5 files changed, 49 insertions, 45 deletions

diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb
index 0c226ca6a..d65067c70 100644
--- a/lib/puppet/ssl/certificate_authority.rb
+++ b/lib/puppet/ssl/certificate_authority.rb
@@ -63,7 +63,7 @@ class Puppet::SSL::CertificateAuthority
     store = nil
     store = autosign_store(auto) if auto != true
 
-    Puppet::SSL::CertificateRequest.search("*").each do |csr|
+    Puppet::SSL::CertificateRequest.indirection.search("*").each do |csr|
       sign(csr.name) if auto == true or store.allowed?(csr.name, "127.1.1.1")
     end
   end
@@ -93,10 +93,10 @@ class Puppet::SSL::CertificateAuthority
   # Retrieve (or create, if necessary) the certificate revocation list.
   def crl
     unless defined?(@crl)
-      unless @crl = Puppet::SSL::CertificateRevocationList.find(Puppet::SSL::CA_NAME)
+      unless @crl = Puppet::SSL::CertificateRevocationList.indirection.find(Puppet::SSL::CA_NAME)
         @crl = Puppet::SSL::CertificateRevocationList.new(Puppet::SSL::CA_NAME)
         @crl.generate(host.certificate.content, host.key.content)
-        @crl.save
+        Puppet::SSL::CertificateRevocationList.indirection.save(@crl)
       end
     end
     @crl
@@ -109,7 +109,7 @@ class Puppet::SSL::CertificateAuthority
 
   # Generate a new certificate.
   def generate(name)
-    raise ArgumentError, "A Certificate already exists for #{name}" if Puppet::SSL::Certificate.find(name)
+    raise ArgumentError, "A Certificate already exists for #{name}" if Puppet::SSL::Certificate.indirection.find(name)
     host = Puppet::SSL::Host.new(name)
 
     host.generate_certificate_request
@@ -169,7 +169,7 @@ class Puppet::SSL::CertificateAuthority
 
   # List all signed certificates.
   def list
-    Puppet::SSL::Certificate.search("*").collect { |c| c.name }
+    Puppet::SSL::Certificate.indirection.search("*").collect { |c| c.name }
   end
 
   # Read the next serial from the serial file, and increment the
@@ -199,14 +199,14 @@ class Puppet::SSL::CertificateAuthority
 
   # Print a given host's certificate as text.
   def print(name)
-    (cert = Puppet::SSL::Certificate.find(name)) ? cert.to_text : nil
+    (cert = Puppet::SSL::Certificate.indirection.find(name)) ? cert.to_text : nil
   end
 
   # Revoke a given certificate.
   def revoke(name)
     raise ArgumentError, "Cannot revoke certificates when the CRL is disabled" unless crl
 
-    if cert = Puppet::SSL::Certificate.find(name)
+    if cert = Puppet::SSL::Certificate.indirection.find(name)
       serial = cert.content.serial
     elsif ! serial = inventory.serial(name)
       raise ArgumentError, "Could not find a serial number for #{name}"
@@ -229,7 +229,7 @@ class Puppet::SSL::CertificateAuthority
       csr = self_signing_csr
       issuer = csr.content
     else
-      unless csr = Puppet::SSL::CertificateRequest.find(hostname)
+      unless csr = Puppet::SSL::CertificateRequest.indirection.find(hostname)
         raise ArgumentError, "Could not find certificate request for #{hostname}"
       end
       issuer = host.certificate.content
@@ -248,17 +248,17 @@ class Puppet::SSL::CertificateAuthority
 
     # Save the now-signed cert.  This should get routed correctly depending
     # on the certificate type.
-    cert.save
+    Puppet::SSL::Certificate.indirection.save(cert)
 
