Sha256: 7625474761e60c0f3d0adbb6b4487f7052eb4e6ef2c9d0cd954451bc4646b6b3

Contents?: true

Size: 1.89 KB

Versions: 4

Compression:

Stored size: 1.89 KB

Contents

require 'puppet/ssl/base'

# Manage certificate requests.
class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
  wraps OpenSSL::X509::Request

  extend Puppet::Indirector

  # If auto-signing is on, sign any certificate requests as they are saved.
  module AutoSigner
    def save(instance, key = nil)
      super

      # Try to autosign the CSR.
      if ca = Puppet::SSL::CertificateAuthority.instance
        ca.autosign
      end
    end
  end

  indirects :certificate_request, :terminus_class => :file, :extend => AutoSigner

  # Convert a string into an instance.
  def self.from_s(string)
    instance = wrapped_class.new(string)
    name = instance.subject.to_s.sub(/\/CN=/i, '').downcase
    result = new(name)
    result.content = instance
    result
  end

  # Because of how the format handler class is included, this
  # can't be in the base class.
  def self.supported_formats
    [:s]
  end

  # How to create a certificate request with our system defaults.
  def generate(key)
    Puppet.info "Creating a new SSL certificate request for #{name}"

    # Support either an actual SSL key, or a Puppet key.
    key = key.content if key.is_a?(Puppet::SSL::Key)

    # If we're a CSR for the CA, then use the real ca_name, rather than the
    # fake 'ca' name.  This is mostly for backward compatibility with 0.24.x,
    # but it's also just a good idea.
    common_name = name == Puppet::SSL::CA_NAME ? Puppet.settings[:ca_name] : name

    csr = OpenSSL::X509::Request.new
    csr.version = 0
    csr.subject = OpenSSL::X509::Name.new([["CN", common_name]])
    csr.public_key = key.public_key
    csr.sign(key, OpenSSL::Digest::MD5.new)

    raise Puppet::Error, "CSR sign verification failed; you need to clean the certificate request for #{name} on the server" unless csr.verify(key.public_key)

    @content = csr
    Puppet.info "Certificate Request fingerprint (md5): #{fingerprint}"
    @content
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
puppet-2.7.5 lib/puppet/ssl/certificate_request.rb
puppet-2.7.4 lib/puppet/ssl/certificate_request.rb
puppet-2.7.3 lib/puppet/ssl/certificate_request.rb
puppet-2.7.1 lib/puppet/ssl/certificate_request.rb