.gitattributes

@@ -1,5 +1,5 @@
-#This file is generated by ModuleSync, do not edit.
 *.rb eol=lf
 *.erb eol=lf
 *.pp eol=lf
 *.sh eol=lf
+*.epp eol=lf

.pdkignore

@@ -22,3 +22,16 @@
 /convert_report.txt
 /update_report.txt
 .DS_Store
+/appveyor.yml
+/.fixtures.yml
+/Gemfile
+/.gitattributes
+/.gitignore
+/.gitlab-ci.yml
+/.pdkignore
+/Rakefile
+/.rspec
+/.rubocop.yml
+/.travis.yml
+/.yardopts
+/spec/

.puppet-lint.rc

@@ -0,0 +1 @@
+--relative

.travis.yml

@@ -1,19 +1,18 @@
 ---
-sudo: false
 dist: trusty
 language: ruby
 cache: bundler
 before_install:
   - bundle -v
   - rm -f Gemfile.lock
-  - gem update --system
+  - gem update --system $RUBYGEMS_VERSION
   - gem --version
   - bundle -v
 script:
   - 'bundle exec rake $CHECK'
 bundler_args: --without system_tests
 rvm:
-  - 2.5.0
+  - 2.5.1
 env:
   global:
     - BEAKER_PUPPET_COLLECTION=puppet6 PUPPET_GEM_VERSION="~> 6.0"
@@ -24,15 +23,15 @@ matrix:
       bundler_args: 
       dist: trusty
       env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=docker/centos-7 BEAKER_TESTMODE=apply
-      rvm: 2.5.0
+      rvm: 2.5.1
       script: bundle exec rake beaker
       services: docker
       sudo: required
     -
       bundler_args: 
       dist: trusty
       env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=docker/ubuntu-14.04 BEAKER_TESTMODE=apply
-      rvm: 2.5.0
+      rvm: 2.5.1
       script: bundle exec rake beaker
       services: docker
       sudo: required
@@ -43,9 +42,6 @@ matrix:
     -
       env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec
       rvm: 2.4.4
-    -
-      env: PUPPET_GEM_VERSION="~> 4.0" CHECK=parallel_spec
-      rvm: 2.1.9
 branches:
   only:
     - master

CHANGELOG.md

@@ -2,33 +2,40 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
-## [2.3.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/2.3.0) (2018-09-27)
+## [2.4.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/2.4.0) (2019-02-19)
 
-[Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/2.2.0...2.3.0)
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/2.3.0...2.4.0)
 
 ### Added
 
-- \(FM-7238\) - Addition of support for Ubuntu 18.04 [\#237](https://github.com/puppetlabs/puppetlabs-java_ks/pull/237) ([david22swan](https://github.com/david22swan))
+- \(MODULES-8146\) - Add SLES 15 support [\#255](https://github.com/puppetlabs/puppetlabs-java_ks/pull/255) ([eimlav](https://github.com/eimlav))
 
 ### Fixed
 
-- \(MODULES-1997\) - Update the target when the cert chain changes [\#233](https://github.com/puppetlabs/puppetlabs-java_ks/pull/233) ([johngmyers](https://github.com/johngmyers))
+- \(MODULES-8549\) - Bump of Java version used for test [\#260](https://github.com/puppetlabs/puppetlabs-java_ks/pull/260) ([david22swan](https://github.com/david22swan))
+- pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#257](https://github.com/puppetlabs/puppetlabs-java_ks/pull/257) ([tphoney](https://github.com/tphoney))
+- Fix provider so "latest" gets the MD5 AND SHA1 hashes for comparing [\#252](https://github.com/puppetlabs/puppetlabs-java_ks/pull/252) ([absltkaos](https://github.com/absltkaos))
+- \(FM-7505\) - Bumping Windows jdk version to 8.0.191 [\#251](https://github.com/puppetlabs/puppetlabs-java_ks/pull/251) ([pmcmaw](https://github.com/pmcmaw))
+- \(MODULES-8125\) Fix unnecessary change when using intermediate certificates [\#250](https://github.com/puppetlabs/puppetlabs-java_ks/pull/250) ([johngmyers](https://github.com/johngmyers))
+
+## [2.3.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/2.3.0) (2018-09-27)
 
