Skip to content

Commit

Permalink
Use OpenSSL::PKey.generate_pkey instead of OpenSSL::PKey::Algo
Browse files Browse the repository at this point in the history
This is the recommended way to generate private keys.
  • Loading branch information
ekohl committed Jul 18, 2024
1 parent cac0733 commit a043eaa
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions lib/puppet/provider/ssl_pkey/openssl.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,20 +9,25 @@ def self.dirname(resource)
resource[:path].dirname
end

def self.generate_key(resource)
# @see man openssl genpkey
def self.generate_key_params(resource)
case resource[:authentication]
when :dsa
OpenSSL::PKey::DSA.new(resource[:size])
OpenSSL::PKey.generate_parameters('DSA', 'dsa_paramgen_bits' => resource[:size])
when :rsa
OpenSSL::PKey::RSA.new(resource[:size])
OpenSSL::PKey.generate_parameters('RSA', 'rsa_keygen_bits' => resource[:size])
when :ec
OpenSSL::PKey::EC.new(resource[:curve]).generate_key
OpenSSL::PKey.generate_parameters('EC', 'ec_paramgen_curve' => resource[:curve])
else
raise Puppet::Error,
"Unknown authentication type '#{resource[:authentication]}'"
"Unknown authentication type '#{resource[:authentication]}'"

Check failure on line 23 in lib/puppet/provider/ssl_pkey/openssl.rb

View workflow job for this annotation

GitHub Actions / Puppet / Static validations

Layout/ArgumentAlignment: Align the arguments of a method call if they span more than one line. (https://rubystyle.guide#no-double-indent)
end
end

def self.generate_key(resource)
OpenSSL::PKey.generate_key(generate_key_params(resource))
end

def self.to_pem(resource, key)
if resource[:password]
cipher = OpenSSL::Cipher.new('des3')
Expand Down

0 comments on commit a043eaa

Please sign in to comment.