puppet 2.6.11 → 2.6.12

data/lib/puppet/sslcertificates/certificate.rb

@@ -1,255 +0,0 @@
-class Puppet::SSLCertificates::Certificate
-  SSLCertificates = Puppet::SSLCertificates
-
-  attr_accessor :certfile, :keyfile, :name, :dir, :hash, :type
-  attr_accessor :key, :cert, :csr, :cacert
-
-  @@params2names = {
-    :name       => "CN",
-    :state      => "ST",
-    :country    => "C",
-    :email      => "emailAddress",
-    :org        => "O",
-    :city       => "L",
-    :ou         => "OU"
-  }
-
-  def certname
-    OpenSSL::X509::Name.new self.subject
-  end
-
-  def delete
-    [@certfile,@keyfile].each { |file|
-      File.unlink(file) if FileTest.exists?(file)
-    }
-
-    if @hash
-      File.unlink(@hash) if FileTest.symlink?(@hash)
-    end
-  end
-
-  def exists?
-    FileTest.exists?(@certfile)
-  end
-
-  def getkey
-    self.mkkey unless FileTest.exists?(@keyfile)
-    if @password
-
-      @key = OpenSSL::PKey::RSA.new(
-
-        File.read(@keyfile),
-
-        @password
-      )
-    else
-      @key = OpenSSL::PKey::RSA.new(
-        File.read(@keyfile)
-      )
-    end
-  end
-
-  def initialize(hash)
-    raise Puppet::Error, "You must specify the common name for the certificate" unless hash.include?(:name)
-    @name = hash[:name]
-
-    # init a few variables
-    @cert = @key = @csr = nil
-
-    if hash.include?(:cert)
-      @certfile = hash[:cert]
-      @dir = File.dirname(@certfile)
-    else
-      @dir = hash[:dir] || Puppet[:certdir]
-      @certfile = File.join(@dir, @name)
-    end
-
-    @cacertfile ||= File.join(Puppet[:certdir], "ca.pem")
-
-    Puppet.recmkdir(@dir) unless FileTest.directory?(@dir)
-
-    unless @certfile =~ /\.pem$/
-      @certfile += ".pem"
-    end
-    @keyfile = hash[:key] || File.join(
-      Puppet[:privatekeydir], [@name,"pem"].join(".")
-    )
-    Puppet.recmkdir(@dir) unless FileTest.directory?(@dir)
-
-    [@keyfile].each { |file|
-      dir = File.dirname(file)
-
-      Puppet.recmkdir(dir) unless FileTest.directory?(dir)
-    }
-
-    @ttl = hash[:ttl] || 365 * 24 * 60 * 60
-    @selfsign = hash[:selfsign] || false
-    @encrypt = hash[:encrypt] || false
-    @replace = hash[:replace] || false
-    @issuer = hash[:issuer] || nil
-
-    if hash.include?(:type)
-      case hash[:type]
-      when :ca, :client, :server; @type = hash[:type]
-      else
-        raise "Invalid Cert type #{hash[:type]}"
-      end
-    else
-      @type = :client
-    end
-
-    @params = {:name => @name}
-    [:state, :country, :email, :org, :ou].each { |param|
-      @params[param] = hash[param] if hash.include?(param)
-    }
-
-    if @encrypt
-      if @encrypt =~ /^\//
-        File.open(@encrypt) { |f|
-          @password = f.read.chomp
-        }
-      else
-        raise Puppet::Error, ":encrypt must be a path to a pass phrase file"
-      end
-    else
-      @password = nil
-    end
-
-    @selfsign = hash.include?(:selfsign) && hash[:selfsign]
-  end
-
-  # this only works for servers, not for users
-  def mkcsr
-    self.getkey unless @key
-
-    name = OpenSSL::X509::Name.new self.subject
-
-    @csr = OpenSSL::X509::Request.new
-    @csr.version = 0
-    @csr.subject = name
-    @csr.public_key = @key.public_key
-    @csr.sign(@key, OpenSSL::Digest::SHA1.new)
-
-    #File.open(@csrfile, "w") { |f|
-    #    f << @csr.to_pem
-    #}
-
-    raise Puppet::Error, "CSR sign verification failed" unless @csr.verify(@key.public_key)
-
-    @csr
-  end
-
-  def mkkey
-    # @key is the file
-
-    @key = OpenSSL::PKey::RSA.new(1024)
-#            { |p,n|
-#                case p
-#                when 0; Puppet.info "key info: ."  # BN_generate_prime
-#                when 1; Puppet.info "key info: +"  # BN_generate_prime
-#                when 2; Puppet.info "key info: *"  # searching good prime,
-#                                          # n = #of try,
-#                                          # but also data from BN_generate_prime
-#                when 3; Puppet.info "key info: \n" # found good prime, n==0 - p, n==1 - q,
-#                                          # but also data from BN_generate_prime
-#                else;   Puppet.info "key info: *"  # BN_generate_prime
-#                end
-#            }
-
-  if @password
-  #        passwdproc = proc { @password }
-
-    keytext = @key.export(
-
-      OpenSSL::Cipher::DES.new(:EDE3, :CBC),
-
-      @password
-      )
-      File.open(@keyfile, "w", 0400) { |f|
-        f << keytext
-      }
-    else
-      File.open(@keyfile, "w", 0400) { |f|
-        f << @key.to_pem
-      }
-    end
-
-    #cmd = "#{ossl} genrsa -out #{@key} 1024"
-  end
-
-  def mkselfsigned
-    self.getkey unless @key
-
-    raise Puppet::Error, "Cannot replace existing certificate" if @cert
-
-    args = {
-      :name => self.certname,
-      :ttl => @ttl,
-      :issuer => nil,
-      :serial => 0x0,
-      :publickey => @key.public_key
-    }
-    if @type
-      args[:type] = @type
-    else
-      args[:type] = :server
-    end
-    @cert = SSLCertificates.mkcert(args)
-
-    @cert.sign(@key, OpenSSL::Digest::SHA1.new) if @selfsign
-
-    @cert
-  end
-
-  def subject(string = false)
-    subj = @@params2names.collect { |param, name|
-      [name, @params[param]] if @params.include?(param)
-    }.reject { |ary| ary.nil? }
-
-    if string
-      return "/" + subj.collect { |ary|
-        "%s=%s" % ary
-      }.join("/") + "/"
-    else
-      return subj
-    end
-  end
-
-  # verify that we can track down the cert chain or whatever
-  def verify
-    "openssl verify -verbose -CAfile /home/luke/.puppet/ssl/certs/ca.pem -purpose sslserver culain.madstop.com.pem"
-  end
-
-  def write
-    files = {
-      @certfile => @cert,
-      @keyfile => @key,
-    }
-    files[@cacertfile] = @cacert if defined?(@cacert)
-
-    files.each { |file,thing|
-      if thing
-        next if FileTest.exists?(file)
-
-        text = nil
-
-        if thing.is_a?(OpenSSL::PKey::RSA) and @password
-
-          text = thing.export(
-
-            OpenSSL::Cipher::DES.new(:EDE3, :CBC),
-
-            @password
-          )
-        else
-          text = thing.to_pem
-        end
-
-        File.open(file, "w", 0660) { |f| f.print text }
-      end
-    }
-
-    SSLCertificates.mkhash(Puppet[:certdir], @cacert, @cacertfile) if defined?(@cacert)
-  end
-end
-

