Update the mediawiki cookbook and upstream cookbooks

Compatibility with Chef 14

cookbooks/openssl/resources/x509_certificate.rb

@@ -0,0 +1,151 @@
+#
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+chef_version_for_provides '< 14.4' if respond_to?(:chef_version_for_provides)
+resource_name :openssl_x509_certificate
+
+provides :openssl_x509 # legacy_name
+
+include OpenSSLCookbook::Helpers
+
+property :path,             String, name_property: true
+property :owner,            String
+property :group,            String
+property :expire,           Integer, default: 365
+property :mode,             [Integer, String], default: '0644'
+property :country,          String
+property :state,            String
+property :city,             String
+property :org,              String
+property :org_unit,         String
+property :common_name,      String
+property :email,            String
+property :extensions,       Hash, default: {}
+property :subject_alt_name, Array, default: []
+property :key_file,         String
+property :key_pass,         String
+property :key_type,         equal_to: %w(rsa ec), default: 'rsa'
+property :key_length,       equal_to: [1024, 2048, 4096, 8192], default: 2048
+property :key_curve,        equal_to: %w(secp384r1 secp521r1 prime256v1), default: 'prime256v1'
+property :csr_file,         String
+property :ca_cert_file,     String
+property :ca_key_file,      String
+property :ca_key_pass,      String
+
+action :create do
+  unless ::File.exist? new_resource.path
+    converge_by("Create #{@new_resource}") do
+      file new_resource.path do
+        action :create_if_missing
+        mode new_resource.mode
+        owner new_resource.owner unless new_resource.owner.nil?
+        group new_resource.group unless new_resource.group.nil?
+        sensitive true
+        content cert.to_pem
+      end
+
+      if new_resource.csr_file.nil?
+        file new_resource.key_file do
+          action :create_if_missing
+          mode new_resource.mode
+          owner new_resource.owner unless new_resource.owner.nil?
+          group new_resource.group unless new_resource.group.nil?
+          sensitive true
+          content key.to_pem
+        end
+      end
+    end
+  end
+end
+
+action_class do
+  def generate_key_file
+    unless new_resource.key_file
+      path, file = ::File.split(new_resource.path)
+      filename = ::File.basename(file, ::File.extname(file))
+      new_resource.key_file path + '/' + filename + '.key'
+    end
+    new_resource.key_file
+  end
+
+  def key
+    @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
+               ::OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
+             elsif new_resource.key_type == 'rsa'
+               gen_rsa_priv_key(new_resource.key_length)
+             else
+               gen_ec_priv_key(new_resource.key_curve)
+             end
+    @key
+  end
+
+  def request
+    request = if new_resource.csr_file.nil?
+                gen_x509_request(subject, key)
+              else
+                ::OpenSSL::X509::Request.new ::File.read(new_resource.csr_file)
+              end
+    request
+  end
+
+  def subject
+    subject = ::OpenSSL::X509::Name.new()
+    subject.add_entry('C', new_resource.country) unless new_resource.country.nil?
+    subject.add_entry('ST', new_resource.state) unless new_resource.state.nil?
+    subject.add_entry('L', new_resource.city) unless new_resource.city.nil?
+    subject.add_entry('O', new_resource.org) unless new_resource.org.nil?
+    subject.add_entry('OU', new_resource.org_unit) unless new_resource.org_unit.nil?
+    subject.add_entry('CN', new_resource.common_name)
+    subject.add_entry('emailAddress', new_resource.email) unless new_resource.email.nil?
+    subject
+  end
+
+  def ca_private_key
+    ca_private_key = if new_resource.csr_file.nil?
+                       key
+                     else
+                       ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
+                     end
+    ca_private_key
+  end
+
+  def ca_info
+    # Will contain issuer (if any) & expiration
+    ca_info = {}
+
+    unless new_resource.ca_cert_file.nil?
+      ca_info['issuer'] = ::OpenSSL::X509::Certificate.new ::File.read(new_resource.ca_cert_file)
+    end
+    ca_info['validity'] = new_resource.expire
+
+    ca_info
+  end
+
+  def extensions
+    extensions = gen_x509_extensions(new_resource.extensions)
+
+    unless new_resource.subject_alt_name.empty?
+      extensions += gen_x509_extensions('subjectAltName' => { 'values' => new_resource.subject_alt_name, 'critical' => false })
+    end
+
+    extensions
+  end
+
+  def cert
+    cert = gen_x509_cert(request, extensions, ca_info, ca_private_key)
+    cert
+  end
+end