Skip to content
This repository has been archived by the owner on Dec 31, 2024. It is now read-only.

Commit

Permalink
change nssdb::add_cert_and_key type to treat it's title as the defaul…
Browse files Browse the repository at this point in the history 
…t nickname

Previously, the title was being used as the default certdir param value.
  • Loading branch information
Joshua Hoblitt committed Feb 10, 2014
1 parent 7ea6c6a commit ee1b60e
Show file tree
Hide file tree
Showing 4 changed files with 90 additions and 51 deletions.
5 changes: 1 addition & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,19 @@ nssdb::create { '/etc/dirsrv/slapd-ldap1':
manage_certdir => false,
}
nssdb::add_cert_and_key{ '/etc/dirsrv/slapd-ldap1':
nssdb::add_cert_and_key{ 'Server-Cert':
certdir => '/etc/dirsrv/slapd-ldap1',
nickname => 'Server-Cert',
cert => '/tmp/foo.pem',
key => '/tmp/foo.key',
}
nssdb::add_cert { 'AlphaSSL CA':
certdir => '/etc/dirsrv/slapd-ldap1',
nickname => 'AlphaSSL CA',
cert => '/tmp/alphassl_intermediate.pem',
}
nssdb::add_cert { 'GlobalSign Root CA':
certdir => '/etc/dirsrv/slapd-ldap1',
nickname => 'GlobalSign Root CA',
cert => '/tmp/globalsign_root.pem',
}
```
24 changes: 12 additions & 12 deletions manifests/add_cert_and_key.pp
View file
Original file line number Diff line number Diff line change
@@ -1,32 +1,32 @@
# Loads a certificate and key into an NSS database.
#
# Parameters:
# $nickname - required - the nickname for the NSS certificate
# $cert - required - path to certificate in PEM format
# $key - required - path to unencrypted key in PEM format
# $certdir - optional - defaults to $title
# $certdir - required - defaults to $title
# $cert - required - path to certificate in PEM format
# $key - required - path to unencrypted key in PEM format
# $nickname - optional - the nickname for the NSS certificate
#
# Actions:
# loads certificate and key into the NSS database.
#
# Requires:
# $nickname
# $certdir
# $cert
# $key
#
# Sample Usage:
#
# nssdb::add_cert_and_key{"qpidd":
# nickname=> 'Server-Cert',
# cert => '/tmp/server.crt',
# key => '/tmp/server.key',
# }
# nssdb::add_cert_and_key{ 'Server-Cert':
# certdir => '/dne',
# cert => '/tmp/server.crt',
# key => '/tmp/server.key',
# }
#
define nssdb::add_cert_and_key (
$nickname,
$certdir,
$cert,
$key,
$certdir = $title
$nickname = $title
) {
include nssdb

Expand Down
111 changes: 77 additions & 34 deletions spec/defines/nssdb_add_cert_and_key_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,43 +1,86 @@
require 'spec_helper'

describe 'nssdb::add_cert_and_key', :type => :define do
let(:title) { '/dne' }
let(:params) do
{
:nickname => 'Server-Cert',
:cert => '/tmp/server.cert',
:key => '/tmp/server.key',
}
end
context 'default params' do
let(:title) { 'Server-Cert' }
let(:params) do
{
:certdir => '/dne',
:cert => '/tmp/server.cert',
:key => '/tmp/server.key',
}
end

context 'generate_pkcs12' do
it do
should contain_exec('generate_pkcs12_Server-Cert').with(
:command => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/password.conf' -out '/dne/server-cert.p12' -name 'Server-Cert'",
:require => [
'Nssdb::Create[/dne]',
'Class[Nssdb]'
],
:creates => '/dne/server-cert.p12',
:subscribe => 'File[/dne/password.conf]'
)
end
end

context 'generate_pkcs12' do
it do
should contain_exec('generate_pkcs12_/dne').with(
:command => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/password.conf' -out '/dne/server-cert.p12' -name 'Server-Cert'",
:require => [
'Nssdb::Create[/dne]',
'Class[Nssdb]'
],
:creates => '/dne/server-cert.p12',
:subscribe => 'File[/dne/password.conf]'
)
context 'add_pkcs12' do
it do
should contain_exec('add_pkcs12_Server-Cert').with(
:path => ['/usr/bin'],
:command => "pk12util -d /dne -i /dne/server-cert.p12 -w /dne/password.conf -k /dne/password.conf",
:unless => "certutil -d /dne -L -n 'Server-Cert'",
:logoutput => true,
:require => [
'Exec[generate_pkcs12_Server-Cert]',
'Nssdb::Create[/dne]',
'Class[Nssdb]'
]
)
end
end
end
end # default params

context 'add_pkcs12' do
it do
should contain_exec('add_pkcs12_/dne').with(
:path => ['/usr/bin'],
:command => "pk12util -d /dne -i /dne/server-cert.p12 -w /dne/password.conf -k /dne/password.conf",
:unless => "certutil -d /dne -L -n 'Server-Cert'",
:logoutput => true,
:require => [
'Exec[generate_pkcs12_/dne]',
'Nssdb::Create[/dne]',
'Class[Nssdb]'
]
)
context 'all params' do
let(:title) { 'foo' }
let(:params) do
{
:nickname => 'Server-Cert',
:certdir => '/dne',
:cert => '/tmp/server.cert',
:key => '/tmp/server.key',
}
end
end

context 'generate_pkcs12' do
it do
should contain_exec('generate_pkcs12_foo').with(
:command => "/usr/bin/openssl pkcs12 -export -in /tmp/server.cert -inkey /tmp/server.key -password 'file:/dne/password.conf' -out '/dne/server-cert.p12' -name 'Server-Cert'",
:require => [
'Nssdb::Create[/dne]',
'Class[Nssdb]'
],
:creates => '/dne/server-cert.p12',
:subscribe => 'File[/dne/password.conf]'
)
end
end

context 'add_pkcs12' do
it do
should contain_exec('add_pkcs12_foo').with(
:path => ['/usr/bin'],
:command => "pk12util -d /dne -i /dne/server-cert.p12 -w /dne/password.conf -k /dne/password.conf",
:unless => "certutil -d /dne -L -n 'Server-Cert'",
:logoutput => true,
:require => [
'Exec[generate_pkcs12_foo]',
'Nssdb::Create[/dne]',
'Class[Nssdb]'
]
)
end
end
end # all params
end
1 change: 0 additions & 1 deletion tests/create.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
certdir => '/tmp/nssdb',
cert => '/tmp/cert.pem',
key => '/tmp/key.pem',
nickname => 'test',
}

# You can confirm that things are loaded properly with:
Expand Down

0 comments on commit ee1b60e

Please sign in to comment.