data/lib/puppet/sslcertificates/inventory.rb

@@ -1,38 +0,0 @@
-# A module for keeping track of all the certificates issued by the CA, ever
-# Maintains the file "$cadir/inventory.txt"
-module Puppet::SSLCertificates
-  module Inventory
-
-    # Add CERT to the inventory of issued certs in '$cadir/inventory.txt'
-    # If no inventory exists yet, build an inventory and list all the
-    # certificates that have been signed so far
-    def self.add(cert)
-      inited = false
-      inited = true if FileTest.exists?(Puppet[:cert_inventory])
-
-      Puppet.settings.write(:cert_inventory, "a") do |f|
-        f.puts((inited ? nil : self.init).to_s + format(cert))
-      end
-    end
-
-    private
-
-    def self.init
-      inv = "# Inventory of signed certificates\n"
-      inv += "# SERIAL NOT_BEFORE NOT_AFTER SUBJECT\n"
-      Dir.glob(File::join(Puppet[:signeddir], "*.pem")) do |f|
-        inv += format(OpenSSL::X509::Certificate.new(File::read(f))) + "\n"
-      end
-      inv
-    end
-
-    def self.format(cert)
-      iso = '%Y-%m-%dT%H:%M:%S%Z'
-      return "0x%04x %s %s %s" % [cert.serial,
-                    cert.not_before.strftime(iso),
-                    cert.not_after.strftime(iso),
-                    cert.subject]
-    end
-  end
-end
-

data/lib/puppet/sslcertificates/monkey_patch.rb

@@ -1,6 +0,0 @@
-# This is the file that we use to add indirection to all the SSL Certificate classes.
-
-require 'puppet/indirector'
-
-OpenSSL::PKey::RSA.extend Puppet::Indirector
-OpenSSL::PKey::RSA.indirects :ssl_rsa, :terminus_class => :file

