define a new encoding flag to be flexible in the future to provide ne…

…w encodings
chilicat · Nov 28, 2023 · 74964ad · 74964ad
1 parent 7d4db5a
commit 74964ad
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 14 deletions.
diff --git a/docs/resources/from_pem.md b/docs/resources/from_pem.md
@@ -32,7 +32,15 @@ resource "local_file" "result" {
 * `private_key_pem` - (Required) The private key in PEM format
 * `private_key_pass` - (Optional) Password to decrypt private key
 * `ca_pem` - (Optional) The CA (chain) in PEM format
+* `encoding` - (Optional) Defines keystore encoding. Default modern2023. Supported: modern (latest modern implementation, currently 2023), legacyDES, legacyRC2
 
 ## Attribute Reference
 
 * `result` - The created PKCS12 archive (base64 encoded)
+
+
+"modern":     pkcs12.Modern,
+		"modern2023": pkcs12.Modern2023,
+		"legacy":     pkcs12.Legacy,
+		"legacyDES":  pkcs12.LegacyDES,
+		"legacyRC2":  pkcs12.LegacyRC2,
diff --git a/pkcs12/resource_pkcs12.go b/pkcs12/resource_pkcs12.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/x509"
 	"fmt"
+	"strings"
 
 	"encoding/base64"
 
@@ -59,12 +60,12 @@ func resourcePkcs12() *schema.Resource {
 				// ForceNew: true,
 
 			},
-			"legacy": {
-				Type:        schema.TypeBool,
+			"encoding": {
+				Type:        schema.TypeString,
 				Optional:    true,
 				Sensitive:   false,
-				Default:     false,
-				Description: "Set to true to use legacy encoding",
+				Default:     "modern2023",
+				Description: "Set encoding",
 			},
 
 			"result": {
@@ -100,7 +101,11 @@ func resourcePkcs12Create(ctx context.Context, d *schema.ResourceData, _ interfa
 	password := d.Get("password").(string)
 	caStr := d.Get("ca_pem").(string)
 
-	legacy := d.Get("legacy").(bool)
+	encoding := d.Get("encoding").(string)
+	encoder := encodingMap[encoding]
+	if encoder == nil {
+		return diag.FromErr(fmt.Errorf("unsupported encoding: %q. Supported: %q", encoding, toKeys(encodingMap)))
+	}
 
 	certificate, caListAndIntermediate, err := decodeCerts([]byte(certStr))
 
@@ -126,17 +131,11 @@ func resourcePkcs12Create(ctx context.Context, d *schema.ResourceData, _ interfa
 		caListAndIntermediate = append(caListAndIntermediate, list...)
 	}
 
-	var res []byte
-	if legacy {
-		res, err = pkcs12.Legacy.Encode(privateKeys[0], certificate, caListAndIntermediate, password)
-	} else {
-		res, err = pkcs12.Modern.Encode(privateKeys[0], certificate, caListAndIntermediate, password)
-	}
-
+	res, err := encoder.Encode(privateKeys[0], certificate, caListAndIntermediate, password)
 	if err != nil {
 		return diag.FromErr(err)
 	}
-	d.SetId(hashForState("pkcs12_" + password + certStr + privatekeyStr + caStr))
+	d.SetId(hashForState("pkcs12_" + password + certStr + privatekeyStr + caStr + encoding))
 	d.Set("result", base64.StdEncoding.EncodeToString(res))
 	return diags
 }
@@ -153,3 +152,20 @@ func resourcePkcs12Delete(ctx context.Context, d *schema.ResourceData, m interfa
 	d.SetId("")
 	return nil
 }
+
+var (
+	encodingMap = map[string]*pkcs12.Encoder{
+		"modern":     pkcs12.Modern,
+		"modern2023": pkcs12.Modern2023,
+		"legacyDES":  pkcs12.LegacyDES,
+		"legacyRC2":  pkcs12.LegacyRC2,
+	}
+)
+
+func toKeys(m map[string]*pkcs12.Encoder) string {
+	keys := make([]string, 0, len(m))
+	for k := range m {
+		keys = append(keys, k)
+	}
+	return strings.Join(keys, ", ")
+}
diff --git a/pkcs12/utils_test.go b/pkcs12/utils_test.go
@@ -256,7 +256,6 @@ func TestDecodeCertificateAllInOne(t *testing.T) {
 	if !list[1].IsCA {
 		t.Error("certificate[1] must be a CA")
 	}
-
 }
 
 func TestDecodeCertificate(t *testing.T) {
-Original file line number
+Diff line change
@@ Expand Up / @@ -256,7 +256,6 @@ func TestDecodeCertificateAllInOne(t *testing.T) { @@
     	if !list[1].IsCA {
     		t.Error("certificate[1] must be a CA")
     	}
     }
     func TestDecodeCertificate(t *testing.T) {
@@ Expand Down @@