diff options
| author | Luke Kanies <luke@madstop.com> | 2008-03-19 17:30:39 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-04-15 21:34:05 -0500 |
| commit | ee07d0b7f198857f700b9ad09713fe6b992ffee8 (patch) | |
| tree | 48b5606de64d9c315d56ef1fc0c797045a762188 /lib/puppet | |
| parent | dc5c73bc72810bf63236581cdc9407b039ea135d (diff) | |
| download | puppet-ee07d0b7f198857f700b9ad09713fe6b992ffee8.tar.gz puppet-ee07d0b7f198857f700b9ad09713fe6b992ffee8.tar.xz puppet-ee07d0b7f198857f700b9ad09713fe6b992ffee8.zip | |
Adding tests for the certificate serial numbers
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/ssl/certificate_authority.rb | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb index 971a9965e..19887c70b 100644 --- a/lib/puppet/ssl/certificate_authority.rb +++ b/lib/puppet/ssl/certificate_authority.rb @@ -61,28 +61,28 @@ class Puppet::SSL::CertificateAuthority < Puppet::SSL::Host end # Sign a given certificate request. - def sign(host, cert_type = :service, self_signed = false) - # This is only used by the CA for self-signing. - if host.is_a?(Puppet::SSL::CertificateRequest) - csr = host - host = csr.name + def sign(host, cert_type = :server, self_signing_csr = nil) + + # This is a self-signed certificate + if self_signing_csr + csr = self_signing_csr issuer = csr.content else + raise ArgumentError, "Cannot find CA certificate; cannot sign certificate for %s" % host unless certificate unless csr = Puppet::SSL::CertificateRequest.find(host, :in => :ca_file) - raise Puppet::Error, "Could not find certificate request for %s" % host + raise ArgumentError, "Could not find certificate request for %s" % host end issuer = certificate.content end - raise Puppet::Error, "Certificate request for #{host} does not match its own public key" unless csr.content.verify(csr.content.public_key) - raise ArgumentError, "Cannot find CA certificate; cannot sign certificate for %s" % host unless self_signed or certificate - cert = Puppet::SSL::Certificate.new(host) cert.content = Puppet::SSL::CertificateFactory.new(cert_type, csr.content, issuer, next_serial).result # Save the now-signed cert, unless it's a self-signed cert, since we # assume it goes somewhere else. - cert.save(:in => :ca_file) unless self_signed + cert.save(:in => :ca_file) unless self_signing_csr + + return cert end # Do all of the initialization necessary to set up our |