From 4f6899539c612ea1588dbccf33947828fa556566 Mon Sep 17 00:00:00 2001
From: Aaron Hicks <Aethylred@gmail.com>
Date: Thu, 27 Sep 2012 11:04:32 +1200
Subject: [PATCH] Define the back end certifiate as a resource because there
 will only be one.

---
 manifests/mod/shib.pp              |  2 ++
 manifests/mod/shib/backend_cert.pp | 14 ++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 manifests/mod/shib/backend_cert.pp

diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp
index 3580abf34..8f52e8577 100644
--- a/manifests/mod/shib.pp
+++ b/manifests/mod/shib.pp
@@ -5,6 +5,8 @@
 	$styleSheet			= "/shibboleth-sp/main.css",
 	$shib_conf_dir	= '/etc/shibboleth',
 	$shib_conf_file	= 'shibboleth2.xml',
+	$shib_sp_cert		= 'sp-cert.pem',
+	$shib_bin_dir		= '/usr/sbin',
 	$handlerSSL			= 'true'
 ){
 
diff --git a/manifests/mod/shib/backend_cert.pp b/manifests/mod/shib/backend_cert.pp
new file mode 100644
index 000000000..02d3ceee4
--- /dev/null
+++ b/manifests/mod/shib/backend_cert.pp
@@ -0,0 +1,14 @@
+class apache::mod::shib::backend_cert(
+	$sp_hostname		= $fqdn
+){
+
+	require apache::mod::shib
+
+	$sp_cert = "${apache::mod::shib::shib_conf_dir}/${apache::mod::shib::shib_sp_cert}"
+
+	exec{"shib_keygen_${sp_hostname}":
+		path 		=> [$apache::mod::shib::shib_bin_dir,'/usr/bin','/bin'],
+		command	=> "shib-keygen -h ${sp_hostname} -e https://${sp_hostname}/shibbloeth",
+		unless	=> "openssl x509 -noout -in ${sp_cert} -issuer|grep ${sp_hostname}",
+	}
+}
\ No newline at end of file