diff options
| author | James Turnbull <james@lovedthanlost.net> | 2010-01-19 08:36:36 +1100 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2010-01-19 08:36:36 +1100 |
| commit | d77c9ace9fa3dc39fa1b36f1224d3eda32ed2703 (patch) | |
| tree | cfb048f918e069668727e625c8c2a42bb687d2ec /lib/puppet | |
| parent | 58a81ba0e074ac8b3c6b7f8cd5c59fa18eb7f58a (diff) | |
| download | puppet-d77c9ace9fa3dc39fa1b36f1224d3eda32ed2703.tar.gz puppet-d77c9ace9fa3dc39fa1b36f1224d3eda32ed2703.tar.xz puppet-d77c9ace9fa3dc39fa1b36f1224d3eda32ed2703.zip | |
Revert "Feature #2839 - fingerprint certificate"
This reverts commit a9fb82b0026e75a670fec553b17de3b0f091c2a5.
An older branch was pulled
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/application/puppetca.rb | 8 | ||||
| -rw-r--r-- | lib/puppet/ssl/certificate_authority.rb | 23 | ||||
| -rw-r--r-- | lib/puppet/ssl/certificate_authority/interface.rb | 24 |
3 files changed, 9 insertions, 46 deletions
diff --git a/lib/puppet/application/puppetca.rb b/lib/puppet/application/puppetca.rb index 6ef867762..adc1a6ff5 100644 --- a/lib/puppet/application/puppetca.rb +++ b/lib/puppet/application/puppetca.rb @@ -6,7 +6,7 @@ Puppet::Application.new(:puppetca) do should_parse_config - attr_accessor :mode, :all, :ca, :digest + attr_accessor :mode, :all, :ca def find_mode(opt) modes = Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS @@ -22,10 +22,6 @@ Puppet::Application.new(:puppetca) do @all = true end - option("--digest DIGEST", "-d") do |arg| - @digest = arg - end - option("--debug", "-d") do |arg| Puppet::Util::Log.level = :debug end @@ -48,7 +44,7 @@ Puppet::Application.new(:puppetca) do end begin @ca.apply(:revoke, :to => hosts) if @mode == :destroy - @ca.apply(@mode, :to => hosts, :digest => @digest) + @ca.apply(@mode, :to => hosts) rescue => detail puts detail.backtrace if Puppet[:trace] puts detail.to_s diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb index f2213707d..8e4fd7a08 100644 --- a/lib/puppet/ssl/certificate_authority.rb +++ b/lib/puppet/ssl/certificate_authority.rb @@ -53,7 +53,7 @@ class Puppet::SSL::CertificateAuthority unless options[:to] raise ArgumentError, "You must specify the hosts to apply to; valid values are an array or the symbol :all" end - applier = Interface.new(method, options) + applier = Interface.new(method, options[:to]) applier.apply(self) end @@ -291,27 +291,6 @@ class Puppet::SSL::CertificateAuthority end end - def fingerprint(name, md = :MD5) - unless cert = Puppet::SSL::Certificate.find(name) - raise ArgumentError, "Could not find a certificate for %s" % name - end - - require 'openssl/digest' - - # ruby 1.8.x openssl digest constants are string - # but in 1.9.x they are symbols - mds = md.to_s.upcase - if OpenSSL::Digest.constants.include?(mds) - md = mds - elsif OpenSSL::Digest.constants.include?(mds.to_sym) - md = mds.to_sym - else - raise ArgumentError, "#{md} is not a valid digest algorithm for fingerprinting certificate #{name}" - end - - OpenSSL::Digest.hexdigest(md, cert.content.to_der).scan(/../).join(':').upcase - end - # List the waiting certificate requests. def waiting? Puppet::SSL::CertificateRequest.search("*").collect { |r| r.name } diff --git a/lib/puppet/ssl/certificate_authority/interface.rb b/lib/puppet/ssl/certificate_authority/interface.rb index 0023808f2..3f91434e3 100644 --- a/lib/puppet/ssl/certificate_authority/interface.rb +++ b/lib/puppet/ssl/certificate_authority/interface.rb @@ -2,11 +2,11 @@ # on the CA. It's only used by the 'puppetca' executable, and its # job is to provide a CLI-like interface to the CA class. class Puppet::SSL::CertificateAuthority::Interface - INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify, :fingerprint] + INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify] class InterfaceError < ArgumentError; end - attr_reader :method, :subjects, :digest + attr_reader :method, :subjects # Actually perform the work. def apply(ca) @@ -38,10 +38,9 @@ class Puppet::SSL::CertificateAuthority::Interface end end - def initialize(method, options) + def initialize(method, subjects) self.method = method - self.subjects = options[:to] - @digest = options[:digest] || :MD5 + self.subjects = subjects end # List the hosts. @@ -68,9 +67,9 @@ class Puppet::SSL::CertificateAuthority::Interface invalid = details.to_s end if not invalid and signed.include?(host) - puts "+ #{host} (#{ca.fingerprint(host, @digest)})" + puts "+ " + host elsif invalid - puts "- #{host} (#{ca.fingerprint(host, @digest)}) (#{invalid})" + puts "- " + host + " (" + invalid + ")" else puts host end @@ -94,17 +93,6 @@ class Puppet::SSL::CertificateAuthority::Interface end end - # Print certificate information. - def fingerprint(ca) - (subjects == :all ? ca.list : subjects).each do |host| - if value = ca.fingerprint(host, @digest) - puts "#{host} #{value}" - else - Puppet.err "Could not find certificate for %s" % host - end - end - end - # Sign a given certificate. def sign(ca) list = subjects == :all ? ca.waiting? : subjects |