Initial Chef repository

cookbooks/openssl/providers/x509.rb

@@ -0,0 +1,94 @@
+#
+# x509 self signed cert provider
+#
+# Author:: Jesse Nelson <spheromak@gmail.com>
+#
+require 'openssl'
+
+use_inline_resources
+
+attr_reader :key_file, :key, :cert, :ef
+
+action :create  do
+  unless ::File.exists? new_resource.name
+    create_keys
+    cert_content = cert.to_pem
+    key_content = key.to_pem
+
+    file new_resource.name do
+      action :create_if_missing
+      mode  new_resource.mode
+      owner new_resource.owner
+      group new_resource.group
+      content cert_content
+    end
+
+    file new_resource.key_file do
+      action :create_if_missing
+      mode  new_resource.mode
+      owner new_resource.owner
+      group new_resource.group
+      content key_content
+    end
+
+  end
+end
+
+protected
+
+  def key_file
+    unless new_resource.key_file
+      path, file= ::File.split(new_resource.name)
+      filename  = ::File.basename(file, ::File.extname(file) )
+      new_resource.key_file  path + "/" + filename + ".key"
+    end
+    new_resource.key_file
+  end
+
+  def key
+    @key ||= if ::File.exists? key_file
+               OpenSSL::PKey::RSA.new File.read(key_file), new_resource.key_pass
+             else
+               OpenSSL::PKey::RSA.new(new_resource.key_length)
+             end
+    @key
+  end
+
+  def cert
+    @cert ||= OpenSSL::X509::Certificate.new
+  end
+
+  def gen_cert
+    cert
+    cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
+    cert.not_before = Time.now
+    cert.not_after = Time.now + (new_resource.expire.to_i * 24 * 60 * 60)
+    cert.public_key = key.public_key
+    cert.serial = 0x0
+    cert.version = 2
+  end
+
+  def subject
+    @subject ||= "/C="  + new_resource.country +
+                 "/O="  + new_resource.org +
+                 "/OU=" + new_resource.org_unit +
+                 "/CN=" + new_resource.common_name
+  end
+
+  def extensions
+    [
+      ef.create_extension("basicConstraints","CA:TRUE", true),
+      ef.create_extension("subjectKeyIdentifier", "hash"),
+    ]
+  end
+
+  def create_keys
+    gen_cert
+    @ef ||= OpenSSL::X509::ExtensionFactory.new
+    ef.subject_certificate = cert
+    ef.issuer_certificate = cert
+    cert.extensions = extensions
+    cert.add_extension ef.create_extension("authorityKeyIdentifier",
+                                       "keyid:always,issuer:always")
+    cert.sign key, OpenSSL::Digest::SHA1.new
+  end