blob: 0226b5c541b6191a67e6079c9a6ff1f7d7d439d9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
# {{ ansible_managed }}
# Do NOT edit this file directly!
{% set tmpl = template_path | basename %}
{% set pubkey = "certs/public/" + tmpl.rstrip("hpkp-hdr.j2") + ".pub" %}
{%- set pins = [] %}
{% for pk in [pubkey] + lookup('pipe', 'ls -1 '+pubkey+'.back*').splitlines() -%}
{%- set sha256 = lookup('pipe', 'openssl pkey -pubin -outform DER <'+pk+' | openssl dgst -sha256 -binary | base64') -%}
{%- set _ = pins.append('pin-sha256="' + sha256 + '"') -%}
{%- endfor %}
{%- if pins | length > 0 %}
{% set directives = pins + ['max-age=3600'] %}
add_header Public-Key-Pins '{{ directives | join('; ') }}';
{% endif %}
|
