RubyGems - puppet - Versions diffs - 0.9.2 → 0.13.0 - Mend

puppet 0.9.2 → 0.13.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (213) hide show

data/CHANGELOG +58 -0
data/README +21 -18
data/Rakefile +176 -36
data/bin/puppet +34 -48
data/bin/puppetca +41 -28
data/bin/puppetd +87 -65
data/bin/puppetdoc +99 -23
data/bin/puppetmasterd +72 -91
data/conf/redhat/client.init +80 -0
data/conf/redhat/client.sysconfig +11 -0
data/conf/redhat/fileserver.conf +12 -0
data/conf/redhat/puppet.spec +130 -0
data/conf/redhat/server.init +89 -0
data/conf/redhat/server.sysconfig +9 -0
data/examples/code/allatonce +2 -2
data/examples/code/assignments +1 -1
data/examples/code/classing +2 -2
data/examples/code/components +2 -2
data/examples/code/file.bl +5 -5
data/examples/code/filedefaults +2 -2
data/examples/code/fileparsing +1 -1
data/examples/code/filerecursion +1 -1
data/examples/code/functions +1 -1
data/examples/code/groups +1 -1
data/examples/code/importing +1 -1
data/examples/code/nodes +1 -1
data/examples/code/one +1 -1
data/examples/code/relationships +2 -2
data/examples/code/simpletests +5 -5
data/examples/code/snippets/argumentdefaults +2 -2
data/examples/code/snippets/casestatement +16 -8
data/examples/code/snippets/classheirarchy.pp +4 -4
data/examples/code/snippets/classincludes.pp +4 -4
data/examples/code/snippets/classpathtest +2 -2
data/examples/code/snippets/componentmetaparams.pp +11 -0
data/examples/code/snippets/dirchmod +5 -5
data/examples/code/snippets/emptyclass.pp +9 -0
data/examples/code/snippets/failmissingexecpath.pp +1 -1
data/examples/code/snippets/falsevalues.pp +1 -1
data/examples/code/snippets/filecreate +5 -5
data/examples/code/snippets/implicititeration +5 -5
data/examples/code/snippets/multipleinstances +4 -4
data/examples/code/snippets/namevartest +3 -3
data/examples/code/snippets/scopetest +1 -1
data/examples/code/snippets/selectorvalues.pp +3 -3
data/examples/code/snippets/simpledefaults +2 -2
data/examples/code/snippets/simpleselector +5 -5
data/examples/code/snippets/singleary.pp +19 -0
data/examples/root/etc/init.d/sleeper +3 -2
data/ext/emacs/puppet-mode-init.el +6 -0
data/ext/emacs/puppet-mode.el +189 -0
data/ext/ldap/puppet.schema +17 -0
data/ext/{module:puppet → module_puppet} +30 -31
data/ext/vim/filetype.vim +9 -0
data/ext/vim/puppet.vim +87 -0
data/install.rb +63 -30
data/lib/puppet.rb +216 -122
data/lib/puppet/client.rb +51 -416
data/lib/puppet/client/ca.rb +17 -0
data/lib/puppet/client/dipper.rb +78 -0
data/lib/puppet/client/file.rb +20 -0
data/lib/puppet/client/log.rb +17 -0
data/lib/puppet/client/master.rb +246 -0
data/lib/puppet/client/proxy.rb +27 -0
data/lib/puppet/client/status.rb +7 -0
data/lib/puppet/config.rb +563 -13
data/lib/puppet/daemon.rb +50 -22
data/lib/puppet/element.rb +4 -4
data/lib/puppet/event-loop.rb +1 -0
data/lib/puppet/event-loop/better-definers.rb +367 -0
data/lib/puppet/event-loop/event-loop.rb +355 -0
data/lib/puppet/event-loop/signal-system.rb +220 -0
data/lib/puppet/event.rb +9 -11
data/lib/puppet/filetype.rb +195 -0
data/lib/puppet/log.rb +35 -12
data/lib/puppet/metric.rb +2 -2
data/lib/puppet/networkclient.rb +145 -0
data/lib/puppet/parameter.rb +335 -0
data/lib/puppet/parser/ast.rb +42 -1453
data/lib/puppet/parser/ast/astarray.rb +88 -0
data/lib/puppet/parser/ast/branch.rb +47 -0
data/lib/puppet/parser/ast/caseopt.rb +66 -0
data/lib/puppet/parser/ast/casestatement.rb +78 -0
data/lib/puppet/parser/ast/classdef.rb +78 -0
data/lib/puppet/parser/ast/compdef.rb +111 -0
data/lib/puppet/parser/ast/component.rb +105 -0
data/lib/puppet/parser/ast/hostclass.rb +82 -0
data/lib/puppet/parser/ast/leaf.rb +86 -0
data/lib/puppet/parser/ast/node.rb +103 -0
