diff options
| author | Luke Kanies <luke@madstop.com> | 2008-04-19 14:50:18 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-04-19 14:50:18 -0500 |
| commit | 809fc77bc767fb3acabc83d55183686200b1e384 (patch) | |
| tree | 26f0fa4954f693168f7f366c5ea8653531de3ac6 /lib/puppet/ssl/host.rb | |
| parent | 16056a24c65a7c6485b65f15700ff3971781031b (diff) | |
| download | puppet-809fc77bc767fb3acabc83d55183686200b1e384.tar.gz puppet-809fc77bc767fb3acabc83d55183686200b1e384.tar.xz puppet-809fc77bc767fb3acabc83d55183686200b1e384.zip | |
Finishing the interface between the CA and the CRL.
Certificate revocation now works, the CA knows how
to generate the CRL, and the SSL::Host class knows
how to configure the CRL class for indirection.
Diffstat (limited to 'lib/puppet/ssl/host.rb')
| -rw-r--r-- | lib/puppet/ssl/host.rb | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb index 9c7ca767e..c1dac2050 100644 --- a/lib/puppet/ssl/host.rb +++ b/lib/puppet/ssl/host.rb @@ -2,6 +2,7 @@ require 'puppet/ssl' require 'puppet/ssl/key' require 'puppet/ssl/certificate' require 'puppet/ssl/certificate_request' +require 'puppet/ssl/certificate_revocation_list' require 'puppet/util/constant_inflector' # The class that manages all aspects of our SSL certificates -- @@ -9,8 +10,9 @@ require 'puppet/util/constant_inflector' class Puppet::SSL::Host # Yay, ruby's strange constant lookups. Key = Puppet::SSL::Key - CertificateRequest = Puppet::SSL::CertificateRequest Certificate = Puppet::SSL::Certificate + CertificateRequest = Puppet::SSL::CertificateRequest + CertificateRevocationList = Puppet::SSL::CertificateRevocationList extend Puppet::Util::ConstantInflector @@ -35,9 +37,10 @@ class Puppet::SSL::Host def self.configure_indirection(terminus, cache = nil) Certificate.terminus_class = terminus CertificateRequest.terminus_class = terminus + CertificateRevocationList.terminus_class = terminus if cache - # This is weird; we don't actually cache our keys, we + # This is weird; we don't actually cache our keys or CRL, we # use what would otherwise be the cache as our normal # terminus. Key.terminus_class = cache @@ -48,12 +51,13 @@ class Puppet::SSL::Host if cache Certificate.cache_class = cache CertificateRequest.cache_class = cache + CertificateRevocationList.cache_class = cache end end # Specify how we expect to interact with our certificate authority. def self.ca_location=(mode) - raise ArgumentError, "CA Mode can only be :local, :remote, or :none" unless [:local, :remote, :only, :none].include?(mode) + raise ArgumentError, "CA Mode can only be :local, :remote, or :none" unless [:local, :remote, :none].include?(mode) @ca_mode = mode @@ -64,25 +68,12 @@ class Puppet::SSL::Host configure_indirection :ca_file, :file when :remote: configure_indirection :rest, :file - when :only: - # We are the CA, so we just interact with CA stuff. - configure_indirection :ca_file when :none: # We have no CA, so we just look in the local file store. configure_indirection :file end end - # Set the cache class for the files we manage. - def self.cache_class=(value) - [Key, CertificateRequest, Certificate].each { |klass| klass.terminus_class = value } - end - - # Set the terminus class for the files we manage. - def self.terminus_class=(value) - [Key, CertificateRequest, Certificate].each { |klass| klass.terminus_class = value } - end - # Search for more than one host, optionally only specifying # an interest in hosts with a given file type. # This just allows our non-indirected class to have one of |