diff options
| author | Luke Kanies <luke@madstop.com> | 2005-08-16 16:11:25 +0000 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2005-08-16 16:11:25 +0000 |
| commit | 9f84742188e9ffab9bcbb08e54e8c0e29d20f5e1 (patch) | |
| tree | 6d97f751bab694f0d1a07a8a2043c77316d9c5a5 /lib/puppet/daemon.rb | |
| parent | 163db7cc23823f4bf2bf2fb076b169af80211274 (diff) | |
| download | puppet-9f84742188e9ffab9bcbb08e54e8c0e29d20f5e1.tar.gz puppet-9f84742188e9ffab9bcbb08e54e8c0e29d20f5e1.tar.xz puppet-9f84742188e9ffab9bcbb08e54e8c0e29d20f5e1.zip | |
all tests pass except a certificate test i do not know how to fix
git-svn-id: https://reductivelabs.com/svn/puppet/library/trunk@553 980ebf18-57e1-0310-9a29-db15c13687c0
Diffstat (limited to 'lib/puppet/daemon.rb')
| -rwxr-xr-x | lib/puppet/daemon.rb | 132 |
1 files changed, 76 insertions, 56 deletions
diff --git a/lib/puppet/daemon.rb b/lib/puppet/daemon.rb index 8bebea832..1cbb35ce5 100755 --- a/lib/puppet/daemon.rb +++ b/lib/puppet/daemon.rb @@ -54,17 +54,44 @@ module Puppet return log end - def initcerts + def readcert return unless @secureinit # verify we've got all of the certs set up and such + if defined? @cert and defined? @key and @cert and @key + return true + end + # we are not going to encrypt our key, but we need at a minimum # a keyfile and a certfile - certfile = File.join(Puppet[:certdir], [@fqdn, "pem"].join(".")) - cacertfile = File.join(Puppet[:certdir], ["ca", "pem"].join(".")) - keyfile = File.join(Puppet[:privatekeydir], [@fqdn, "pem"].join(".")) - publickeyfile = File.join(Puppet[:publickeydir], [@fqdn, "pem"].join(".")) + @certfile = File.join(Puppet[:certdir], [@fqdn, "pem"].join(".")) + @cacertfile = File.join(Puppet[:certdir], ["ca", "pem"].join(".")) + @keyfile = File.join(Puppet[:privatekeydir], [@fqdn, "pem"].join(".")) + @publickeyfile = File.join(Puppet[:publickeydir], [@fqdn, "pem"].join(".")) + if File.exists?(@keyfile) + # load the key + @key = OpenSSL::PKey::RSA.new(File.read(@keyfile)) + else + return false + end + + if File.exists?(@certfile) + if File.exists?(@cacertfile) + @cacert = OpenSSL::X509::Certificate.new(File.read(@cacertfile)) + else + raise Puppet::Error, "Found cert file with no ca cert file" + end + @cert = OpenSSL::X509::Certificate.new(File.read(@certfile)) + else + return false + end + return true + end + + def requestcert + retrieved = false + # create the directories involved [Puppet[:certdir], Puppet[:privatekeydir], Puppet[:csrdir], Puppet[:publickeydir]].each { |dir| unless FileTest.exists?(dir) @@ -72,69 +99,62 @@ module Puppet end } - inited = false - if File.exists?(keyfile) - # load the key - @key = OpenSSL::PKey::RSA.new(File.read(keyfile)) - else + if self.readcert + Puppet.info "Certificate already exists; not requesting" + return true + end + + unless defined? @key and @key # create a new one and store it - Puppet.info "Creating a new SSL key at %s" % keyfile + Puppet.info "Creating a new SSL key at %s" % @keyfile @key = OpenSSL::PKey::RSA.new(Puppet[:keylength]) - File.open(keyfile, "w", 0660) { |f| f.print @key.to_pem } - File.open(publickeyfile, "w", 0660) { |f| + File.open(@keyfile, "w", 0660) { |f| f.print @key.to_pem } + File.open(@publickeyfile, "w", 0660) { |f| f.print @key.public_key.to_pem } end - if File.exists?(certfile) - unless File.exists?(cacertfile) - raise Puppet::Error, "Found cert file with no ca cert file" - end - @cert = OpenSSL::X509::Certificate.new(File.read(certfile)) - inited = true - else - unless defined? @driver - Puppet.err "Cannot request a certificate without a defined target" - return false - end - Puppet.info "Creating a new certificate request for %s" % @fqdn - name = OpenSSL::X509::Name.new([["CN", @fqdn]]) - - @csr = OpenSSL::X509::Request.new - @csr.version = 0 - @csr.subject = name - @csr.public_key = @key.public_key - @csr.sign(@key, OpenSSL::Digest::MD5.new) - - Puppet.info "Requesting certificate" - - begin - cert, cacert = @driver.getcert(@csr.to_pem) - rescue => detail - raise Puppet::Error.new("Certificate retrieval failed: %s" % - detail) - end + unless defined? @driver + Puppet.err "Cannot request a certificate without a defined target" + return false + end + Puppet.info "Creating a new certificate request for %s" % @fqdn + name = OpenSSL::X509::Name.new([["CN", @fqdn]]) - if cert.nil? or cert == "" - return nil - end - File.open(certfile, "w", 0660) { |f| f.print cert } - File.open(cacertfile, "w", 0660) { |f| f.print cacert } - begin - @cert = OpenSSL::X509::Certificate.new(cert) - @cacert = OpenSSL::X509::Certificate.new(cacert) - inited = true - rescue => detail - raise Puppet::Error.new( - "Invalid certificate: %s" % detail - ) - end + @csr = OpenSSL::X509::Request.new + @csr.version = 0 + @csr.subject = name + @csr.public_key = @key.public_key + @csr.sign(@key, OpenSSL::Digest::MD5.new) + + Puppet.info "Requesting certificate" + + begin + cert, cacert = @driver.getcert(@csr.to_pem) + rescue => detail + raise Puppet::Error.new("Certificate retrieval failed: %s" % + detail) + end + + if cert.nil? or cert == "" + return nil + end + File.open(@certfile, "w", 0660) { |f| f.print cert } + File.open(@cacertfile, "w", 0660) { |f| f.print cacert } + begin + @cert = OpenSSL::X509::Certificate.new(cert) + @cacert = OpenSSL::X509::Certificate.new(cacert) + retrieved = true + rescue => detail + raise Puppet::Error.new( + "Invalid certificate: %s" % detail + ) end unless @cert.check_private_key(@key) raise Puppet::DevError, "Received invalid certificate" end - return inited + return retrieved end end end |