diff options
| author | Nimesh-Msys <nimesh.patni@msystechnologies.com> | 2019-02-12 15:57:15 +0530 |
|---|---|---|
| committer | Tim Smith <tsmith@chef.io> | 2019-03-04 10:00:01 -0800 |
| commit | cc111ec75b22d0bd94301aa164a73a0734838473 (patch) | |
| tree | e3c04609528dac94b0932e9da4c5e8685ccacdf5 | |
| parent | 98777cd43824fe4d412edde672f330f30ed40ac3 (diff) | |
| download | chef-cc111ec75b22d0bd94301aa164a73a0734838473.tar.gz | |
Windows Certificate: Add support to import Base 64 encoded CER certificates
- Till now, cer certificates were only considered to be in binary format (DER)
- They can also be base-64 encoded(PEM)
- We should only append "inform DER" only if it is a binary certificate, otherwise, default ("inform PEM") would support base64 encoded certificates.
- Added test caes
- Ensured Chef style
Signed-off-by: Nimesh-Msys <nimesh.patni@msystechnologies.com>
| -rw-r--r-- | lib/chef/resource/windows_certificate.rb | 9 | ||||
| -rw-r--r-- | spec/data/windows_certificates/base64_test.cer | 22 | ||||
| -rw-r--r-- | spec/functional/resource/windows_certificate_spec.rb | 16 |
3 files changed, 46 insertions, 1 deletions
diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb index 0dc8ee31b2..b5926da92b 100644 --- a/lib/chef/resource/windows_certificate.rb +++ b/lib/chef/resource/windows_certificate.rb @@ -278,7 +278,9 @@ class Chef def convert_pem(ext) out = case ext when ".crt", ".cer", ".der" - powershell_out("openssl x509 -text -inform DER -in #{new_resource.source} -outform PEM") + command = "openssl x509 -text -in #{new_resource.source} -outform PEM" + command += " -inform DER" if binary_cert? + powershell_out(command) when ".pfx" powershell_out("openssl pkcs12 -in #{new_resource.source} -nodes -passin pass:'#{new_resource.pfx_password}'") when ".p7b" @@ -300,6 +302,11 @@ class Chef end_cert = "-----END CERTIFICATE-----" begin_cert + out[/#{begin_cert}(.*?)#{end_cert}/m, 1] + end_cert end + + # Checks if the certificate is binary encoded or not + def binary_cert? + powershell_out("file -b --mime-encoding #{new_resource.source}").stdout.strip == "binary" + end end end diff --git a/spec/data/windows_certificates/base64_test.cer b/spec/data/windows_certificates/base64_test.cer new file mode 100644 index 0000000000..0d90bf81e3 --- /dev/null +++ b/spec/data/windows_certificates/base64_test.cer @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQNH6iXZnEKbFOEQ7D9f9iCTANBgkqhkiG9w0BAQsFADBK +MSMwIQYDVQQDDBpBIEJhc2U2NCBEdW1teSBDZXJ0aWZpY2F0ZTEjMCEGCSqGSIb3 +DQEJARYUdGVzdGJ5cnNwZWNAY2hlZi5jb20wHhcNMTkwMjEyMDk1ODM2WhcNMjAw +MjEyMTAxODM2WjBKMSMwIQYDVQQDDBpBIEJhc2U2NCBEdW1teSBDZXJ0aWZpY2F0 +ZTEjMCEGCSqGSIb3DQEJARYUdGVzdGJ5cnNwZWNAY2hlZi5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSy2Qlf2k1X3y/YgEjnvD0K8NeKgXKKi62 +RHRMTJ2+6KSg+I1MqHZC+BVrfzehuJVby5kM7tGLF8FvM3q7X/5oSPg8pvLZzIV0 +pBrpVPCTYw8fnlmFKBt/+m2XOqsWyL59yP+p66SHAKmoLYTGu8dkGvgJn3dwKNen +VFmwadteVfKs2wFW/ZwUxH4aLloCa8KSyqstIXrYQmdqqFOSuEgkynalD19dozSv +QtkQ9FZPuFGDwNpdO7OrcjE1lTUlzuth7CqV/pj4GYJhK/PPtO8Ing/BtwZm5XB8 +2yvvLVnL7Y/hikg2ENKA9fOYk52zR/kkd7d8qoJva7WlYEXTZvpdAgMBAAGjcDBu +MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw +HgYDVR0RBBcwFYITd3d3LnRlc3RieXJzcGVjLmNvbTAdBgNVHQ4EFgQUuL1l247K +h+cVH9LehmQgXuV8F6MwDQYJKoZIhvcNAQELBQADggEBAMTJW5tSZ/g2AP45EUwj +PLDnDLY4YnsJDQ7Jo58EAY6givUc+ZnKRWxYAYNBOKcqDM5E4pXi3Fa1lKYR1vMu +5AThPaDXhv18ljGAs21MYt9hl7PqdzbfX4ejF+jCD4UrE8bGtxuDc1WQ2HbeJtdj +0j7BPPNXfcvPAIyX3BEOQFUPgvVAqzWMQLpdUKg+sNUJZijqKQv11xVALGHtxqGB +1MFrdl6D/idODfhcdo2n1tBMyOGhHwEOBLqB1PTH72g5J4BVx4iwH/gh8PRmMy0P +eJkNspgOBGPOhNpe7bhmK45MBuJpmjyl/CYCqtQvaEdpbuRQIgc2e+YRMfR71qYp +Em8= +-----END CERTIFICATE----- diff --git a/spec/functional/resource/windows_certificate_spec.rb b/spec/functional/resource/windows_certificate_spec.rb index f60b63ade9..a9ed99d318 100644 --- a/spec/functional/resource/windows_certificate_spec.rb +++ b/spec/functional/resource/windows_certificate_spec.rb @@ -60,6 +60,7 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do let(:store) { "Chef-Functional-Test" } let(:certificate_path) { File.expand_path(File.join(CHEF_SPEC_DATA, "windows_certificates")) } let(:cer_path) { File.join(certificate_path, "test.cer") } + let(:base64_path) { File.join(certificate_path, "base64_test.cer") } let(:pem_path) { File.join(certificate_path, "test.pem") } let(:pfx_path) { File.join(certificate_path, "test.pfx") } let(:out_path) { File.join(certificate_path, "testout.pem") } @@ -174,6 +175,21 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do end end + context "Adds Base64 Encoded CER" do + before do + win_certificate.source = base64_path + win_certificate.run_action(:create) + end + it "Imports certificate into store" do + expect(no_of_certificates).to eq(1) + end + it "Idempotent: Does not converge while adding again" do + win_certificate.run_action(:create) + expect(no_of_certificates).to eq(1) + expect(win_certificate).not_to be_updated_by_last_action + end + end + context "Adds PEM" do before do win_certificate.source = pem_path |