summaryrefslogtreecommitdiffstats
path: root/lib/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'lib/puppet')
-rw-r--r--lib/puppet/ssl.rb3
-rw-r--r--lib/puppet/ssl/certificate.rb19
-rw-r--r--lib/puppet/ssl/certificate_authority.rb5
-rw-r--r--lib/puppet/ssl/host.rb62
-rw-r--r--lib/puppet/ssl/key.rb2
5 files changed, 90 insertions, 1 deletions
diff --git a/lib/puppet/ssl.rb b/lib/puppet/ssl.rb
new file mode 100644
index 000000000..ae8f0abea
--- /dev/null
+++ b/lib/puppet/ssl.rb
@@ -0,0 +1,3 @@
+# Just to make the constants work out.
+module Puppet::SSL # :nodoc:
+end
diff --git a/lib/puppet/ssl/certificate.rb b/lib/puppet/ssl/certificate.rb
new file mode 100644
index 000000000..7a5f97452
--- /dev/null
+++ b/lib/puppet/ssl/certificate.rb
@@ -0,0 +1,19 @@
+require 'puppet/ssl'
+
+# The class that manages all aspects of our SSL certificates --
+# private keys, public keys, requests, etc.
+class Puppet::SSL::Certificate
+ extend Puppet::Indirector
+
+ indirects :certificate #, :terminus_class => :file
+
+ attr_accessor :name, :content
+
+ def generate
+ raise Puppet::DevError, "Cannot generate certificates directly; they must be generated during signing"
+ end
+
+ def initialize(name)
+ @name = name
+ end
+end
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb
new file mode 100644
index 000000000..63bce6088
--- /dev/null
+++ b/lib/puppet/ssl/certificate_authority.rb
@@ -0,0 +1,5 @@
+require 'puppet/ssl'
+
+# The class that knows how to sign certificates.
+class Puppet::SSL::CertificateAuthority
+end
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb
new file mode 100644
index 000000000..8df9ef385
--- /dev/null
+++ b/lib/puppet/ssl/host.rb
@@ -0,0 +1,62 @@
+require 'puppet/ssl'
+require 'puppet/ssl/key'
+require 'puppet/ssl/certificate'
+require 'puppet/ssl/certificate_request'
+
+# The class that manages all aspects of our SSL certificates --
+# private keys, public keys, requests, etc.
+class Puppet::SSL::Host
+ # Yay, ruby's strange constant lookups.
+ Key = Puppet::SSL::Key
+ CertificateRequest = Puppet::SSL::CertificateRequest
+ Certificate = Puppet::SSL::Certificate
+
+ attr_reader :name
+
+ # Read our cert if necessary, fail if we can't find it (since it should
+ # be created by someone else and returned through 'find').
+ def certificate
+ unless @certificate ||= Certificate.find(name)
+ Certificate.new(name).generate # throws an exception
+ end
+ @certificate
+ end
+
+ # Read or create, then return, our certificate request.
+ def certificate_request
+ unless @certificate_request ||= CertificateRequest.find(name)
+ @certificate_request = CertificateRequest.new(name)
+ @certificate_request.generate(key)
+ @certificate_request.save
+ end
+ @certificate_request
+ end
+
+ # Remove all traces of this ssl host
+ def destroy
+ [key, certificate, certificate_request].each do |instance|
+ instance.class.destroy(instance) if instance
+ end
+ end
+
+ # Read or create, then return, our key. The public key is part
+ # of the private key.
+ def key
+ unless @key ||= Key.find(name)
+ @key = Key.new(name)
+ @key.generate
+ @key.save
+ end
+ @key
+ end
+
+ def initialize(name)
+ @name = name
+ @key = @certificate = @certificate_request = nil
+ end
+
+ # Extract the public key from the private key.
+ def public_key
+ key.public_key
+ end
+end
diff --git a/lib/puppet/ssl/key.rb b/lib/puppet/ssl/key.rb
index 69a09f1a8..0a207f320 100644
--- a/lib/puppet/ssl/key.rb
+++ b/lib/puppet/ssl/key.rb
@@ -2,7 +2,7 @@ require 'puppet/ssl'
require 'puppet/indirector'
# Manage private and public keys as a pair.
-class Puppet::SSL::Key # :nodoc:
+class Puppet::SSL::Key
extend Puppet::Indirector
indirects :key #, :terminus_class => :file
generated by cgit (git 2.34.1) at 2025-10-04 06:35:42 +0000