diff options
| author | Luke Kanies <luke@madstop.com> | 2008-03-07 15:31:15 -0700 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-04-15 21:34:02 -0500 |
| commit | 4ca6fd3e476dbc582ebc69f5fdf9709a8703613b (patch) | |
| tree | bf151bc9c852184b98a7a7c5f923c5063eb02421 /lib | |
| parent | ef7d914aee89b6ea023f030350d04923a7b63fd2 (diff) | |
| download | puppet-4ca6fd3e476dbc582ebc69f5fdf9709a8703613b.tar.gz puppet-4ca6fd3e476dbc582ebc69f5fdf9709a8703613b.tar.xz puppet-4ca6fd3e476dbc582ebc69f5fdf9709a8703613b.zip | |
First stage of cert refactoring: Private
keys kind of work.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet/indirector/key/file.rb | 51 | ||||
| -rw-r--r-- | lib/puppet/ssl/key.rb | 21 |
2 files changed, 72 insertions, 0 deletions
diff --git a/lib/puppet/indirector/key/file.rb b/lib/puppet/indirector/key/file.rb new file mode 100644 index 000000000..47152ee08 --- /dev/null +++ b/lib/puppet/indirector/key/file.rb @@ -0,0 +1,51 @@ +require 'puppet/indirector/file' +require 'puppet/ssl/key' + +class Puppet::SSL::Key::File < Puppet::Indirector::File + desc "Manage SSL private and public keys on disk." + + # Is this key a CA key? + def ca_key?(key) + key.name == :ca + end + + def path(name) + if name == :ca + Puppet.settings[:cakey] + else + File.join(Puppet.settings[:privatekeydir], name.to_s + ".pem") + end + end + + def public_key_path(name) + if name == :ca + Puppet.settings[:capub] + else + File.join(Puppet.settings[:publickeydir], name.to_s + ".pem") + end + end + + def save(key) + return save_ca_key(key) if ca_key?(key) + + # Save the private key + File.open(path(key.name), "w") { |f| f.print key.to_pem } + + # Now save the public key + File.open(public_key_path(name), "w") { |f| f.print key.to_pem } + end + + def find(name) + return find_ca_key(key) if ca_key?(key) + + return nil unless FileTest.exist?(path(name)) + OpenSSL::PKey::RSA.new(File.read(path(name))) + end + + def destroy(name) + return find_ca_key(key) if ca_key?(key) + + return nil unless FileTest.exist?(path(name)) + File.unlink(path(name)) and true + end +end diff --git a/lib/puppet/ssl/key.rb b/lib/puppet/ssl/key.rb new file mode 100644 index 000000000..69a09f1a8 --- /dev/null +++ b/lib/puppet/ssl/key.rb @@ -0,0 +1,21 @@ +require 'puppet/ssl' +require 'puppet/indirector' + +# Manage private and public keys as a pair. +class Puppet::SSL::Key # :nodoc: + extend Puppet::Indirector + + indirects :key #, :terminus_class => :file + + attr_accessor :name, :content + + # Knows how to create keys with our system defaults. + def generate + Puppet.info "Creating a new SSL key for %s" % name + @content = OpenSSL::PKey::RSA.new(Puppet[:keylength]) + end + + def initialize(name) + @name = name + end +end |
