Module: PuppetX::Certs::Provider::Keystore

Defined in:

lib/puppet_x/certs/provider/keystore.rb

Instance Method Summary

• #create ⇒ Object
• #delete_keystore ⇒ Object
• #destroy ⇒ Object
• #exists? ⇒ Boolean
• #generate_keystore ⇒ Object
• #store ⇒ Object
• #type ⇒ Object

Instance Method Details

#create ⇒ Object

# File 'lib/puppet_x/certs/provider/keystore.rb', line 5

def create
  generate_keystore
end

#delete_keystore ⇒ Object

# File 'lib/puppet_x/certs/provider/keystore.rb', line 81

def delete_keystore
  FileUtils.rm_f(store)
end

#destroy ⇒ Object

# File 'lib/puppet_x/certs/provider/keystore.rb', line 9

def destroy
  delete_keystore
end

#exists? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/puppet_x/certs/provider/keystore.rb', line 13

def exists?
  return false unless File.exist?(store)

  begin
    keytool(
      '-list',
      '-keystore', store,
      '-storepass:file', resource[:password_file],
      '-J-Dcom.redhat.fips=false',
    )
  rescue Puppet::ExecutionFailure => e
    if e.message.include?('java.security.UnrecoverableKeyException') || e.message.include?('keystore password was incorrect')
      Puppet.debug("Invalid password for #{store}")
      return false
    elsif e.message.include?('Keystore file exists, but is empty')
      Puppet.debug(e)
      return false
    else
      Puppet.log_exception(e, "Failed to read keystore '#{store}'")
    end
  end

  true
end

#generate_keystore ⇒ Object

# File 'lib/puppet_x/certs/provider/keystore.rb', line 46

def generate_keystore
  temp_alias = 'temporary-entry'

  delete_keystore

  begin
    keytool(
      '-genkey',
      '-storetype', 'pkcs12',
      '-keystore', store,
      '-storepass:file', resource[:password_file],
      '-alias', temp_alias,
      '-dname', "CN=#{temp_alias}",
      '-J-Dcom.redhat.fips=false',
      '-keyalg', 'RSA'
    )
  rescue Puppet::ExecutionFailure => e
    Puppet.err("Failed to generate new #{type} with temporary entry: #{e}")
    return nil
  end

  begin
    keytool(
      '-delete',
      '-keystore', store,
      '-storepass:file', resource[:password_file],
      '-alias', temp_alias,
      '-J-Dcom.redhat.fips=false'
    )
  rescue Puppet::ExecutionFailure => e
    Puppet.err("Failed to delete temporary entry when generating empty #{type}: #{e}")
    return nil
  end
end

#store ⇒ Object

# File 'lib/puppet_x/certs/provider/keystore.rb', line 38

def store
  resource[:keystore]
end

#type ⇒ Object

# File 'lib/puppet_x/certs/provider/keystore.rb', line 42

def type
  'keystore'
end