     # And remove the CSR if this wasn't self signed.
-    Puppet::SSL::CertificateRequest.destroy(csr.name) unless self_signing_csr
+    Puppet::SSL::CertificateRequest.indirection.destroy(csr.name) unless self_signing_csr
 
     cert
   end
 
   # Verify a given host's certificate.
   def verify(name)
-    unless cert = Puppet::SSL::Certificate.find(name)
+    unless cert = Puppet::SSL::Certificate.indirection.find(name)
       raise ArgumentError, "Could not find a certificate for #{name}"
     end
     store = OpenSSL::X509::Store.new
@@ -271,7 +271,7 @@ class Puppet::SSL::CertificateAuthority
   end
 
   def fingerprint(name, md = :MD5)
-    unless cert = Puppet::SSL::Certificate.find(name) || Puppet::SSL::CertificateRequest.find(name)
+    unless cert = Puppet::SSL::Certificate.indirection.find(name) || Puppet::SSL::CertificateRequest.indirection.find(name)
       raise ArgumentError, "Could not find a certificate or csr for #{name}"
     end
     cert.fingerprint(md)
@@ -279,6 +279,6 @@ class Puppet::SSL::CertificateAuthority
 
   # List the waiting certificate requests.
   def waiting?
-    Puppet::SSL::CertificateRequest.search("*").collect { |r| r.name }
+    Puppet::SSL::CertificateRequest.indirection.search("*").collect { |r| r.name }
   end
 end
diff --git a/lib/puppet/ssl/certificate_request.rb b/lib/puppet/ssl/certificate_request.rb
index 2f6cae3f5..8c83339a1 100644
--- a/lib/puppet/ssl/certificate_request.rb
+++ b/lib/puppet/ssl/certificate_request.rb
@@ -5,7 +5,20 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
   wraps OpenSSL::X509::Request
 
   extend Puppet::Indirector
-  indirects :certificate_request, :terminus_class => :file
+
+  # If auto-signing is on, sign any certificate requests as they are saved.
+  module AutoSigner
+    def save(instance, key = nil)
+      super
+
+      # Try to autosign the CSR.
+      if ca = Puppet::SSL::CertificateAuthority.instance
+        ca.autosign
+      end
+    end
+  end
+
+  indirects :certificate_request, :terminus_class => :file, :extend => AutoSigner
 
   # Convert a string into an instance.
   def self.from_s(string)
@@ -46,13 +59,4 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
     Puppet.info "Certificate Request fingerprint (md5): #{fingerprint}"
     @content
   end
-
-  def save(args = {})
-    super()
-
-    # Try to autosign the CSR.
-    if ca = Puppet::SSL::CertificateAuthority.instance
-      ca.autosign
-    end
-  end
 end
diff --git a/lib/puppet/ssl/certificate_revocation_list.rb b/lib/puppet/ssl/certificate_revocation_list.rb
index 44e0a9e22..293f4b8c0 100644
--- a/lib/puppet/ssl/certificate_revocation_list.rb
+++ b/lib/puppet/ssl/certificate_revocation_list.rb
@@ -79,6 +79,6 @@ class Puppet::SSL::CertificateRevocationList < Puppet::SSL::Base
 
     @content.sign(cakey, OpenSSL::Digest::SHA1.new)
 
-    save
+    Puppet::SSL::CertificateRevocationList.indirection.save(self)
   end
 end
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb
index 8a6f0aa6d..7f71ced99 100644
--- a/lib/puppet/ssl/host.rb
+++ b/lib/puppet/ssl/host.rb
@@ -43,31 +43,31 @@ class Puppet::SSL::Host
 
   # Configure how our various classes interact with their various terminuses.
   def self.configure_indirection(terminus, cache = nil)
-    Certificate.terminus_class = terminus
-    CertificateRequest.terminus_class = terminus
-    CertificateRevocationList.terminus_class = terminus
+    Certificate.indirection.terminus_class = terminus
+    CertificateRequest.indirection.terminus_class = terminus
+    CertificateRevocationList.indirection.terminus_class = terminus
 
     if cache
       # This is weird; we don't actually cache our keys, we
       # use what would otherwise be the cache as our normal
       # terminus.
-      Key.terminus_class = cache
+      Key.indirection.terminus_class = cache
     else
-      Key.terminus_class = terminus
+      Key.indirection.terminus_class = terminus
     end
 
     if cache
-      Certificate.cache_class = cache
-      CertificateRequest.cache_class = cache
-      CertificateRevocationList.cache_class = cache
+      Certificate.indirection.cache_class = cache
+      CertificateRequest.indirection.cache_class = cache
+      CertificateRevocationList.indirection.cache_class = cache
     else
       # Make sure we have no cache configured.  puppet master
       # switches the configurations around a bit, so it's important
       # that we specify the configs for absolutely everything, every
       # time.
-      Certificate.cache_class = nil
-      CertificateRequest.cache_class = nil
-      CertificateRevocationList.cache_class = nil
+      Certificate.indirection.cache_class = nil
+      CertificateRequest.indirection.cache_class = nil
+      CertificateRevocationList.indirection.cache_class = nil
     end
   end
 
