puppetserver-ca 0.5.0 → 0.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/puppetserver/ca/action/create.rb +4 -1
- data/lib/puppetserver/ca/action/generate.rb +8 -1
- data/lib/puppetserver/ca/action/import.rb +8 -1
- data/lib/puppetserver/ca/config/puppet.rb +1 -0
- data/lib/puppetserver/ca/host.rb +16 -2
- data/lib/puppetserver/ca/local_certificate_authority.rb +9 -3
- data/lib/puppetserver/ca/version.rb +1 -1
- data/puppetserver-ca.gemspec +0 -2
- metadata +4 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0dd41110cba4e9687ea841124cf513084d141a49
|
4
|
+
data.tar.gz: 49dc042190dee2e2d34012c6453a3d36cea1209b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c4c1b41ff1f497680000ac46f214352555c6c017a8bca2eca6ca193a2abcd06dc72cb945f6331001fe337f61393c89db5c685bfd8bfc9454981ff8976f0c897f
|
7
|
+
data.tar.gz: aceb6b70657912c7b4dc3bcc3b30417c5e89aa9ee0369925ab0d9b9342fb26951aa555f4d88ae923e6541dadfe436752a01ab2288bf7fc603a424e62d979f870
|
@@ -153,7 +153,10 @@ BANNER
|
|
153
153
|
private_key = host.create_private_key(settings[:keylength])
|
154
154
|
extensions = []
|
155
155
|
if !settings[:subject_alt_names].empty?
|
156
|
-
|
156
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
157
|
+
extensions << ef.create_extension("subjectAltName",
|
158
|
+
settings[:subject_alt_names],
|
159
|
+
false)
|
157
160
|
end
|
158
161
|
csr = host.create_csr(name: certname,
|
159
162
|
key: private_key,
|
@@ -106,7 +106,14 @@ BANNER
|
|
106
106
|
[settings[:cakey], int_key],
|
107
107
|
]
|
108
108
|
|
109
|
-
|
109
|
+
files_to_check = public_files + private_files
|
110
|
+
# We don't want to error if master's keys exist. Certain workflows
|
111
|
+
# allow the agent to have already be installed with keys and then
|
112
|
+
# upgraded to be a master. The host class will honor keys, if both
|
113
|
+
# public and private exist, and error if only one exists - as is
|
114
|
+
# previous behavior.
|
115
|
+
files_to_check = files_to_check.map(&:first) - [settings[:hostpubkey], settings[:hostprivkey]]
|
116
|
+
errors = FileSystem.check_for_existing_files(files_to_check)
|
110
117
|
|
111
118
|
if !errors.empty?
|
112
119
|
instructions = <<-ERR
|
@@ -100,7 +100,14 @@ BANNER
|
|
100
100
|
[settings[:cakey], loader.key],
|
101
101
|
]
|
102
102
|
|
103
|
-
|
103
|
+
files_to_check = public_files + private_files
|
104
|
+
# We don't want to error if master's keys exist. Certain workflows
|
105
|
+
# allow the agent to have already be installed with keys and then
|
106
|
+
# upgraded to be a master. The host class will honor keys, if both
|
107
|
+
# public and private exist, and error if only one exists - as is
|
108
|
+
# previous behavior.
|
109
|
+
files_to_check = files_to_check.map(&:first) - [settings[:hostpubkey], settings[:hostprivkey]]
|
110
|
+
errors = FileSystem.check_for_existing_files(files_to_check)
|
104
111
|
|
105
112
|
if !errors.empty?
|
106
113
|
instructions = <<-ERR
|
@@ -162,6 +162,7 @@ module Puppetserver
|
|
162
162
|
settings[:ca_ttl] = munge_ttl_setting(settings[:ca_ttl])
|
163
163
|
settings[:certificate_revocation] = parse_crl_usage(settings[:certificate_revocation])
|
164
164
|
settings[:subject_alt_names] = munge_alt_names(settings[:subject_alt_names])
|
165
|
+
settings[:keylength] = settings[:keylength].to_i
|
165
166
|
|
166
167
|
settings.each do |key, value|
|
167
168
|
next unless value.is_a? String
|
data/lib/puppetserver/ca/host.rb
CHANGED
@@ -57,8 +57,22 @@ module Puppetserver
|
|
57
57
|
@errors = []
|
58
58
|
end
|
59
59
|
|
60
|
-
|
61
|
-
|
60
|
+
# If both the private and public keys exist for a master then we want
|
61
|
+
# to honor them here, if only one key exists we want to surface an error,
|
62
|
+
# and if neither exist we generate a new key. This logic is necessary for
|
63
|
+
# proper bootstrapping for certain master workflows.
|
64
|
+
def create_private_key(keylength, private_path = '', public_path = '')
|
65
|
+
if File.exists?(private_path) && File.exists?(public_path)
|
66
|
+
return OpenSSL::PKey.read(File.read(private_path))
|
67
|
+
elsif !File.exists?(private_path) && !File.exists?(public_path)
|
68
|
+
return OpenSSL::PKey::RSA.new(keylength)
|
69
|
+
elsif !File.exists?(private_path) && File.exists?(public_path)
|
70
|
+
@errors << "Missing private key to match public key at #{public_path}"
|
71
|
+
return nil
|
72
|
+
elsif File.exists?(private_path) && !File.exists?(public_path)
|
73
|
+
@errors << "Missing public key to match private key at #{private_path}"
|
74
|
+
return nil
|
75
|
+
end
|
62
76
|
end
|
63
77
|
|
64
78
|
def create_csr(name:, key:, cli_extensions: [], csr_attributes_path: '')
|
@@ -67,9 +67,15 @@ module Puppetserver
|
|
67
67
|
end
|
68
68
|
|
69
69
|
def create_master_cert(ca_key, ca_cert)
|
70
|
-
|
71
|
-
|
72
|
-
|
70
|
+
master_cert = nil
|
71
|
+
master_key = @host.create_private_key(@settings[:keylength],
|
72
|
+
@settings[:hostprivkey],
|
73
|
+
@settings[:hostpubkey])
|
74
|
+
if master_key
|
75
|
+
master_csr = @host.create_csr(name: @settings[:certname], key: master_key)
|
76
|
+
master_cert = sign_master_cert(ca_key, ca_cert, master_csr)
|
77
|
+
end
|
78
|
+
|
73
79
|
return master_key, master_cert
|
74
80
|
end
|
75
81
|
|
data/puppetserver-ca.gemspec
CHANGED
@@ -16,8 +16,6 @@ Gem::Specification.new do |spec|
|
|
16
16
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
17
17
|
f.match(%r{^(test|spec|features)/})
|
18
18
|
end
|
19
|
-
spec.bindir = "exe"
|
20
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
21
19
|
spec.require_paths = ["lib"]
|
22
20
|
|
23
21
|
spec.add_runtime_dependency "facter", [">= 2.0.1", "< 4"]
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppetserver-ca
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet, Inc.
|
8
8
|
autorequire:
|
9
|
-
bindir:
|
9
|
+
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-09-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: facter
|
@@ -75,8 +75,7 @@ dependencies:
|
|
75
75
|
description:
|
76
76
|
email:
|
77
77
|
- release@puppet.com
|
78
|
-
executables:
|
79
|
-
- puppetserver-ca
|
78
|
+
executables: []
|
80
79
|
extensions: []
|
81
80
|
extra_rdoc_files: []
|
82
81
|
files:
|