Defined Type: sslcert::x509_to_pkcs8
- Defined in:
- modules/sslcert/manifests/x509_to_pkcs8.pp
Summary
create pkcs8 file from a x509 public/private key pairOverview
SPDX-License-Identifier: Apache-2.0
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'modules/sslcert/manifests/x509_to_pkcs8.pp', line 11
define sslcert::x509_to_pkcs8 (
Wmflib::Ensure $ensure = 'present',
Stdlib::Unixpath $public_key = "/etc/ssl/localcerts/${title}.crt",
Stdlib::Unixpath $private_key = "/etc/ssl/private/${title}.key",
Stdlib::Unixpath $outfile = "/etc/ssl/localcerts/${title}.p12",
Optional[String[1]] $passphrase = undef,
String $owner = 'root',
String $group = 'root',
) {
ensure_packages(['openssl'])
$_passphrase = $passphrase ? {
undef => '-nocrypt',
default => "-passin ${passphrase}",
}
$convert_cmd = "/usr/bin/openssl pkcs8 -topk8 -in ${private_key} ${_passphrase} -out ${outfile}"
$check_certificates_match = @("CHECK_CERTIFICATES_MATCH_COMMAND"/L)
/usr/bin/test \
"$(/usr/bin/openssl x509 -in ${public_key} -noout -pubkey 2>&1)" == \
"$(/usr/bin/openssl pkey -pubout -in ${outfile} 2>&1)"
| CHECK_CERTIFICATES_MATCH_COMMAND
if $ensure == 'present' {
exec { "Convert ${title} private key to PCKS#8 format":
command => $convert_cmd,
unless => $check_certificates_match,
require => Package['openssl'],
before => File[$outfile]
}
}
file {$outfile:
ensure => $ensure,
owner => $owner,
group => $group,
mode => '0440',
}
}
|