ssh_keygen 1.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 169b68c69d1b643d3e0b34ac0d3f4706b5b9137e
+  data.tar.gz: 34f58971d4057d3a45b5dbdd939d4a64af75ed61
+SHA512:
+  metadata.gz: b7edf36a70811a8ea3d3c45abdd2221a7f8851fdaa324df012572c5f15807c399b18541ededf623f8089a031c9d2e36174d1aefd2dddf7b43721ca3e231218f7
+  data.tar.gz: e5c208abd0450bc17909e8bf369c4d50b2ce4405c5404c015e0d79c951359cea3e71c6e2488b850b5526fd2f5c7ebbe0ce42081721833b5be350b09f6956fa96

data/.gitignore

@@ -0,0 +1,16 @@
+# All gem and Halite-related artifacts
+*.gem
+/vendor
+/bin
+.bundle
+/pkg
+Gemfile.lock
+/coverage
+
+# Chef related
+Berksfile.lock
+.kitchen
+
+# Vagrant (temp)
+.vagrant
+Vagrantfile

data/.kitchen.yml

@@ -0,0 +1,10 @@
+---
+#<% require 'poise_boiler' %>
+<%= PoiseBoiler.kitchen %>
+
+suites:
+  - name: default
+    run_list:
+      - recipe[ssh_keygen_test::without_passphrase]
+      - recipe[ssh_keygen_test::with_passphrase]
+      - recipe[ssh_keygen_test::with_user_opts]

data/.rubocop.yml

@@ -0,0 +1,7 @@
+Style/Documentation:
+  Exclude:
+    - lib/ssh_keygen/*.rb
+Metrics/LineLength:
+  Max: 120
+Metrics/AbcSize:
+  Max: 20

data/Berksfile

@@ -0,0 +1,24 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source 'https://supermarket.chef.io'
+extension 'halite'
+
+cookbook 'poise', gem: 'poise'
+cookbook 'ssh_keygen', gem: 'ssh_keygen'
+
+group :test do
+  cookbook 'ssh_keygen_test', path: 'test/cookbooks/ssh_keygen_test'
+  cookbook 'apt'
+end

data/CHANGELOG.md

@@ -0,0 +1,7 @@
+## v1.0.3
+
+Encode SSH public keys in correct format (OpenSSH format).
+
+## v1.0.0
+
+Initial release

data/Gemfile

@@ -0,0 +1,17 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE

@@ -0,0 +1,13 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

data/README.md

@@ -0,0 +1,77 @@
+[![Cookbook Version](https://img.shields.io/cookbook/v/ssh_keygen.svg)](https://supermarket.chef.io/cookbooks/ssh_keygen)
+
+# ssh_keygen Chef Resource
+
+This single-purpose cookbook provides a resource to create SSH keys, as you
+would expect to be created with `ssh-keygen`.
+
+## Usage and Example
+
+Say you wanted to create a user (named after `test-kitchen`) and create an
+SSH key for it:
+
+```
+group 'kitchen' do
+  action :create
+end
+
+user 'kitchen' do
+  action :create
+  group 'kitchen'
+  home '/home/kitchen'
+  manage_home true
+end
+
+directory '/home/kitchen/.ssh' do
+  action :create
+end
+
+ssh_keygen '/home/kitchen/.ssh/id_rsa' do
+  action :create
+  owner 'kitchen'
+  group 'kitchen'
+  strength 4096
+  type 'rsa'
+  comment 'kitchen@localhost'
+  passphrase 'changeme'
+  secure_directory true
+end
+```
+
+The following would (after creating the `kitchen` user), generate an SSH private
+key in `/home/kitchen/.ssh/id_rsa`, a public key in OpenSSH format in
+`/home/kitchen/.ssh/id_rsa.pub`, and ensure the `.ssh` directory has secure
+permissions as well (so mode `0700`).
+
+### Attributes
+
+The attributes for the `ssh_keygen` resource are:
+
+ * `action`: Only `:create` is supported.
+ * `path`: The path to save the SSH key to (if different from the resource name).
+ * `owner`: The owner of the private and public key files.
+ * `group`: The group ID for the private and public key files.
+ * `strength`: Only `2048` and `4096` are supported currently, default is `2048`.
+ * `type`: Only `rsa` is supported currently.
+   Ed25519 may be supported in future versions (feature request welcome!)
+ * `comment`: Comment for the public key. Defaults to `user@host`.
+ * `passphrase`: Passphrase for an encrypted private key. The default is no passphrase.
+ * `secure_directory`: Sets the directory the key is saved in to mode to `0700`.
+
+## Author and License
+
+```
+Copyright 2015 Chris Marchesi
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```

data/Rakefile

@@ -0,0 +1,15 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'poise_boiler/rakefile'

data/lib/ssh_keygen.rb

@@ -0,0 +1,58 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'poise'
+require 'chef/resource'
+require 'chef/provider'
+require 'ssh_keygen/provider'
+
+# resource and provider classes for the ssh_keygen Chef resource
+module SSHKeygen
+  # resource class for ssh_keygen resource
+  class Resource < Chef::Resource
+    include Poise
+    provides(:ssh_keygen)
+    actions(:create)
+
+    attribute(:path, kind_of: String, name_attribute: true)
+    attribute(:owner, kind_of: String, default: 'root')
+    attribute(:group, kind_of: String, default: lazy { owner })
+    attribute(:strength, equal_to: [2048, 4096], default: 2048)
+    # future proofing - but RSA only for now
+    attribute(:type, equal_to: ['rsa'], default: 'rsa')
+    attribute(:comment, kind_of: String, default: lazy { "#{owner}@#{node['hostname']}" })
+    attribute(:passphrase, kind_of: String, default: nil)
+    attribute(:secure_directory, kind_of: TrueClass, default: false)
+  end
+
+  # provider class for ssh_keygen resource
+  class Provider < Chef::Provider
+    include Poise
+    include SSHKeygen::SSHKeygenProvider
+    provides(:ssh_keygen)
+
+    def action_create
+      # load_sshkey_gem
+      notifying_block do
+        unless ::File.exist?(@new_resource.path)
+          create_key
+          save_private_key
+          save_public_key
+          update_directory_permissions
+          new_resource.updated_by_last_action(true)
+        end
+      end
+    end
+  end
+end

data/lib/ssh_keygen/cheftie.rb

@@ -0,0 +1,15 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'ssh_keygen'

data/lib/ssh_keygen/provider.rb

@@ -0,0 +1,126 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'openssl'
+require 'base64'
+
+module SSHKeygen
+  # Lightweight SSH key generator
+  class Generator
+    def initialize(bits, type, passphrase, comment)
+      # set instance attributes
+      @passphrase = passphrase
+      @comment = comment
+      @type = type
+
+      case @type
+      when 'rsa'
+        @key = ::OpenSSL::PKey::RSA.new(bits)
+      else
+        fail "Invalid key type #{new_resource.type}"
+      end
+    end
+
+    # return the public key (encrypted if passphrase is given), in PEM form
+    def private_key
+      if @passphrase.to_s.empty?
+        @key.to_pem
+      else
+        cipher = ::OpenSSL::Cipher.new('AES-128-CBC')
+        @key.export(cipher, @passphrase)
+      end
+    end
+
+    # OpenSSH public key
+    def ssh_public_key
+      case @type
+      when 'rsa'
+        enc_pubkey = openssh_rsa_public_key
+      else
+        fail "Invalid key type #{new_resource.type} found in ssh_public_key method - serious error!"
+      end
+      "ssh-#{@type} #{enc_pubkey} #{@comment}\n"
+    end
+
+    # Encode an OpenSSH RSA public key.
+    # Key format is PEM-encoded - size (big-endian), then data:
+    #  * Type (ie: len: 7 (size of string), data: ssh-rsa)
+    #  * Exponent (len/data)
+    #  * Modulus (len+1/NUL+data)
+    def openssh_rsa_public_key
+      enc_type = "#{[7].pack('N')}ssh-rsa"
+      enc_exponent = "#{[@key.public_key.e.num_bytes].pack('N')}#{@key.public_key.e.to_s(2)}"
+      enc_modulus = "#{[@key.public_key.n.num_bytes + 1].pack('N')}\0#{@key.public_key.n.to_s(2)}"
+      Base64.strict_encode64("#{enc_type}#{enc_exponent}#{enc_modulus}")
+    end
+
+    # Fingerprint (SHA1 digest, colon delimited)
+    def key_fingerprint
+      OpenSSL::Digest::SHA1.hexdigest(@key.public_key.to_der).scan(/../).join(':')
+    end
+  end
+
+  # provider fucntions for the SSHKeygen Chef resoruce provider class
+  module SSHKeygenProvider
+    def create_key
+      converge_by("Create SSH #{new_resource.type} #{new_resource.strength}-bit key (#{new_resource.comment})") do
+        @key = ::SSHKeygen::Generator.new(
+          new_resource.strength,
+          new_resource.type,
+          new_resource.passphrase,
+          new_resource.comment
+        )
+      end
+    end
+
+    def save_private_key
+      converge_by("Create SSH private key at #{new_resource.path}") do
+        f = file new_resource.path do
+          action :nothing
+          owner new_resource.owner
+          group new_resource.group
+          mode 0600
+          sensitive true
+        end
+        f.content(@key.private_key)
+        f.run_action(:create)
+      end
+    end
+
+    def save_public_key
+      converge_by("Create SSH public key at #{new_resource.path}") do
+        f = file "#{new_resource.path}.pub" do
+          action :nothing
+          owner new_resource.owner
+          group new_resource.group
+          mode 0600
+        end
+        f.content(@key.ssh_public_key)
+        f.run_action(:create)
+      end
+    end
+
+    def update_directory_permissions
+      return false unless new_resource.secure_directory
+      converge_by("Update directory permissions at #{File.dirname(new_resource.path)}") do
+        directory ::File.dirname(new_resource.path) do
+          action :create
+          owner new_resource.owner
+          group new_resource.group
+          mode 0700
+        end
+      end
+    end
+  end
+end

