From ce8481b3cd1c29351bfe211d48495b4494dd2252 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 23 Sep 2016 20:35:09 +0000
Subject: [PATCH] A gen_hpkp_pin function

---
 .../puppet/parser/functions/gen_hpkp_pin.rb   | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 modules/puppetmaster/lib/puppet/parser/functions/gen_hpkp_pin.rb

diff --git a/modules/puppetmaster/lib/puppet/parser/functions/gen_hpkp_pin.rb b/modules/puppetmaster/lib/puppet/parser/functions/gen_hpkp_pin.rb
new file mode 100644
index 000000000..f14a6fcba
--- /dev/null
+++ b/modules/puppetmaster/lib/puppet/parser/functions/gen_hpkp_pin.rb
@@ -0,0 +1,30 @@
+module Puppet::Parser::Functions
+  newfunction(:gen_hpkp_pin, :type => :rvalue) do |args|
+    site = args.shift()
+
+    pin_info = []
+    pinfiles = [ "/srv/puppet.debian.org/from-letsencrypt/#{site}.pin",
+                 "/srv/puppet.debian.org/backup-keys/#{site}.pin" ]
+    pinfiles.each do |fn|
+      if File.exist?(fn)
+        pin_info << File.read(fn).chomp()
+      end
+    end
+
+    res = []
+    res << "<Macro http-pkp-#{site}>"
+    if pin_info.size >= 2 then
+      pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
+      pin_info << "max-age=300"
+      pin_str = pin_info.join("; ")
+      res << "  Header set Public-Key-Pins \"#{pin_str}\""
+    else
+      res << "  # mod macro does not like empty macros, so here's some content:"
+      res << "  <Directory /non-existant>"
+      res << "  </Directory>"
+    end
+    res << "</Macro>"
+    res << ""
+    return res.join("\n")
+  end
+end
-- 
2.20.1