Project

General

Profile

Download (1.85 KB) Statistics
| Branch: | Tag: | Revision:

puppet-certs/lib/puppet/provider/truststore_certificate/keytool.rb @ de946a47

Puppet::Type.type(:truststore_certificate).provide(:keytool) do
commands :keytool => 'keytool'
commands :openssl => 'openssl'

def create
add_certificate
end

def destroy
delete_certificate
end

def exists?
truststore_content
end

def certificate
truststore_fingerprint
end

def certificate=(value)
delete_certificate unless truststore_content.nil?
add_certificate
end

def fingerprint(file)
return unless File.exist?(file)

openssl('x509', '-noout', '-fingerprint', '-in', file).strip.split('=')[1]
end

def file_readable?(file)
File.file?(file) && File.readable?(file)
end

private

def add_certificate
keytool(
'-import',
'-v',
'-noprompt',
'-storetype',
'pkcs12',
'-keystore',
resource[:truststore],
'-alias',
resource[:alias],
'-file',
resource[:certificate],
'-storepass:file',
resource[:password_file]
)
end

def delete_certificate
keytool(
'-delete',
'-v',
'-noprompt',
'-keystore',
resource[:truststore],
'-alias',
resource[:alias],
'-storepass:file',
resource[:password_file]
)
end

def truststore_content
return unless file_readable?(resource[:truststore])
return unless file_readable?(resource[:password_file])

keytool(
'-list',
'-keystore', resource[:truststore],
'-storepass:file', resource[:password_file],
'-alias', resource[:alias],
)
rescue Puppet::ExecutionFailure => e
Puppet.debug("Failed to read truststore contents: #{e}")
# TODO: distinguish between invalid password, alias doesn't exist and others?
nil
end

def truststore_fingerprint
# TODO: include fingerprint type in the output?
truststore_content&.scan(/^Certificate fingerprint \(SHA1\): (.+)$/)&.first&.first
end
end
    (1-1/1)