File: pkcs12.pp

package info (click to toggle)
puppet-module-camptocamp-openssl 1.5.0-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, sid, trixie
  • size: 352 kB
  • sloc: ruby: 1,148; sh: 10; makefile: 4
file content (63 lines) | stat: -rw-r--r-- 1,472 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# == Definition: openssl::export::pkcs12
#
# Export a key pair to PKCS12 format
#
# == Parameters
#   [*basedir*]   - directory where you want the export to be done. Must exists
#   [*pkey*]      - private key
#   [*cert*]      - certificate
#   [*in_pass*]   - private key password
#   [*out_pass*]  - PKCS12 password
#   [*chaincert*] - chain certificate to include in pkcs12
#
define openssl::export::pkcs12(
  $basedir,
  $pkey,
  $cert,
  $ensure    = present,
  $chaincert = false,
  $in_pass   = false,
  $out_pass  = false,
) {
  case $ensure {
    'present': {
      $pass_opt = $in_pass ? {
        false   => '',
        default => "-passin pass:${in_pass}",
      }

      $passout_opt = $out_pass ? {
        false   => '',
        default => "-passout pass:${out_pass}",
      }

      $chain_opt = $chaincert ? {
        false   => '',
        default => "-chain -CAfile ${chaincert}",
      }

      $cmd = [
        'openssl pkcs12 -export',
        "-in ${cert}",
        "-inkey ${pkey}",
        "-out ${basedir}/${name}.p12",
        "-name ${name}",
        '-nodes -noiter',
        $chain_opt,
        $pass_opt,
        $passout_opt,
      ]

      exec {"Export ${name} to ${basedir}/${name}.p12":
        command => inline_template('<%= @cmd.join(" ") %>'),
        path    => $::path,
        creates => "${basedir}/${name}.p12",
      }
    }
    'absent': {
      file {"${basedir}/${name}.p12":
        ensure => absent,
      }
    }
  }
}