puppetserver-ca 0.3.1 → 0.4.0

data/lib/puppetserver/settings/ttl_setting.rb

@@ -1,48 +0,0 @@
-# A setting that represents a span of time to live, and evaluates to Numeric
-# seconds to live where 0 means shortest possible time to live, a positive numeric value means time
-# to live in seconds, and the symbolic entry 'unlimited' is an infinite amount of time.
-#
-module Puppetserver
-  module Settings
-    class TTLSetting
-      # How we convert from various units to seconds.
-      UNITMAP = {
-        # 365 days isn't technically a year, but is sufficient for most purposes
-        "y" => 365 * 24 * 60 * 60,
-        "d" => 24 * 60 * 60,
-        "h" => 60 * 60,
-        "m" => 60,
-        "s" => 1
-      }
-
-      # A regex describing valid formats with groups for capturing the value and units
-      FORMAT = /^(\d+)(y|d|h|m|s)?$/
-
-      attr_reader :errors, :munged_value
-
-      def initialize(name, setting_value)
-        @errors = []
-        @munged_value = munge(setting_value, name)
-      end
-
-      # Convert the value to Numeric, parsing numeric string with units if necessary.
-      def munge(value, name)
-        case
-        when value.is_a?(Numeric)
-          if value < 0
-            @errors << "Invalid negative 'time to live' #{value.inspect} - did you mean 'unlimited'?"
-          end
-          value
-
-        when value == 'unlimited'
-          Float::INFINITY
-
-        when (value.is_a?(String) and value =~ FORMAT)
-          $1.to_i * UNITMAP[$2 || 's']
-        else
-          @errors <<  "Invalid 'time to live' format '#{value.inspect}' for parameter: #{name}"
-        end
-      end
-    end
-  end
-end

data/lib/puppetserver/utils/file_utilities.rb

@@ -1,78 +0,0 @@
-require 'fileutils'
-require 'etc'
-
-module Puppetserver
-  module Utils
-    class FileUtilities
-
-      def self.instance
-        @instance ||= new
-      end
-
-      def self.write_file(*args)
-        instance.write_file(*args)
-      end
-
-      def self.ensure_dir(setting)
-        instance.ensure_dir(setting)
-      end
-
-      def self.ensure_file(location, content, mode)
-        if !File.exist?(location)
-          instance.write_file(location, content, mode)
-        end
-      end
-
-      def self.validate_file_paths(one_or_more_paths)
-        errors = []
-        Array(one_or_more_paths).each do |path|
-          if !File.exist?(path) || !File.readable?(path)
-            errors << "Could not read file '#{path}'"
-          end
-        end
-
-        errors
-      end
-
-      def initialize
-        @user, @group = find_user_and_group
-      end
-
-      def find_user_and_group
-        if !running_as_root?
-          return Process.euid, Process.egid
-        else
-          if pe_puppet_exists?
-            return 'pe-puppet', 'pe-puppet'
-          else
-            return 'puppet', 'puppet'
-          end
-        end
-      end
-
-      def running_as_root?
-        !Gem.win_platform? && Process.euid == 0
-      end
-
-      def pe_puppet_exists?
-        !!(Etc.getpwnam('pe-puppet') rescue nil)
-      end
-
-      def write_file(path, one_or_more_objects, mode)
-        File.open(path, 'w', mode) do |f|
-          Array(one_or_more_objects).each do |object|
-            f.puts object.to_s
-          end
-        end
-        FileUtils.chown(@user, @group, path)
-      end
-
-      def ensure_dir(setting)
-        if !File.exist?(setting)
-          FileUtils.mkdir_p(setting, mode: 0750)
-          FileUtils.chown(@user, @group, setting)
-        end
-      end
-    end
-  end
-end