-### UNCATEGORIZED PRS; GO LABEL THEM
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/2.2.0...2.3.0)
+
+### Changed
+
+- \[FM-6966\] Removal of unsupported OS from java\_ks [\#230](https://github.com/puppetlabs/puppetlabs-java_ks/pull/230) ([david22swan](https://github.com/david22swan))
+
+### Added
 
-- pdksync - \(FM-7392\) - Puppet 6 Testing Changes [\#247](https://github.com/puppetlabs/puppetlabs-java_ks/pull/247) ([pmcmaw](https://github.com/pmcmaw))
 - pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#246](https://github.com/puppetlabs/puppetlabs-java_ks/pull/246) ([tphoney](https://github.com/tphoney))
-- \(FM-7345\) - Update to test output to account for windows changes [\#243](https://github.com/puppetlabs/puppetlabs-java_ks/pull/243) ([david22swan](https://github.com/david22swan))
-- pdksync - \(MODULES-7658\) use beaker4 in puppet-module-gems [\#242](https://github.com/puppetlabs/puppetlabs-java_ks/pull/242) ([tphoney](https://github.com/tphoney))
+- \(FM-7238\) - Addition of support for Ubuntu 18.04 [\#237](https://github.com/puppetlabs/puppetlabs-java_ks/pull/237) ([david22swan](https://github.com/david22swan))
+
+### Fixed
+
 - \(MODULES-7632\) - Update README Limitations section [\#239](https://github.com/puppetlabs/puppetlabs-java_ks/pull/239) ([eimlav](https://github.com/eimlav))
-- \(FM-7277\) Fix incorrect reference [\#238](https://github.com/puppetlabs/puppetlabs-java_ks/pull/238) ([beergeek](https://github.com/beergeek))
-- \(FM-7218\) Bump to java test version on windows. [\#234](https://github.com/puppetlabs/puppetlabs-java_ks/pull/234) ([david22swan](https://github.com/david22swan))
-- PDK Update 1.5.0 [\#232](https://github.com/puppetlabs/puppetlabs-java_ks/pull/232) ([david22swan](https://github.com/david22swan))
+- \(MODULES-1997\) - Update the target when the cert chain changes [\#233](https://github.com/puppetlabs/puppetlabs-java_ks/pull/233) ([johngmyers](https://github.com/johngmyers))
 - \(MODULES-6342\) Update pathing for new java in \#229 [\#231](https://github.com/puppetlabs/puppetlabs-java_ks/pull/231) ([hunner](https://github.com/hunner))
-- \[FM-6966\] Removal of unsupported OS from java\_ks [\#230](https://github.com/puppetlabs/puppetlabs-java_ks/pull/230) ([david22swan](https://github.com/david22swan))
-- \(MODULES-6918\) update jdk version in spec\_helper\_acceptance [\#229](https://github.com/puppetlabs/puppetlabs-java_ks/pull/229) ([eputnam](https://github.com/eputnam))
-- \(MODULES-7153\) - Run release\_checks againt 2.4.1 and unmanage gitlabs-ci [\#227](https://github.com/puppetlabs/puppetlabs-java_ks/pull/227) ([pmcmaw](https://github.com/pmcmaw))
-- Release mergeback 2.2.0 [\#225](https://github.com/puppetlabs/puppetlabs-java_ks/pull/225) ([pmcmaw](https://github.com/pmcmaw))
 
 ## 2.2.0
 ### Summary

Gemfile

@@ -21,7 +21,8 @@ group :development do
   gem "fast_gettext",                                  require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
   gem "json_pure", '<= 2.0.1',                         require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
   gem "json", '= 1.8.1',                               require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
-  gem "json", '<= 2.0.4',                              require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4')
+  gem "json", '= 2.0.4',                               require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.1.0',                               require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
   gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby]
   gem "puppet-module-posix-dev-r#{minor_version}",     require: false, platforms: [:ruby]
   gem "puppet-module-win-default-r#{minor_version}",   require: false, platforms: [:mswin, :mingw, :x64_mingw]

