Merge pull request #464 from Pmaraveyias/legacyp12-playbook

Legacyp12 playbook
Venafi · May 8, 2024 · a78cf19 · a78cf19
2 parents 00e592e + 29fb7d5
commit a78cf19
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 7 deletions.
diff --git a/aruba/features/playbook/playbook.feature b/aruba/features/playbook/playbook.feature
@@ -428,3 +428,34 @@ Feature: playbook
     Examples:
       | platform | config-file       |
       | VaaS     | playbook-vaas.yml |
+
+Scenario Outline: Run playbook with default configuration and performs pkcs12 installation using legacy flag
+    Given I have playbook with <platform> connection details
+    And I have playbook with certificateTasks block
+    And I have playbook with task named "myCertificateInstallationLegacyPKCS12"
+    And task named "myCertificateInstallationLegacyPKCS12" has renewBefore with value "31d"
+    And task named "myCertificateInstallationLegacyPKCS12" has request
+    And task named "myCertificateInstallationLegacyPKCS12" has request with "csr" value "service"
+    And task named "myCertificateInstallationLegacyPKCS12" has request with default "<platform>" zone
+    And task named "myCertificateInstallationLegacyPKCS12" request has subject
+    And task named "myCertificateInstallationLegacyPKCS12" request has subject with default values
+    And task named "myCertificateInstallationLegacyPKCS12" request has subject random CommonName
+    And task named "myCertificateInstallationLegacyPKCS12" has installations
+    And task named "myCertificateInstallationLegacyPKCS12" has installation format PKCS12 with cert name "cert.p12" and password "Passcode124!" and useLegacyP12 with validation
+    And I created playbook named "<config-file>" with previous content
+    And I run `vcert run -f <config-file>`
+    Then the output should contain "successfully installed certificate"
+    And the output should contain "playbook run finished"
+    And "cert.p12" should be PKCS#12 archive in legacy mode with password "Passcode124!"
+    And I uninstall file named "cert.p12"
+
+
+    @TPP
+    Examples:
+      | platform | config-file       |
+      | TPP      | playbook-tpp.yml  |
+
+    @VAAS
+    Examples:
+      | platform | config-file       |
+      | VaaS     | playbook-vaas.yml |
diff --git a/aruba/features/playbook/steps_definitions/my_steps.rb b/aruba/features/playbook/steps_definitions/my_steps.rb
@@ -238,6 +238,22 @@
   current_certificate_task.installations.push(aux_installation)
 end
 
+And(/^task named "(.*)" has installation format PKCS12 with cert name "(.*)" and password "(.*)" and useLegacyP12 (?: with)( installation)?(?: and|)( validation)?$/) do |task_name, cert_name, p12_password, installation, validation|
+  current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name }
+  aux_installation = Installation.new
+  aux_installation.format = "PKCS12"
+  aux_installation.file = "{{- Env \"PWD\" }}" + $path_separator + $temp_path + $path_separator + cert_name
+  aux_installation.p12Password = p12_password
+  aux_installation.useLegacyP12 = true
+  if installation
+    aux_installation.afterInstallAction = "echo SuccessInstall"
+  end
+  if validation
+    aux_installation.installValidationAction = "echo SuccessValidation"
+  end
+  current_certificate_task.installations.push(aux_installation)
+end
+
 And(/^task named "(.*)" has setenvvars "(.*)"$/) do |task_name, set_env_vars|
   current_certificate_task = @playbook_data['certificateTasks'].find { |certificate_task| certificate_task.name == task_name }
   current_certificate_task.setenvvars = set_env_vars.split(',')

diff --git a/aruba/features/playbook/support/aruba.rb b/aruba/features/playbook/support/aruba.rb
@@ -21,6 +21,7 @@ class Installation;
   attr_accessor :backupFiles # will add the .bak for creating a copy of the generated file
   attr_accessor :keyPassword
   attr_accessor :p12Password
+  attr_accessor :useLegacyP12
 
 end
 

diff --git a/pkg/playbook/app/domain/installation.go b/pkg/playbook/app/domain/installation.go
@@ -51,9 +51,10 @@ type Installation struct {
 	KeyFile             string `yaml:"keyFile,omitempty"`
 	KeyPassword         string `yaml:"keyPassword,omitempty"`
 	// Deprecated: Location is deprecated in favor of CAPILocation. It will be removed on a future release
-	Location    string             `yaml:"location,omitempty"`
-	P12Password string             `yaml:"p12Password,omitempty"`
-	Type        InstallationFormat `yaml:"format,omitempty"`
+	Location     string             `yaml:"location,omitempty"`
+	P12Password  string             `yaml:"p12Password,omitempty"`
+	UseLegacyP12 bool               `yaml:"useLegacyP12,omitempty"`
+	Type         InstallationFormat `yaml:"format,omitempty"`
 }
 
 // Installations is a slice of Installation

diff --git a/pkg/playbook/app/installer/capi.go b/pkg/playbook/app/installer/capi.go
@@ -112,7 +112,7 @@ func (r CAPIInstaller) Install(pcc certificate.PEMCollection) error {
 	// Generate random password for temporary P12 bundle
 	bundlePassword := vcertutil.GeneratePassword()
 
-	content, err := packageAsPKCS12(pcc, bundlePassword)
+	content, err := packageAsPKCS12(pcc, bundlePassword, r.UseLegacyP12)
 	if err != nil {
 		zap.L().Error("could not package certificate as PKCS12", zap.Error(err))
 		return err

diff --git a/pkg/playbook/app/installer/pkcs12.go b/pkg/playbook/app/installer/pkcs12.go
@@ -101,7 +101,7 @@ func (r PKCS12Installer) Install(pcc certificate.PEMCollection) error {
 		return domain.ErrNoP12Password
 	}
 
-	content, err := packageAsPKCS12(pcc, r.P12Password)
+	content, err := packageAsPKCS12(pcc, r.P12Password, r.UseLegacyP12)
 	if err != nil {
 		zap.L().Error("could not package certificate as PKCS12")
 		return err
@@ -156,7 +156,7 @@ func loadPKCS12(pkcs12File string, keyPassword string) (*x509.Certificate, error
 	return cert, nil
 }
 
-func packageAsPKCS12(pcc certificate.PEMCollection, keyPassword string) ([]byte, error) {
+func packageAsPKCS12(pcc certificate.PEMCollection, keyPassword string, legacyPkcs12 bool) ([]byte, error) {
 	if len(pcc.Certificate) == 0 || len(pcc.PrivateKey) == 0 {
 		return nil, fmt.Errorf("certificate and Private Key are required for PKCS12")
 	}
@@ -184,8 +184,14 @@ func packageAsPKCS12(pcc certificate.PEMCollection, keyPassword string) ([]byte,
 	if err != nil {
 		return nil, err
 	}
+	var bytes []byte
+
+	if legacyPkcs12 {
+		bytes, err = pkcs12.Legacy.Encode(privateKey, cert, chainList, keyPassword)
+	} else {
+		bytes, err = pkcs12.Modern2023.Encode(privateKey, cert, chainList, keyPassword)
+	}
 
-	bytes, err := pkcs12.Modern2023.Encode(privateKey, cert, chainList, keyPassword)
 	if err != nil {
 		return nil, fmt.Errorf("PKCS12 encode error: %w", err)
 	}