Class: Puppet::SSL::CertificateRequest

Inherits:

Base

Object
Base
Puppet::SSL::CertificateRequest

show all

Extended by:: Indirector

Defined in:: lib/puppet/ssl/certificate_request.rb

Overview

Manage certificate requests.

Defined Under Namespace

Classes: Ca, File, Rest

Constant Summary

Constants inherited from Base

Base::SEPARATOR

Instance Attribute Summary

Attributes inherited from Base

#content, #name

Class Method Summary collapse

.from_s(string) ⇒ Object

Convert a string into an instance.
.supported_formats ⇒ Object

Because of how the format handler class is included, this can’t be in the base class.

Instance Method Summary collapse

#generate(key) ⇒ Object

How to create a certificate request with our system defaults.
#save(args = {}) ⇒ Object

Methods included from Indirector

indirects

Methods inherited from Base

#ca?, #fingerprint, from_multiple_s, #initialize, #read, to_multiple_s, #to_s, #to_text, wrapped_class, wraps

Constructor Details

This class inherits a constructor from Puppet::SSL::Base

Class Method Details

.from_s(string) ⇒ `Object`

Convert a string into an instance.

# File 'lib/puppet/ssl/certificate_request.rb', line 11

def self.from_s(string)
  instance = wrapped_class.new(string)
  name = instance.subject.to_s.sub(/\/CN=/i, '').downcase
  result = new(name)
  result.content = instance
  result
end

.supported_formats ⇒ `Object`

Because of how the format handler class is included, this can’t be in the base class.



21
22
23

# File 'lib/puppet/ssl/certificate_request.rb', line 21

def self.supported_formats
  [:s]
end

Instance Method Details

#generate(key) ⇒ `Object`

How to create a certificate request with our system defaults.

Raises:

(Puppet::Error)

# File 'lib/puppet/ssl/certificate_request.rb', line 26

def generate(key)
  Puppet.info "Creating a new SSL certificate request for #{name}"

  # Support either an actual SSL key, or a Puppet key.
  key = key.content if key.is_a?(Puppet::SSL::Key)

  # If we're a CSR for the CA, then use the real ca_name, rather than the
  # fake 'ca' name.  This is mostly for backward compatibility with 0.24.x,
  # but it's also just a good idea.
  common_name = name == Puppet::SSL::CA_NAME ? Puppet.settings[:ca_name] : name

  csr = OpenSSL::X509::Request.new
  csr.version = 0
  csr.subject = OpenSSL::X509::Name.new([["CN", common_name]])
  csr.public_key = key.public_key
  csr.sign(key, OpenSSL::Digest::MD5.new)

  raise Puppet::Error, "CSR sign verification failed; you need to clean the certificate request for #{name} on the server" unless csr.verify(key.public_key)

  @content = csr
  Puppet.info "Certificate Request fingerprint (md5): #{fingerprint}"
  @content
end

#save(args = {}) ⇒ `Object`

# File 'lib/puppet/ssl/certificate_request.rb', line 50

def save(args = {})
  super()

  # Try to autosign the CSR.
  if ca = Puppet::SSL::CertificateAuthority.instance
    ca.autosign
  end
end