diff options
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/ssl/certificate_authority.rb | 26 | ||||
| -rw-r--r-- | lib/puppet/ssl/key.rb | 27 |
2 files changed, 27 insertions, 26 deletions
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb index 18f881ae3..971a9965e 100644 --- a/lib/puppet/ssl/certificate_authority.rb +++ b/lib/puppet/ssl/certificate_authority.rb @@ -10,7 +10,7 @@ class Puppet::SSL::CertificateAuthority < Puppet::SSL::Host def read_key return nil unless FileTest.exist?(Puppet[:cakey]) - key = Puppet::SSL::Key.new(:ca) + key = Puppet::SSL::Key.new(name) key.password_file = Puppet[:capass] key.read(Puppet[:cakey]) @@ -20,8 +20,9 @@ class Puppet::SSL::CertificateAuthority < Puppet::SSL::Host # Generate and write the key out. def generate_key @key = Key.new(name) + @key.password_file = Puppet[:capass] @key.generate - Puppet.settings.write(:cacert) do |f| + Puppet.settings.write(:cakey) do |f| f.print @key.to_s end true @@ -56,7 +57,7 @@ class Puppet::SSL::CertificateAuthority < Puppet::SSL::Host # Always name the ca after the host we're running on. super(Puppet[:certname]) - setup_ca + setup_ca() end # Sign a given certificate request. @@ -84,15 +85,13 @@ class Puppet::SSL::CertificateAuthority < Puppet::SSL::Host cert.save(:in => :ca_file) unless self_signed end - private - # Do all of the initialization necessary to set up our # ca. def setup_ca generate_key unless key # Make sure we've got a password protecting our private key. - generate_password unless read_password + generate_password unless password? # And then make sure we've got the whole kaboodle. This will # create a self-signed CA certificate if we don't already have one, @@ -134,17 +133,8 @@ class Puppet::SSL::CertificateAuthority < Puppet::SSL::Host return serial end - # Get the CA password. - def read_password - unless defined?(@password) and @password - path = Puppet[:capass] - return nil unless FileTest.exist?(path) - - raise(Puppet::Error, "Could not read CA passfile %s" % path) unless FileTest.readable?(path) - - @password = File.read(path) - end - - @password + # Does the password file exist? + def password? + FileTest.exist? Puppet[:capass] end end diff --git a/lib/puppet/ssl/key.rb b/lib/puppet/ssl/key.rb index b8943a776..35370ac69 100644 --- a/lib/puppet/ssl/key.rb +++ b/lib/puppet/ssl/key.rb @@ -8,24 +8,35 @@ class Puppet::SSL::Key < Puppet::SSL::Base extend Puppet::Indirector indirects :key, :terminus_class => :file - attr_accessor :password_file + attr_reader :password_file # Knows how to create keys with our system defaults. def generate Puppet.info "Creating a new SSL key for %s" % name - @content = OpenSSL::PKey::RSA.new(Puppet[:keylength]) + if pass = password + @content = OpenSSL::PKey::RSA.new(Puppet[:keylength], pass) + else + @content = OpenSSL::PKey::RSA.new(Puppet[:keylength]) + end + end + + def password + return nil unless password_file + + ::File.read(password_file) + end + + # Set our password file. + def password_file=(file) + raise ArgumentError, "Password file %s does not exist" % file unless FileTest.exist?(file) + + @password_file = file end # Optionally support specifying a password file. def read(path) return super unless password_file - begin - password = ::File.read(password_file) - rescue => detail - raise Puppet::Error, "Could not read password for %s: %s" % [name, detail] - end - @content = wrapped_class.new(::File.read(path), password) end end |