Addresses changes made to katello-certs-tools regarding location of

.gitignore

@@ -1,6 +1,8 @@
 .vagrant
 *.swp
 *.swo
+*.swm
+*.swn
 
 .bundle
 vendor/

lib/puppet/provider/ca/katello_ssl_tool.rb

@@ -3,30 +3,13 @@
 
 Puppet::Type.type(:ca).provide(:katello_ssl_tool, :parent => Puppet::Provider::KatelloSslTool::Cert) do
 
-  def self.privkey(name)
-    # TODO: just temporarily until we have this changes in katello installer as well
-    if name == 'candlepin-ca'
-      build_path('candlepin-cert.key')
-    else
-      target_path("private/#{name}.key")
-    end
-  end
-
   protected
 
-  def generate_passphrase
-    @passphrase ||= generate_random_password
-    passphrase_dir = File.dirname(passphrase_file)
-    FileUtils.mkdir_p(passphrase_dir) unless File.exists?(passphrase_dir)
-    File.open(passphrase_file, 'w') { |f| f << @passphrase }
-    return @passphrase
-  end
-
   def generate!
-    passphrase = generate_passphrase
     katello_ssl_tool('--gen-ca',
-                     '-p', passphrase,
+                     '-p', "file:#{resource[:password_file]}",
                      '--force',
+                     '--ca-cert-dir', target_path('certs'),
                      '--set-common-name', resource[:common_name],
                      '--ca-cert', File.basename(pubkey),
                      '--ca-key', File.basename(privkey),
@@ -35,33 +18,15 @@ def generate!
   end
 
   def files_to_generate
-    [rpmfile, privkey, passphrase_file]
+    [rpmfile, privkey]
   end
 
   def files_to_deploy
     [pubkey]
   end
 
-  # TODO: just temporarily until we have this changes in katello installer as well
-  def rpmfile_base_name
-    if resource[:name] == 'candlepin-ca'
-      'katello-candlepin-cert-key-pair'
-    else
-      super
-    end
-  end
-
-  def generate_random_password
-    size = 20
-    # These are quite often confusing ...
-    ambiguous_characters = %w(0 1 O I l)
-
-    # Get allowed characters set ...
-    set = ('a' .. 'z').to_a + ('A' .. 'Z').to_a + ('0' .. '9').to_a
-    set = set - ambiguous_characters
-
-    # Shuffle characters in the set at random and return desired number of them ...
-    return size.times.collect {|i| set[rand(set.size)] }.join
+  def self.privkey(name)
+    build_path("#{name}.key")
   end
 
 end

lib/puppet/provider/cert/katello_ssl_tool.rb

@@ -7,7 +7,7 @@ def generate!
     resource[:common_name] ||= resource[:hostname]
     purpose = resource[:purpose]
     katello_ssl_tool("--gen-#{purpose}",
-                     '-p', ca_details[:passphrase],
+                     '-p', "file:#{resource[:password_file]}",
                      '--set-hostname', resource[:hostname],
                      '--set-common-name', resource[:common_name],
                      '--ca-cert', ca_details[:pubkey],

lib/puppet/provider/katello_ssl_tool.rb

@@ -22,40 +22,15 @@ def self.details(cert_name)
       details = { :pubkey  => pubkey(cert_name),
                   :privkey   => privkey(cert_name) }
 
-      passphrase_file = passphrase_file(cert_name)
-      if File.exists?(passphrase_file)
-        details[:passphrase_file] = passphrase_file
-        details[:passphrase] = File.read(passphrase_file).chomp
-      end
-
       return details
     end
 
     def self.pubkey(name)
-      # TODO: just temporarily until we have this changes in katello installer as well
-      if name == 'candlepin-ca'
-        '/usr/share/katello/candlepin-ca.crt'
-      else
-        target_path("certs/#{name}.crt")
-      end
+      target_path("certs/#{name}.crt")
     end
 
     def self.privkey(name)
-      # TODO: just temporarily until we have this changes in katello installer as well
-      if name == 'candlepin-ca'
-        build_path('candlepin-cert.key')
-      else
-        target_path("private/#{name}.key")
-      end
-    end
-
-    def self.passphrase_file(name)
-      # TODO: just temporarily until we have this changes in katello installer as well
-      if name == 'candlepin-ca'
-        '/etc/katello/candlepin_ca_password-file'
-      else
-        build_path("#{name}.pwd")
-      end
+      target_path("private/#{name}.key")
     end
 
     protected
@@ -142,23 +117,23 @@ def privkey
       self.class.privkey(resource[:name])
     end
 
-    def passphrase_file
-      self.class.passphrase_file(resource[:name])
-    end
-
     def full_path(file_name)
       self.class.full_path(file_name)
     end
 
-    def self.target_path(file_name = nil)
-      File.join("/etc/pki/tls", file_name)
+    def target_path(file_name = '')
+      self.class.target_path(file_name)
+    end
+
+    def self.target_path(file_name = '')
+      File.join("/etc/pki/katello-certs-tools", file_name)
     end
 
     def build_path(file_name)
       self.class.build_path(file_name)
     end
 
-    def self.build_path(file_name = nil)
+    def self.build_path(file_name = '')
       File.join("/root/ssl-build", file_name)
     end
 
