kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Update openssl cookbook

Browse Source
This commit is contained in:
Greg Karékinian
2017-04-07 18:19:28 +02:00
parent d5d3fb60c1
commit d49f28574c
20 changed files with 398 additions and 375 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cookbooks/openssl/libraries/helpers.rb
View File

@@ -20,7 +20,7 @@ module OpenSSLCookbook
def dhparam_pem_valid?(dhparam_pem_path)
# Check if the dhparam.pem file exists
# Verify the dhparam.pem file contains a key
return false unless File.exist?(dhparam_pem_path)
return false unless ::File.exist?(dhparam_pem_path)
dhparam = OpenSSL::PKey::DH.new File.read(dhparam_pem_path)
dhparam.params_ok?
end
@@ -28,21 +28,21 @@ module OpenSSLCookbook
def key_file_valid?(key_file_path, key_password = nil)
# Check if the key file exists
# Verify the key file contains a private key
return false unless File.exist?(key_file_path)
return false unless ::File.exist?(key_file_path)
key = OpenSSL::PKey::RSA.new File.read(key_file_path), key_password
key.private?
end
# Generators
def gen_dhparam(key_length, generator)
fail ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length)
fail TypeError, 'Generator must be an integer' unless generator.is_a?(Integer)
raise ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length)
raise TypeError, 'Generator must be an integer' unless generator.is_a?(Integer)
OpenSSL::PKey::DH.new(key_length, generator)
end
def gen_rsa_key(key_length)
fail ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length)
raise ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length)
OpenSSL::PKey::RSA.new(key_length)
end
@@ -50,8 +50,8 @@ module OpenSSLCookbook
# Key manipulation helpers
# Returns a pem string
def encrypt_rsa_key(rsa_key, key_password)
fail TypeError, 'rsa_key must be a Ruby OpenSSL::PKey::RSA object' unless rsa_key.is_a?(OpenSSL::PKey::RSA)
fail TypeError, 'RSA key password must be a string' unless key_password.is_a?(String)
raise TypeError, 'rsa_key must be a Ruby OpenSSL::PKey::RSA object' unless rsa_key.is_a?(OpenSSL::PKey::RSA)
raise TypeError, 'RSA key password must be a string' unless key_password.is_a?(String)
cipher = OpenSSL::Cipher::Cipher.new('des3')
rsa_key.to_pem(cipher, key_password)