data/lib/puppet/parser/ast/nodedef.rb +68 -0
data/lib/puppet/parser/ast/objectdef.rb +336 -0
data/lib/puppet/parser/ast/objectparam.rb +30 -0
data/lib/puppet/parser/ast/objectref.rb +76 -0
data/lib/puppet/parser/ast/selector.rb +60 -0
data/lib/puppet/parser/ast/typedefaults.rb +45 -0
data/lib/puppet/parser/ast/vardef.rb +44 -0
data/lib/puppet/parser/interpreter.rb +31 -14
data/lib/puppet/parser/lexer.rb +2 -4
data/lib/puppet/parser/parser.rb +332 -242
data/lib/puppet/parser/scope.rb +55 -38
data/lib/puppet/server.rb +43 -44
data/lib/puppet/server/authstore.rb +3 -6
data/lib/puppet/server/ca.rb +5 -2
data/lib/puppet/server/filebucket.rb +2 -4
data/lib/puppet/server/fileserver.rb +28 -12
data/lib/puppet/server/logger.rb +15 -4
data/lib/puppet/server/master.rb +62 -7
data/lib/puppet/sslcertificates.rb +41 -607
data/lib/puppet/sslcertificates/ca.rb +291 -0
data/lib/puppet/sslcertificates/certificate.rb +283 -0
data/lib/puppet/statechange.rb +6 -1
data/lib/puppet/storage.rb +67 -56
data/lib/puppet/transaction.rb +25 -9
data/lib/puppet/transportable.rb +102 -22
data/lib/puppet/type.rb +1096 -315
data/lib/puppet/type/component.rb +30 -21
data/lib/puppet/type/cron.rb +409 -448
data/lib/puppet/type/exec.rb +234 -174
data/lib/puppet/type/group.rb +65 -82
data/lib/puppet/type/nameservice.rb +247 -3
data/lib/puppet/type/nameservice/netinfo.rb +29 -40
data/lib/puppet/type/nameservice/objectadd.rb +52 -66
data/lib/puppet/type/nameservice/posix.rb +6 -194
data/lib/puppet/type/package.rb +447 -295
data/lib/puppet/type/package/apt.rb +51 -50
data/lib/puppet/type/package/bsd.rb +82 -0
data/lib/puppet/type/package/dpkg.rb +85 -88
data/lib/puppet/type/package/rpm.rb +67 -63
data/lib/puppet/type/package/sun.rb +119 -98
data/lib/puppet/type/package/yum.rb +41 -37
data/lib/puppet/type/parsedtype.rb +295 -0
data/lib/puppet/type/parsedtype/host.rb +143 -0
data/lib/puppet/type/parsedtype/port.rb +232 -0
data/lib/puppet/type/parsedtype/sshkey.rb +129 -0
data/lib/puppet/type/pfile.rb +484 -460
data/lib/puppet/type/pfile/checksum.rb +237 -181
data/lib/puppet/type/pfile/content.rb +67 -0
data/lib/puppet/type/pfile/ensure.rb +212 -0
data/lib/puppet/type/pfile/group.rb +106 -105
data/lib/puppet/type/pfile/mode.rb +98 -101
data/lib/puppet/type/pfile/source.rb +228 -209
data/lib/puppet/type/pfile/type.rb +18 -21
data/lib/puppet/type/pfile/uid.rb +127 -130
data/lib/puppet/type/pfilebucket.rb +68 -63
data/lib/puppet/type/schedule.rb +341 -0
data/lib/puppet/type/service.rb +351 -255
data/lib/puppet/type/service/base.rb +9 -14
data/lib/puppet/type/service/debian.rb +32 -38
data/lib/puppet/type/service/init.rb +130 -130
data/lib/puppet/type/service/smf.rb +48 -20
data/lib/puppet/type/state.rb +229 -16
data/lib/puppet/type/symlink.rb +51 -63
data/lib/puppet/type/tidy.rb +105 -102
data/lib/puppet/type/user.rb +118 -180
data/lib/puppet/util.rb +100 -6
data/test/certmgr/certmgr.rb +0 -1
data/test/client/client.rb +4 -4
data/test/executables/puppetbin.rb +7 -14
data/test/executables/puppetca.rb +18 -24
data/test/executables/puppetd.rb +7 -16
data/test/executables/puppetmasterd.rb +7 -9
data/test/executables/puppetmodule.rb +11 -16
data/test/language/ast.rb +11 -7
data/test/language/interpreter.rb +1 -1
data/test/language/scope.rb +2 -0
data/test/language/snippets.rb +30 -5
data/test/language/transportable.rb +77 -0
data/test/other/config.rb +316 -0
data/test/other/events.rb +22 -21
data/test/other/log.rb +14 -14
data/test/other/metrics.rb +4 -8
data/test/other/overrides.rb +5 -5
data/test/other/relationships.rb +4 -2
data/test/other/storage.rb +64 -3
data/test/other/transactions.rb +20 -20
data/test/parser/parser.rb +7 -4
data/test/puppet/conffiles.rb +12 -12
