Enhance PKCS12 examples

voxpupuli · Feb 10, 2025 · b92aaf3 · b92aaf3
1 parent 345634a
commit b92aaf3
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/examples/export_pkcs12_from_key.pp b/examples/export_pkcs12_from_key.pp
@@ -37,3 +37,41 @@
   cert     => '/tmp/foo2.example.com.crt',
   out_pass => 'mahje1Qu',
 }
+
+# same as above, just no password for the X509/pkcs12
+openssl::certificate::x509 { 'foo3.example.com':
+  ensure       => present,
+  country      => 'CH',
+  organization => 'Example.com',
+  commonname   => 'foo3.example.com',
+  base_dir     => '/tmp',
+  owner        => 'nobody',
+  # This is just to speed up CI - use 2048 or more in production
+  key_size     => 1024,
+}
+-> openssl::export::pkcs12 { 'export3.pkcs12':
+  ensure  => 'present',
+  basedir => '/tmp',
+  pkey    => '/tmp/foo3.example.com.key',
+  cert    => '/tmp/foo3.example.com.crt',
+}
+
+# same as above, just with password for the X509 / no password for pkcs12
+openssl::certificate::x509 { 'foo4.example.com':
+  ensure       => present,
+  country      => 'CH',
+  organization => 'Example.com',
+  commonname   => 'foo4.example.com',
+  base_dir     => '/tmp',
+  owner        => 'nobody',
+  password     => 'mahje1Qu',
+  # This is just to speed up CI - use 2048 or more in production
+  key_size     => 1024,
+}
+-> openssl::export::pkcs12 { 'export4.pkcs12':
+  ensure  => 'present',
+  basedir => '/tmp',
+  pkey    => '/tmp/foo4.example.com.key',
+  cert    => '/tmp/foo4.example.com.crt',
+  in_pass => 'mahje1Qu',
+}
diff --git a/spec/acceptance/pkcs12_spec.rb b/spec/acceptance/pkcs12_spec.rb
@@ -10,6 +10,12 @@
     it { expect(file('/tmp/foo2.example.com.crt')).to be_file.and(have_attributes(owner: 'nobody', group: 'root')) }
     it { expect(file('/tmp/foo2.example.com.key')).to be_file.and(have_attributes(owner: 'nobody', group: 'root')) }
     it { expect(file('/tmp/export2.pkcs12.p12')).to be_file.and(have_attributes(owner: 'root', group: 'root')) }
+    it { expect(file('/tmp/foo3.example.com.crt')).to be_file.and(have_attributes(owner: 'nobody', group: 'root')) }
+    it { expect(file('/tmp/foo3.example.com.key')).to be_file.and(have_attributes(owner: 'nobody', group: 'root')) }
+    it { expect(file('/tmp/export3.pkcs12.p12')).to be_file.and(have_attributes(owner: 'root', group: 'root')) }
+    it { expect(file('/tmp/foo4.example.com.crt')).to be_file.and(have_attributes(owner: 'nobody', group: 'root')) }
+    it { expect(file('/tmp/foo4.example.com.key')).to be_file.and(have_attributes(owner: 'nobody', group: 'root')) }
+    it { expect(file('/tmp/export4.pkcs12.p12')).to be_file.and(have_attributes(owner: 'root', group: 'root')) }
   end
   # rubocop:disable RSpec/RepeatedExampleGroupBody
   describe file('/tmp/export.pkcs12.p12') do
@@ -19,5 +25,13 @@
   describe file('/tmp/export2.pkcs12.p12') do
     its(:size) { is_expected.to be > 0 }
   end
+
+  describe file('/tmp/export3.pkcs12.p12') do
+    its(:size) { is_expected.to be > 0 }
+  end
+
+  describe file('/tmp/export4.pkcs12.p12') do
+    its(:size) { is_expected.to be > 0 }
+  end
   # rubocop:enable RSpec/RepeatedExampleGroupBody
 end