+ action :create_if_missing
+ mode new_resource.mode
+ owner new_resource.owner
+ group new_resource.group
+ sensitive true
+ content cert_content
+ end
- file new_resource.key_file do
- action :create_if_missing
- mode new_resource.mode
- owner new_resource.owner
- group new_resource.group
- content key_content
+ file new_resource.key_file do
+ action :create_if_missing
+ mode new_resource.mode
+ owner new_resource.owner
+ group new_resource.group
+ sensitive true
+ content key_content
+ end
+ new_resource.updated_by_last_action(true)
end
-
end
end
protected
+ # rubocop:disable Metrics/AbcSize, Style/IndentationConsistency
def key_file
unless new_resource.key_file
- path, file= ::File.split(new_resource.name)
- filename = ::File.basename(file, ::File.extname(file) )
- new_resource.key_file path + "/" + filename + ".key"
+ path, file = ::File.split(new_resource.name)
+ filename = ::File.basename(file, ::File.extname(file))
+ new_resource.key_file path + '/' + filename + '.key'
end
new_resource.key_file
end
def key
- @key ||= if ::File.exists? key_file
- OpenSSL::PKey::RSA.new File.read(key_file), new_resource.key_pass
+ @key ||= if key_file_valid?(key_file, new_resource.key_pass)
+ OpenSSL::PKey::RSA.new ::File.read(key_file), new_resource.key_pass
else
OpenSSL::PKey::RSA.new(new_resource.key_length)
end
@key
end
@@ -67,28 +77,28 @@
cert.serial = 0x0
cert.version = 2
end
def subject
- @subject ||= "/C=" + new_resource.country +
- "/O=" + new_resource.org +
- "/OU=" + new_resource.org_unit +
- "/CN=" + new_resource.common_name
+ @subject ||= '/C=' + new_resource.country +
+ '/O=' + new_resource.org +
+ '/OU=' + new_resource.org_unit +
+ '/CN=' + new_resource.common_name
end
def extensions
[
- ef.create_extension("basicConstraints","CA:TRUE", true),
- ef.create_extension("subjectKeyIdentifier", "hash"),
+ ef.create_extension('basicConstraints', 'CA:TRUE', true),
+ ef.create_extension('subjectKeyIdentifier', 'hash')
]
end
def create_keys
gen_cert
@ef ||= OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = cert
cert.extensions = extensions
- cert.add_extension ef.create_extension("authorityKeyIdentifier",
- "keyid:always,issuer:always")
- cert.sign key, OpenSSL::Digest::SHA1.new
+ cert.add_extension ef.create_extension('authorityKeyIdentifier',
+ 'keyid:always,issuer:always')
+ cert.sign key, OpenSSL::Digest::SHA256.new
end