data/lib/puppet/sslcertificates/support.rb

@@ -1,146 +0,0 @@
-require 'puppet/sslcertificates'
-
-# A module to handle reading of certificates.
-module Puppet::SSLCertificates::Support
-  class MissingCertificate < Puppet::Error; end
-  class InvalidCertificate < Puppet::Error; end
-
-  attr_reader :cacert
-
-  # Some metaprogramming to create methods for retrieving and creating keys.
-  # This probably isn't fewer lines than defining each separately...
-  def self.keytype(name, options, &block)
-    var = "@#{name}"
-
-    maker = "mk_#{name}"
-    reader = "read_#{name}"
-
-    unless param = options[:param]
-      raise ArgumentError, "You must specify the parameter for the key"
-    end
-
-    unless klass = options[:class]
-      raise ArgumentError, "You must specify the class for the key"
-    end
-
-    # Define the method that creates it.
-    define_method(maker, &block)
-
-    # Define the reading method.
-    define_method(reader) do
-      return nil unless FileTest.exists?(Puppet[param]) or rename_files_with_uppercase(Puppet[param])
-
-      begin
-        instance_variable_set(var, klass.new(File.read(Puppet[param])))
-      rescue => detail
-        raise InvalidCertificate, "Could not read #{param}: #{detail}"
-      end
-    end
-
-    # Define the overall method, which just calls the reader and maker
-    # as appropriate.
-    define_method(name) do
-      unless cert = instance_variable_get(var)
-        unless cert = send(reader)
-          cert = send(maker)
-          Puppet.settings.write(param) { |f| f.puts cert.to_pem }
-        end
-        instance_variable_set(var, cert)
-      end
-      cert
-    end
-  end
-
-  # The key pair.
-  keytype :key, :param => :hostprivkey, :class => OpenSSL::PKey::RSA do
-    Puppet.info "Creating a new SSL key at #{Puppet[:hostprivkey]}"
-    key = OpenSSL::PKey::RSA.new(Puppet[:keylength])
-
-    # Our key meta programming can only handle one file, so we have
-    # to separately write out the public key.
-    Puppet.settings.write(:hostpubkey) do |f|
-      f.print key.public_key.to_pem
-    end
-    return key
-  end
-
-  # Our certificate request
-  keytype :csr, :param => :hostcsr, :class => OpenSSL::X509::Request do
-    Puppet.info "Creating a new certificate request for #{Puppet[:certname]}"
-
-    csr = OpenSSL::X509::Request.new
-    csr.version = 0
-    csr.subject = OpenSSL::X509::Name.new([["CN", Puppet[:certname]]])
-    csr.public_key = key.public_key
-    csr.sign(key, OpenSSL::Digest::MD5.new)
-
-    return csr
-  end
-
-  keytype :cert, :param => :hostcert, :class => OpenSSL::X509::Certificate do
-    raise MissingCertificate, "No host certificate"
-  end
-
-  keytype :ca_cert, :param => :localcacert, :class => OpenSSL::X509::Certificate do
-    raise MissingCertificate, "No CA certificate"
-  end
-
-  # Request a certificate from the remote system.  This does all of the work
-  # of creating the cert request, contacting the remote system, and
-  # storing the cert locally.
-  def requestcert
-    begin
-      cert, cacert = caclient.getcert(@csr.to_pem)
-    rescue => detail
-      puts detail.backtrace if Puppet[:trace]
-      raise Puppet::Error.new("Certificate retrieval failed: #{detail}")
-    end
-
-    if cert.nil? or cert == ""
-      return nil
-    end
-    Puppet.settings.write(:hostcert) do |f| f.print cert end
-    Puppet.settings.write(:localcacert) do |f| f.print cacert end
-    #File.open(@certfile, "w", 0644) { |f| f.print cert }
-    #File.open(@cacertfile, "w", 0644) { |f| f.print cacert }
-    begin
-      @cert = OpenSSL::X509::Certificate.new(cert)
-      @cacert = OpenSSL::X509::Certificate.new(cacert)
-      retrieved = true
-    rescue => detail
-      raise Puppet::Error.new(
-        "Invalid certificate: #{detail}"
-      )
-    end
-
-    raise Puppet::DevError, "Received invalid certificate" unless @cert.check_private_key(@key)
-    retrieved
-  end
-
-  # A hack method to deal with files that exist with a different case.
-  # Just renames it; doesn't read it in or anything.
-  def rename_files_with_uppercase(file)
-    dir = File.dirname(file)
-    short = File.basename(file)
-
-    # If the dir isn't present, we clearly don't have the file.
-    #return nil unless FileTest.directory?(dir)
-
-    raise ArgumentError, "Tried to fix SSL files to a file containing uppercase" unless short.downcase == short
-
-    return false unless File.directory?(dir)
-
-    real_file = Dir.entries(dir).reject { |f| f =~ /^\./ }.find do |other|
-      other.downcase == short
-    end
-
-    return nil unless real_file
-
-    full_file = File.join(dir, real_file)
-
-    Puppet.notice "Fixing case in #{full_file}; renaming to #{file}"
-    File.rename(full_file, file)
-
-    true
-  end
-end

data/spec/integration/network/client_spec.rb

@@ -1,19 +0,0 @@
-#!/usr/bin/env ruby
-
-require File.dirname(__FILE__) + '/../../spec_helper'
-
-require 'puppet/network/client'
-
-describe Puppet::Network::Client do
-  %w{ca file report runner status}.each do |name|
-    it "should have a #{name} client" do
-      Puppet::Network::Client.client(name).should be_instance_of(Class)
-    end
-
-    [:name, :handler, :drivername].each do |data|
-      it "should have a #{data} value for the #{name} client" do
-        Puppet::Network::Client.client(name).send(data).should_not be_nil
-      end
-    end
-  end
-end