libraries/resource_ssl_certificate_pkcs12.rb from onddo/ssl_certificate-cookbook

libraries/resource_ssl_certificate_pkcs12.rb
Summary

Maintainability

0 mins
Test Coverage

Issues
# encoding: UTF-8
#
# Cookbook Name:: ssl_certificate
# Library:: resource_ssl_certificate_pkcs12
# Author:: Baptiste Courtois (<b.courtois@criteo.com>)
# Author:: Xabier de Zuazo (<xabier@zuazo.org>)
# Copyright:: Copyright (c) 2016 Xabier de Zuazo
# Copyright:: Copyright (c) 2015 Criteo
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require 'chef/resource'

# Chef configuration management tool main class.
class Chef
  # Chef Resource describes the desired state of an element of your
  # infrastructure.
  class Resource
    class SslCertificate < Chef::Resource
      # ssl_certificate Chef Resource PKCS12 related methods.
      module PKCS12
        # Resource key attributes to be initialized by a `default_#{attribute}`
        # method.
        unless defined?(::Chef::Resource::SslCertificate::PKCS12::ATTRS)
          ATTRS = %w(
            pkcs12_path
            pkcs12_passphrase
          ).freeze
        end

        def initialize_pkcs12_defaults
          initialize_attribute_defaults(PKCS12::ATTRS)
        end

        # PKCS12 public methods

        def verify_pkcs12(content)
          return false if content.nil?
          p12 = OpenSSL::PKCS12.new(content, pkcs12_passphrase)
          p12.certificate.to_s == cert_content &&
            p12.key.to_s == key_content
        end

        def generate_pkcs12
          key = OpenSSL::PKey.read(key_content)
          crt = OpenSSL::X509::Certificate.new(cert_content)
          chain = if chain_content
                    [crt, OpenSSL::X509::Certificate.new(chain_content)]
                  end
          OpenSSL::PKCS12.create(pkcs12_passphrase,
                                 name, key, crt, chain).to_der
        end

        def pkcs12_content
          lazy_cached_variable(:pkcs12_content) do
            content = read_from_path(pkcs12_path)
            Chef::Log.debug("Generating the PKCS12 file for #{name}.")
            unless verify_pkcs12(content)
              content = generate_pkcs12
              updated_by_last_action(true)
            end
            content
          end
        end

        def pkcs12_path(arg = nil)
          set_or_return(:pkcs12_path, arg, kind_of: String)
        end

        def pkcs12_passphrase(arg = nil)
          set_or_return(:pkcs12_passphrase, arg, kind_of: String)
        end

        protected

        def default_pkcs12_path
          lazy { read_namespace(%w(pkcs12_path)) }
        end

        def default_pkcs12_passphrase
          lazy { read_namespace(%w(pkcs12_passphrase)) }
        end
      end
    end
  end
end