Feature #2839 - fingerprint certificate

This patch adds several things:
 * certificate fingerprinting in --list mode
 * a puppetca action called "--fingerprint" to display fingerprints
of given certificates (or all including CSR)
 * a --fingerprint puppetd option to display client certificates
 * each time a CSR is generated, its fingerprint is displayed in the log

It is also possible to use --digest in puppetca and puppetd to specify a specific digest
algorithm.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>

1 files changed, 8 insertions, 1 deletions

diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb
index 8e4fd7a08..9fe67cc8a 100644
--- a/lib/puppet/ssl/certificate_authority.rb
+++ b/lib/puppet/ssl/certificate_authority.rb
@@ -53,7 +53,7 @@ class Puppet::SSL::CertificateAuthority
         unless options[:to]
             raise ArgumentError, "You must specify the hosts to apply to; valid values are an array or the symbol :all"
         end
-        applier = Interface.new(method, options[:to])
+        applier = Interface.new(method, options)
 
         applier.apply(self)
     end
@@ -291,6 +291,13 @@ class Puppet::SSL::CertificateAuthority
         end
     end
 
+    def fingerprint(name, md = :MD5)
+        unless cert = Puppet::SSL::Certificate.find(name) || Puppet::SSL::CertificateRequest.find(name)
+            raise ArgumentError, "Could not find a certificate or csr for %s" % name
+        end
+        cert.fingerprint(md)
+    end
+
     # List the waiting certificate requests.
     def waiting?
         Puppet::SSL::CertificateRequest.search("*").collect { |r| r.name }