# Install OpenSSL.
#
class ssl::openssl {

    package { "openssl":
        ensure => installed,
    }

}


# Create self-signed certificate.
#
# === Parameters:
#
#   $name:
#       Certificate output file.
#   $cn:
#       Common name.
#   $keyout:
#       Key output file. Defaults to ${name}.
#   $days:
#       Validity in days, defaults to 3650.
#   $keysize:
#       RSA key size, defaults to 2048.
#   $subject:
#       Extra subject information.
#
define ssl::certificate($cn, $keyout="", $days="3650", $keysize="2048", $subject="") {

    include ssl::openssl

    if $keyout {
        $keyout_real = $keyout
    } else {
        $keyout_real = $name
    }

    if $subject {
        $subject_real = "/CN=${cn}/${subject}"
    } else {
        $subject_real = "/CN=${cn}"
    }

    exec { "openssl-req-${name}":
        path    => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
        command => "/bin/sh -c 'umask 077 ; openssl req -x509 -nodes -days ${days} -newkey rsa:${keysize} -subj \"${subject_real}\" -keyout ${keyout_real} -out ${name}'",
        creates => [ "${name}", "${keyout_real}" ],
    }

}


# Create DH parameters.
#
# === Parameters:
#
#   $name:
#       Output file.
#   $keysize:
#       Key size. Defaults to 1024.
#
define ssl::dhparam($keysize="1024") {

    exec { "openssl-dhparam-${name}":
        path    => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
        command => "/bin/sh -c 'umask 077 ; openssl dhparam -out ${name} ${keysize}'",
        creates => "${name}",
    }

}