First stage of cert refactoring: Private

keys kind of work.
author: Luke Kanies <luke@madstop.com> 2008-03-07 15:31:15 -0700
committer: Luke Kanies <luke@madstop.com> 2008-04-15 21:34:02 -0500
commit: 4ca6fd3e476dbc582ebc69f5fdf9709a8703613b (patch)
tree: bf151bc9c852184b98a7a7c5f923c5063eb02421 /lib
parent: ef7d914aee89b6ea023f030350d04923a7b63fd2 (diff)
download: puppet-4ca6fd3e476dbc582ebc69f5fdf9709a8703613b.tar.gz
puppet-4ca6fd3e476dbc582ebc69f5fdf9709a8703613b.tar.xz
puppet-4ca6fd3e476dbc582ebc69f5fdf9709a8703613b.zip
2 files changed, 72 insertions, 0 deletions
diff --git a/lib/puppet/indirector/key/file.rb b/lib/puppet/indirector/key/file.rb
new file mode 100644
index 000000000..47152ee08
--- /dev/null
+++ b/lib/puppet/indirector/key/file.rb
@@ -0,0 +1,51 @@
+require 'puppet/indirector/file'
+require 'puppet/ssl/key'
+
+class Puppet::SSL::Key::File < Puppet::Indirector::File
+    desc "Manage SSL private and public keys on disk."
+
+    # Is this key a CA key?
+    def ca_key?(key)
+        key.name == :ca
+    end
+
+    def path(name)
+        if name == :ca
+            Puppet.settings[:cakey]
+        else
+            File.join(Puppet.settings[:privatekeydir], name.to_s + ".pem")
+        end
+    end
+
+    def public_key_path(name)
+        if name == :ca
+            Puppet.settings[:capub]
+        else
+            File.join(Puppet.settings[:publickeydir], name.to_s + ".pem")
+        end
+    end
+
+    def save(key)
+        return save_ca_key(key) if ca_key?(key)
+
+        # Save the private key
+        File.open(path(key.name), "w") { |f| f.print key.to_pem }
+
+        # Now save the public key
+        File.open(public_key_path(name), "w") { |f| f.print key.to_pem }
+    end
+
+    def find(name)
+        return find_ca_key(key) if ca_key?(key)
+
+        return nil unless FileTest.exist?(path(name))
+        OpenSSL::PKey::RSA.new(File.read(path(name)))
+    end
+
+    def destroy(name)
+        return find_ca_key(key) if ca_key?(key)
+
+        return nil unless FileTest.exist?(path(name))
+        File.unlink(path(name)) and true
+    end
+end
diff --git a/lib/puppet/ssl/key.rb b/lib/puppet/ssl/key.rb
new file mode 100644
index 000000000..69a09f1a8
--- /dev/null
+++ b/lib/puppet/ssl/key.rb
@@ -0,0 +1,21 @@
+require 'puppet/ssl'
+require 'puppet/indirector'
+
+# Manage private and public keys as a pair.
+class Puppet::SSL::Key # :nodoc:
+    extend Puppet::Indirector
+
+    indirects :key #, :terminus_class => :file
+
+    attr_accessor :name, :content
+
+    # Knows how to create keys with our system defaults.
+    def generate
+        Puppet.info "Creating a new SSL key for %s" % name
+        @content = OpenSSL::PKey::RSA.new(Puppet[:keylength])
+    end
+
+    def initialize(name)
+        @name = name
+    end
+end
author	Luke Kanies <luke@madstop.com>	2008-03-07 15:31:15 -0700
committer	Luke Kanies <luke@madstop.com>	2008-04-15 21:34:02 -0500
commit	4ca6fd3e476dbc582ebc69f5fdf9709a8703613b (patch)
tree	bf151bc9c852184b98a7a7c5f923c5063eb02421 /lib
parent	ef7d914aee89b6ea023f030350d04923a7b63fd2 (diff)
download	puppet-4ca6fd3e476dbc582ebc69f5fdf9709a8703613b.tar.gz puppet-4ca6fd3e476dbc582ebc69f5fdf9709a8703613b.tar.xz puppet-4ca6fd3e476dbc582ebc69f5fdf9709a8703613b.zip