/
import_keypair.pp
29 lines (28 loc) · 1.25 KB
/
import_keypair.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
define certs::ssltools::keytool::import_keypair($keystore_alias, $keystore, $keystore_password, $cert, $key, $tmp_password_file){
# Stupid keytool doesn't allow you to import a keypair. You can only import a cert. Hence, we have to
# create the store as an PKCS12 and convert to JKS. See http://stackoverflow.com/a/8224863
$tmpkeystore = "/tmp/${keystore_alias}keystore.p12"
exec{ "[${title}] signal import if pair has not been imported":
command => 'echo importing keypair',
unless => "keytool -list -keystore ${keystore} -storepass ${keystore_password} -alias ${keystore_alias}",
path => ['/bin/', '/usr/bin'],
} ~>
certs::ssltools::openssl::pkcs12{ "[${title}] convert x509 cert and key to pkcs12":
cert_name => $keystore_alias,
ca_cert => $cert,
ca_name => 'root',
ca_key => $key,
keystore_out => $tmpkeystore,
password_out => $tmp_password_file,
password_in => $keystore_password,
refreshonly => true,
} ->
convert_pkcs12_to_jks{ "[${title}] convert tmp pkcs12 keystore to jks":
keystore_alias => $keystore_alias,
dest_keystore => $keystore,
src_keystore => $tmpkeystore,
keystore_password => $keystore_password,
src_keystore_password => $keystore_password,
refreshonly => true,
}
}