Commit 5ee020d8 authored by Tim Smith's avatar Tim Smith
Browse files

Add openssl_rsa_public key resource



Converts a private key to a public key
Signed-off-by: default avatarTim Smith <tsmith@chef.io>
parent d30a4217
......@@ -45,12 +45,18 @@ module OpenSSLCookbook
OpenSSL::PKey::DH.new(key_length, generator)
end
def gen_rsa_key(key_length)
# Given the key length generate an RSA private key
def gen_rsa_priv_key(key_length)
raise ArgumentError, 'Key length must be a power of 2 greater than or equal to 1024' unless key_length_valid?(key_length)
OpenSSL::PKey::RSA.new(key_length)
end
def gen_rsa_pub_key(priv_key_path, key_type, priv_key_password = nil)
key = OpenSSL::PKey::RSA.new File.read(priv_key_path), priv_key_password
key.public_key.to_pem
end
# Key manipulation helpers
# Returns a pem string
def encrypt_rsa_key(rsa_key, key_password, key_cipher)
......
......@@ -19,10 +19,10 @@ action :create do
"RSA key file at #{new_resource.path}, this may take some time"
if new_resource.key_pass
unencrypted_rsa_key = gen_rsa_key(new_resource.key_length)
unencrypted_rsa_key = gen_rsa_priv_key(new_resource.key_length)
rsa_key_content = encrypt_rsa_key(unencrypted_rsa_key, new_resource.key_pass, new_resource.cipher)
else
rsa_key_content = gen_rsa_key(new_resource.key_length).to_pem
rsa_key_content = gen_rsa_priv_key(new_resource.key_length).to_pem
end
file new_resource.path do
......
include OpenSSLCookbook::Helpers
property :path, String, name_property: true
property :type, equal_to: %w(pkcs openssh), default: 'pkcs'
property :private_key_path, String, required: true
property :private_key_pass, String
property :owner, String, default: 'root'
property :group, String, default: node['root_group']
property :mode, [Integer, String], default: '0640'
action :create do
converge_by("Create an RSA public key #{new_resource.path} from #{new_resource.private_key_path}") do
raise "#{new_resource.private_key_path} not a valid private RSA key or password is invalid" unless priv_key_file_valid?(new_resource.private_key_path, new_resource.private_key_pass)
rsa_key_content = gen_rsa_pub_key(new_resource.private_key_path, new_resource.type, new_resource.private_key_pass)
file new_resource.path do
action :create
owner new_resource.owner
group new_resource.group
mode new_resource.mode
content rsa_key_content
end
end
end
......@@ -176,18 +176,18 @@ describe OpenSSLCookbook::Helpers do
end
end
describe '#gen_rsa_key' do
describe '#gen_rsa_priv_key' do
context 'When given an invalid key length' do
it 'Throws an ArgumentError' do
expect do
instance.gen_rsa_key(4093)
instance.gen_rsa_priv_key(4093)
end.to raise_error(ArgumentError)
end
end
context 'When a proper key length is given' do
it 'Generates an RSA key object' do
expect(instance.gen_rsa_key(1024)).to be_kind_of(OpenSSL::PKey::RSA)
expect(instance.gen_rsa_priv_key(1024)).to be_kind_of(OpenSSL::PKey::RSA)
end
end
end
......
......@@ -64,6 +64,11 @@ openssl_rsa_key '/etc/ssl_test/rsakey_aes128cbc.pem' do
action :create
end
openssl_rsa_public_key '/etc/ssl_test/rsakey_des3.pub' do
private_key_path '/etc/ssl_test/rsakey_des3.pem'
action :create
end
#
# X509 HERE
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment