diff --git a/REFERENCE.md b/REFERENCE.md
index 15bcf45a..8a55d7a6 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -1255,7 +1255,6 @@ Default value: `present`
The following parameters are available in the `x509_cert` type.
-* [`authentication`](#-x509_cert--authentication)
* [`ca`](#-x509_cert--ca)
* [`cakey`](#-x509_cert--cakey)
* [`csr`](#-x509_cert--csr)
@@ -1268,14 +1267,6 @@ The following parameters are available in the `x509_cert` type.
* [`req_ext`](#-x509_cert--req_ext)
* [`template`](#-x509_cert--template)
-##### `authentication`
-
-Valid values: `rsa`, `dsa`, `ec`
-
-The authentication algorithm: 'rsa', 'dsa or ec'
-
-Default value: `rsa`
-
##### `ca`
The optional ca certificate filepath
@@ -1353,7 +1344,6 @@ Default value: `present`
The following parameters are available in the `x509_request` type.
-* [`authentication`](#-x509_request--authentication)
* [`encrypted`](#-x509_request--encrypted)
* [`force`](#-x509_request--force)
* [`password`](#-x509_request--password)
@@ -1362,14 +1352,6 @@ The following parameters are available in the `x509_request` type.
* [`provider`](#-x509_request--provider)
* [`template`](#-x509_request--template)
-##### `authentication`
-
-Valid values: `rsa`, `dsa`, `ec`
-
-The authentication algorithm: 'rsa', 'dsa' or ec
-
-Default value: `rsa`
-
##### `encrypted`
Valid values: `true`, `false`
diff --git a/lib/puppet/provider/x509_cert/openssl.rb b/lib/puppet/provider/x509_cert/openssl.rb
index e5262a71..2f0c55fc 100644
--- a/lib/puppet/provider/x509_cert/openssl.rb
+++ b/lib/puppet/provider/x509_cert/openssl.rb
@@ -8,17 +8,7 @@
def self.private_key(resource)
file = File.read(resource[:private_key])
- case resource[:authentication]
- when :dsa
- OpenSSL::PKey::DSA.new(file, resource[:password])
- when :rsa
- OpenSSL::PKey::RSA.new(file, resource[:password])
- when :ec
- OpenSSL::PKey::EC.new(file, resource[:password])
- else
- raise Puppet::Error,
- "Unknown authentication type '#{resource[:authentication]}'"
- end
+ OpenSSL::PKey.read(file, resource[:password])
end
def self.check_private_key(resource)
diff --git a/lib/puppet/provider/x509_request/openssl.rb b/lib/puppet/provider/x509_request/openssl.rb
index 3a17d8e3..732330a1 100644
--- a/lib/puppet/provider/x509_request/openssl.rb
+++ b/lib/puppet/provider/x509_request/openssl.rb
@@ -8,17 +8,7 @@
def self.private_key(resource)
file = File.read(resource[:private_key])
- case resource[:authentication]
- when :dsa
- OpenSSL::PKey::DSA.new(file, resource[:password])
- when :rsa
- OpenSSL::PKey::RSA.new(file, resource[:password])
- when :ec
- OpenSSL::PKey::EC.new(file, resource[:password])
- else
- raise Puppet::Error,
- "Unknown authentication type '#{resource[:authentication]}'"
- end
+ OpenSSL::PKey.read(file, resource[:password])
end
def self.check_private_key(resource)
diff --git a/lib/puppet/type/x509_cert.rb b/lib/puppet/type/x509_cert.rb
index fce72234..0411e8a6 100644
--- a/lib/puppet/type/x509_cert.rb
+++ b/lib/puppet/type/x509_cert.rb
@@ -59,12 +59,6 @@
end
end
- newparam(:authentication) do
- desc "The authentication algorithm: 'rsa', 'dsa or ec'"
- newvalues :rsa, :dsa, :ec
- defaultto :rsa
- end
-
newparam(:csr) do
desc 'The optional certificate signing request path'
end
diff --git a/lib/puppet/type/x509_request.rb b/lib/puppet/type/x509_request.rb
index cc32dd65..19f2af45 100644
--- a/lib/puppet/type/x509_request.rb
+++ b/lib/puppet/type/x509_request.rb
@@ -48,12 +48,6 @@
end
end
- newparam(:authentication) do
- desc "The authentication algorithm: 'rsa', 'dsa' or ec"
- newvalues :rsa, :dsa, :ec
- defaultto :rsa
- end
-
newparam(:encrypted, boolean: true) do
desc 'Whether to generate the key unencrypted. This is needed by some applications like OpenLDAP'
newvalues(:true, :false)
diff --git a/spec/unit/puppet/provider/x509_cert/openssl_spec.rb b/spec/unit/puppet/provider/x509_cert/openssl_spec.rb
