diff options
| author | lutter <lutter@980ebf18-57e1-0310-9a29-db15c13687c0> | 2006-08-23 02:23:25 +0000 |
|---|---|---|
| committer | lutter <lutter@980ebf18-57e1-0310-9a29-db15c13687c0> | 2006-08-23 02:23:25 +0000 |
| commit | 9576d1dda88bd14490b91f7aee0dbaee28969f79 (patch) | |
| tree | d4098b1438093658920e777d290d0e658f0458d5 /lib/puppet | |
| parent | 4151fd59ef6490c875140a874c0a13c5d3f311aa (diff) | |
| download | puppet-9576d1dda88bd14490b91f7aee0dbaee28969f79.tar.gz puppet-9576d1dda88bd14490b91f7aee0dbaee28969f79.tar.xz puppet-9576d1dda88bd14490b91f7aee0dbaee28969f79.zip | |
Certificate revocation through puppetca. Keep a simple text inventory of all certificates ever issued.
git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1485 980ebf18-57e1-0310-9a29-db15c13687c0
Diffstat (limited to 'lib/puppet')
| -rwxr-xr-x | lib/puppet/sslcertificates.rb | 1 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/ca.rb | 1 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/inventory.rb | 49 |
3 files changed, 51 insertions, 0 deletions
diff --git a/lib/puppet/sslcertificates.rb b/lib/puppet/sslcertificates.rb index a003c6551..4df8df71e 100755 --- a/lib/puppet/sslcertificates.rb +++ b/lib/puppet/sslcertificates.rb @@ -154,6 +154,7 @@ module Puppet::SSLCertificates return hashpath end require 'puppet/sslcertificates/certificate' + require 'puppet/sslcertificates/inventory' require 'puppet/sslcertificates/ca' end diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb index 89b7b183c..1574a6e73 100644 --- a/lib/puppet/sslcertificates/ca.rb +++ b/lib/puppet/sslcertificates/ca.rb @@ -346,6 +346,7 @@ class Puppet::SSLCertificates::CA [certfile, host] end + Puppet::SSLCertificates::Inventory::add(cert) Puppet.config.writesub(:signeddir, certfile) do |f| f.print cert.to_pem end diff --git a/lib/puppet/sslcertificates/inventory.rb b/lib/puppet/sslcertificates/inventory.rb new file mode 100644 index 000000000..f3f790906 --- /dev/null +++ b/lib/puppet/sslcertificates/inventory.rb @@ -0,0 +1,49 @@ +# A module for keeping track of all the certificates issued by the CA, ever +# Maintains the file "$cadir/inventory.txt" +module Puppet::SSLCertificates + module Inventory + + # Add CERT to the inventory of issued certs in '$cadir/inventory.txt' + # If no inventory exists yet, build an inventory and list all the + # certificates that have been signed so far + def Inventory.add(cert) + f = open + format(f, cert) + f.close() + end + + def Inventory.filename + File::join(Puppet[:cadir], "inventory.txt") + end + + private + def Inventory.open + if File::exist?(filename) + File::open(filename, "a") + else + init + end + end + + def Inventory.init + if File::exist?(filename) + raise Puppet::Error, + "Inventory file #{filename} already exists" + end + inv = File.open(filename, "w") + inv.puts "# Inventory of signed certificates" + Dir.glob(File::join(Puppet[:signeddir], "*.pem")) do |f| + format(inv, OpenSSL::X509::Certificate.new(File::read(f))) + end + return inv + end + + def Inventory.format(f, cert) + iso = '%Y-%m-%dT%H:%M:%S%Z' + f.puts "0x%04x %s %s %s" % [cert.serial, + cert.not_before.strftime(iso), + cert.not_after.strftime(iso), + cert.subject] + end + end +end |