class Chef::Resource::OpensslX509Certificate

Public Instance Methods

ca_info() click to toggle source
# File lib/chef/resource/openssl_x509_certificate.rb, line 236
def ca_info
  # Will contain issuer (if any) & expiration
  ca_info = {}

  unless new_resource.ca_cert_file.nil?
    ca_info["issuer"] = OpenSSL::X509::Certificate.new ::File.read(new_resource.ca_cert_file)
  end
  ca_info["validity"] = new_resource.expire

  ca_info
end
ca_private_key() click to toggle source
# File lib/chef/resource/openssl_x509_certificate.rb, line 228
def ca_private_key
  if new_resource.ca_key_file.nil?
    key
  else
    OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
  end
end
cert() click to toggle source
# File lib/chef/resource/openssl_x509_certificate.rb, line 258
def cert
  gen_x509_cert(request, extensions, ca_info, ca_private_key)
end
extensions() click to toggle source
# File lib/chef/resource/openssl_x509_certificate.rb, line 248
def extensions
  extensions = gen_x509_extensions(new_resource.extensions)

  unless new_resource.subject_alt_name.empty?
    extensions += gen_x509_extensions("subjectAltName" => { "values" => new_resource.subject_alt_name, "critical" => false })
  end

  extensions
end
key() click to toggle source
# File lib/chef/resource/openssl_x509_certificate.rb, line 198
def key
  @key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
             OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
           elsif new_resource.key_type == "rsa"
             gen_rsa_priv_key(new_resource.key_length)
           else
             gen_ec_priv_key(new_resource.key_curve)
           end
end
key_file() click to toggle source
# File lib/chef/resource/openssl_x509_certificate.rb, line 187
def key_file
  @key_file ||=
    if new_resource.key_file
      new_resource.key_file
    else
      path, file = ::File.split(new_resource.path)
      filename = ::File.basename(file, ::File.extname(file))
      path + "/" + filename + ".key"
    end
end
request() click to toggle source
# File lib/chef/resource/openssl_x509_certificate.rb, line 208
def request
  if new_resource.csr_file.nil?
    gen_x509_request(subject, key)
  else
    OpenSSL::X509::Request.new ::File.read(new_resource.csr_file)
  end
end
subject() click to toggle source
# File lib/chef/resource/openssl_x509_certificate.rb, line 216
def subject
  OpenSSL::X509::Name.new.tap do |csr_subject|
    csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
    csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
    csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
    csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
    csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
    csr_subject.add_entry("CN", new_resource.common_name)
    csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
  end
end