Module: Chef::Resource::SslCertificate::PKCS12

Included in:
Chef::Resource::SslCertificate
Defined in:
libraries/resource_ssl_certificate_pkcs12.rb

Overview

ssl_certificate Chef Resource PKCS12 related methods.

Constant Summary collapse

ATTRS =
%w(
  pkcs12_path
  pkcs12_passphrase
).freeze

Instance Method Summary collapse

Instance Method Details

#generate_pkcs12Object


56
57
58
59
60
61
62
63
64
# File 'libraries/resource_ssl_certificate_pkcs12.rb', line 56

def generate_pkcs12
  key = OpenSSL::PKey.read(key_content)
  crt = OpenSSL::X509::Certificate.new(cert_content)
  chain = if chain_content
            [crt, OpenSSL::X509::Certificate.new(chain_content)]
          end
  OpenSSL::PKCS12.create(pkcs12_passphrase,
                         name, key, crt, chain).to_der
end

#initialize_pkcs12_defaultsObject


43
44
45
# File 'libraries/resource_ssl_certificate_pkcs12.rb', line 43

def initialize_pkcs12_defaults
  initialize_attribute_defaults(PKCS12::ATTRS)
end

#pkcs12_contentObject


66
67
68
69
70
71
72
73
74
75
76
# File 'libraries/resource_ssl_certificate_pkcs12.rb', line 66

def pkcs12_content
  lazy_cached_variable(:pkcs12_content) do
    content = read_from_path(pkcs12_path)
    Chef::Log.debug("Generating the PKCS12 file for #{name}.")
    unless verify_pkcs12(content)
      content = generate_pkcs12
      updated_by_last_action(true)
    end
    content
  end
end

#pkcs12_passphrase(arg = nil) ⇒ Object


82
83
84
# File 'libraries/resource_ssl_certificate_pkcs12.rb', line 82

def pkcs12_passphrase(arg = nil)
  set_or_return(:pkcs12_passphrase, arg, kind_of: String)
end

#pkcs12_path(arg = nil) ⇒ Object


78
79
80
# File 'libraries/resource_ssl_certificate_pkcs12.rb', line 78

def pkcs12_path(arg = nil)
  set_or_return(:pkcs12_path, arg, kind_of: String)
end

#verify_pkcs12(content) ⇒ Object

PKCS12 public methods


49
50
51
52
53
54
# File 'libraries/resource_ssl_certificate_pkcs12.rb', line 49

def verify_pkcs12(content)
  return false if content.nil?
  p12 = OpenSSL::PKCS12.new(content, pkcs12_passphrase)
  p12.certificate.to_s == cert_content &&
    p12.key.to_s == key_content
end