Rakefile

@@ -2,6 +2,7 @@ require 'puppetlabs_spec_helper/rake_tasks'
 require 'puppet-syntax/tasks/puppet-syntax'
 require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
 require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any?
+require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any?
 
 def changelog_user
   return unless Rake.application.top_level_tasks.include? "changelog"

appveyor.yml

@@ -1,5 +1,8 @@
 ---
 version: 1.1.x.{build}
+branches:
+  only:
+    - master
 skip_commits:
   message: /^\(?doc\)?.*/
 clone_depth: 10
@@ -14,14 +17,6 @@ environment:
     -
       RUBY_VERSION: 24-x64
       CHECK: syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop
-    -
-      PUPPET_GEM_VERSION: ~> 4.0
-      RUBY_VERSION: 21
-      CHECK: spec
-    -
-      PUPPET_GEM_VERSION: ~> 4.0
-      RUBY_VERSION: 21-x64
-      CHECK: spec
     -
       PUPPET_GEM_VERSION: ~> 5.0
       RUBY_VERSION: 24

lib/puppet/provider/java_ks/keytool.rb

@@ -188,7 +188,14 @@ def latest
         '-v', '-printcert', '-file', certificate
       ]
       output = run_command(cmd)
-      latest = output.scan(%r{SHA1:\s+(.*)})[0][0]
+      if chain
+        cmd = [
+          command_keytool,
+          '-v', '-printcert', '-file', chain
+        ]
+        output += run_command(cmd)
+      end
+      latest = extract_fingerprint(output)
       latest
     end
   end

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-java_ks",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "author": "puppetlabs",
   "summary": "Manage arbitrary Java keystore files",
   "license": "Apache-2.0",
@@ -46,7 +46,8 @@
       "operatingsystem": "SLES",
       "operatingsystemrelease": [
         "11 SP1",
-        "12"
+        "12",
+        "15"
       ]
     },
     {
@@ -80,11 +81,13 @@
     {
       "operatingsystem": "Windows",
       "operatingsystemrelease": [
-        "Server 2008 R2",
-        "Server 2012",
-        "Server 2012 R2",
+        "2008 R2",
+        "2012",
+        "2012 R2",
+        "2016",
         "7",
-        "8.1"
+        "8.1",
+        "10"
       ]
     }
   ],
@@ -95,7 +98,7 @@
     }
   ],
   "description": "Uses a combination of keytool and Ruby openssl library to manage entries in a Java keystore.",
-  "template-url": "https://github.com/puppetlabs/pdk-templates",
-  "template-ref": "heads/master-0-g8fc95db",
-  "pdk-version": "1.7.0"
-}
+  "template-url": "https://github.com/puppetlabs/pdk-templates/",
+  "template-ref": "1.9.0-0-g7281db5",
+  "pdk-version": "1.9.0"
+}

spec/acceptance/chain_key_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper_acceptance'
 
-describe 'managing combined java chain keys' do
+describe 'managing intermediate certificates' do
   # rubocop:disable RSpec/InstanceVariable : Instance variables are inherited and thus cannot be contained within lets
   describe 'managing combined java chain keys', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
     include_context 'common variables'
@@ -18,6 +18,7 @@
       MANIFEST
 
       apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
     end
 
     expectations = [
@@ -51,6 +52,7 @@
       MANIFEST
 
       apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
 
       expectations = [
         %r{Alias name: broker\.example\.com},
@@ -86,6 +88,7 @@
       MANIFEST
 
       apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
     end
 
     expectations = [
@@ -120,6 +123,7 @@
       MANIFEST
 
       apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
 
       expectations = [
         %r{Alias name: broker\.example\.com},

spec/acceptance/destkeypass_spec.rb

@@ -18,6 +18,7 @@
     MANIFEST
 
     apply_manifest(pp, catch_failures: true)
+    apply_manifest(pp, catch_changes: true)
   end
 