data/test/puppet/defaults.rb +13 -11
data/test/puppet/utiltest.rb +14 -11
data/test/puppettest.rb +156 -48
data/test/server/bucket.rb +2 -2
data/test/server/fileserver.rb +6 -6
data/test/server/logger.rb +19 -11
data/test/server/master.rb +33 -4
data/test/server/server.rb +2 -7
data/test/types/basic.rb +5 -7
data/test/types/component.rb +22 -18
data/test/types/cron.rb +111 -44
data/test/types/exec.rb +116 -59
data/test/types/file.rb +262 -137
data/test/types/filebucket.rb +13 -15
data/test/types/fileignoresource.rb +12 -16
data/test/types/filesources.rb +73 -48
data/test/types/filetype.rb +13 -15
data/test/types/group.rb +15 -13
data/test/types/host.rb +146 -0
data/test/types/package.rb +74 -63
data/test/types/port.rb +139 -0
data/test/types/query.rb +8 -8
data/test/types/schedule.rb +335 -0
data/test/types/service.rb +137 -21
data/test/types/sshkey.rb +140 -0
data/test/types/symlink.rb +3 -5
data/test/types/tidy.rb +5 -14
data/test/types/type.rb +67 -11
data/test/types/user.rb +25 -23
metadata +186 -122
data/lib/puppet/type/pfile/create.rb +0 -108
data/lib/puppet/type/pprocess.rb +0 -97
data/lib/puppet/type/typegen.rb +0 -149
data/lib/puppet/type/typegen/filerecord.rb +0 -243
data/lib/puppet/type/typegen/filetype.rb +0 -316
data/test/other/state.rb +0 -106

data/lib/puppet/sslcertificates/ca.rb ADDED

@@ -0,0 +1,291 @@
+class Puppet::SSLCertificates::CA
+    Certificate = Puppet::SSLCertificates::Certificate
+    attr_accessor :keyfile, :file, :config, :dir, :cert
+    Puppet.setdefaults("ca",
+        [:certdir,         "$ssldir/certs", "The certificate directory."],
+        [:publickeydir,    "$ssldir/public_keys", "The public key directory."],
+        [:privatekeydir,   "$ssldir/private_keys", "The private key directory."],
+        [:cadir,           "$ssldir/ca",
+            "The root directory for the certificate authority."],
+        [:cacert,          "$cadir/ca_crt.pem", "The CA certificate."],
+        [:cakey,           "$cadir/ca_key.pem", "The CA private key."],
+        [:capub,           "$cadir/ca_pub.pem", "The CA public key."],
+        [:caprivatedir,    "$cadir/private",
+            "Where the CA stores private certificate information."],
+        [:csrdir,          "$cadir/requests",
+            "Where the CA stores certificate requests"],
+        [:signeddir,       "$cadir/signed",
+            "Where the CA stores signed certificates."],
+        [:capass,          "$caprivatedir/ca.pass",
+            "Where the CA stores the password for the private key"],
+        [:serial,          "$cadir/serial",
+            "Where the serial number for certificates is stored."],
+        [:privatedir,        "$ssldir/private",
+            "Where the client stores private certificate information."],
+        [:passfile,        "$privatedir/password",
+            "Where puppetd stores the password for its private key.  Generally
+            unused."],
+        [:autosign,        "$confdir/autosign.conf",
+            "Whether to enable autosign.  Valid values are true (which autosigns
+            any key request, and is a very bad idea), false (which never autosigns
+            any key request), and the path to a file, which uses that configuration
+            file to determine which keys to sign."],
+        [:ca_days,         1825, "How long a certificate should be valid."],
+        [:ca_md,           "md5", "The type of hash used in certificates."],
+        [:req_bits,        2048, "The bit length of the certificates."],
+        [:keylength,       1024, "The bit length of keys."]
+    )
+    #@@params.each { |param|
+    #    Puppet.setdefault(param,@@defaults[param])
+    #}
