The basics for the certificate and certificate request

indirection terminii are done.  I need to move most of
the test code to a shared behaviour now.

7 files changed, 127 insertions, 38 deletions

diff --git a/lib/puppet/indirector/certificate/file.rb b/lib/puppet/indirector/certificate/file.rb
new file mode 100644
index 000000000..9e2e8ed99
--- /dev/null
+++ b/lib/puppet/indirector/certificate/file.rb
@@ -0,0 +1,8 @@
+require 'puppet/indirector/ssl_file'
+require 'puppet/ssl/certificate'
+
+class Puppet::SSL::Certificate::File < Puppet::Indirector::SslFile
+    desc "Manage SSL certificates on disk."
+
+    store_in :certdir
+end
diff --git a/lib/puppet/indirector/key/file.rb b/lib/puppet/indirector/key/file.rb
index 47152ee08..d4f39ac2e 100644
--- a/lib/puppet/indirector/key/file.rb
+++ b/lib/puppet/indirector/key/file.rb
@@ -4,11 +4,6 @@ require 'puppet/ssl/key'
 class Puppet::SSL::Key::File < Puppet::Indirector::File
     desc "Manage SSL private and public keys on disk."
 
-    # Is this key a CA key?
-    def ca_key?(key)
-        key.name == :ca
-    end
-
     def path(name)
         if name == :ca
             Puppet.settings[:cakey]
@@ -26,8 +21,6 @@ class Puppet::SSL::Key::File < Puppet::Indirector::File
     end
 
     def save(key)
-        return save_ca_key(key) if ca_key?(key)
-
         # Save the private key
         File.open(path(key.name), "w") { |f| f.print key.to_pem }
 
@@ -36,15 +29,11 @@ class Puppet::SSL::Key::File < Puppet::Indirector::File
     end
 
     def find(name)
-        return find_ca_key(key) if ca_key?(key)
-
         return nil unless FileTest.exist?(path(name))
         OpenSSL::PKey::RSA.new(File.read(path(name)))
     end
 
     def destroy(name)
-        return find_ca_key(key) if ca_key?(key)
-
         return nil unless FileTest.exist?(path(name))
         File.unlink(path(name)) and true
     end
diff --git a/lib/puppet/indirector/ssl_file.rb b/lib/puppet/indirector/ssl_file.rb
new file mode 100644
index 000000000..50e9eb8df
--- /dev/null
+++ b/lib/puppet/indirector/ssl_file.rb
@@ -0,0 +1,66 @@
+require 'puppet/indirector/file'
+
+class Puppet::Indirector::SslFile < Puppet::Indirector::Terminus
+    def self.store_in(setting)
+        @directory_setting = setting
+    end
+
+    class << self
+        attr_reader :directory_setting
+    end
+
+    def self.collection_directory
+        raise(Puppet::DevError, "No setting defined for %s" % self) unless @directory_setting
+        Puppet.settings[@directory_setting]
+    end
+
+    def initialize
+        Puppet.settings.use(:ssl)
+    end
+
+    # Use a setting to determine our path.
+    def path(name)
+        File.join(collection_directory, name.to_s + ".pem")
+    end
+
+    def destroy(file)
+        path = path(file.name)
+        raise Puppet::Error.new("File %s does not exist; cannot destroy" % [file]) unless FileTest.exist?(path)
+
+        begin
+            File.unlink(path)
+        rescue => detail
+            raise Puppet::Error, "Could not remove %s: %s" % [file, detail]
+        end
+    end
+
+    def find(name)
+        path = path(name)
+
+        return nil unless FileTest.exist?(path)
+
+        result = model.new(name)
+        result.read(path)
+        result
+    end
+
+    def save(file)
+        path = path(file.name)
+        dir = File.dirname(path)
+
+        raise Puppet::Error.new("Cannot save %s; parent directory %s does not exist" % [file, dir]) unless FileTest.directory?(dir)
+        raise Puppet::Error.new("Cannot save %s; parent directory %s does not exist" % [file, dir]) unless FileTest.writable?(dir)
+
+        begin
+            File.open(path, "w") { |f| f.print file.to_s }
+        rescue => detail
+            raise Puppet::Error, "Could not write %s: %s" % [file, detail]
+        end
+    end
+
+    private
+
+    def collection_directory
+        self.class.collection_directory
+    end
+end
diff --git a/lib/puppet/ssl/base.rb b/lib/puppet/ssl/base.rb
new file mode 100644
index 000000000..87cbea4b5
--- /dev/null
+++ b/lib/puppet/ssl/base.rb
@@ -0,0 +1,40 @@
+require 'puppet/ssl'
+
+# The base class for wrapping SSL instances.
+class Puppet::SSL::Base
+    def self.wraps(klass)
+        @wrapped_class = klass
+    end
+
+    def self.wrapped_class
+        raise(Puppet::DevError, "%s has not declared what class it wraps" % self) unless defined?(@wrapped_class)
+        @wrapped_class
+    end
+
+    attr_accessor :name, :content
+
+    def generate
+        raise Puppet::DevError, "%s did not override 'generate'" % self.class
+    end
+
+    def initialize(name)
+        @name = name
+    end
+
+    # Read content from disk appropriately.
+    def read(path)
+        @content = wrapped_class.new(File.read(path))
+    end
+
+    # Convert our thing to pem.
+    def to_s
+        return "" unless content
+        content.to_pem
+    end
+
+    private
+
+    def wrapped_class
+        self.class.wrapped_class
+    end
+end
diff --git a/lib/puppet/ssl/certificate.rb b/lib/puppet/ssl/certificate.rb
index 7a5f97452..9a89b4530 100644
--- a/lib/puppet/ssl/certificate.rb
+++ b/lib/puppet/ssl/certificate.rb
@@ -1,19 +1,15 @@
-require 'puppet/ssl'
+require 'puppet/ssl/base'
 
