puppetserver-ca 1.1.2 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8ef4177b1921aaa80d30844823c81a28b3465c65
4
- data.tar.gz: e7e494cf9f9f93127cf0b693afeba8cedfcb8659
3
+ metadata.gz: 0a642b5be01fd4809412f6c70928f1764a8ed294
4
+ data.tar.gz: edb6b327dc31c877cc69fce0cd9382e73082409d
5
5
  SHA512:
6
- metadata.gz: 95c956f2395ff96c6e6108d3fb67441052fb7de89581427cdeacee0de73415a46633b5dedc113fa56200e84963e6e3255f84fc58c8cd5676044171673e45f5b2
7
- data.tar.gz: 66c067a3f40bc1d5c4c096bf5afb5eda563f8caebd431638a913f3ea26f797ecde05547a18864841755a779426d6003dc00f0d412940e53a643a08c21b0412b3
6
+ metadata.gz: 6a05b9d88d88098766164e3fc834343461de20d81858a65523e8ad53f179c7f56a4d5b5a43ecdae63e59d1d8ba959ff9ea007e58f4ca1d559d758b2786f4db21
7
+ data.tar.gz: 803bacaad5099f629adeb64cdb86ea711e4a14235714836f9fccd6746fae9d84e66252d51d907d4e15378a5dc6271772b1bc7289e0ce3c996ad9d061cfe9f9cc
@@ -183,7 +183,6 @@ BANNER
183
183
  settings[:publickeydir]])
184
184
 
185
185
  ca = Puppetserver::Ca::LocalCertificateAuthority.new(digest, settings)
186
- ca_cert, ca_key = ca.load_ca
187
186
  return false if CliParsing.handle_errors(@logger, ca.errors)
188
187
 
189
188
  passed = certnames.map do |certname|
@@ -197,7 +196,7 @@ BANNER
197
196
  key, csr = generate_key_csr(certname, settings, digest)
198
197
  next false unless csr
199
198
 
200
- cert = ca.sign_authorized_cert(ca_key, ca_cert, csr, current_alt_names)
199
+ cert = ca.sign_authorized_cert(csr, current_alt_names)
201
200
  next false unless save_file(cert.to_pem, certname, settings[:certdir], "Certificate")
202
201
  next false unless save_file(cert.to_pem, certname, settings[:signeddir], "Certificate")
203
202
  next false unless save_keys(certname, settings, key)
@@ -73,7 +73,8 @@ BANNER
73
73
 
74
74
  def import(loader, settings, signing_digest)
75
75
  ca = Puppetserver::Ca::LocalCertificateAuthority.new(signing_digest, settings)
76
- master_key, master_cert = ca.create_master_cert(loader.key, loader.certs.first)
76
+ ca.load_ssl_components(loader)
77
+ master_key, master_cert = ca.create_master_cert
77
78
  return ca.errors if ca.errors.any?
78
79
 
79
80
  FileSystem.ensure_dirs([settings[:ssldir],
@@ -77,8 +77,8 @@ BANNER
77
77
  ca = Puppetserver::Ca::LocalCertificateAuthority.new(signing_digest, settings)
78
78
 
79
79
  root_key, root_cert, root_crl = ca.create_root_cert
80
- int_key, int_cert, int_crl = ca.create_intermediate_cert(root_key, root_cert)
81
- master_key, master_cert = ca.create_master_cert(int_key, int_cert)
80
+ ca.create_intermediate_cert(root_key, root_cert)
81
+ master_key, master_cert = ca.create_master_cert
82
82
  return ca.errors if ca.errors.any?
83
83
 
84
84
  FileSystem.ensure_dirs([settings[:ssldir],
@@ -89,14 +89,14 @@ BANNER
89
89
  settings[:signeddir]])
90
90
 
91
91
  public_files = [
92
- [settings[:cacert], [int_cert, root_cert]],
93
- [settings[:cacrl], [int_crl, root_crl]],
94
- [settings[:cadir] + '/infra_crl.pem', [int_crl, root_crl]],
92
+ [settings[:cacert], [ca.cert, root_cert]],
93
+ [settings[:cacrl], [ca.crl, root_crl]],
94
+ [settings[:cadir] + '/infra_crl.pem', [ca.crl, root_crl]],
95
95
  [settings[:hostcert], master_cert],
96
- [settings[:localcacert], [int_cert, root_cert]],
97
- [settings[:hostcrl], [int_crl, root_crl]],
96
+ [settings[:localcacert], [ca.cert, root_cert]],
97
+ [settings[:hostcrl], [ca.crl, root_crl]],
98
98
  [settings[:hostpubkey], master_key.public_key],
99
- [settings[:capub], int_key.public_key],
99
+ [settings[:capub], ca.key.public_key],
100
100
  [settings[:cert_inventory], ca.inventory_entry(master_cert)],
101
101
  [settings[:cadir] + '/infra_inventory.txt', ''],
102
102
  [settings[:cadir] + '/infra_serials', ''],
@@ -107,7 +107,7 @@ BANNER
107
107
  private_files = [
108
108
  [settings[:hostprivkey], master_key],
109
109
  [settings[:rootkey], root_key],
110
- [settings[:cakey], int_key],
110
+ [settings[:cakey], ca.key],
111
111
  ]
112
112
 
113
113
  files_to_check = public_files + private_files
@@ -104,7 +104,7 @@ module Puppetserver
104
104
  [:cadir, '$ssldir/ca'],
105
105
  [:certdir, '$ssldir/certs'],
106
106
  [:certname, default_certname],
107
- [:server, '$certname'],
107
+ [:server, 'puppet'],
108
108
  [:masterport, '8140'],
109
109
  [:privatekeydir, '$ssldir/private_keys'],
110
110
  [:publickeydir, '$ssldir/public_keys'],
@@ -1,5 +1,6 @@
1
1
  require 'puppetserver/ca/host'
2
2
  require 'puppetserver/ca/utils/file_system'
3
+ require 'puppetserver/ca/x509_loader'
3
4
 
