diff options
| author | Julien Huon <julien@huon.email> | 2019-12-25 15:08:10 +0100 |
|---|---|---|
| committer | Julien Huon <julien@huon.email> | 2019-12-25 15:08:10 +0100 |
| commit | afc883e252f6e158323e55892525fd4f7cb15bcc (patch) | |
| tree | 3d68bea83aa44037c9e42ba0bac6050db456a232 /lib/chef/mixin/openssl_helper.rb | |
| parent | f5f618321ff524cfe5c8cafdf3bdaca55485cd9b (diff) | |
| download | chef-afc883e252f6e158323e55892525fd4f7cb15bcc.tar.gz | |
Add the capability to automatically renew a certificate with x509_certificate resource
Signed-off-by: Julien Huon <julien@huon.email>
Diffstat (limited to 'lib/chef/mixin/openssl_helper.rb')
| -rw-r--r-- | lib/chef/mixin/openssl_helper.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/chef/mixin/openssl_helper.rb b/lib/chef/mixin/openssl_helper.rb index 5a4bd6077a..28388453c5 100644 --- a/lib/chef/mixin/openssl_helper.rb +++ b/lib/chef/mixin/openssl_helper.rb @@ -401,6 +401,30 @@ class Chef crl.sign(ca_private_key, ::OpenSSL::Digest::SHA256.new) crl end + + # Return true if a certificate need to be renewed (or doesn't exist) according to the number + # of days before expiration given + # @param [string] cert_file path of the cert file or cert content + # @param [integer] renew_before_expiry number of days before expiration + # @return [true, false] + def cert_need_renewall?(cert_file, renew_before_expiry) + raise TypeError, 'cert_file must be a String object' unless cert_file.is_a?(String) + raise TypeError, 'renew_before_expiry must be a Integer object' unless renew_before_expiry.is_a?(Integer) + + resp = true + cert_content = ::File.exist?(cert_file) ? File.read(cert_file) : cert_file + begin + cert = OpenSSL::X509::Certificate.new cert_content + rescue ::OpenSSL::X509::CertificateError + return resp + end + + unless cert.not_after <= Time.now + 3600 * 24 * renew_before_expiry + resp = false + end + + resp + end end end end |