data/lib/ssh_keygen/version.rb

@@ -0,0 +1,17 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module SSHKeygen
+  VERSION = '1.0.3'
+end

data/ssh_keygen.gemspec

@@ -0,0 +1,38 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'ssh_keygen/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'ssh_keygen'
+  spec.version = SSHKeygen::VERSION
+  spec.authors = ['Chris Marchesi']
+  spec.email = %w(chrism@vancluevertech.com)
+  spec.description = 'Chef resource for SSH key creation'
+  spec.summary = spec.description
+  spec.homepage = 'https://github.com/vancluever/ssh_keygen'
+  spec.license = 'Apache 2.0'
+
+  spec.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
+  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = %w(lib)
+
+  spec.add_dependency 'halite', '~> 1.0'
+  spec.add_dependency 'poise', '~> 2.0'
+
+  spec.add_development_dependency 'poise-boiler', '~> 1.0'
+end

data/test/cookbooks/ssh_keygen_test/metadata.rb

@@ -0,0 +1,16 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name 'ssh_keygen_test'
+depends 'ssh_keygen'

data/test/cookbooks/ssh_keygen_test/recipes/with_passphrase.rb

@@ -0,0 +1,22 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+directory '/root/.ssh' do
+  action :create
+end
+
+ssh_keygen '/root/.ssh/id_rsa_encrypted' do
+  action :create
+  passphrase 'onetwothreefour'
+end

data/test/cookbooks/ssh_keygen_test/recipes/with_user_opts.rb

@@ -0,0 +1,35 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+group 'kitchen' do
+  action :create
+end
+
+user 'kitchen' do
+  action :create
+  group 'kitchen'
+  home '/home/kitchen'
+  manage_home true
+end
+
+directory '/home/kitchen/.ssh' do
+  action :create
+end
+
+ssh_keygen '/home/kitchen/.ssh/id_rsa' do
+  action :create
+  owner 'kitchen'
+  group 'kitchen'
+  secure_directory true
+end

data/test/cookbooks/ssh_keygen_test/recipes/without_passphrase.rb

@@ -0,0 +1,21 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+directory '/root/.ssh' do
+  action :create
+end
+
+ssh_keygen '/root/.ssh/id_rsa' do
+  action :create
+end

data/test/integration/default/serverspec/spec_helper.rb

@@ -0,0 +1,18 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'serverspec'
+require 'openssl'
+
+set :backend, :exec

data/test/integration/default/serverspec/with_passphrase_spec.rb

@@ -0,0 +1,35 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'spec_helper'
+
+describe file('/root/.ssh/id_rsa_encrypted') do
+  it { should exist }
+  it { should be_owned_by 'root' }
+  it { should be_grouped_into 'root' }
+  it { should be_mode 600 }
+end
+
+# OpenSSL and OpenSSH private keys are the same
+describe x509_private_key('/root/.ssh/id_rsa_encrypted') do
+  it { should be_encrypted }
+end
+
+describe file('/root/.ssh/id_rsa_encrypted.pub') do
+  it { should exist }
+  it { should be_owned_by 'root' }
+  it { should be_grouped_into 'root' }
+  it { should be_mode 600 }
+  its(:content) { should match %r{^ssh-rsa [a-zA-Z0-9=/+]+ root@[-_.a-zA-Z0-9]} }
+end

