RubyGems - puppetserver-ca - Versions diffs - 2.3.2 → 2.3.3 - Mend

puppetserver-ca 2.3.2 → 2.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/puppetserver/ca/action/prune.rb +39 -34
data/lib/puppetserver/ca/utils/http_client.rb +1 -1
data/lib/puppetserver/ca/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ffcdb4b7a4972842dd5f3cc03d3879998e1ab8fcba4066d49e919a1ba6c7312c
-  data.tar.gz: d32629c393a75fa5f6291e97bc84a4620738ef97804f569e031a4f975ac7b059
+  metadata.gz: 145cb62d733040dca7ad410a86146e0a0c82c29746a2c7de392004ad98737ed5
+  data.tar.gz: bd0db987a4af957208395f53134c3d59ab45f3c76d2e5d4205b589b75b1b9873
 SHA512:
-  metadata.gz: aa99515bb8c32de7529d63bc4242bc4ef71ea8ba0c3f00137fa31cdec0a08e8b6da13d9daaaefd922e50abdbe287ced9ec2395802d4012754a4086c804d27907
-  data.tar.gz: '059760fa95029609e65f15726944c342053f66ac092cafb2f073896d3e143caf7f7a3029642749001b3fb6a289cf78ffe26dfb56a33399c60d268a1b303609d3'
+  metadata.gz: d5ec57e3cfd1d2947521b50a2923892452f25c4ae43c0daa45e9a0ba17ebd969431933f17d71866ff8e9e15bcdeb633c754084c618ea8bd2b1891ae0438751a5
+  data.tar.gz: ebfc68d10303eea0d66b61a636b069986e6f4d65e1af4a222bfea5d74a45951edb2d6f01192f4d0bafdbe3392e80a356074c334212651d2489e5d2dae0e8120b

data/lib/puppetserver/ca/action/prune.rb CHANGED Viewed

@@ -31,6 +31,7 @@ BANNER
         def run(inputs)
           config_path = inputs['config']
+          exit_code = 0
           # Validate the config path.
           if config_path
@@ -49,55 +50,59 @@ BANNER
           # Getting the CRL(s)
           loader = X509Loader.new(puppet.settings[:cacert], puppet.settings[:cakey], puppet.settings[:cacrl])
-          puppet_crl = loader.crls.select { |crl| crl.verify(loader.key) }
-          number_of_removed_duplicates = prune_CRLs(puppet_crl)
+          verified_crls = loader.crls.select { |crl| crl.verify(loader.key) }
-          if number_of_removed_duplicates > 0
-            update_pruned_CRL(puppet_crl, loader.key)
-            FileSystem.write_file(puppet.settings[:cacrl], loader.crls, 0644)
-            @logger.inform("Removed #{number_of_removed_duplicates} duplicated certs from Puppet's CRL.")
+          if verified_crls.length == 1
+            puppet_crl = verified_crls.first
+            @logger.inform("Total number of certificates found in Puppet's CRL is: #{puppet_crl.revoked.length}.")
+            number_of_removed_duplicates = prune_CRL(puppet_crl)
+            if number_of_removed_duplicates > 0
+              update_pruned_CRL(puppet_crl, loader.key)
+              FileSystem.write_file(puppet.settings[:cacrl], loader.crls, 0644)
+              @logger.inform("Removed #{number_of_removed_duplicates} duplicated certs from Puppet's CRL.")
+            else
+              @logger.inform("No duplicate revocations found in the CRL.")
+            end
           else
-            @logger.inform("No duplicate revocations found in the CRL.")
+            @logger.err("Could not identify Puppet's CRL. Aborting prune action.")
+            exit_code = 1
           end
-          return 0
+          return exit_code
         end
-        def prune_CRLs(crl_list)
+        def prune_CRL(crl)
           number_of_removed_duplicates = 0
-          crl_list.each do |crl|
-            existed_serial_number = Set.new()
-            revoked_list = crl.revoked
-            @logger.debug("Pruning duplicate entries in CRL for issuer " \
-              "#{crl.issuer.to_s(OpenSSL::X509::Name::RFC2253)}") if @logger.debug?
-            revoked_list.delete_if do |revoked|
-              if existed_serial_number.add?(revoked.serial)
-                false
-              else
-                number_of_removed_duplicates += 1
-                @logger.debug("Removing duplicate of #{revoked.serial}, " \
-                  "revoked on #{revoked.time}\n") if @logger.debug?
-                true
-              end
+          existed_serial_number = Set.new()
+          revoked_list = crl.revoked
+          @logger.debug("Pruning duplicate entries in CRL for issuer " \
+            "#{crl.issuer.to_s(OpenSSL::X509::Name::RFC2253)}") if @logger.debug?
+          revoked_list.delete_if do |revoked|
+            if existed_serial_number.add?(revoked.serial)
+              false
+            else
+              number_of_removed_duplicates += 1
+              @logger.debug("Removing duplicate of #{revoked.serial}, " \
+                "revoked on #{revoked.time}\n") if @logger.debug?
+              true
             end
-            crl.revoked=(revoked_list)
           end
+          crl.revoked=(revoked_list)
           return number_of_removed_duplicates
         end
-        def update_pruned_CRL(crl_list, pkey)
-          crl_list.each do |crl|
-            number_ext, other_ext = crl.extensions.partition{ |ext| ext.oid == "crlNumber" }
-            number_ext.each do |crl_number|
-              updated_crl_number = OpenSSL::BN.new(crl_number.value) + OpenSSL::BN.new(1)
-              crl_number.value=(OpenSSL::ASN1::Integer(updated_crl_number))
-            end
-            crl.extensions=(number_ext + other_ext)
-            crl.sign(pkey, OpenSSL::Digest::SHA256.new)
+        def update_pruned_CRL(crl, pkey)
+          number_ext, other_ext = crl.extensions.partition{ |ext| ext.oid == "crlNumber" }
+          number_ext.each do |crl_number|
+            updated_crl_number = OpenSSL::BN.new(crl_number.value) + OpenSSL::BN.new(1)
+            crl_number.value=(OpenSSL::ASN1::Integer(updated_crl_number))
           end
+          crl.extensions=(number_ext + other_ext)
+          crl.sign(pkey, OpenSSL::Digest::SHA256.new)
         end
         def self.parser(parsed = {})

data/lib/puppetserver/ca/utils/http_client.rb CHANGED Viewed

@@ -141,7 +141,7 @@ module Puppetserver
                   url = protocol + '://' + host + ':' + port + '/' +
                         [endpoint, version, resource_type, resource_name].join('/')
-                  url = url + "?" + URI.encode_www_form(query) unless query.empty?
+                  url = url + "?" + URI.encode_www_form(query) unless query.nil? || query.empty?
                   return url
                 end

data/lib/puppetserver/ca/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Puppetserver
   module Ca
-    VERSION = "2.3.2"
+    VERSION = "2.3.3"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppetserver-ca
 version: !ruby/object:Gem::Version
-  version: 2.3.2
+  version: 2.3.3
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-08-17 00:00:00.000000000 Z
+date: 2021-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter