puppetserver-ca 1.3.2 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e7759fd051a92708f8ac8aad4b8e89a636472b05
|
|
4
|
+
data.tar.gz: f3cfd8de0bbdd17fd5c0f13656486dbbdbc243f1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bbaac0d6e00a9ed1d30dfb5f0ccc1d92e459fc07aaecb0fa2e8cdf61a320d3baf63d3752bf3adf1f4dacf9f25d051f4f239139bf45c4842975448e154e9353d0
|
|
7
|
+
data.tar.gz: 1de3171122351341e0eb50ac675c6f168a8b6df37209f6e50723528485a120cf3fbdef023d28c066a80fd64b1a8f125930d81a620e4966e22bdb7468000fd0a1
|
|
@@ -71,7 +71,7 @@ BANNER
|
|
|
71
71
|
|
|
72
72
|
def import(loader, settings, signing_digest)
|
|
73
73
|
ca = Puppetserver::Ca::LocalCertificateAuthority.new(signing_digest, settings)
|
|
74
|
-
ca.
|
|
74
|
+
ca.initialize_ssl_components(loader)
|
|
75
75
|
master_key, master_cert = ca.create_master_cert
|
|
76
76
|
return ca.errors if ca.errors.any?
|
|
77
77
|
|
|
@@ -70,6 +70,35 @@ module Puppetserver
|
|
|
70
70
|
@crl = loader.crl
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
+
# Initialize SSL state
|
|
74
|
+
#
|
|
75
|
+
# This method is similar to {#load_ssl_components}, but has extra
|
|
76
|
+
# logic for initializing components that may not be present when
|
|
77
|
+
# the CA is set up for the first time. For example, SSL components
|
|
78
|
+
# provided by an external CA will often not include a pre-generated
|
|
79
|
+
# leaf CRL.
|
|
80
|
+
#
|
|
81
|
+
# @note Check {#errors} after calling this method for issues that
|
|
82
|
+
# may have occurred during initialization.
|
|
83
|
+
#
|
|
84
|
+
# @param loader [Puppetserver::Ca::X509Loader]
|
|
85
|
+
# @return [void]
|
|
86
|
+
def initialize_ssl_components(loader)
|
|
87
|
+
@cert_bundle = loader.certs
|
|
88
|
+
@key = loader.key
|
|
89
|
+
@cert = loader.cert
|
|
90
|
+
|
|
91
|
+
if loader.crl.nil?
|
|
92
|
+
loader.crl = create_crl_for(@cert, @key)
|
|
93
|
+
|
|
94
|
+
loader.validate_full_chain(@cert_bundle, loader.crls)
|
|
95
|
+
@errors += loader.errors
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
@crl_chain = loader.crls
|
|
99
|
+
@crl = loader.crl
|
|
100
|
+
end
|
|
101
|
+
|
|
73
102
|
def errors
|
|
74
103
|
@errors += @host.errors
|
|
75
104
|
end
|
|
@@ -93,7 +122,7 @@ module Puppetserver
|
|
|
93
122
|
|
|
94
123
|
def next_serial(serial_file)
|
|
95
124
|
if File.exist?(serial_file)
|
|
96
|
-
File.read(serial_file).to_i
|
|
125
|
+
File.read(serial_file).to_i(16)
|
|
97
126
|
else
|
|
98
127
|
1
|
|
99
128
|
end
|
|
@@ -259,7 +288,7 @@ module Puppetserver
|
|
|
259
288
|
end
|
|
260
289
|
|
|
261
290
|
def update_serial_file(serial)
|
|
262
|
-
Puppetserver::Ca::Utils::FileSystem.write_file(@settings[:serial], serial, 0644)
|
|
291
|
+
Puppetserver::Ca::Utils::FileSystem.write_file(@settings[:serial], serial.to_s(16), 0644)
|
|
263
292
|
end
|
|
264
293
|
end
|
|
265
294
|
end
|
|
@@ -33,6 +33,10 @@ module Puppetserver
|
|
|
33
33
|
signing_cert
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
+
# Find a CRL in the chain issued by the signing cert
|
|
37
|
+
#
|
|
38
|
+
# @return [OpenSSL::X509::CRL] If a CRL is found.
|
|
39
|
+
# @return [nil] If no CRL is found.
|
|
36
40
|
def find_leaf_crl
|
|
37
41
|
return if @crls.empty? || @cert.nil?
