puppetserver-ca 1.11.0 → 1.11.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/puppetserver/ca/action/prune.rb +20 -5
- data/lib/puppetserver/ca/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8257bbee6c6752b584beaa360580369b747a33375ebd9ff9da76b02fe29cb514
|
|
4
|
+
data.tar.gz: cf8f8b6d1bff9ab7136358919e2e4e0f6b2180b50f9dd87bf9eac5954327937f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 608fda03455ff0f57193593ce3923516c567966e9c153c05e3da27cebcbd81edcc9cab1f7030cfa49dfce62f01b1f1b25ec862a31cc2512eb0705d51805ee795
|
|
7
|
+
data.tar.gz: 7d3fc368714cb706d49b5289f2e59bb1307292afac31a043a07a2ba04b61ea3ae827222d81e40cbf48ed9a33ff0b0a4d826cae98f39a9bbae5b800ef2caacf38
|
|
@@ -50,15 +50,22 @@ BANNER
|
|
|
50
50
|
loader = X509Loader.new(puppet.settings[:cacert], puppet.settings[:cakey], puppet.settings[:cacrl])
|
|
51
51
|
|
|
52
52
|
puppet_crl = loader.crls.select { |crl| crl.verify(loader.key) }
|
|
53
|
-
prune_CRLs(puppet_crl)
|
|
54
|
-
|
|
55
|
-
|
|
53
|
+
number_of_removed_duplicates = prune_CRLs(puppet_crl)
|
|
54
|
+
|
|
55
|
+
if number_of_removed_duplicates > 0
|
|
56
|
+
update_pruned_CRL(puppet_crl, loader.key)
|
|
57
|
+
FileSystem.write_file(puppet.settings[:cacrl], loader.crls, 0644)
|
|
58
|
+
@logger.inform("Removed #{number_of_removed_duplicates} duplicated certs from Puppet's CRL.")
|
|
59
|
+
else
|
|
60
|
+
@logger.inform("No duplicate revocations found in the CRL.")
|
|
61
|
+
end
|
|
56
62
|
|
|
57
|
-
@logger.inform("Finished pruning Puppet's CRL")
|
|
58
63
|
return 0
|
|
59
64
|
end
|
|
60
65
|
|
|
61
66
|
def prune_CRLs(crl_list)
|
|
67
|
+
number_of_removed_duplicates = 0
|
|
68
|
+
|
|
62
69
|
crl_list.each do |crl|
|
|
63
70
|
existed_serial_number = Set.new()
|
|
64
71
|
revoked_list = crl.revoked
|
|
@@ -69,6 +76,7 @@ BANNER
|
|
|
69
76
|
if existed_serial_number.add?(revoked.serial)
|
|
70
77
|
false
|
|
71
78
|
else
|
|
79
|
+
number_of_removed_duplicates += 1
|
|
72
80
|
@logger.debug("Removing duplicate of #{revoked.serial}, " \
|
|
73
81
|
"revoked on #{revoked.time}\n") if @logger.debug?
|
|
74
82
|
true
|
|
@@ -76,11 +84,18 @@ BANNER
|
|
|
76
84
|
end
|
|
77
85
|
crl.revoked=(revoked_list)
|
|
78
86
|
end
|
|
87
|
+
|
|
88
|
+
return number_of_removed_duplicates
|
|
79
89
|
end
|
|
80
90
|
|
|
81
91
|
def update_pruned_CRL(crl_list, pkey)
|
|
82
92
|
crl_list.each do |crl|
|
|
83
|
-
|
|
93
|
+
number_ext, other_ext = crl.extensions.partition{ |ext| ext.oid == "crlNumber" }
|
|
94
|
+
number_ext.each do |crl_number|
|
|
95
|
+
updated_crl_number = OpenSSL::BN.new(crl_number.value) + OpenSSL::BN.new(1)
|
|
96
|
+
crl_number.value=(OpenSSL::ASN1::Integer(updated_crl_number))
|
|
97
|
+
end
|
|
98
|
+
crl.extensions=(number_ext + other_ext)
|
|
84
99
|
crl.sign(pkey, OpenSSL::Digest::SHA256.new)
|
|
85
100
|
end
|
|
86
101
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: puppetserver-ca
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.11.
|
|
4
|
+
version: 1.11.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Puppet, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-07-
|
|
11
|
+
date: 2021-07-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: facter
|