Class: Puppet::SSL::Inventory

Inherits:

Object

• Object
• Puppet::SSL::Inventory

Defined in:

lib/puppet/ssl/inventory.rb

Overview

Keep track of all of our known certificates.

Instance Attribute Summary

• #path ⇒ Object readonly

  Returns the value of attribute path.

Instance Method Summary

• #add(cert) ⇒ Object

  Add a certificate to our inventory.

• #format(cert) ⇒ Object

  Format our certificate for output.

• #initialize ⇒ Inventory constructor

  A new instance of Inventory.

• #rebuild ⇒ Object

  Rebuild the inventory from scratch.

• #serials(name) ⇒ Object

  Find all serial numbers for a given certificate.

Constructor Details

#initialize ⇒ Inventory

Returns a new instance of Inventory.

# File 'lib/puppet/ssl/inventory.rb', line 25

def initialize
  @path = Puppet[:cert_inventory]
end

Instance Attribute Details

#path ⇒ Object (readonly)

Returns the value of attribute path.

# File 'lib/puppet/ssl/inventory.rb', line 6

def path
  @path
end

Instance Method Details

#add(cert) ⇒ Object

Add a certificate to our inventory.

# File 'lib/puppet/ssl/inventory.rb', line 9

def add(cert)
  cert = cert.content if cert.is_a?(Puppet::SSL::Certificate)
  # RFC 5280 says the cert subject may contain UTF8 - https://www.ietf.org/rfc/rfc5280.txt
  # Note however that Puppet generated SSL files must only contain ASCII characters
  # based on the validate_certname method of Puppet::SSL::Base
  Puppet.settings.setting(:cert_inventory).open('a:UTF-8') do |f|
    f.print format(cert)
  end
end

#format(cert) ⇒ Object

Format our certificate for output.

# File 'lib/puppet/ssl/inventory.rb', line 20

def format(cert)
  iso = '%Y-%m-%dT%H:%M:%S%Z'
  "0x%04x %s %s %s\n" % [cert.serial,  cert.not_before.strftime(iso), cert.not_after.strftime(iso), cert.subject]
end

#rebuild ⇒ Object

Rebuild the inventory from scratch. This should happen if the file is entirely missing or if it’s somehow corrupted.

# File 'lib/puppet/ssl/inventory.rb', line 31

def rebuild
  Puppet.notice _("Rebuilding inventory file")

  # RFC 5280 says the cert subject may contain UTF8 - https://www.ietf.org/rfc/rfc5280.txt
  Puppet.settings.setting(:cert_inventory).open('w:UTF-8') do |f|
    Puppet::SSL::Certificate.indirection.search("*").each do |cert|
      f.print format(cert.content)
    end
  end
end

#serials(name) ⇒ Object

Find all serial numbers for a given certificate. If none can be found, returns an empty array.

# File 'lib/puppet/ssl/inventory.rb', line 44

def serials(name)
  return [] unless Puppet::FileSystem.exist?(@path)

  # RFC 5280 says the cert subject may contain UTF8 - https://www.ietf.org/rfc/rfc5280.txt
  # Note however that Puppet generated SSL files must only contain ASCII characters
  # based on the validate_certname method of Puppet::SSL::Base
  File.readlines(@path, :encoding => Encoding::UTF_8).collect do |line|
    /^(\S+).+\/CN=#{name}$/.match(line)
  end.compact.map { |m| Integer(m[1]) }
end