+    def certfile
+        @config[:cacert]
+    end
+    def host2csrfile(hostname)
+        File.join(Puppet[:csrdir], [hostname, "pem"].join("."))
+    end
+    # this stores signed certs in a directory unrelated to
+    # normal client certs
+    def host2certfile(hostname)
+        File.join(Puppet[:signeddir], [hostname, "pem"].join("."))
+    end
+    def thing2name(thing)
+        thing.subject.to_a.find { |ary|
+            ary[0] == "CN"
+        }[1]
+    end
+    def initialize(hash = {})
+        self.setconfig(hash)
+        if Puppet[:capass]
+            if FileTest.exists?(Puppet[:capass])
+                #puts "Reading %s" % Puppet[:capass]
+                #system "ls -al %s" % Puppet[:capass]
+                #File.read Puppet[:capass]
+                Puppet.info "Getting pass"
+                @config[:password] = self.getpass
+            else
+                # Don't create a password if the cert already exists
+                unless FileTest.exists?(@config[:cacert])
+                    Puppet.info "Genning pass"
+                    @config[:password] = self.genpass
+                end
+            end
+        end
+        self.getcert
+        unless FileTest.exists?(@config[:serial])
+            File.open(@config[:serial], "w") { |f|
+                f << "%04X" % 1
+            }
+        end
+    end
+    def genpass
+        pass = ""
+        20.times { pass += (rand(74) + 48).chr }
+        Puppet.recmkdir(File.dirname(@config[:capass]))
+        begin
+            File.open(@config[:capass], "w", 0600) { |f| f.print pass }
+        rescue Errno::EACCES => detail
+            raise Puppet::Error, detail.to_s
+        end
+        return pass
+    end
+    def getpass
+        if @config[:capass] and File.readable?(@config[:capass])
+            return File.read(@config[:capass])
+        else
+            raise Puppet::Error, "Could not read CA passfile %s" % @config[:capass]
+        end
+    end
+    def getcert
+        if FileTest.exists?(@config[:cacert])
+            @cert = OpenSSL::X509::Certificate.new(
+                File.read(@config[:cacert])
+            )
+        else
+            self.mkrootcert
+        end
+    end
+    def getclientcsr(host)
+        csrfile = host2csrfile(host)
+        unless File.exists?(csrfile)
+            return nil
+        end
+        return OpenSSL::X509::Request.new(File.read(csrfile))
+    end
+    def getclientcert(host)
+        certfile = host2certfile(host)
+        unless File.exists?(certfile)
+            return [nil, nil]
+        end
+        return [OpenSSL::X509::Certificate.new(File.read(certfile)), @cert]
+    end
+    def list
+        return Dir.entries(Puppet[:csrdir]).reject { |file|
+            file =~ /^\.+$/
+        }.collect { |file|
+            file.sub(/\.pem$/, '')
+        }
+    end
+    def mkrootcert
+        cert = Certificate.new(
+            :name => "CAcert",
+            :cert => @config[:cacert],
+            :encrypt => @config[:capass],
+            :key => @config[:cakey],
+            :selfsign => true,
+            :length => 1825,
+            :type => :ca
+        )
+        @cert = cert.mkselfsigned
+        File.open(@config[:cacert], "w", 0660) { |f|
+            f.puts @cert.to_pem
+        }
+        @key = cert.key
+        return cert
+    end
+    def removeclientcsr(host)
+        csrfile = host2csrfile(host)
+        unless File.exists?(csrfile)
+            raise Puppet::Error, "No certificate request for %s" % host
+        end
+        File.unlink(csrfile)
+    end
+    def setconfig(hash)
+        @config = {}
+        Puppet.config.params("ca").each { |param|
