RubygemsResearch

Sha256: 3d6c5a6023e95fedfd521a128d9a41c16bb4e3f1c475da25ab56d93d98302e63

Contents?: true

Size: 1.74 KB

Versions: 10

Compression:

Stored size: 1.74 KB

require 'puppet/ssl/base'

# Manage certificate requests.
class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
  wraps OpenSSL::X509::Request

  extend Puppet::Indirector
  indirects :certificate_request, :terminus_class => :file

  # Convert a string into an instance.
  def self.from_s(string)
    instance = wrapped_class.new(string)
    name = instance.subject.to_s.sub(/\/CN=/i, '').downcase
    result = new(name)
    result.content = instance
    result
  end

  # Because of how the format handler class is included, this
  # can't be in the base class.
  def self.supported_formats
    [:s]
  end

  # How to create a certificate request with our system defaults.
  def generate(key)
    Puppet.info "Creating a new SSL certificate request for #{name}"

    # Support either an actual SSL key, or a Puppet key.
    key = key.content if key.is_a?(Puppet::SSL::Key)

    # If we're a CSR for the CA, then use the real ca_name, rather than the
    # fake 'ca' name.  This is mostly for backward compatibility with 0.24.x,
    # but it's also just a good idea.
    common_name = name == Puppet::SSL::CA_NAME ? Puppet.settings[:ca_name] : name

    csr = OpenSSL::X509::Request.new
    csr.version = 0
    csr.subject = OpenSSL::X509::Name.new([["CN", common_name]])
    csr.public_key = key.public_key
    csr.sign(key, OpenSSL::Digest::MD5.new)

    raise Puppet::Error, "CSR sign verification failed; you need to clean the certificate request for #{name} on the server" unless csr.verify(key.public_key)

    @content = csr
    Puppet.info "Certificate Request fingerprint (md5): #{fingerprint}"
    @content
  end

  def save(args = {})
    super()

    # Try to autosign the CSR.
    if ca = Puppet::SSL::CertificateAuthority.instance
      ca.autosign
    end
  end
end

Version data entries

10 entries across 10 versions & 1 rubygems

Version	Path
puppet-2.6.11	lib/puppet/ssl/certificate_request.rb
puppet-2.6.10	lib/puppet/ssl/certificate_request.rb
puppet-2.6.9	lib/puppet/ssl/certificate_request.rb
puppet-2.6.8	lib/puppet/ssl/certificate_request.rb
puppet-2.6.7	lib/puppet/ssl/certificate_request.rb
puppet-2.6.6	lib/puppet/ssl/certificate_request.rb
puppet-2.6.5	lib/puppet/ssl/certificate_request.rb
puppet-2.6.4	lib/puppet/ssl/certificate_request.rb
puppet-2.6.3	lib/puppet/ssl/certificate_request.rb
puppet-2.6.2	lib/puppet/ssl/certificate_request.rb