|
|
38
42
|
|
|
@@ -40,10 +44,6 @@ module Puppetserver
|
|
|
40
44
|
crl.issuer == @cert.subject
|
|
41
45
|
end
|
|
42
46
|
|
|
43
|
-
if leaf_crl.nil?
|
|
44
|
-
@errors << 'Could not find CRL issued by CA certificate'
|
|
45
|
-
end
|
|
46
|
-
|
|
47
47
|
leaf_crl
|
|
48
48
|
end
|
|
49
49
|
|
|
@@ -59,7 +59,7 @@ module Puppetserver
|
|
|
59
59
|
validate_cert_and_key(pkey, @cert)
|
|
60
60
|
end
|
|
61
61
|
|
|
62
|
-
unless bundle.empty? || @cert.nil?
|
|
62
|
+
unless bundle.empty? || @cert.nil? || @crl.nil?
|
|
63
63
|
validate_full_chain(bundle, chain)
|
|
64
64
|
end
|
|
65
65
|
end
|
|
@@ -124,6 +124,15 @@ module Puppetserver
|
|
|
124
124
|
return crls
|
|
125
125
|
end
|
|
126
126
|
|
|
127
|
+
# Replace the CRL for the signing cert of this loader
|
|
128
|
+
#
|
|
129
|
+
# @param new_crl [OpenSSL::X509::CRL]
|
|
130
|
+
# @return [void]
|
|
131
|
+
def crl=(new_crl)
|
|
132
|
+
@crl = new_crl
|
|
133
|
+
@crls = [new_crl] + @crls.reject {|c| c.issuer == new_crl.issuer }
|
|
134
|
+
end
|
|
135
|
+
|
|
127
136
|
def validate_cert_and_key(key, cert)
|
|
128
137
|
unless cert.check_private_key(key)
|
|
129
138
|
@errors << 'Private key and certificate do not match'
|
data/puppetserver-ca.gemspec
CHANGED
|
@@ -16,11 +16,13 @@ Gem::Specification.new do |spec|
|
|
|
16
16
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
|
17
17
|
f.match(%r{^(test|spec|features)/})
|
|
18
18
|
end
|
|
19
|
+
spec.bindir = "exe"
|
|
20
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
19
21
|
spec.require_paths = ["lib"]
|
|
20
22
|
|
|
21
23
|
spec.add_runtime_dependency "facter", [">= 2.0.1", "< 4"]
|
|
22
24
|
|
|
23
|
-
spec.add_development_dependency "bundler", "
|
|
25
|
+
spec.add_development_dependency "bundler", ">= 1.16"
|
|
24
26
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
25
27
|
spec.add_development_dependency "rspec", "~> 3.0"
|
|
26
28
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: puppetserver-ca
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Puppet, Inc.
|
|
8
8
|
autorequire:
|
|
9
|
-
bindir:
|
|
9
|
+
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-08-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: facter
|
|
@@ -34,14 +34,14 @@ dependencies:
|
|
|
34
34
|
name: bundler
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
|
-
- - "
|
|
37
|
+
- - ">="
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
39
|
version: '1.16'
|
|
40
40
|
type: :development
|
|
41
41
|
prerelease: false
|
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
|
43
43
|
requirements:
|
|
44
|
-
- - "
|
|
44
|
+
- - ">="
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: '1.16'
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
@@ -75,7 +75,8 @@ dependencies:
|
|
|
75
75
|
description:
|
|
76
76
|
email:
|
|
77
77
|
- release@puppet.com
|
|
78
|
-
executables:
|
|
78
|
+
executables:
|
|
79
|
+
- puppetserver-ca
|
|
79
80
|
extensions: []
|
|
80
81
|
extra_rdoc_files: []
|
|
81
82
|
files:
|