data/test/integration/default/serverspec/with_user_opts_spec.rb

@@ -0,0 +1,44 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'spec_helper'
+
+describe file('/home/kitchen/.ssh/id_rsa') do
+  it { should exist }
+  it { should be_owned_by 'kitchen' }
+  it { should be_grouped_into 'kitchen' }
+  it { should be_mode 600 }
+end
+
+# OpenSSL and OpenSSH private keys are the same
+describe x509_private_key('/home/kitchen/.ssh/id_rsa') do
+  it { should be_valid }
+  it { should_not be_encrypted }
+end
+
+describe file('/home/kitchen/.ssh/id_rsa.pub') do
+  it { should exist }
+  it { should be_owned_by 'kitchen' }
+  it { should be_grouped_into 'kitchen' }
+  it { should be_mode 600 }
+  its(:content) { should match %r{^ssh-rsa [a-zA-Z0-9=/+]+ kitchen@[-_.a-zA-Z0-9]} }
+end
+
+describe file('/home/kitchen/.ssh') do
+  it { should exist }
+  it { should be_directory }
+  it { should be_owned_by 'kitchen' }
+  it { should be_grouped_into 'kitchen' }
+  it { should be_mode 700 }
+end

data/test/integration/default/serverspec/without_passphrase_spec.rb

@@ -0,0 +1,36 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative 'spec_helper'
+
+describe file('/root/.ssh/id_rsa') do
+  it { should exist }
+  it { should be_owned_by 'root' }
+  it { should be_grouped_into 'root' }
+  it { should be_mode 600 }
+end
+
+# OpenSSL and OpenSSH private keys are the same
+describe x509_private_key('/root/.ssh/id_rsa') do
+  it { should be_valid }
+  it { should_not be_encrypted }
+end
+
+describe file('/root/.ssh/id_rsa.pub') do
+  it { should exist }
+  it { should be_owned_by 'root' }
+  it { should be_grouped_into 'root' }
+  it { should be_mode 600 }
+  its(:content) { should match %r{^ssh-rsa [a-zA-Z0-9=/+]+ root@[-_.a-zA-Z0-9]} }
+end

data/test/spec/resources/ssh_keygen_spec.rb

@@ -0,0 +1,129 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'spec_helper'
+
+describe SSHKeygen::Generator do
+  context 'default options with a bit strength of 2048' do
+    key = ::SSHKeygen::Generator.new(2048, 'rsa', nil, 'test@rspec')
+
+    it 'has a valid PEM-encoded private key' do
+      generator_key_digest = key.key_fingerprint
+      validator_key_digest = create_fingerprint_from_key(key.private_key)
+
+      expect(generator_key_digest).to eq(validator_key_digest)
+    end
+
+    it 'has a valid OpenSSH-style formatted-public key' do
+      expect(key.ssh_public_key).to match(%r{^ssh-rsa [a-zA-Z0-9=/+]+ test@rspec})
+    end
+
+    # it 'has a valid public key for the private key' do
+    #   generator_key_digest = key.key_fingerprint
+    #   public_key = key.ssh_public_key.split(' ')[1]
+    #   public_key_digest = create_fingerprint_from_key(Base64.strict_decode64(public_key))
+    #
+    #   expect(generator_key_digest).to eq(public_key_digest)
+    # end
+  end
+
+  context 'with passphrase and a bit strength of 2048' do
+    key = ::SSHKeygen::Generator.new(2048, 'rsa', 'onetwothreefour', 'test@rspec')
+
+    it 'has a valid PEM-encoded private key' do
+      generator_key_digest = key.key_fingerprint
+      validator_key_digest = create_fingerprint_from_key(key.private_key, 'onetwothreefour')
+
+      expect(generator_key_digest).to eq(validator_key_digest)
+    end
+
+    it 'has a valid OpenSSH-style formatted-public key' do
+      expect(key.ssh_public_key).to match(%r{^ssh-rsa [a-zA-Z0-9=/+]+ test@rspec})
+    end
+
+    # it 'has a valid public key for the private key' do
+    #   generator_key_digest = key.key_fingerprint
+    #   public_key = key.ssh_public_key.split(' ')[1]
+    #   public_key_digest = create_fingerprint_from_key(Base64.strict_decode64(public_key))
+    #
+    #   expect(generator_key_digest).to eq(public_key_digest)
+    # end
+  end
+end
+
+describe SSHKeygen::Resource do
+  step_into(:ssh_keygen)
+
+  context 'base tests without passphrase' do
+    recipe do
+      ssh_keygen '/root/.ssh/id_rsa' do
+        action :create
+        secure_directory true
+      end
+    end
+
+    it 'creates a file at /root/.ssh/id_rsa with the proper permissions' do
+      expect(chef_run).to create_file('/root/.ssh/id_rsa').with(
+        user:   'root',
+        group:  'root',
+        mode:   0600,
+        sensitive: true
+      )
+    end
+
+    it 'creates a file at /root/.ssh/id_rsa.pub with the proper permissions' do
+      expect(chef_run).to create_file('/root/.ssh/id_rsa.pub').with(
+        user:   'root',
+        group:  'root',
+        mode:   0600,
+        sensitive: false
+      )
+    end
+
+    it 'secures the /root/.ssh directory' do
+      expect(chef_run).to create_directory('/root/.ssh').with(
+        user:   'root',
+        group:  'root',
+        mode:   0700
+      )
+    end
+  end
+
+  context 'passphrase-specific tests' do
+    recipe do
+      ssh_keygen '/root/.ssh/id_rsa_encrypted' do
+        action :create
+        passphrase 'onetwothreefour'
+      end
+    end
+
+    it 'creates a file at /root/.ssh/id_rsa_encrypted with the proper permissions' do
+      expect(chef_run).to create_file('/root/.ssh/id_rsa_encrypted').with(
+        user:   'root',
+        group:  'root',
+        mode:   0600,
+        sensitive: true
+      )
+    end
+
+    it 'creates a file at /root/.ssh/id_rsa_encrypted.pub with the proper permissions' do
+      expect(chef_run).to create_file('/root/.ssh/id_rsa_encrypted.pub').with(
+        user:   'root',
+        group:  'root',
+        mode:   0600,
+        sensitive: false
+      )
+    end
+  end
+end

