Add "fastmode" for dhparam generation

[c33s]

dhparam generation can be quite time expensive but openssl provides a flag for faster generation named -dsaparam
details on https://security.stackexchange.com/a/95184

the following code is just quick test implementation:

define openssl::dhparam(
  $path,
  $ensure = present,
  $size = 512,
  $owner = 'root',
  $group = 'root',
  $mode = '0644',
  $fastmode = true,
) {

  validate_absolute_path($path)
  validate_re($ensure, '^(present|absent)$',
    "\$ensure must be either 'present' or 'absent', got '${ensure}'")
  validate_integer($size, '', 1) # positive integer
  validate_string($owner)
  validate_string($group)
  validate_string($mode)

  dhparam { $path:
    ensure => $ensure,
    size   => $size,
    fastmode => $fastmode,
  }

  # Set file access
  file { $path:
      ensure  => $ensure,
      owner   => $owner,
      group   => $group,
      mode    => $mode,
      require => Dhparam[$path];
  }
}

require 'pathname'
Puppet::Type.newtype(:dhparam) do
  desc 'A Diffie Helman parameter file'

  ensurable

  newparam(:path, :namevar => true) do
    validate do |value|
      path = Pathname.new(value)
      unless path.absolute?
        raise ArgumentError, "Path must be absolute: #{path}"
      end
    end
  end


  newparam(:size) do
    desc 'The key size'
    newvalues /\d+/
    defaultto 512
    validate do |value|
      size = value.to_i
      if size <= 0 || value.to_s != size.to_s
        raise ArgumentError, "Size must be a positive integer: #{value.inspect}"
      end
    end
  end

  newparam(:fastmode) do
    desc 'Enable fast mode'
    defaultto false
    #validate do |value|
      #size = value.to_i
      #if size <= 0 || value.to_s != size.to_s
      #  raise ArgumentError, "Size must be a positive integer: #{value.inspect}"
      #end
    #end
  end
end

require 'pathname'
Puppet::Type.type(:dhparam).provide(:openssl) do
  desc 'Manages dhparam files with OpenSSL'

  commands :openssl => 'openssl'

  def exists?
    Pathname.new(resource[:path]).exist?
  end

  def create
    if resource[:fastmode]
        fastmode="-dsaparam"
    else
        fastmode=""
    end


    options = [
      'dhparam',
      fastmode,
      '-out', resource[:path],
      resource[:size]
    ]
    openssl options
  end

  def destroy
    Pathname.new(resource[:path]).delete
  end
end

[c33s]

fixed with PR #80

[raphink]

Thank you for closing!