4
5
  require 'openssl'
5
6
 
@@ -36,11 +37,35 @@ module Puppetserver
36
37
  ["authorityKeyIdentifier", "keyid:always", false]
37
38
  ].freeze
38
39
 
40
+ attr_reader :cert, :key, :crl
41
+
39
42
  def initialize(digest, settings)
40
43
  @digest = digest
41
44
  @host = Host.new(digest)
42
45
  @settings = settings
43
46
  @errors = []
47
+
48
+ if ssl_assets_exist?
49
+ loader = Puppetserver::Ca::X509Loader.new(@settings[:cacert], @settings[:cakey], @settings[:cacrl])
50
+ if loader.errors.empty?
51
+ load_ssl_components(loader)
52
+ else
53
+ @errors += loader.errors
54
+ @errors << "CA not initialized. Please set up your CA before attempting to generate certs offline."
55
+ end
56
+ end
57
+ end
58
+
59
+ def ssl_assets_exist?
60
+ File.exist?(@settings[:cacert]) &&
61
+ File.exist?(@settings[:cakey]) &&
62
+ File.exist?(@settings[:cacrl])
63
+ end
64
+
65
+ def load_ssl_components(loader)
66
+ @cert = loader.certs.first
67
+ @key = loader.key
68
+ @crl = loader.crls.first
44
69
  end
45
70
 
46
71
  def errors
@@ -76,7 +101,7 @@ module Puppetserver
76
101
  time.strftime('%Y-%m-%dT%H:%M:%S%Z')
77
102
  end
78
103
 
79
- def create_master_cert(ca_key, ca_cert)
104
+ def create_master_cert
80
105
  master_cert = nil
81
106
  master_key = @host.create_private_key(@settings[:keylength],
82
107
  @settings[:hostprivkey],
@@ -89,37 +114,17 @@ module Puppetserver
89
114
  alt_names = @settings[:subject_alt_names]
90
115
  end
91
116
 
92
- master_cert = sign_authorized_cert(ca_key, ca_cert, master_csr, alt_names)
117
+ master_cert = sign_authorized_cert(master_csr, alt_names)
93
118
  end
94
119
 
95
120
  return master_key, master_cert
96
121
  end
97
122
 
98
- # Used when generating certificates offline.
99
- def load_ca
100
- signing_cert = nil
101
- key = nil
102
-
103
- if File.exist?(@settings[:cacert]) && File.exist?(@settings[:cakey]) && File.exist?(@settings[:cacrl])
104
- loader = Puppetserver::Ca::X509Loader.new(@settings[:cacert], @settings[:cakey], @settings[:cacrl])
105
- if loader.errors.empty?
106
- signing_cert = loader.certs[0]
107
- key = loader.key
108
- else
109
- @errors += loader.errors
110
- end
111
- else
112
- @errors << "CA not initialized. Please set up your CA before attempting to generate certs offline."
113
- end
114
-
115
- return signing_cert, key
116
- end
117
-
118
- def sign_authorized_cert(int_key, int_cert, csr, alt_names = '')
123
+ def sign_authorized_cert(csr, alt_names = '')
119
124
  cert = OpenSSL::X509::Certificate.new
120
125
  cert.public_key = csr.public_key
121
126
  cert.subject = csr.subject
122
- cert.issuer = int_cert.subject
127
+ cert.issuer = @cert.subject
123
128
  cert.version = 2
124
129
  cert.serial = next_serial(@settings[:serial])
125
130
  cert.not_before = CERT_VALID_FROM
@@ -127,14 +132,14 @@ module Puppetserver
127
132
 
128
133
  return unless add_custom_extensions(cert)
129
134
 
130
- ef = extension_factory_for(int_cert, cert)
135
+ ef = extension_factory_for(@cert, cert)
131
136
  add_authorized_extensions(cert, ef)
132
137
 
133
138
  if !alt_names.empty?
134
139
  add_subject_alt_names_extension(alt_names, cert, ef)
135
140
  end
136
141
 
137
- cert.sign(int_key, @digest)
142
+ cert.sign(@key, @digest)
138
143
 
139
144
  cert
140
145
  end
@@ -220,12 +225,12 @@ module Puppetserver
220
225
  end
221
226
 
222
227
  def create_intermediate_cert(root_key, root_cert)
223
- int_key = @host.create_private_key(@settings[:keylength])
224
- int_csr = @host.create_csr(name: @settings[:ca_name], key: int_key)
225
- int_cert = sign_intermediate(root_key, root_cert, int_csr)
226
- int_crl = create_crl_for(int_cert, int_key)
228
+ @key = @host.create_private_key(@settings[:keylength])
229
+ int_csr = @host.create_csr(name: @settings[:ca_name], key: @key)
230
+ @cert = sign_intermediate(root_key, root_cert, int_csr)
231
+ @crl = create_crl_for(@cert, @key)
227
232
 
228
- return int_key, int_cert, int_crl
233
+ return nil
229
234
  end
230
235
 
231
236
  def sign_intermediate(ca_key, ca_cert, csr)
@@ -1,5 +1,5 @@
1
1
  module Puppetserver
2
2
  module Ca
3
- VERSION = "1.1.2"
3
+ VERSION = "1.1.3"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puppetserver-ca
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Puppet, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-18 00:00:00.000000000 Z
11
+ date: 2018-11-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: facter