data/test/spec/spec_helper.rb

@@ -0,0 +1,24 @@
+# Copyright 2015 Chris Marchesi
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'poise_boiler/spec_helper'
+require 'ssh_keygen'
+
+# a small helper function that creates a SHA1 fingerprint from a private or
+# public key.
+def create_fingerprint_from_key(key, passphrase = nil)
+  new_key = OpenSSL::PKey::RSA.new(key, passphrase)
+  new_key_digest = OpenSSL::Digest::SHA1.new(new_key.public_key.to_der).to_s.scan(/../).join(':')
+  new_key_digest
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: ssh_keygen
+version: !ruby/object:Gem::Version
+  version: 1.0.3
+platform: ruby
+authors:
+- Chris Marchesi
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-01-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: halite
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: poise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: poise-boiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: Chef resource for SSH key creation
+email:
+- chrism@vancluevertech.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".kitchen.yml"
+- ".rubocop.yml"
+- Berksfile
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/ssh_keygen.rb
+- lib/ssh_keygen/cheftie.rb
+- lib/ssh_keygen/provider.rb
+- lib/ssh_keygen/version.rb
+- ssh_keygen.gemspec
+- test/cookbooks/ssh_keygen_test/metadata.rb
+- test/cookbooks/ssh_keygen_test/recipes/with_passphrase.rb
+- test/cookbooks/ssh_keygen_test/recipes/with_user_opts.rb
+- test/cookbooks/ssh_keygen_test/recipes/without_passphrase.rb
+- test/integration/default/serverspec/spec_helper.rb
+- test/integration/default/serverspec/with_passphrase_spec.rb
+- test/integration/default/serverspec/with_user_opts_spec.rb
+- test/integration/default/serverspec/without_passphrase_spec.rb
+- test/spec/resources/ssh_keygen_spec.rb
+- test/spec/spec_helper.rb
+homepage: https://github.com/vancluever/ssh_keygen
+licenses:
+- Apache 2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Chef resource for SSH key creation
+test_files:
+- test/cookbooks/ssh_keygen_test/metadata.rb
+- test/cookbooks/ssh_keygen_test/recipes/with_passphrase.rb
+- test/cookbooks/ssh_keygen_test/recipes/with_user_opts.rb
+- test/cookbooks/ssh_keygen_test/recipes/without_passphrase.rb
+- test/integration/default/serverspec/spec_helper.rb
+- test/integration/default/serverspec/with_passphrase_spec.rb
+- test/integration/default/serverspec/with_user_opts_spec.rb
+- test/integration/default/serverspec/without_passphrase_spec.rb
+- test/spec/resources/ssh_keygen_spec.rb
+- test/spec/spec_helper.rb
+has_rdoc: