Sha256: c62e01a37c209f7b7f4bcb50ad971c7134e42826d4fc31faafb0064926bd1573

Contents?: true

Size: 1.55 KB

Versions: 16

Compression:

Stored size: 1.55 KB

Contents

require 'puppet/network/client'

# Request a certificate from the remote system.
class Puppet::Network::Client::CA < Puppet::Network::Client
  class InvalidCertificate < Puppet::Error; end

  def initialize(options = {})
    options = symbolize_options(options)
    unless options.include?(:Server) or options.include?(:CA)
      options[:Server] = Puppet[:ca_server]
      options[:Port] = Puppet[:ca_port]
    end
    super(options)
  end

  # This client is really only able to request certificates for the
  # current host.  It uses the Puppet.settings settings to figure everything out.
  def request_cert
    Puppet.settings.use(:main, :ssl)

    if cert = read_cert
      return cert
    end

    begin
      cert, cacert = @driver.getcert(csr.to_pem)
    rescue => detail
      puts detail.backtrace if Puppet[:trace]
      raise Puppet::Error.new("Certificate retrieval failed: #{detail}")
    end

    if cert.nil? or cert == ""
      return nil
    end

    begin
      @cert = OpenSSL::X509::Certificate.new(cert)
      @cacert = OpenSSL::X509::Certificate.new(cacert)
    rescue => detail
      raise InvalidCertificate.new(
        "Invalid certificate: #{detail}"
      )
    end

    unless @cert.check_private_key(key)
      raise InvalidCertificate, "Certificate does not match private key.  Try 'puppetca --clean #{Puppet[:certname]}' on the server."
    end

    # Only write the cert out if it passes validating.
    Puppet.settings.write(:hostcert) do |f| f.print cert end
    Puppet.settings.write(:localcacert) do |f| f.print cacert end

    @cert
  end
end

Version data entries

16 entries across 16 versions & 1 rubygems

Version Path
puppet-2.7.5 lib/puppet/network/client/ca.rb
puppet-2.6.11 lib/puppet/network/client/ca.rb
puppet-2.7.4 lib/puppet/network/client/ca.rb
puppet-2.6.10 lib/puppet/network/client/ca.rb
puppet-2.7.3 lib/puppet/network/client/ca.rb
puppet-2.7.1 lib/puppet/network/client/ca.rb
puppet-2.6.9 lib/puppet/network/client/ca.rb
puppet-2.6.8 lib/puppet/network/client/ca.rb
puppet-2.6.7 lib/puppet/network/client/ca.rb
puppet-2.6.6 lib/puppet/network/client/ca.rb
puppet-2.6.5 lib/puppet/network/client/ca.rb
puppet-2.6.4 lib/puppet/network/client/ca.rb
puppet-2.6.3 lib/puppet/network/client/ca.rb
puppet-2.6.2 lib/puppet/network/client/ca.rb
puppet-2.6.1 lib/puppet/network/client/ca.rb
puppet-2.6.0 lib/puppet/network/client/ca.rb