class Chef::Resource::OpensslX509Crl
Public Instance Methods
Source
# File lib/chef/resource/openssl_x509_crl.rb, line 122 def ca_private_key ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass end
Source
# File lib/chef/resource/openssl_x509_crl.rb, line 126 def crl if crl_file_valid?(new_resource.path) crl = ::OpenSSL::X509::CRL.new ::File.read(new_resource.path) else log "Creating a CRL #{new_resource.path} for CA #{new_resource.ca_cert_file}" crl = gen_x509_crl(ca_private_key, crl_info) end if !new_resource.serial_to_revoke.nil? && serial_revoked?(crl, new_resource.serial_to_revoke) == false log "Revoking serial #{new_resource.serial_to_revoke} in CRL #{new_resource.path}" crl = revoke_x509_crl(revoke_info, crl, ca_private_key, crl_info) elsif crl.next_update <= Time.now + 3600 * 24 * new_resource.renewal_threshold log "Renewing CRL for CA #{new_resource.ca_cert_file}" crl = renew_x509_crl(crl, ca_private_key, crl_info) end crl end
Source
# File lib/chef/resource/openssl_x509_crl.rb, line 102 def crl_info # Will contain issuer & expiration crl_info = {} crl_info["issuer"] = ::OpenSSL::X509::Certificate.new ::File.read(new_resource.ca_cert_file) crl_info["validity"] = new_resource.expire crl_info end
Source
# File lib/chef/resource/openssl_x509_crl.rb, line 112 def revoke_info # Will contain Serial to revoke & reason revoke_info = {} revoke_info["serial"] = new_resource.serial_to_revoke revoke_info["reason"] = new_resource.revocation_reason revoke_info end