class Chef::Resource::OpensslX509Crl

Public Instance Methods

ca_private_key() click to toggle source
# File lib/chef/resource/openssl_x509_crl.rb, line 124
def ca_private_key
  ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
end
crl() click to toggle source
# File lib/chef/resource/openssl_x509_crl.rb, line 128
def crl
  if crl_file_valid?(new_resource.path)
    crl = ::OpenSSL::X509::CRL.new ::File.read(new_resource.path)
  else
    log "Creating a CRL #{new_resource.path} for CA #{new_resource.ca_cert_file}"
    crl = gen_x509_crl(ca_private_key, crl_info)
  end

  if !new_resource.serial_to_revoke.nil? && serial_revoked?(crl, new_resource.serial_to_revoke) == false
    log "Revoking serial #{new_resource.serial_to_revoke} in CRL #{new_resource.path}"
    crl = revoke_x509_crl(revoke_info, crl, ca_private_key, crl_info)
  elsif crl.next_update <= Time.now + 3600 * 24 * new_resource.renewal_threshold
    log "Renewing CRL for CA #{new_resource.ca_cert_file}"
    crl = renew_x509_crl(crl, ca_private_key, crl_info)
  end

  crl
end
crl_info() click to toggle source
# File lib/chef/resource/openssl_x509_crl.rb, line 104
def crl_info
  # Will contain issuer & expiration
  crl_info = {}

  crl_info["issuer"] = ::OpenSSL::X509::Certificate.new ::File.read(new_resource.ca_cert_file)
  crl_info["validity"] = new_resource.expire

  crl_info
end
revoke_info() click to toggle source
# File lib/chef/resource/openssl_x509_crl.rb, line 114
def revoke_info
  # Will contain Serial to revoke & reason
  revoke_info = {}

  revoke_info["serial"] = new_resource.serial_to_revoke
  revoke_info["reason"] = new_resource.revocation_reason

  revoke_info
end