diff options
author | Nimesh-Msys <nimesh.patni@msystechnologies.com> | 2019-02-20 15:32:24 +0530 |
---|---|---|
committer | Nimesh-Msys <nimesh.patni@msystechnologies.com> | 2019-02-25 11:17:01 +0530 |
commit | 8147abf3dec36be7f79659a75223236f0a444aad (patch) | |
tree | c8cde1d862f1ec67243c2df18dadc006671cc516 /lib/chef/resource/windows_certificate.rb | |
parent | da7e5ee1f93856d728d710274377ecb1c295e9bb (diff) | |
download | chef-8147abf3dec36be7f79659a75223236f0a444aad.tar.gz |
windows_certificate: Import root/nested certificates while importing P7B certificates
- P7B might contain multiple certificates and we should not miss the internal one while import.
- Added test cases and ensured chef-style
- Fixes: MSYS-977
Signed-off-by: Nimesh-Msys <nimesh.patni@msystechnologies.com>
Diffstat (limited to 'lib/chef/resource/windows_certificate.rb')
-rw-r--r-- | lib/chef/resource/windows_certificate.rb | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb index ebc846644b..d4ac9a29d6 100644 --- a/lib/chef/resource/windows_certificate.rb +++ b/lib/chef/resource/windows_certificate.rb @@ -61,22 +61,9 @@ class Chef # Extension of the certificate ext = ::File.extname(new_resource.source) - cert_obj = fetch_cert_object(ext) # Fetch OpenSSL::X509::Certificate object - thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint - # Need to check if return value is Boolean:true - # If not then the given certificate should be added in certstore - if verify_cert(thumbprint) == true - Chef::Log.debug("Certificate is already present") - else - converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do - if ext == ".pfx" - add_pfx_cert - else - add_cert(cert_obj) - end - end - end + # PFX certificates contains private keys and we import them with some other aproach + import_certificates(fetch_cert_object(ext), (ext == ".pfx")) end # acl_add is a modify-if-exists operation : not idempotent @@ -271,7 +258,7 @@ class Chef set_acl_script end - # Method returns an OpenSSL::X509::Certificate object + # Method returns an OpenSSL::X509::Certificate object. Might also return multiple certificates if present in certificate path # # Based on its extension, the certificate contents are used to initialize # PKCS12 (PFX), PKCS7 (P7B) objects which contains OpenSSL::X509::Certificate. @@ -296,7 +283,7 @@ class Chef when ".pfx" OpenSSL::PKCS12.new(contents, new_resource.pfx_password).certificate when ".p7b" - OpenSSL::PKCS7.new(contents).certificates.first + OpenSSL::PKCS7.new(contents).certificates else OpenSSL::X509::Certificate.new(contents) end @@ -307,6 +294,32 @@ class Chef def binary_cert? powershell_out!("file -b --mime-encoding #{new_resource.source}").stdout.strip == "binary" end + + # Imports the certificate object into cert store + # + # @param cert_objs [OpenSSL::X509::Certificate] Object containing certificate's attributes + # + # @param is_pfx [Boolean] true if we want to import a PFX certificate + # + def import_certificates(cert_objs, is_pfx) + [cert_objs].flatten.each do |cert_obj| + thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint + + # Need to check if return value is Boolean:true + # If not then the given certificate should be added in certstore + if verify_cert(thumbprint) == true + Chef::Log.debug("Certificate is already present") + else + converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do + if is_pfx + add_pfx_cert + else + add_cert(cert_obj) + end + end + end + end + end end end end |