   it 'can make a cert req with the right password #zero' do
@@ -35,7 +36,7 @@
 
   it 'cannot make a cert req with the wrong password' do
     shell("\"#{@keytool_path}keytool\" -certreq -alias broker.example.com -v "\
-     "-keystore #{target} -storepass testpass -keypass qwert",
+     "-keystore #{target} -storepass qwert -keypass qwert",
           acceptable_exit_codes: 1)
   end
 end

spec/acceptance/keystore_failed_password_spec.rb

@@ -53,6 +53,7 @@
     MANIFEST
 
     apply_manifest(pp_two, catch_failures: true)
+    apply_manifest(pp_two, catch_changes: true)
   end
 
   it 'verifies the keystore again #zero' do

spec/acceptance/keystore_spec.rb

@@ -62,38 +62,40 @@
     end
   end
 
-  describe 'storetype' do
-    it 'creates a keystore' do
-      pp = <<-MANIFEST
-        java_ks { 'puppetca:keystore':
-          ensure       => latest,
-          certificate  => "#{@temp_dir}ca.pem",
-          target       => '#{target}',
-          password     => 'puppet',
-          trustcacerts => true,
-          path         => #{@resource_path},
-          storetype    => 'jceks',
-        }
-      MANIFEST
+  unless fact('operatingsystemmajrelease') == '18.04'
+    describe 'storetype' do
+      it 'creates a keystore' do
+        pp = <<-MANIFEST
+          java_ks { 'puppetca:keystore':
+            ensure       => latest,
+            certificate  => "#{@temp_dir}ca.pem",
+            target       => '#{target}',
+            password     => 'puppet',
+            trustcacerts => true,
+            path         => #{@resource_path},
+            storetype    => 'jceks',
+          }
+        MANIFEST
 
-      apply_manifest(pp, catch_failures: true)
-      apply_manifest(pp, catch_changes: true)
-    end
+        apply_manifest(pp, catch_failures: true)
+        apply_manifest(pp, catch_changes: true)
+      end
 
-    expectations = [
-      %r{Your keystore contains 2 entries},
-      %r{Alias name: puppetca},
-      %r{CN=Test CA},
-    ]
-    it 'verifies the keystore #zero' do
-      shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
-        expect(r.exit_code).to be_zero
+      expectations = [
+        %r{Your keystore contains 2 entries},
+        %r{Alias name: puppetca},
+        %r{CN=Test CA},
+      ]
+      it 'verifies the keystore #zero' do
+        shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
+          expect(r.exit_code).to be_zero
+        end
       end
-    end
-    it 'verifies the keytore #expected' do
-      shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
-        expectations.each do |expect|
-          expect(r.stdout).to match(expect)
+      it 'verifies the keytore #expected' do
+        shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
+          expectations.each do |expect|
+            expect(r.stdout).to match(expect)
+          end
         end
       end
     end

spec/acceptance/pkcs12_spec.rb

@@ -60,6 +60,7 @@
       MANIFEST
 
       apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
 
       expectations = if fact('osfamily') == 'windows'
                        [
@@ -178,9 +179,12 @@
         end
       end
     end
-    it 'verifies the private key password' do
-      shell("\"#{@keytool_path}keytool\" -keypasswd -keystore #{target} -storepass puppet -alias leaf_cert -keypass abcdef123456 -new pass1234") do |r|
-        expect(r.exit_code).to be_zero
+    # -keypasswd commands not supported if -storetype is PKCS12 on ubuntu 18.04 with current java version
+    unless fact('operatingsystemmajrelease') == '18.04'
+      it 'verifies the private key password' do
+        shell("\"#{@keytool_path}keytool\" -keypasswd -keystore #{target} -storepass puppet -alias leaf_cert -keypass abcdef123456 -new pass1234") do |r|
+          expect(r.exit_code).to be_zero
+        end
       end
     end
   end # context 'with a destkeypass'