blob: 045780a69f9408fe466c68d8b68a5889d67ff2bd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# A module for keeping track of all the certificates issued by the CA, ever
# Maintains the file "$cadir/inventory.txt"
module Puppet::SSLCertificates
module Inventory
Puppet.config.setdefaults(:ca,
:cert_inventory => {
:default => "$cadir/inventory.txt",
:mode => 0644,
:owner => "$user",
:group => "$group",
:desc => "A Complete listing of all certificates"
}
)
# Add CERT to the inventory of issued certs in '$cadir/inventory.txt'
# If no inventory exists yet, build an inventory and list all the
# certificates that have been signed so far
def self.add(cert)
unless FileTest.exists?(Puppet[:cert_inventory])
inited = false
end
Puppet.config.write(:cert_inventory, "a") do |f|
unless inited
f.puts self.init
end
f.puts format(cert)
end
end
private
def self.init
inv = "# Inventory of signed certificates\n"
inv += "# SERIAL NOT_BEFORE NOT_AFTER SUBJECT\n"
Dir.glob(File::join(Puppet[:signeddir], "*.pem")) do |f|
inv += format(OpenSSL::X509::Certificate.new(File::read(f))) + "\n"
end
return inv
end
def self.format(cert)
iso = '%Y-%m-%dT%H:%M:%S%Z'
return "0x%04x %s %s %s" % [cert.serial,
cert.not_before.strftime(iso),
cert.not_after.strftime(iso),
cert.subject]
end
end
end
# $Id$
|