diff options
Diffstat (limited to 'lib/puppet/sslcertificates')
| -rw-r--r-- | lib/puppet/sslcertificates/ca.rb | 40 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/certificate.rb | 64 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/inventory.rb | 4 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/support.rb | 8 |
4 files changed, 29 insertions, 87 deletions
diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb index c2ed7349f..22e14b9b9 100644 --- a/lib/puppet/sslcertificates/ca.rb +++ b/lib/puppet/sslcertificates/ca.rb @@ -63,9 +63,7 @@ class Puppet::SSLCertificates::CA @config[:password] = self.getpass else # Don't create a password if the cert already exists - unless FileTest.exists?(@config[:cacert]) - @config[:password] = self.genpass - end + @config[:password] = self.genpass unless FileTest.exists?(@config[:cacert]) end end @@ -114,9 +112,7 @@ class Puppet::SSLCertificates::CA # Retrieve a client's CSR. def getclientcsr(host) csrfile = host2csrfile(host) - unless File.exists?(csrfile) - return nil - end + return nil unless File.exists?(csrfile) return OpenSSL::X509::Request.new(File.read(csrfile)) end @@ -124,9 +120,7 @@ class Puppet::SSLCertificates::CA # Retrieve a client's certificate. def getclientcert(host) certfile = host2certfile(host) - unless File.exists?(certfile) - return [nil, nil] - end + return [nil, nil] unless File.exists?(certfile) return [OpenSSL::X509::Certificate.new(File.read(certfile)), @cert] end @@ -186,9 +180,7 @@ class Puppet::SSLCertificates::CA def removeclientcsr(host) csrfile = host2csrfile(host) - unless File.exists?(csrfile) - raise Puppet::Error, "No certificate request for #{host}" - end + raise Puppet::Error, "No certificate request for #{host}" unless File.exists?(csrfile) File.unlink(csrfile) end @@ -226,14 +218,10 @@ class Puppet::SSLCertificates::CA hash.delete(:password) end - if hash.length > 0 - raise ArgumentError, "Unknown parameters #{hash.keys.join(",")}" - end + raise ArgumentError, "Unknown parameters #{hash.keys.join(",")}" if hash.length > 0 [:cadir, :csrdir, :signeddir].each { |dir| - unless @config[dir] - raise Puppet::DevError, "#{dir} is undefined" - end + raise Puppet::DevError, "#{dir} is undefined" unless @config[dir] } end @@ -244,9 +232,7 @@ class Puppet::SSLCertificates::CA "CA#sign only accepts OpenSSL::X509::Request objects, not #{csr.class}" end - unless csr.verify(csr.public_key) - raise Puppet::Error, "CSR sign verification failed" - end + raise Puppet::Error, "CSR sign verification failed" unless csr.verify(csr.public_key) serial = nil Puppet.settings.readwritelock(:serial) { |f| @@ -282,9 +268,7 @@ class Puppet::SSLCertificates::CA host = thing2name(csr) csrfile = host2csrfile(host) - if File.exists?(csrfile) - raise Puppet::Error, "Certificate request for #{host} already exists" - end + raise Puppet::Error, "Certificate request for #{host} already exists" if File.exists?(csrfile) Puppet.settings.writesub(:csrdir, csrfile) do |f| f.print csr.to_pem @@ -296,9 +280,7 @@ class Puppet::SSLCertificates::CA host = thing2name(cert) certfile = host2certfile(host) - if File.exists?(certfile) - Puppet.notice "Overwriting signed certificate #{certfile} for #{host}" - end + Puppet.notice "Overwriting signed certificate #{certfile} for #{host}" if File.exists?(certfile) Puppet::SSLCertificates::Inventory::add(cert) Puppet.settings.writesub(:signeddir, certfile) do |f| @@ -391,9 +373,7 @@ class Puppet::SSLCertificates::CA ) end - unless @cert.check_private_key(cakey) - raise Puppet::Error, "CA Certificate is invalid" - end + raise Puppet::Error, "CA Certificate is invalid" unless @cert.check_private_key(cakey) signable.sign(cakey, digest) end diff --git a/lib/puppet/sslcertificates/certificate.rb b/lib/puppet/sslcertificates/certificate.rb index 8df7605d7..11276bfeb 100644 --- a/lib/puppet/sslcertificates/certificate.rb +++ b/lib/puppet/sslcertificates/certificate.rb @@ -20,15 +20,11 @@ class Puppet::SSLCertificates::Certificate def delete [@certfile,@keyfile].each { |file| - if FileTest.exists?(file) - File.unlink(file) - end + File.unlink(file) if FileTest.exists?(file) } if defined?(@hash) and @hash - if FileTest.symlink?(@hash) - File.unlink(@hash) - end + File.unlink(@hash) if FileTest.symlink?(@hash) end end @@ -37,9 +33,7 @@ class Puppet::SSLCertificates::Certificate end def getkey - unless FileTest.exists?(@keyfile) - self.mkkey() - end + self.mkkey() unless FileTest.exists?(@keyfile) if @password @key = OpenSSL::PKey::RSA.new( @@ -56,9 +50,7 @@ class Puppet::SSLCertificates::Certificate end def initialize(hash) - unless hash.include?