puppetserver-ca 2.3.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/puppetserver/ca/action/prune.rb +20 -5
- data/lib/puppetserver/ca/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9443656cd200fac958b84f3b7444a402146344105b25022eef46dbe1d24201a1
|
|
4
|
+
data.tar.gz: aa4c2fbcae1976a25346c6cfe16d792099b6ccc722f24770535e58367bc4128d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 34e5662cbb5d7f92bf9f1b3f91f69d37149986c4ba998e42655cf5440349a242116f04c3abfc50244140f4de681fdffed77fa9c56128286bfe3e96d49ebc2939
|
|
7
|
+
data.tar.gz: 24740e26cceae352f4def897433bc4971b78c8d51c94e0692b19868a10a73dec29c266c1f9f09281b46299dfd9f795cba00c57b00726556529faf0ef820bd664
|
|
@@ -50,15 +50,22 @@ BANNER
|
|
|
50
50
|
loader = X509Loader.new(puppet.settings[:cacert], puppet.settings[:cakey], puppet.settings[:cacrl])
|
|
51
51
|
|
|
52
52
|
puppet_crl = loader.crls.select { |crl| crl.verify(loader.key) }
|
|
53
|
-
prune_CRLs(puppet_crl)
|
|
54
|
-
|
|
55
|
-
|
|
53
|
+
number_of_removed_duplicates = prune_CRLs(puppet_crl)
|
|
54
|
+
|
|
55
|
+
if number_of_removed_duplicates > 0
|
|
56
|
+
update_pruned_CRL(puppet_crl, loader.key)
|
|
57
|
+
FileSystem.write_file(puppet.settings[:cacrl], loader.crls, 0644)
|
|
58
|
+
@logger.inform("Removed #{number_of_removed_duplicates} duplicated certs from Puppet's CRL.")
|
|
59
|
+
else
|
|
60
|
+
@logger.inform("No duplicate revocations found in the CRL.")
|
|
61
|
+
end
|
|
56
62
|
|
|
57
|
-
@logger.inform("Finished pruning Puppet's CRL")
|
|
58
63
|
return 0
|
|
59
64
|
end
|
|
60
65
|
|
|
61
66
|
def prune_CRLs(crl_list)
|
|
67
|
+
number_of_removed_duplicates = 0
|
|
68
|
+
|
|
62
69
|
crl_list.each do |crl|
|
|
63
70
|
existed_serial_number = Set.new()
|
|
64
71
|
revoked_list = crl.revoked
|
|
@@ -69,6 +76,7 @@ BANNER
|
|
|
69
76
|
if existed_serial_number.add?(revoked.serial)
|
|
70
77
|
false
|
|
71
78
|
else
|
|
79
|
+
number_of_removed_duplicates += 1
|
|
72
80
|
@logger.debug("Removing duplicate of #{revoked.serial}, " \
|
|
73
81
|
"revoked on #{revoked.time}\n") if @logger.debug?
|
|
74
82
|
true
|
|
@@ -76,11 +84,18 @@ BANNER
|
|
|
76
84
|
end
|
|
77
85
|
crl.revoked=(revoked_list)
|
|
78
86
|
end
|
|
87
|
+
|
|
88
|
+
return number_of_removed_duplicates
|
|
79
89
|
end
|
|
80
90
|
|
|
81
91
|
def update_pruned_CRL(crl_list, pkey)
|
|
82
92
|
crl_list.each do |crl|
|
|
83
|
-
|
|
93
|
+
number_ext, other_ext = crl.extensions.partition{ |ext| ext.oid == "crlNumber" }
|
|
94
|
+
number_ext.each do |crl_number|
|
|
95
|
+
updated_crl_number = OpenSSL::BN.new(crl_number.value) + OpenSSL::BN.new(1)
|
|
96
|
+
crl_number.value=(OpenSSL::ASN1::Integer(updated_crl_number))
|
|
97
|
+
end
|
|
98
|
+
crl.extensions=(number_ext + other_ext)
|
|
84
99
|
crl.sign(pkey, OpenSSL::Digest::SHA256.new)
|
|
85
100
|
end
|
|
86
101
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: puppetserver-ca
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.3.
|
|
4
|
+
version: 2.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Puppet, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-07-
|
|
11
|
+
date: 2021-07-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: facter
|