Update cookbooks and add wordpress cookbook
This commit is contained in:
Greg Karékinian
133
cookbooks/windows/providers/certificate_binding.rb
Normal file
133
cookbooks/windows/providers/certificate_binding.rb
Normal file
@@ -0,0 +1,133 @@
|
||||
#
|
||||
# Author:: Richard Lavey (richard.lavey@calastone.com)
|
||||
# Cookbook Name:: windows
|
||||
# Provider:: certificate_binding
|
||||
#
|
||||
# Copyright:: 2015, Calastone Ltd.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# See https://msdn.microsoft.com/en-us/library/windows/desktop/cc307236%28v=vs.85%29.aspx for netsh info
|
||||
|
||||
include Chef::Mixin::ShellOut
|
||||
include Chef::Mixin::PowershellOut
|
||||
include Windows::Helper
|
||||
|
||||
# Support whyrun
|
||||
def whyrun_supported?
|
||||
true
|
||||
end
|
||||
|
||||
action :create do
|
||||
hash = @new_resource.name_kind == :subject ? getHashFromSubject : @new_resource.cert_name
|
||||
|
||||
if @current_resource.exists
|
||||
needsChange = (hash.casecmp(@current_hash) != 0)
|
||||
|
||||
if needsChange
|
||||
converge_by("Changing #{@current_resource.address}:#{@current_resource.port}") do
|
||||
deleteBinding
|
||||
setBinding hash
|
||||
end
|
||||
else
|
||||
Chef::Log.debug("#{@current_resource.address}:#{@current_resource.port} already bound to #{hash} - nothing to do")
|
||||
end
|
||||
else
|
||||
converge_by("Binding #{@current_resource.address}:#{@current_resource.port}") do
|
||||
setBinding hash
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
action :delete do
|
||||
if @current_resource.exists
|
||||
converge_by("Deleting #{@current_resource.address}:#{@current_resource.port}") do
|
||||
deleteBinding
|
||||
end
|
||||
else
|
||||
Chef::Log.debug("#{@current_resource.address}:#{@current_resource.port} not bound - nothing to do")
|
||||
end
|
||||
end
|
||||
|
||||
def load_current_resource
|
||||
@current_resource = Chef::Resource::WindowsCertificateBinding.new(@new_resource.name)
|
||||
@current_resource.cert_name(@new_resource.cert_name)
|
||||
@current_resource.name_kind(@new_resource.name_kind)
|
||||
@current_resource.address(@new_resource.address)
|
||||
@current_resource.port(@new_resource.port)
|
||||
@current_resource.store_name(@new_resource.store_name)
|
||||
|
||||
@command = locate_sysnative_cmd('netsh.exe')
|
||||
getCurrentHash
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def getCurrentHash
|
||||
cmd = shell_out("#{@command} http show sslcert ipport=#{@current_resource.address}:#{@current_resource.port}")
|
||||
Chef::Log.debug "netsh reports: #{cmd.stdout}"
|
||||
|
||||
if cmd.exitstatus == 0
|
||||
m = cmd.stdout.scan(/Certificate Hash\s+:\s?([A-Fa-f0-9]{40})/)
|
||||
if m.length == 0
|
||||
fail "Failed to extract hash from command output #{cmd.stdout}"
|
||||
else
|
||||
@current_hash = m[0][0]
|
||||
@current_resource.exists = true
|
||||
end
|
||||
else
|
||||
@current_resource.exists = false
|
||||
end
|
||||
end
|
||||
|
||||
def setBinding(hash)
|
||||
cmd = "#{@command} http add sslcert"
|
||||
cmd << " ipport=#{@current_resource.address}:#{@current_resource.port}"
|
||||
cmd << " certhash=#{hash}"
|
||||
cmd << " appid=#{@current_resource.app_id}"
|
||||
cmd << " certstorename=#{@current_resource.store_name}"
|
||||
checkHash hash
|
||||
|
||||
shell_out!(cmd)
|
||||
end
|
||||
|
||||
def deleteBinding
|
||||
shell_out!("#{@command} http delete sslcert ipport=#{@current_resource.address}:#{@current_resource.port}")
|
||||
end
|
||||
|
||||
def checkHash(hash)
|
||||
p = powershell_out!("Test-Path \"cert:\\LocalMachine\\#{@current_resource.store_name}\\#{hash}\"")
|
||||
|
||||
unless p.stderr.empty? && p.stdout =~ /True/i
|
||||
fail "A Cert with hash of #{hash} doesn't exist in keystore LocalMachine\\#{@current_resource.store_name}"
|
||||
end
|
||||
nil
|
||||
end
|
||||
|
||||
def getHashFromSubject
|
||||
# escape wildcard subject name (*.acme.com)
|
||||
subject = @current_resource.cert_name.sub(/\*/, '`*')
|
||||
ps_script = "& { gci cert:\\localmachine\\#{@current_resource.store_name} | where subject -like '*#{subject}*' | select -first 1 -expandproperty Thumbprint }"
|
||||
|
||||
Chef::Log.debug "Running PS script #{ps_script}"
|
||||
p = powershell_out!(ps_script)
|
||||
|
||||
if !p.stderr.nil? && p.stderr.length > 0
|
||||
fail "#{ps_script} failed with #{p.stderr}"
|
||||
elsif p.stdout.nil? || p.stdout.length == 0
|
||||
fail "Couldn't find thumbprint for subject #{@current_resource.cert_name}"
|
||||
end
|
||||
|
||||
p.stdout.strip
|
||||
end
|
||||
Reference in New Issue
Block a user