diff options
| author | Brice Figureau <brice-puppet@daysofwonder.com> | 2009-12-29 15:27:54 +0100 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2010-01-19 08:37:23 +1100 |
| commit | 3e9677f00a09d0249713ed2fa503e42b07f6d978 (patch) | |
| tree | 0b99bb4cd9039bb220ee75f2520b37920a6b7628 /lib/puppet/ssl/certificate_authority | |
| parent | 91c44b439794a87111ab1a0726a2ad08981c839e (diff) | |
| download | puppet-3e9677f00a09d0249713ed2fa503e42b07f6d978.tar.gz puppet-3e9677f00a09d0249713ed2fa503e42b07f6d978.tar.xz puppet-3e9677f00a09d0249713ed2fa503e42b07f6d978.zip | |
Feature #2839 - fingerprint certificate
This patch adds several things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates (or all including CSR)
* a --fingerprint puppetd option to display client certificates
* each time a CSR is generated, its fingerprint is displayed in the log
It is also possible to use --digest in puppetca and puppetd to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Diffstat (limited to 'lib/puppet/ssl/certificate_authority')
| -rw-r--r-- | lib/puppet/ssl/certificate_authority/interface.rb | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/lib/puppet/ssl/certificate_authority/interface.rb b/lib/puppet/ssl/certificate_authority/interface.rb index 3f91434e3..d2dc7b9b5 100644 --- a/lib/puppet/ssl/certificate_authority/interface.rb +++ b/lib/puppet/ssl/certificate_authority/interface.rb @@ -2,11 +2,11 @@ # on the CA. It's only used by the 'puppetca' executable, and its # job is to provide a CLI-like interface to the CA class. class Puppet::SSL::CertificateAuthority::Interface - INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify] + INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify, :fingerprint] class InterfaceError < ArgumentError; end - attr_reader :method, :subjects + attr_reader :method, :subjects, :digest # Actually perform the work. def apply(ca) @@ -38,9 +38,10 @@ class Puppet::SSL::CertificateAuthority::Interface end end - def initialize(method, subjects) + def initialize(method, options) self.method = method - self.subjects = subjects + self.subjects = options[:to] + @digest = options[:digest] || :MD5 end # List the hosts. @@ -67,11 +68,11 @@ class Puppet::SSL::CertificateAuthority::Interface invalid = details.to_s end if not invalid and signed.include?(host) - puts "+ " + host + puts "+ #{host} (#{ca.fingerprint(host, @digest)})" elsif invalid - puts "- " + host + " (" + invalid + ")" + puts "- #{host} (#{ca.fingerprint(host, @digest)}) (#{invalid})" else - puts host + puts "#{host} (#{ca.fingerprint(host, @digest)})" end end end @@ -84,7 +85,7 @@ class Puppet::SSL::CertificateAuthority::Interface # Print certificate information. def print(ca) - (subjects == :all ? ca.list : subjects).each do |host| + (subjects == :all ? ca.list : subjects).each do |host| if value = ca.print(host) puts value else @@ -93,6 +94,17 @@ class Puppet::SSL::CertificateAuthority::Interface end end + # Print certificate information. + def fingerprint(ca) + (subjects == :all ? ca.list + ca.waiting?: subjects).each do |host| + if value = ca.fingerprint(host, @digest) + puts "#{host} #{value}" + else + Puppet.err "Could not find certificate for %s" % host + end + end + end + # Sign a given certificate. def sign(ca) list = subjects == :all ? ca.waiting? : subjects |