diff --git a/docs/resources/from_pem.md b/docs/resources/from_pem.md index 6cab568..5312c08 100644 --- a/docs/resources/from_pem.md +++ b/docs/resources/from_pem.md @@ -32,7 +32,15 @@ resource "local_file" "result" { * `private_key_pem` - (Required) The private key in PEM format * `private_key_pass` - (Optional) Password to decrypt private key * `ca_pem` - (Optional) The CA (chain) in PEM format +* `encoding` - (Optional) Defines keystore encoding. Default modern2023. Supported: modern (latest modern implementation, currently 2023), legacyDES, legacyRC2 ## Attribute Reference * `result` - The created PKCS12 archive (base64 encoded) + + +"modern": pkcs12.Modern, + "modern2023": pkcs12.Modern2023, + "legacy": pkcs12.Legacy, + "legacyDES": pkcs12.LegacyDES, + "legacyRC2": pkcs12.LegacyRC2, \ No newline at end of file diff --git a/pkcs12/resource_pkcs12.go b/pkcs12/resource_pkcs12.go index 66fcfe1..069bc7c 100644 --- a/pkcs12/resource_pkcs12.go +++ b/pkcs12/resource_pkcs12.go @@ -4,6 +4,7 @@ import ( "context" "crypto/x509" "fmt" + "strings" "encoding/base64" @@ -59,12 +60,12 @@ func resourcePkcs12() *schema.Resource { // ForceNew: true, }, - "legacy": { - Type: schema.TypeBool, + "encoding": { + Type: schema.TypeString, Optional: true, Sensitive: false, - Default: false, - Description: "Set to true to use legacy encoding", + Default: "modern2023", + Description: "Set encoding", }, "result": { @@ -100,7 +101,11 @@ func resourcePkcs12Create(ctx context.Context, d *schema.ResourceData, _ interfa password := d.Get("password").(string) caStr := d.Get("ca_pem").(string) - legacy := d.Get("legacy").(bool) + encoding := d.Get("encoding").(string) + encoder := encodingMap[encoding] + if encoder == nil { + return diag.FromErr(fmt.Errorf("unsupported encoding: %q. Supported: %q", encoding, toKeys(encodingMap))) + } certificate, caListAndIntermediate, err := decodeCerts([]byte(certStr)) @@ -126,17 +131,11 @@ func resourcePkcs12Create(ctx context.Context, d *schema.ResourceData, _ interfa caListAndIntermediate = append(caListAndIntermediate, list...) } - var res []byte - if legacy { - res, err = pkcs12.Legacy.Encode(privateKeys[0], certificate, caListAndIntermediate, password) - } else { - res, err = pkcs12.Modern.Encode(privateKeys[0], certificate, caListAndIntermediate, password) - } - + res, err := encoder.Encode(privateKeys[0], certificate, caListAndIntermediate, password) if err != nil { return diag.FromErr(err) } - d.SetId(hashForState("pkcs12_" + password + certStr + privatekeyStr + caStr)) + d.SetId(hashForState("pkcs12_" + password + certStr + privatekeyStr + caStr + encoding)) d.Set("result", base64.StdEncoding.EncodeToString(res)) return diags } @@ -153,3 +152,20 @@ func resourcePkcs12Delete(ctx context.Context, d *schema.ResourceData, m interfa d.SetId("") return nil } + +var ( + encodingMap = map[string]*pkcs12.Encoder{ + "modern": pkcs12.Modern, + "modern2023": pkcs12.Modern2023, + "legacyDES": pkcs12.LegacyDES, + "legacyRC2": pkcs12.LegacyRC2, + } +) + +func toKeys(m map[string]*pkcs12.Encoder) string { + keys := make([]string, 0, len(m)) + for k := range m { + keys = append(keys, k) + } + return strings.Join(keys, ", ") +} diff --git a/pkcs12/utils_test.go b/pkcs12/utils_test.go index 0af9c7d..96df451 100644 --- a/pkcs12/utils_test.go +++ b/pkcs12/utils_test.go @@ -256,7 +256,6 @@ func TestDecodeCertificateAllInOne(t *testing.T) { if !list[1].IsCA { t.Error("certificate[1] must be a CA") } - } func TestDecodeCertificate(t *testing.T) {