+            param = param.intern if param.is_a? String
+            if hash.include?(param)
+                @config[param] = hash[param]
+                Puppet[param] = hash[param]
+                hash.delete(param)
+            else
+                @config[param] = Puppet[param]
+            end
+        }
+        if hash.include?(:password)
+            @config[:password] = hash[:password]
+            hash.delete(:password)
+        end
+        if hash.length > 0
+            raise ArgumentError, "Unknown parameters %s" % hash.keys.join(",")
+        end
+        [:cadir, :csrdir, :signeddir].each { |dir|
+            unless @config[dir]
+                raise Puppet::DevError, "%s is undefined" % dir
+            end
+            unless FileTest.exists?(@config[dir])
+                Puppet.recmkdir(@config[dir])
+            end
+        }
+    end
+    def sign(csr)
+        unless csr.is_a?(OpenSSL::X509::Request)
+            raise Puppet::Error,
+                "CA#sign only accepts OpenSSL::X509::Request objects, not %s" %
+                csr.class
+        end
+        unless csr.verify(csr.public_key)
+            raise Puppet::Error, "CSR sign verification failed"
+        end
+        # i should probably check key length...
+        # read the ca cert in
+        cacert = OpenSSL::X509::Certificate.new(
+            File.read(@config[:cacert])
+        )
+        cakey = nil
+        if @config[:password]
+            cakey = OpenSSL::PKey::RSA.new(
+                File.read(@config[:cakey]), @config[:password]
+            )
+        else
+            system("ls -al %s" % Puppet[:capass])
+            cakey = OpenSSL::PKey::RSA.new(
+                File.read(@config[:cakey])
+            )
+        end
+        unless cacert.check_private_key(cakey)
+            raise Puppet::Error, "CA Certificate is invalid"
+        end
+        serial = File.read(@config[:serial]).chomp.hex
+        newcert = Puppet::SSLCertificates.mkcert(
+            :type => :server,
+            :name => csr.subject,
+            :days => @config[:ca_days],
+            :issuer => cacert,
+            :serial => serial,
+            :publickey => csr.public_key
+        )
+        # increment the serial
+        File.open(@config[:serial], "w") { |f|
+            f << "%04X" % (serial + 1)
+        }
+        newcert.sign(cakey, OpenSSL::Digest::SHA1.new)
+        self.storeclientcert(newcert)
+        return [newcert, cacert]
+    end
+    def storeclientcsr(csr)
+        host = thing2name(csr)
+        csrfile = host2csrfile(host)
+        if File.exists?(csrfile)
+            raise Puppet::Error, "Certificate request for %s already exists" % host
+        end
+        File.open(csrfile, "w", 0660) { |f|
+            f.print csr.to_pem
+        }
+    end
+    def storeclientcert(cert)
+        host = thing2name(cert)
+        certfile = host2certfile(host)
+        if File.exists?(certfile)
+            Puppet.notice "Overwriting signed certificate %s for %s" %
+                [certfile, host]
+        end
+        File.open(certfile, "w", 0660) { |f|
+            f.print cert.to_pem
+        }
+    end
+end
+# $Id: ca.rb 873 2006-02-07 23:12:33Z luke $

data/lib/puppet/sslcertificates/certificate.rb ADDED

@@ -0,0 +1,283 @@
+class Puppet::SSLCertificates::Certificate
+    SSLCertificates = Puppet::SSLCertificates
+    attr_accessor :certfile, :keyfile, :name, :dir, :hash, :type
+    attr_accessor :key, :cert, :csr, :cacert
+    @@params2names = {
+        :name       => "CN",
+        :state      => "ST",
+        :country    => "C",
+        :email      => "emailAddress",
+        :org        => "O",
+        :city       => "L",