(:name) - raise Puppet::Error, "You must specify the common name for the certificate" - end + raise Puppet::Error, "You must specify the common name for the certificate" unless hash.include?(:name) @name = hash[:name] # init a few variables @@ -74,9 +66,7 @@ class Puppet::SSLCertificates::Certificate @cacertfile ||= File.join(Puppet[:certdir], "ca.pem") - unless FileTest.directory?(@dir) - Puppet.recmkdir(@dir) - end + Puppet.recmkdir(@dir) unless FileTest.directory?(@dir) unless @certfile =~ /\.pem$/ @certfile += ".pem" @@ -84,16 +74,12 @@ class Puppet::SSLCertificates::Certificate @keyfile = hash[:key] || File.join( Puppet[:privatekeydir], [@name,"pem"].join(".") ) - unless FileTest.directory?(@dir) - Puppet.recmkdir(@dir) - end + Puppet.recmkdir(@dir) unless FileTest.directory?(@dir) [@keyfile].each { |file| dir = File.dirname(file) - unless FileTest.directory?(dir) - Puppet.recmkdir(dir) - end + Puppet.recmkdir(dir) unless FileTest.directory?(dir) } @ttl = hash[:ttl] || 365 * 24 * 60 * 60 @@ -114,9 +100,7 @@ class Puppet::SSLCertificates::Certificate @params = {:name => @name} [:state, :country, :email, :org, :ou].each { |param| - if hash.include?(param) - @params[param] = hash[param] - end + @params[param] = hash[param] if hash.include?(param) } if @encrypt @@ -140,9 +124,7 @@ class Puppet::SSLCertificates::Certificate # this only works for servers, not for users def mkcsr - unless defined?(@key) and @key - self.getkey - end + self.getkey unless defined?(@key) and @key name = OpenSSL::X509::Name.new self.subject @@ -156,9 +138,7 @@ class Puppet::SSLCertificates::Certificate # f << @csr.to_pem #} - unless @csr.verify(@key.public_key) - raise Puppet::Error, "CSR sign verification failed" - end + raise Puppet::Error, "CSR sign verification failed" unless @csr.verify(@key.public_key) return @csr end @@ -202,13 +182,9 @@ class Puppet::SSLCertificates::Certificate end def mkselfsigned - unless defined?(@key) and @key - self.getkey - end + self.getkey unless defined?(@key) and @key - if defined?(@cert) and @cert - raise Puppet::Error, "Cannot replace existing certificate" - end + raise Puppet::Error, "Cannot replace existing certificate" if defined?(@cert) and @cert args = { :name => self.certname, @@ -231,9 +207,7 @@ class Puppet::SSLCertificates::Certificate def subject(string = false) subj = @@params2names.collect { |param, name| - if @params.include?(param) - [name, @params[param]] - end + [name, @params[param]] if @params.include?(param) }.reject { |ary| ary.nil? } if string @@ -255,15 +229,11 @@ class Puppet::SSLCertificates::Certificate @certfile => @cert, @keyfile => @key, } - if defined?(@cacert) - files[@cacertfile] = @cacert - end + files[@cacertfile] = @cacert if defined?(@cacert) files.each { |file,thing| if defined?(thing) and thing - if FileTest.exists?(file) - next - end + next if FileTest.exists?(file) text = nil @@ -283,9 +253,7 @@ class Puppet::SSLCertificates::Certificate end } - if defined?(@cacert) - SSLCertificates.mkhash(Puppet[:certdir], @cacert, @cacertfile) - end + SSLCertificates.mkhash(Puppet[:certdir], @cacert, @cacertfile) if defined?(@cacert) end end diff --git a/lib/puppet/sslcertificates/inventory.rb b/lib/puppet/sslcertificates/inventory.rb index b86ee0b90..13f4e7f6a 100644 --- a/lib/puppet/sslcertificates/inventory.rb +++ b/lib/puppet/sslcertificates/inventory.rb @@ -8,9 +8,7 @@ module Puppet::SSLCertificates # certificates that have been signed so far def self.add(cert) inited = false - if FileTest.exists?(Puppet[:cert_inventory]) - inited = true - end + inited = true if FileTest.exists?(Puppet[:cert_inventory]) Puppet.settings.write(:cert_inventory, "a") do |f| f.puts((inited ? nil : self.init).to_s + format(cert)) diff --git a/lib/puppet/sslcertificates/support.rb b/lib/puppet/sslcertificates/support.rb index fc40d3538..a32d9f00e 100644 --- a/lib/puppet/sslcertificates/support.rb +++ b/lib/puppet/sslcertificates/support.rb @@ -92,9 +92,7 @@ module Puppet::SSLCertificates::Support begin cert, cacert = caclient.getcert(@csr.to_pem) rescue => detail - if Puppet[:trace] - puts detail.backtrace - end + puts detail.backtrace if Puppet[:trace] raise Puppet::Error.new("Certificate retrieval failed: #{detail}") end @@ -115,9 +113,7 @@ module Puppet::SSLCertificates::Support ) end - unless @cert.check_private_key(@key) - raise Puppet::DevError, "Received invalid certificate" - end + raise Puppet::DevError, "Received invalid certificate" unless @cert.check_private_key(@key) return retrieved end |