Change cert existance logic

Add checking commonName and subjectAltName in old certificate
if it exists. In other way we could not regenerate a new certificate
if any of these fields change.

Closes-Bug: #1490966
Upstream pull-request: https://github.com/camptocamp/puppet-openssl/pull/51

Change-Id: I1375a9d1ce5f50e84edee4ecc21614450408ae73

deployment/puppet/cobbler/manifests/server.pp

@@ -65,7 +65,7 @@ class cobbler::server (
   if $production == 'docker-build' {
     $real_fqdn = "fuel.${domain_name}"
   } else {
-    $real_fdqn = $::fqdn
+    $real_fqdn = $::fqdn
   }
 
   case $::operatingsystem {

deployment/puppet/openssl/lib/puppet/provider/x509_cert/openssl.rb

@@ -22,11 +22,39 @@ Puppet::Type.type(:x509_cert).provide(:openssl) do
     cert.check_private_key(priv)
   end
 
+  def self.old_cert_is_equal(resource)
+    cert = OpenSSL::X509::Certificate.new(File.read(resource[:path]))
+
+    altname = ''
+    cert.extensions.each do |ext|
+        altname = ext.value if ext.oid == 'subjectAltName'
+    end
+
+    subjectName = ''
+    cert.subject.to_s.split('/').each do |name|
+        k,v = name.split('=')
+          subjectName = v if k == 'CN'
+    end
+
+    require File.expand_path('../../../../../../inifile/lib/puppet/util/ini_file', __FILE__)
+    ini_file  = Puppet::Util::IniFile.new(resource[:template], '=')
+    ini_file.section_names.each do |section_name|
+      ini_file.get_settings(section_name).each do |setting, value|
+        return false if setting == 'subjectAltName' and value.delete(' ').gsub(/^"|"$/, '') != altname.delete(' ').gsub(/^"|"$/, '')
+        return false if setting == 'commonName' and value != subjectName
+      end
+    end
+    return true
+  end
+
   def exists?
     if Pathname.new(resource[:path]).exist?
       if resource[:force] and !self.class.check_private_key(resource)
         return false
       end
+      if !self.class.old_cert_is_equal(resource)
+        return false
+      end
       return true
     else
       return false