diff options
Diffstat (limited to 'lib/puppet')
| -rwxr-xr-x | lib/puppet/sslcertificates.rb | 1 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/ca.rb | 1 | ||||
| -rw-r--r-- | lib/puppet/sslcertificates/inventory.rb | 49 |
3 files changed, 51 insertions, 0 deletions
diff --git a/lib/puppet/sslcertificates.rb b/lib/puppet/sslcertificates.rb index a003c6551..4df8df71e 100755 --- a/lib/puppet/sslcertificates.rb +++ b/lib/puppet/sslcertificates.rb @@ -154,6 +154,7 @@ module Puppet::SSLCertificates return hashpath end require 'puppet/sslcertificates/certificate' + require 'puppet/sslcertificates/inventory' require 'puppet/sslcertificates/ca' end diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb index 89b7b183c..1574a6e73 100644 --- a/lib/puppet/sslcertificates/ca.rb +++ b/lib/puppet/sslcertificates/ca.rb @@ -346,6 +346,7 @@ class Puppet::SSLCertificates::CA [certfile, host] end + Puppet::SSLCertificates::Inventory::add(cert) Puppet.config.writesub(:signeddir, certfile) do |f| f.print cert.to_pem end diff --git a/lib/puppet/sslcertificates/inventory.rb b/lib/puppet/sslcertificates/inventory.rb new file mode 100644 index 000000000..f3f790906 --- /dev/null +++ b/lib/puppet/sslcertificates/inventory.rb @@ -0,0 +1,49 @@ +# A module for keeping track of all the certificates issued by the CA, ever +# Maintains the file "$cadir/inventory.txt" +module Puppet::SSLCertificates + module Inventory + + # Add CERT to the inventory of issued certs in '$cadir/inventory.txt' + # If no inventory exists yet, build an inventory and list all the + # certificates that have been signed so far + def Inventory.add(cert) + f = open + format(f, cert) + f.close() + end + + def Inventory.filename + File::join(Puppet[:cadir], "inventory.txt") + end + + private + def Inventory.open + if File::exist?(filename) + File::open(filename, "a") + else + init + end + end + + def Inventory.init + if File::exist?(filename) + raise Puppet::Error, + "Inventory file #{filename} already exists" + end + inv = File.open(filename, "w") + inv.puts "# Inventory of signed certificates" + Dir.glob(File::join(Puppet[:signeddir], "*.pem")) do |f| + format(inv, OpenSSL::X509::Certificate.new(File::read(f))) + end + return inv + end + + def Inventory.format(f, cert) + iso = '%Y-%m-%dT%H:%M:%S%Z' + f.puts "0x%04x %s %s %s" % [cert.serial, + cert.not_before.strftime(iso), + cert.not_after.strftime(iso), + cert.subject] + end + end +end |