change pkcs12 loading to check for existence of the pair in the db

Contargo · Jan 14, 2014 · c585c7e · c585c7e
1 parent 388a575
commit c585c7e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 15 deletions.
diff --git a/manifests/add_cert_and_key.pp b/manifests/add_cert_and_key.pp
@@ -33,25 +33,26 @@
   # downcase and change spaces into _s
   $pkcs12_name = downcase(regsubst("${nickname}.p12", '[\s]', '_', 'GM'))
 
-  exec {'generate_pkcs12':
+  exec {"generate_pkcs12_${title}":
     command     => "/usr/bin/openssl pkcs12 -export -in ${cert} -inkey ${key} -password 'file:${certdir}/password.conf' -out '${certdir}/${pkcs12_name}' -name '${nickname}'",
     require     => [
       File["${certdir}/password.conf"],
       File["${certdir}/cert8.db"],
       Class['nssdb'],
     ],
-    before      => Exec['load_pkcs12'],
-    notify      => Exec['load_pkcs12'],
     subscribe   => File["${certdir}/password.conf"],
     refreshonly => true,
   }
 
-  exec {'load_pkcs12':
-    command     => "/usr/bin/pk12util -i '${certdir}/${pkcs12_name}' -d '${certdir}' -w '${certdir}/password.conf' -k '${certdir}/password.conf'",
-    require     => [
-      Exec['generate_pkcs12'],
+  exec { "add_pkcs12_${title}":
+    path      => ['/usr/bin'],
+    command   => "pk12util -d ${certdir} -i ${certdir}/${pkcs12_name} -w ${certdir}/password.conf -k ${certdir}/password.conf",
+    unless    => "certutil -d ${certdir} -L -n '${nickname}'",
+    logoutput => true,
+    require   => [
+      Exec["generate_pkcs12_${title}"],
       Class['nssdb'],
-    ],
-    refreshonly => true,
+    ]
   }
+
 }
diff --git a/spec/defines/nssdb_add_cert_and_key_spec.rb b/spec/defines/nssdb_add_cert_and_key_spec.rb
@@ -12,7 +12,7 @@
 
   context 'generate_pkcs12' do
     it do
-      should contain_exec('generate_pkcs12').with(
+      should contain_exec('generate_pkcs12_/dne').with(
         :command   => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/password.conf' -out '/dne/server-cert.p12' -name 'Server-Cert'",
         :require   => [
           'File[/dne/password.conf]',
@@ -24,12 +24,15 @@
     end
   end
 
-  context 'load_pkcs12' do
+  context 'add_pkcs12' do
     it do
-      contain_exec('load_pkcs12').with(
-        :command => "/usr/bin/pk12util -i '/dne/${pkcs12_name}' -d '/dne' -w '/dne/password.conf' -k '/dne/password.conf'",
-        :require => [
-          'Exec[generate_pkcs12]',
+      should contain_exec('add_pkcs12_/dne').with(
+        :path      => ['/usr/bin'],
+        :command   => "pk12util -d /dne -i /dne/server-cert.p12 -w /dne/password.conf -k /dne/password.conf",
+        :unless    => "certutil -d /dne -L -n 'Server-Cert'",
+        :logoutput => true,
+        :require   => [
+          'Exec[generate_pkcs12_/dne]',
           'Class[Nssdb]'
         ]
       )