Class: Puppet::Network::Handler::CA
- Defined in:
- lib/vendor/puppet/network/handler/ca.rb
Instance Attribute Summary collapse
-
#ca ⇒ Object
readonly
Returns the value of attribute ca.
Instance Method Summary collapse
-
#getcert(csrtext, client = nil, clientip = nil) ⇒ Object
our client sends us a csr, and we either store it for later signing, or we sign it right away.
-
#initialize(hash = {}) ⇒ CA
constructor
A new instance of CA.
Constructor Details
Instance Attribute Details
#ca ⇒ Object (readonly)
Returns the value of attribute ca.
8 9 10 |
# File 'lib/vendor/puppet/network/handler/ca.rb', line 8 def ca @ca end |
Instance Method Details
#getcert(csrtext, client = nil, clientip = nil) ⇒ Object
our client sends us a csr, and we either store it for later signing, or we sign it right away
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/vendor/puppet/network/handler/ca.rb', line 26 def getcert(csrtext, client = nil, clientip = nil) csr = Puppet::SSL::CertificateRequest.from_s(csrtext) hostname = csr.name unless @ca Puppet.notice "Host #{hostname} asked for signing from non-CA master" return "" end # We used to save the public key, but it's basically unnecessary # and it mucks with the permissions requirements. # first check to see if we already have a signed cert for the host cert = Puppet::SSL::Certificate.indirection.find(hostname) cacert = Puppet::SSL::Certificate.indirection.find(@ca.host.name) if cert Puppet.info "Retrieving existing certificate for #{hostname}" unless csr.content.public_key.to_s == cert.content.public_key.to_s raise Puppet::Error, "Certificate request does not match existing certificate; run 'puppetca --clean #{hostname}'." end [cert.to_s, cacert.to_s] else Puppet::SSL::CertificateRequest.indirection.save(csr) # We determine whether we signed the csr by checking if there's a certificate for it if cert = Puppet::SSL::Certificate.indirection.find(hostname) [cert.to_s, cacert.to_s] else nil end end end |