Module: Chef::Mixin::OpenSSLHelper

Included in:

Resource::OpensslDhparam, Resource::OpensslRsaPrivateKey, Resource::OpensslRsaPublicKey

Defined in:

lib/chef/mixin/openssl_helper.rb

Overview

various helpers for use with openssl. Currently used by the openssl_* resources

Class Method Summary

• .included(_base) ⇒ Object

Instance Method Summary

• #dhparam_pem_valid?(dhparam_pem_path) ⇒ Boolean

  validate a dhparam file from path.

• #encrypt_rsa_key(rsa_key, key_password, key_cipher) ⇒ String

  generate a pem file given a cipher, key, an optional key_password.

• #gen_dhparam(key_length, generator) ⇒ OpenSSL::PKey::DH

  generate a dhparam file.

• #gen_rsa_priv_key(key_length) ⇒ OpenSSL::PKey::DH

  generate an RSA private key given key length.

• #gen_rsa_pub_key(priv_key, priv_key_password = nil) ⇒ String

  generate pem format of the public key given a private key.

• #get_key_filename(cert_filename) ⇒ String

  determine the key filename from the cert filename.

• #key_length_valid?(number) ⇒ Boolean

  is the key length a valid key length.

• #priv_key_file_valid?(key_file, key_password = nil) ⇒ Boolean

  given either a key file path or key file content see if it’s actually a private key.

Class Method Details

.included(_base) ⇒ Object

# File 'lib/chef/mixin/openssl_helper.rb', line 22

def self.included(_base)
  require "openssl" unless defined?(::OpenSSL)
end

Instance Method Details

#dhparam_pem_valid?(dhparam_pem_path) ⇒ Boolean

validate a dhparam file from path

# File 'lib/chef/mixin/openssl_helper.rb', line 45

def dhparam_pem_valid?(dhparam_pem_path)
  # Check if the dhparam.pem file exists
  # Verify the dhparam.pem file contains a key
  return false unless ::File.exist?(dhparam_pem_path)
  dhparam = ::OpenSSL::PKey::DH.new File.read(dhparam_pem_path)
  dhparam.params_ok?
end

#encrypt_rsa_key(rsa_key, key_password, key_cipher) ⇒ String

generate a pem file given a cipher, key, an optional key_password

Raises:

• (TypeError)

# File 'lib/chef/mixin/openssl_helper.rb', line 108

def encrypt_rsa_key(rsa_key, key_password, key_cipher)
  raise TypeError, "rsa_key must be a Ruby OpenSSL::PKey::RSA object" unless rsa_key.is_a?(::OpenSSL::PKey::RSA)
  raise TypeError, "key_password must be a string" unless key_password.is_a?(String)
  raise TypeError, "key_cipher must be a string" unless key_cipher.is_a?(String)
  raise ArgumentError, "Specified key_cipher is not available on this system" unless ::OpenSSL::Cipher.ciphers.include?(key_cipher)

  cipher = ::OpenSSL::Cipher.new(key_cipher)
  rsa_key.to_pem(cipher, key_password)
end

#gen_dhparam(key_length, generator) ⇒ OpenSSL::PKey::DH

generate a dhparam file

Raises:

• (ArgumentError)

# File 'lib/chef/mixin/openssl_helper.rb', line 75

def gen_dhparam(key_length, generator)
  raise ArgumentError, "Key length must be a power of 2 greater than or equal to 1024" unless key_length_valid?(key_length)
  raise TypeError, "Generator must be an integer" unless generator.is_a?(Integer)

  ::OpenSSL::PKey::DH.new(key_length, generator)
end

#gen_rsa_priv_key(key_length) ⇒ OpenSSL::PKey::DH

generate an RSA private key given key length

Raises:

• (ArgumentError)

# File 'lib/chef/mixin/openssl_helper.rb', line 85

def gen_rsa_priv_key(key_length)
  raise ArgumentError, "Key length must be a power of 2 greater than or equal to 1024" unless key_length_valid?(key_length)

  ::OpenSSL::PKey::RSA.new(key_length)
end

#gen_rsa_pub_key(priv_key, priv_key_password = nil) ⇒ String

generate pem format of the public key given a private key

# File 'lib/chef/mixin/openssl_helper.rb', line 95

def gen_rsa_pub_key(priv_key, priv_key_password = nil)
  # if the file exists try to read the content
  # if not assume we were passed the key and set the string to the content
  key_content = ::File.exist?(priv_key) ? File.read(priv_key) : priv_key
  key = ::OpenSSL::PKey::RSA.new key_content, priv_key_password
  key.public_key.to_pem
end

#get_key_filename(cert_filename) ⇒ String

determine the key filename from the cert filename

# File 'lib/chef/mixin/openssl_helper.rb', line 29

def get_key_filename(cert_filename)
  cert_file_path, cert_filename = ::File.split(cert_filename)
  cert_filename = ::File.basename(cert_filename, ::File.extname(cert_filename))
  cert_file_path + ::File::SEPARATOR + cert_filename + ".key"
end

#key_length_valid?(number) ⇒ Boolean

is the key length a valid key length

# File 'lib/chef/mixin/openssl_helper.rb', line 38

def key_length_valid?(number)
  number >= 1024 && ( number & (number - 1) == 0 )
end

#priv_key_file_valid?(key_file, key_password = nil) ⇒ Boolean

given either a key file path or key file content see if it’s actually a private key

# File 'lib/chef/mixin/openssl_helper.rb', line 58

def priv_key_file_valid?(key_file, key_password = nil)
  # if the file exists try to read the content
  # if not assume we were passed the key and set the string to the content
  key_content = ::File.exist?(key_file) ? File.read(key_file) : key_file

  begin
    key = ::OpenSSL::PKey::RSA.new key_content, key_password
  rescue ::OpenSSL::PKey::RSAError
    return false
  end
  key.private?
end