17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
# File 'lib/chef/knife/DecryptCert.rb', line 17
def run
unless config[:name]
puts("You must supply a certificate to decrypt")
exit 1
end
Shef::Extensions.extend_context_object(self)
data_bag = "certs"
data_bag_path = "./data_bags/#{data_bag}"
name = config[:name].gsub(".", "_")
user_private_key = OpenSSL::PKey::RSA.new(open(Chef::Config[:client_key]).read())
key = JSON.parse(IO.read("#{data_bag_path}/#{name}_keys.json"))
unless key[Chef::Config[:node_name]]
puts("Can't find a key for #{Chef::Config[:node_name]}... You can't decrypt!")
exit 1
end
data_bag_shared_key = user_private_key.private_decrypt(Base64.decode64(key[Chef::Config[:node_name]]))
certificate = JSON.parse(open("#{data_bag_path}/#{name}.json").read())
certificate = Chef::EncryptedDataBagItem.new certificate, data_bag_shared_key
puts("certificate:\n#{certificate['contents']}")
end
|