@@ -191,7 +166,6 @@ def current_content
       File.read(resource[:path])
     end
 
-
     def checksum(content)
       md5(content)
     end
@@ -207,11 +181,11 @@ def mode
 
     def cert_details
       return @cert_details if defined? @cert_details
-      if cert_resource = @resource[:cert]
+      if cert_resource = @resource[:key_pair]
         name = cert_resource.to_hash[:name]
         @cert_details = Puppet::Provider::KatelloSslTool::Cert.details(name)
       else
-        raise 'Cert was not specified'
+        raise 'Cert or Ca was not specified'
       end
     end
 

lib/puppet/provider/key_bundle/katello_ssl_tool.rb

@@ -9,8 +9,12 @@ def expected_content
   end
 
   def pubkey
-    # strips the textual info from the certificate file
-    openssl('x509', '-in', pubkey_source_path)
+    if resource[:strip]
+      # strips the textual info from the certificate file
+      openssl('x509', '-in', pubkey_source_path)
+    else
+      File.read(pubkey_source_path)
+    end
   end
 
   def privkey

lib/puppet/provider/privkey/katello_ssl_tool.rb

@@ -11,7 +11,7 @@ def expected_content
         openssl('rsa',
                 '-in', source_path,
                 '-out', tmp_file,
-                '-passin', "file:#{cert_details[:passphrase_file]}")
+                '-passin', "file:#{resource[:password_file]}")
         File.read(tmp_file)
       ensure
         File.delete(tmp_file) if File.exists?(tmp_file)
@@ -22,7 +22,11 @@ def expected_content
   end
 
   def source_path
-    cert_details[:privkey]
+    if @resource[:key_pair].type == 'Cert'
+      cert_details[:privkey]
+    elsif @resource[:key_pair].type == 'Ca'
+      Puppet::Type::Ca::ProviderKatello_ssl_tool.privkey(@resource[:key_pair].to_hash[:name])
+    end
   end
 
   def mode

lib/puppet/provider/pubkey/katello_ssl_tool.rb

@@ -5,8 +5,12 @@
   protected
 
   def expected_content
-    # strips the textual info from the certificate file
-    openssl('x509', '-in', source_path)
+    if resource[:strip]
+      # strips the textual info from the certificate file
+      openssl('x509', '-in', source_path)
+    else
+      File.read(source_path)
+    end
   end
 
   def source_path

lib/puppet/type/certs_common.rb

@@ -29,42 +29,36 @@ module Certs
     newparam(:regenerate)
 
     newparam(:deploy)
+
+    newparam(:password_file)
   end
 
   FILE_COMMON_PARAMS = Proc.new do
     ensurable
 
     newparam(:path, :namevar => true)
 
+    newparam(:password_file)
+
     # make ensure present default
     define_method(:managed?) { true }
 
-    newparam(:cert) do
-      # TODO: should be required
+    newparam(:key_pair) do
       validate do |value|
-        unless value.is_a?(Puppet::Resource) && [:ca, :cert].include?(value.resource_type.name)
-          raise ArgumentError, "Expected Cert or Ca resource"
+        unless value.is_a?(Puppet::Resource) && (value.resource_type.name == :ca || value.resource_type.name == :cert)
+          raise ArgumentError, "Expected Ca or Cert resource"
         end
       end
     end
 
-    autorequire(:file) do
-      @parameters[:path]
-    end
-
-    autorequire(:cert) do
-      # TODO: find better way how to determine the type
-      if @parameters.has_key?(:cert) &&
-            @parameters[:cert].value.resource_type.name == :cert
-        @parameters[:cert].value.to_hash[:name]
+    autorequire(:key_pair) do
+      if @parameters.has_key?(:key_pair)
+        @parameters[:key_pair].value.to_hash[:name]
       end
     end
 
-    autorequire(:ca) do
-      if @parameters.has_key?(:cert) &&
-            @parameters[:cert].value.resource_type.name == :ca
-        @parameters[:cert].value.to_hash[:name]
-      end
+    autorequire(:file) do
+      @parameters[:path]
     end
 
   end

lib/puppet/type/key_bundle.rb

@@ -8,4 +8,7 @@
   newparam(:pubkey)
 
   newparam(:privkey)
+
+  # Whether to strip the certificate information from the pubkey
+  newparam(:strip)
 end

lib/puppet/type/privkey.rb

@@ -1,7 +1,7 @@
 require File.expand_path('../certs_common', __FILE__)
 
 Puppet::Type.newtype(:privkey) do
-  desc 'Stores the private key file on a location'
+  desc 'Stores the private key file in a location'
 
   instance_eval(&Certs::FILE_COMMON_PARAMS)
 

lib/puppet/type/pubkey.rb

@@ -1,7 +1,10 @@
 require File.expand_path('../certs_common', __FILE__)
 
 Puppet::Type.newtype(:pubkey) do
-  desc 'Stores the public key file on a location'
+  desc 'Stores the public key file in a location'
 
   instance_eval(&Certs::FILE_COMMON_PARAMS)
+
+  # will generate a key with the certificate information stripped
+  newparam(:strip)
 end