 # The class that manages all aspects of our SSL certificates --
 # private keys, public keys, requests, etc.
-class Puppet::SSL::Certificate
-    extend Puppet::Indirector
+class Puppet::SSL::Certificate < Puppet::SSL::Base
+    # This is defined from the base class
+    wraps OpenSSL::X509::Certificate
 
+    extend Puppet::Indirector
     indirects :certificate #, :terminus_class => :file
 
-    attr_accessor :name, :content
-
     def generate
         raise Puppet::DevError, "Cannot generate certificates directly; they must be generated during signing"
     end
-
-    def initialize(name)
-        @name = name
-    end
 end
diff --git a/lib/puppet/ssl/certificate_request.rb b/lib/puppet/ssl/certificate_request.rb
index ce3aff477..67f0f23c6 100644
--- a/lib/puppet/ssl/certificate_request.rb
+++ b/lib/puppet/ssl/certificate_request.rb
@@ -1,13 +1,12 @@
-require 'puppet/ssl'
+require 'puppet/ssl/base'
 
 # This constant just exists for us to use for adding our request terminii.
-class Puppet::SSL::CertificateRequest # :nodoc:
-    extend Puppet::Indirector
+class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
+    wraps OpenSSL::X509::Request
 
+    extend Puppet::Indirector
     indirects :certificate_request #, :terminus_class => :file
 
-    attr_reader :name, :content
-
     # How to create a certificate request with our system defaults.
     def generate(key)
         Puppet.info "Creating a new SSL certificate request for %s" % name
@@ -20,8 +19,4 @@ class Puppet::SSL::CertificateRequest # :nodoc:
 
         @content = csr
     end
-
-    def initialize(name)
-        @name = name
-    end
 end
diff --git a/lib/puppet/ssl/key.rb b/lib/puppet/ssl/key.rb
index 0a207f320..18bf2a4cb 100644
--- a/lib/puppet/ssl/key.rb
+++ b/lib/puppet/ssl/key.rb
@@ -1,21 +1,16 @@
-require 'puppet/ssl'
+require 'puppet/ssl/base'
 require 'puppet/indirector'
 
 # Manage private and public keys as a pair.
-class Puppet::SSL::Key
-    extend Puppet::Indirector
+class Puppet::SSL::Key < Puppet::SSL::Base
+    wraps OpenSSL::PKey::RSA
 
+    extend Puppet::Indirector
     indirects :key #, :terminus_class => :file
 
-    attr_accessor :name, :content
-
     # Knows how to create keys with our system defaults.
     def generate
         Puppet.info "Creating a new SSL key for %s" % name
         @content = OpenSSL::PKey::RSA.new(Puppet[:keylength])
     end
-
-    def initialize(name)
-        @name = name
-    end
 end