Class: Puppet::Network::Client::CA

Inherits:
Puppet::Network::Client show all
Defined in:
lib/puppet/network/client/ca.rb

Overview

Request a certificate from the remote system.

Defined Under Namespace

Classes: InvalidCertificate

Constant Summary

Constants inherited from Puppet::Network::Client

Client

Instance Attribute Summary

Attributes inherited from Puppet::Network::Client

#driver, #lastrun, #local, #schedule, #stopping

Attributes included from Util::SubclassLoader

#classloader, #loader

Attributes included from SSLCertificates::Support

#cacert

Instance Method Summary collapse

Methods inherited from Puppet::Network::Client

drivername, handler, #local?, #recycle_connection, #run, #runnow, #scheduled?, #shutdown, #start, xmlrpc_client

Methods included from Util::SubclassLoader

#each, #handle_subclasses, #inherited, #method_missing, #name, #subclasses

Methods included from SSLCertificates::Support

keytype, #rename_files_with_uppercase, #requestcert

Methods included from Util::MethodHelper

#requiredopts, #set_options, #symbolize_options

Methods included from Util

activerecord_version, benchmark, chuser, classproxy, #execfail, #execpipe, execute, logmethods, memory, proxy, recmkdir, secure_open, symbolize, symbolizehash, symbolizehash!, synchronize_on, thinmark, #threadlock, which, withumask

Methods included from Util::POSIX

#get_posix_field, #gid, #idfield, #methodbyid, #methodbyname, #search_posix_field, #uid

Constructor Details

#initialize(options = {}) ⇒ CA

Returns a new instance of CA.



7
8
9
10
11
12
13
14
 
# File 'lib/puppet/network/client/ca.rb', line 7

def initialize(options = {})
  options = symbolize_options(options)
  unless options.include?(:Server) or options.include?(:CA)
    options[:Server] = Puppet[:ca_server]
    options[:Port] = Puppet[:ca_port]
  end
  super(options)
end

Instance Method Details

#request_certObject

This client is really only able to request certificates for the current host. It uses the Puppet.settings settings to figure everything out.



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/puppet/network/client/ca.rb', line 18

def request_cert
  Puppet.settings.use(:main, :ssl)

  if cert = read_cert
    return cert
  end

  begin
    cert, cacert = @driver.getcert(csr.to_pem)
  rescue => detail
    puts detail.backtrace if Puppet[:trace]
    raise Puppet::Error.new("Certificate retrieval failed: #{detail}")
  end

  if cert.nil? or cert == ""
    return nil
  end

  begin
    @cert = OpenSSL::X509::Certificate.new(cert)
    @cacert = OpenSSL::X509::Certificate.new(cacert)
  rescue => detail
    raise InvalidCertificate.new(
      "Invalid certificate: #{detail}"
    )
  end

  unless @cert.check_private_key(key)
    raise InvalidCertificate, "Certificate does not match private key.  Try 'puppetca --clean #{Puppet[:certname]}' on the server."
  end

  # Only write the cert out if it passes validating.
  Puppet.settings.write(:hostcert) do |f| f.print cert end
  Puppet.settings.write(:localcacert) do |f| f.print cacert end

  @cert
end