Class: ManageIQ::ApplianceConsole::Certificate

Inherits:
Object
  • Object
show all
Defined in:
lib/manageiq/appliance_console/certificate.rb

Constant Summary collapse

STATUS_COMPLETE = 
:complete
STATUS_RETURN_CODES =

map ‘getcert status` return codes to something more descriptive 0 => :complete – keys/certs generated 1 => :no_key – either certmonger is down, or we havent asked for the key yet. (assuming the latter) 2 => :rejected – request failed. we need to resubmit once we fix stuff 3 => :waiting – couldn’t contact CA, will try again 4 => :error – certmonger is not configured properly 5 => :waiting – waiting for CA to send back the certificate

[:complete, :no_key, :rejected, :waiting, :error, :waiting]

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Certificate

Returns a new instance of Certificate.



36
37
38
39
40
41
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 36

def initialize(options = {})
  options.each { |n, v| public_send("#{n}=", v) }
  @ca_name ||= "ipa"
  @extensions ||= %w(server client)
  @realm ||= hostname.split(".")[1..-1].join(".").upcase if hostname
end

Instance Attribute Details

#ca_nameObject

name of certificate authority



34
35
36
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 34

def ca_name
  @ca_name
end

#cert_filenameObject

Returns the value of attribute cert_filename.



21
22
23
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 21

def cert_filename
  @cert_filename
end

#extensionsObject

509 v3 extesions for stuff to signify purpose of this certificate (e.g.: client)



26
27
28
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 26

def extensions
  @extensions
end

#hostnameObject

hostname of current machine



30
31
32
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 30

def hostname
  @hostname
end

#key_filename=(value) ⇒ Object

key filename defaults to certificate name w/ different extension



20
21
22
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 20

def key_filename=(value)
  @key_filename = value
end

#ownerObject

Returns the value of attribute owner.



27
28
29
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 27

def owner
  @owner
end

#realmObject

ipa realm



32
33
34
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 32

def realm
  @realm
end

#root_filenameObject

root certificate filename



23
24
25
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 23

def root_filename
  @root_filename
end

#serviceObject

Returns the value of attribute service.



24
25
26
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 24

def service
  @service
end

Instance Method Details

#clear_statusObject 



103
104
105
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 103

def clear_status
  @status = nil
end

#complete?Boolean

Returns:

  • (Boolean) 


99
100
101
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 99

def complete?
  status == :complete
end

#enable_certmongerObject 



111
112
113
114
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 111

def enable_certmonger
  say("enabling certmonger to start on reboot")
  LinuxAdmin::Service.new("certmonger").enable.start
end

#make_certs_world_readableObject

workaround currently, the -C is not run after the root certificate is written



76
77
78
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 76

def make_certs_world_readable
  FileUtils.chmod(0644, [root_filename, cert_filename].compact)
end

#no_key?Boolean

Returns:

  • (Boolean) 


91
92
93
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 91

def no_key?
  status == :no_key
end

#principalObject 



61
62
63
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 61

def principal
  @principal ||= Principal.new(:hostname => hostname, :realm => realm, :service => service, :ca_name => ca_name)
end

#rejected?Boolean

Returns:

  • (Boolean) 


95
96
97
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 95

def rejected?
  status == :rejected
end

#requestObject 



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 43

def request
  undo_tracking if complete?

  if should_request_key?
    principal.register
    remove_key_pair
    request_certificate
    # NOTE: status probably changed
    set_owner_of_key unless rejected?
  end

  if complete?
    make_certs_world_readable
    yield if block_given?
  end
  self
end

#request_certificateObject 



65
66
67
68
69
70
71
72
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 65

def request_certificate
  if rejected?
    request_again
  else
    request_first
  end
  clear_status
end

#set_owner_of_keyObject 



80
81
82
83
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 80

def set_owner_of_key
  FileUtils.chown(owner.split(".").first, owner.split(".")[1], key_filename) if owner && (owner != "root")
  self
end

#should_request_key?Boolean

statuses

Returns:

  • (Boolean) 


87
88
89
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 87

def should_request_key?
  no_key? || rejected?
end

#statusObject 



107
108
109
 
# File 'lib/manageiq/appliance_console/certificate.rb', line 107

def status
  @status ||= key_status
end