index 4aa938d3..ddd42493 100644
--- a/spec/unit/puppet/provider/x509_cert/openssl_spec.rb
+++ b/spec/unit/puppet/provider/x509_cert/openssl_spec.rb
@@ -92,7 +92,7 @@
expect(Pathname).to receive(:new).with(path).and_return(pathname)
expect(pathname).to receive(:exist?).and_return(true)
expect(OpenSSL::X509::Certificate).to receive(:new).with('cert').twice.and_return(cert)
- expect(OpenSSL::PKey::RSA).to receive(:new)
+ expect(OpenSSL::PKey).to receive(:read).with('pkey', nil)
expect(cert).to receive(:check_private_key).and_return(true)
expect(resource.provider.exists?).to be(true)
end
@@ -104,7 +104,7 @@
expect(Pathname).to receive(:new).with(path).and_return(pathname)
expect(pathname).to receive(:exist?).and_return(true)
expect(OpenSSL::X509::Certificate).to receive(:new).with('cert').and_return(cert)
- expect(OpenSSL::PKey::RSA).to receive(:new)
+ expect(OpenSSL::PKey).to receive(:read).with('pkey', nil)
expect(cert).to receive(:check_private_key).and_return(false)
expect(resource.provider.exists?).to be(false)
end
diff --git a/spec/unit/puppet/provider/x509_request/openssl_spec.rb b/spec/unit/puppet/provider/x509_request/openssl_spec.rb
index 2e669db0..dc240ff7 100644
--- a/spec/unit/puppet/provider/x509_request/openssl_spec.rb
+++ b/spec/unit/puppet/provider/x509_request/openssl_spec.rb
@@ -58,7 +58,7 @@
expect(Pathname).to receive(:new).with(path).and_return(pathname)
expect(pathname).to receive(:exist?).and_return(true)
allow(OpenSSL::X509::Request).to receive(:new).and_return(cert)
- allow(OpenSSL::PKey::RSA).to receive(:new)
+ expect(OpenSSL::PKey).to receive(:read)
expect(cert).to receive(:verify).and_return(true)
expect(resource.provider.exists?).to be(true)
end
@@ -69,7 +69,7 @@
expect(Pathname).to receive(:new).with(path).and_return(pathname)
expect(pathname).to receive(:exist?).and_return(true)
allow(OpenSSL::X509::Request).to receive(:new).and_return(cert)
- allow(OpenSSL::PKey::RSA).to receive(:new)
+ expect(OpenSSL::PKey).to receive(:read)
expect(cert).to receive(:verify).and_return(false)
expect(resource.provider.exists?).to be(false)
end
diff --git a/spec/unit/puppet/type/x509_cert_spec.rb b/spec/unit/puppet/type/x509_cert_spec.rb
index 23997928..3a13e3de 100644
--- a/spec/unit/puppet/type/x509_cert_spec.rb
+++ b/spec/unit/puppet/type/x509_cert_spec.rb
@@ -65,21 +65,6 @@
end.to raise_error(Puppet::Error, %r{Invalid value :foo})
end
- it 'accepts a valid authentication' do
- resource[:authentication] = :rsa
- expect(resource[:authentication]).to eq(:rsa)
- resource[:authentication] = :dsa
- expect(resource[:authentication]).to eq(:dsa)
- resource[:authentication] = :ec
- expect(resource[:authentication]).to eq(:ec)
- end
-
- it 'does not accept an invalid authentication' do
- expect do
- resource[:authentication] = :foo
- end.to raise_error(Puppet::Error, %r{Invalid value :foo})
- end
-
it 'accepts a valid csr parameter' do
resource[:csr] = '/tmp/foo.csr'
expect(resource[:csr]).to eq('/tmp/foo.csr')
diff --git a/spec/unit/puppet/type/x509_request_spec.rb b/spec/unit/puppet/type/x509_request_spec.rb
index e07c40e1..ad88a862 100644
--- a/spec/unit/puppet/type/x509_request_spec.rb
+++ b/spec/unit/puppet/type/x509_request_spec.rb
@@ -53,19 +53,4 @@
resource[:force] = :foo
end.to raise_error(Puppet::Error, %r{Invalid value :foo})
end
-
- it 'accepts a valid authentication' do
- resource[:authentication] = :rsa
- expect(resource[:authentication]).to eq(:rsa)
- resource[:authentication] = :dsa
- expect(resource[:authentication]).to eq(:dsa)
- resource[:authentication] = :ec
- expect(resource[:authentication]).to eq(:ec)
- end
-
- it 'does not accept an invalid authentication' do
- expect do
- resource[:authentication] = :foo
- end.to raise_error(Puppet::Error, %r{Invalid value :foo})
- end
end