@@ -94,7 +94,7 @@ class Puppet::SSL::Host
 
   # Remove all traces of a given host
   def self.destroy(name)
-    [Key, Certificate, CertificateRequest].collect { |part| part.destroy(name) }.any? { |x| x }
+    [Key, Certificate, CertificateRequest].collect { |part| part.indirection.destroy(name) }.any? { |x| x }
   end
 
   # Search for more than one host, optionally only specifying
@@ -106,7 +106,7 @@ class Puppet::SSL::Host
 
     # Collect the results from each class, flatten them, collect all of the names, make the name list unique,
     # then create a Host instance for each one.
-    classlist.collect { |klass| klass.search }.flatten.collect { |r| r.name }.uniq.collect do |name|
+    classlist.collect { |klass| klass.indirection.search }.flatten.collect { |r| r.name }.uniq.collect do |name|
       new(name)
     end
   end
@@ -117,7 +117,7 @@ class Puppet::SSL::Host
   end
 
   def key
-    @key ||= Key.find(name)
+    @key ||= Key.indirection.find(name)
   end
 
   # This is the private key; we can create it from scratch
@@ -126,7 +126,7 @@ class Puppet::SSL::Host
     @key = Key.new(name)
     @key.generate
     begin
-      @key.save
+      Key.indirection.save(@key)
     rescue
       @key = nil
       raise
@@ -135,7 +135,7 @@ class Puppet::SSL::Host
   end
 
   def certificate_request
-    @certificate_request ||= CertificateRequest.find(name)
+    @certificate_request ||= CertificateRequest.indirection.find(name)
   end
 
   # Our certificate request requires the key but that's all.
@@ -144,7 +144,7 @@ class Puppet::SSL::Host
     @certificate_request = CertificateRequest.new(name)
     @certificate_request.generate(key.content)
     begin
-      @certificate_request.save
+      CertificateRequest.indirection.save(@certificate_request)
     rescue
       @certificate_request = nil
       raise
@@ -159,8 +159,8 @@ class Puppet::SSL::Host
 
       # get the CA cert first, since it's required for the normal cert
       # to be of any use.
-      return nil unless Certificate.find("ca") unless ca?
-      return nil unless @certificate = Certificate.find(name)
+      return nil unless Certificate.indirection.find("ca") unless ca?
+      return nil unless @certificate = Certificate.indirection.find(name)
 
       unless certificate_matches_key?
         raise Puppet::Error, "Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key"
@@ -212,7 +212,7 @@ class Puppet::SSL::Host
       @ssl_store.add_file(Puppet[:localcacert])
 
       # If there's a CRL, add it to our store.
-      if crl = Puppet::SSL::CertificateRevocationList.find(CA_NAME)
+      if crl = Puppet::SSL::CertificateRevocationList.indirection.find(CA_NAME)
         @ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK if Puppet.settings[:certificate_revocation]
         @ssl_store.add_crl(crl.content)
       end
diff --git a/lib/puppet/ssl/inventory.rb b/lib/puppet/ssl/inventory.rb
index b2b402a53..e094da100 100644
--- a/lib/puppet/ssl/inventory.rb
+++ b/lib/puppet/ssl/inventory.rb
@@ -36,7 +36,7 @@ class Puppet::SSL::Inventory
       f.print "# Inventory of signed certificates\n# SERIAL NOT_BEFORE NOT_AFTER SUBJECT\n"
     end
 
-    Puppet::SSL::Certificate.search("*").each { |cert| add(cert) }
+    Puppet::SSL::Certificate.indirection.search("*").each { |cert| add(cert) }
   end
 
   # Find the serial number for a given certificate.