Vendor the external cookbooks

Knife-Zero doesn't include Berkshelf support, so vendoring everything in
the repo is convenient again

cookbooks/openssl/resources/x509_request.rb

@@ -0,0 +1,98 @@
+#
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+chef_version_for_provides '< 14.4' if respond_to?(:chef_version_for_provides)
+resource_name :openssl_x509_request
+
+include OpenSSLCookbook::Helpers
+
+property :path,             String, name_property: true
+property :owner,            String
+property :group,            String
+property :mode,             [Integer, String], default: '0644'
+property :country,          String
+property :state,            String
+property :city,             String
+property :org,              String
+property :org_unit,         String
+property :common_name,      String, required: true
+property :email,            String
+property :key_file,         String
+property :key_pass,         String
+property :key_type,         equal_to: %w(rsa ec), default: 'ec'
+property :key_length,       equal_to: [1024, 2048, 4096, 8192], default: 2048
+property :key_curve,        equal_to: %w(secp384r1 secp521r1 prime256v1), default: 'prime256v1'
+
+action :create do
+  unless ::File.exist? new_resource.path
+    converge_by("Create CSR #{@new_resource}") do
+      file new_resource.name do
+        owner new_resource.owner unless new_resource.owner.nil?
+        group new_resource.group unless new_resource.group.nil?
+        mode new_resource.mode
+        content csr.to_pem
+        action :create
+      end
+
+      file new_resource.key_file do
+        mode new_resource.mode
+        owner new_resource.owner unless new_resource.owner.nil?
+        group new_resource.group unless new_resource.group.nil?
+        content key.to_pem
+        sensitive true
+        action :create_if_missing
+      end
+    end
+  end
+end
+
+action_class do
+  def generate_key_file
+    unless new_resource.key_file
+      path, file = ::File.split(new_resource.path)
+      filename = ::File.basename(file, ::File.extname(file))
+      new_resource.key_file path + '/' + filename + '.key'
+    end
+    new_resource.key_file
+  end
+
+  def key
+    @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
+               ::OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
+             elsif new_resource.key_type == 'rsa'
+               gen_rsa_priv_key(new_resource.key_length)
+             else
+               gen_ec_priv_key(new_resource.key_curve)
+             end
+    @key
+  end
+
+  def subject
+    csr_subject = ::OpenSSL::X509::Name.new()
+    csr_subject.add_entry('C', new_resource.country) unless new_resource.country.nil?
+    csr_subject.add_entry('ST', new_resource.state) unless new_resource.state.nil?
+    csr_subject.add_entry('L', new_resource.city) unless new_resource.city.nil?
+    csr_subject.add_entry('O', new_resource.org) unless new_resource.org.nil?
+    csr_subject.add_entry('OU', new_resource.org_unit) unless new_resource.org_unit.nil?
+    csr_subject.add_entry('CN', new_resource.common_name)
+    csr_subject.add_entry('emailAddress', new_resource.email) unless new_resource.email.nil?
+    csr_subject
+  end
+
+  def csr
+    gen_x509_request(subject, key)
+  end
+end