data/lib/puppetserver/utils/http_client.rb

@@ -1,129 +0,0 @@
-require 'openssl'
-require 'net/https'
-
-module Puppetserver
-  module Utils
-    # Utilities for doing HTTPS against the CA that wraps Net::HTTP constructs
-    class HttpClient
-
-      HEADERS = {
-        'User-Agent'   => 'PuppetserverCaCli',
-        'Content-Type' => 'application/json',
-        'Accept'       => 'application/json'
-      }
-
-      attr_reader :store
-
-      def initialize(settings)
-        @store = make_store(settings[:localcacert],
-                            settings[:certificate_revocation],
-                            settings[:hostcrl])
-        @cert = load_cert(settings[:hostcert])
-        @key = load_key(settings[:hostprivkey])
-      end
-
-      def load_cert(cert_path)
-        OpenSSL::X509::Certificate.new(File.read(cert_path))
-      end
-
-      def load_key(key_path)
-        OpenSSL::PKey.read(File.read(key_path))
-      end
-
-      # Returns a URI-like wrapper around CA specific urls
-      def make_ca_url(host, port, resource_type = nil, certname = nil)
-        URL.new('https', host, port, 'puppet-ca', 'v1', resource_type, certname)
-      end
-
-      # Takes an instance URL (defined lower in the file), and creates a
-      # connection. The given block is passed our own Connection object.
-      # The Connection object should have HTTP verbs defined on it that take
-      # a body (and optional overrides). Returns whatever the block given returned.
-      def with_connection(url, &block)
-        request = ->(conn) { block.call(Connection.new(conn, url)) }
-
-        Net::HTTP.start(url.host, url.port,
-                        use_ssl: true, cert_store: @store,
-                        cert: @cert, key: @key,
-                        &request)
-      end
-
-      private
-      # Helper class that wraps a Net::HTTP connection, a HttpClient::URL
-      # and defines methods named after HTTP verbs that are called on the
-      # saved connection, returning a Result.
-      class Connection
-        def initialize(net_http_connection, url_struct)
-          @conn = net_http_connection
-          @url = url_struct
-        end
-
-        def get(url_overide = nil)
-          url = url_overide || @url
-
-          request = Net::HTTP::Get.new(url.to_uri, HEADERS)
-          result = @conn.request(request)
-
-          Result.new(result.code, result.body)
-        end
-
-        def put(body, url_override = nil)
-          url = url_override || @url
-
-          request = Net::HTTP::Put.new(url.to_uri, HEADERS)
-          request.body = body
-          result = @conn.request(request)
-
-          Result.new(result.code, result.body)
-        end
-
-        def delete(url_override = nil)
-          url = url_override || @url
-
-          result = @conn.request(Net::HTTP::Delete.new(url.to_uri, HEADERS))
-
-          Result.new(result.code, result.body)
-        end
-      end
-
-      # Just provide the bits of Net::HTTPResponse we care about
-      Result = Struct.new(:code, :body)
-
-      # Like URI, but not... maybe of suspicious value
-      URL = Struct.new(:protocol, :host, :port,
-                       :endpoint, :version,
-                       :resource_type, :resource_name) do
-              def full_url
-                protocol + '://' + host + ':' + port + '/' +
-                [endpoint, version, resource_type, resource_name].join('/')
-              end
-
-              def to_uri
-                URI(full_url)
-              end
-            end
-
-      def make_store(bundle, crl_usage, crls = nil)
-        store = OpenSSL::X509::Store.new
-        store.purpose = OpenSSL::X509::PURPOSE_ANY
-        store.add_file(bundle)
-
-        if crl_usage != :ignore
-
-          flags = OpenSSL::X509::V_FLAG_CRL_CHECK
-          if crl_usage == :chain
-            flags |= OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-          end
-
-          store.flags = flags
-          delimiter = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
-          File.read(crls).scan(delimiter).each do |crl|
-            store.add_crl(OpenSSL::X509::CRL.new(crl))
-          end
-        end
-
-        store
-      end
-    end
-  end
-end

data/lib/puppetserver/utils/signing_digest.rb

@@ -1,25 +0,0 @@
-module Puppetserver
-  module Utils
-    class SigningDigest
-
-      attr_reader :errors, :digest
-
-      def initialize
-        @errors = []
-        if OpenSSL::Digest.const_defined?('SHA256')
-          @digest = OpenSSL::Digest::SHA256.new
-        elsif OpenSSL::Digest.const_defined?('SHA1')
-          @digest = OpenSSL::Digest::SHA1.new
-        elsif OpenSSL::Digest.const_defined?('SHA512')
-          @digest = OpenSSL::Digest::SHA512.new
-        elsif OpenSSL::Digest.const_defined?('SHA384')
-          @digest = OpenSSL::Digest::SHA384.new
-        elsif OpenSSL::Digest.const_defined?('SHA224')
-          @digest = OpenSSL::Digest::SHA224.new
-        else
-          @errors << "Error: No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
-        end
-      end
-    end
-  end
-end