Top Level Namespace

Instance Method Summary collapse

Instance Method Details

#get_cert_fingerprints(crt) ⇒ Object 



28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/facter/dehydrated_config.rb', line 28

def get_cert_fingerprints(crt)
  raw_cert = File.read(crt)
  cert = OpenSSL::X509::Certificate.new raw_cert
  der = cert.to_der

  digests = {
    sha1: OpenSSL::Digest::SHA1.new(der).to_s,
    sha256: OpenSSL::Digest::SHA256.new(der).to_s,
  }
  digests
end

#get_cert_serial(crt) ⇒ Object 



18
19
20
21
22
23
24
25
26
 
# File 'lib/facter/dehydrated_config.rb', line 18

def get_cert_serial(crt)
  raw_cert = File.read(crt)
  begin
    cert = OpenSSL::X509::Certificate.new raw_cert
    cert.serial.to_s
  rescue OpenSSL::X509::CertificateError
    ''
  end
end

#get_certificate(crt) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/facter/dehydrated_certificates.rb', line 22

def get_certificate(crt)
  if File.exist?(crt)
    raw_cert = File.read(crt)
    begin
      raw_cert
    rescue OpenSSL::X509::CertificateError
      nil
    end
  else
    nil
  end
end

#get_file(filename) ⇒ Object 



14
15
16
17
18
19
20
 
# File 'lib/facter/dehydrated_certificates.rb', line 14

def get_file(filename)
  if File.exist?(filename)
    File.read(filename)
  else
    nil
  end
end

#get_key_fingerprints(keyfile) ⇒ Object 



40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/facter/dehydrated_config.rb', line 40

def get_key_fingerprints(keyfile)
  privkey = OpenSSL::PKey.read(File.read(keyfile))
  begin
    pubkey_der = privkey.public_to_der
  rescue NoMethodError
    pubkey_der = privkey.public_key.to_der
  end

  digests = {
    sha256: OpenSSL::Digest::SHA256.new(pubkey_der).to_s,
  }

  digests
end

#get_ocsp(ocsp) ⇒ Object 



6
7
8
9
10
11
12
 
# File 'lib/facter/dehydrated_certificates.rb', line 6

def get_ocsp(ocsp)
  if File.exist?(ocsp)
    Base64.strict_encode64(File.read(ocsp))
  else
    nil
  end
end

#handle_requests(config) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/facter/dehydrated_certificates.rb', line 35

def handle_requests(config)
  if config
    requests = JSON.parse(File.read(config['dehydrated_requests_config']))
    dehydrated_puppetmaster = config['dehydrated_puppetmaster']
    dehydrated_host = config['dehydrated_host']

    if dehydrated_puppetmaster != dehydrated_host
      requests.each do |request_fqdn, certificate_requests|
        certificate_requests.each do |dn, certificate_config|
          base_filename = certificate_config['base_filename']
          request_base_dir = certificate_config['request_base_dir']

          crt_file = "#{request_base_dir}/#{base_filename}.crt"
          crt = get_certificate(crt_file)
          requests[request_fqdn][dn]['crt'] = crt
          if crt
            ca_file = "#{request_base_dir}/#{base_filename}_ca.pem"
            requests[request_fqdn][dn]['ca'] = get_file(ca_file)
          end
          ocsp_file = "#{crt_file}.ocsp"
          requests[request_fqdn][dn]['ocsp'] = get_ocsp(ocsp_file)
        end
      end
    end
    requests
  else
    nil
  end
end