+        :ou         => "OU"
+    }
+    def certname
+        OpenSSL::X509::Name.new self.subject
+    end
+    def delete
+        [@certfile,@keyfile].each { |file|
+            if FileTest.exists?(file)
+                File.unlink(file)
+            end
+        }
+        if defined? @hash and @hash
+            if FileTest.symlink?(@hash)
+                File.unlink(@hash)
+            end
+        end
+    end
+    def exists?
+        return FileTest.exists?(@certfile)
+    end
+    def getkey
+        unless FileTest.exists?(@keyfile)
+            self.mkkey()
+        end
+        if @password
+            @key = OpenSSL::PKey::RSA.new(
+                File.read(@keyfile),
+                @password
+            )
+        else
+            @key = OpenSSL::PKey::RSA.new(
+                File.read(@keyfile)
+            )
+        end
+    end
+    def initialize(hash)
+        unless hash.include?(:name)
+            raise Puppet::Error, "You must specify the common name for the certificate"
+        end
+        @name = hash[:name]
+        # init a few variables
+        @cert = @key = @csr = nil
+        if hash.include?(:cert)
+            @certfile = hash[:cert]
+            @dir = File.dirname(@certfile)
+        else
+            @dir = hash[:dir] || Puppet[:certdir]
+            @certfile = File.join(@dir, @name)
+        end
+        @cacertfile ||= File.join(Puppet[:certdir], "ca.pem")
+        unless FileTest.directory?(@dir)
+            Puppet.recmkdir(@dir)
+        end
+        unless @certfile =~ /\.pem$/
+            @certfile += ".pem"
+        end
+        @keyfile = hash[:key] || File.join(
+            Puppet[:privatekeydir], [@name,"pem"].join(".")
+        )
+        unless FileTest.directory?(@dir)
+            Puppet.recmkdir(@dir)
+        end
+        [@keyfile].each { |file|
+            dir = File.dirname(file)
+            unless FileTest.directory?(dir)
+                Puppet.recmkdir(dir)
+            end
+        }
+        @days = hash[:length] || 365
+        @selfsign = hash[:selfsign] || false
+        @encrypt = hash[:encrypt] || false
+        @replace = hash[:replace] || false
+        @issuer = hash[:issuer] || nil
+        if hash.include?(:type)
+            case hash[:type]
+            when :ca, :client, :server: @type = hash[:type]
+            else
+                raise "Invalid Cert type %s" % hash[:type]
+            end
+        else
+            @type = :client
+        end
+        @params = {:name => @name}
+        [:state, :country, :email, :org, :ou].each { |param|
+            if hash.include?(param)
+                @params[param] = hash[param]
+            end
+        }
+        if @encrypt
+            if @encrypt =~ /^\//
+                File.open(@encrypt) { |f|
+                    @password = f.read.chomp
+                }
+            else
+                raise Puppet::Error, ":encrypt must be a path to a pass phrase file"
+            end
+        else
+            @password = nil
+        end
+        if hash.include?(:selfsign)
+            @selfsign = hash[:selfsign]
+        else
+            @selfsign = false
+        end
+    end
+    # this only works for servers, not for users
+    def mkcsr
+        unless defined? @key and @key
+            self.getkey
+        end
+        name = OpenSSL::X509::Name.new self.subject
+        @csr = OpenSSL::X509::Request.new
+        @csr.version = 0
+        @csr.subject = name
+        @csr.public_key = @key.public_key
+        @csr.sign(@key, OpenSSL::Digest::SHA1.new)
+        #File.open(@csrfile, "w") { |f|
+        #    f << @csr.to_pem
+        #}
+        unless @csr.verify(@key.public_key)
+            raise Puppet::Error, "CSR sign verification failed"
+        end
+        return @csr
+    end
+    def mkkey
+        # @key is the file
+        @key = OpenSSL::PKey::RSA.new(1024)
+#            { |p,n|
+#                case p
+#                when 0; Puppet.info "key info: ."  # BN_generate_prime
+#                when 1; Puppet.info "key info: +"  # BN_generate_prime
+#                when 2; Puppet.info "key info: *"  # searching good prime,
+#                                          # n = #of try,
+#                                          # but also data from BN_generate_prime
+#                when 3; Puppet.info "key info: \n" # found good prime, n==0 - p, n==1 - q,
+#                                          # but also data from BN_generate_prime
+#                else;   Puppet.info "key info: *"  # BN_generate_prime
+#                end
+#            }
+        if @password
+            #passwdproc = proc { @password }
+            keytext = @key.export(
+                OpenSSL::Cipher::DES.new(:EDE3, :CBC),
+                @password
+            )
+            File.open(@keyfile, "w", 0400) { |f|
+                f << keytext
+            }
+        else
+            File.open(@keyfile, "w", 0400) { |f|
+                f << @key.to_pem
+            }
+        end
+        #cmd = "#{ossl} genrsa -out #{@key} 1024"
+    end
+    def mkselfsigned
+        unless defined? @key and @key
+            self.getkey
+        end
+        if defined? @cert and @cert
+            raise Puppet::Error, "Cannot replace existing certificate"
+        end
+        args = {
+            :name => self.certname,
+            :days => @days,
+            :issuer => nil,
+            :serial => 0x0,
+            :publickey => @key.public_key
+        }
+        if @type
+            args[:type] = @type
+        else
+            args[:type] = :server
+        end
+        @cert = SSLCertificates.mkcert(args)
+        @cert.sign(@key, OpenSSL::Digest::SHA1.new) if @selfsign
+        return @cert
+    end
+    def subject(string = false)
+        subj = @@params2names.collect { |param, name|
+            if @params.include?(param)
+               [name, @params[param]]
+            end
+        }.reject { |ary| ary.nil? }
+        if string
+            return "/" + subj.collect { |ary|
+                "%s=%s" % ary
+            }.join("/") + "/"
+        else
+            return subj
+        end
+    end
+    # verify that we can track down the cert chain or whatever
+    def verify
+        "openssl verify -verbose -CAfile /home/luke/.puppet/ssl/certs/ca.pem -purpose sslserver culain.madstop.com.pem"
+    end
+    def write
+        files = {
+            @certfile => @cert,
+            @keyfile => @key,
+        }
+        if defined? @cacert
+            files[@cacertfile] = @cacert
+        end
+        files.each { |file,thing|
+            if defined? thing and thing
+                if FileTest.exists?(file)
+                    next
+                end
+                text = nil
+                if thing.is_a?(OpenSSL::PKey::RSA) and @password
+                    text = thing.export(
+                        OpenSSL::Cipher::DES.new(:EDE3, :CBC),
+                        @password
+                    )
+                else
+                    text = thing.to_pem
+                end
+                File.open(file, "w", 0660) { |f| f.print text }
+            end
+        }
+        if defined? @cacert
+            SSLCertificates.mkhash(Puppet[:certdir], @cacert, @cacertfile)
+        end
+    end
+end
+# $Id: certificate.rb 873 2006-02-07 23:12:33Z luke $