File: ca.rb

package info (click to toggle)
puppet-agent 8.10.0-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 27,404 kB
  • sloc: ruby: 286,820; sh: 492; xml: 116; makefile: 88; cs: 68
file content (133 lines) | stat: -rw-r--r-- 4,400 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
# frozen_string_literal: true

# The CA service is used to handle certificate related REST requests.
#
# @api public
class Puppet::HTTP::Service::Ca < Puppet::HTTP::Service
  # @return [Hash] default headers for the ca service
  HEADERS = { 'Accept' => 'text/plain' }.freeze

  # @return [String] default API for the ca service
  API = '/puppet-ca/v1'

  # Use `Puppet::HTTP::Session.route_to(:ca)` to create or get an instance of this class.
  #
  # @param [Puppet::HTTP::Client] client
  # @param [Puppet::HTTP::Session] session
  # @param [String] server (`Puppet[:ca_server]`) If an explicit server is given,
  #   create a service using that server. If server is nil, the default value
  #   is used to create the service.
  # @param [Integer] port (`Puppet[:ca_port]`) If an explicit port is given, create
  #   a service using that port. If port is nil, the default value is used to
  #   create the service.
  #
  def initialize(client, session, server, port)
    url = build_url(API, server || Puppet[:ca_server], port || Puppet[:ca_port])
    super(client, session, url)
  end

  # Submit a GET request to retrieve the named certificate from the server.
  #
  # @param [String] name name of the certificate to request
  # @param [Time] if_modified_since If not nil, only download the cert if it has
  #   been modified since the specified time.
  # @param [Puppet::SSL::SSLContext] ssl_context
  #
  # @return [Array<Puppet::HTTP::Response, String>] An array containing the
  #   request response and the stringified body of the request response
  #
  # @api public
  def get_certificate(name, if_modified_since: nil, ssl_context: nil)
    headers = add_puppet_headers(HEADERS)
    headers['If-Modified-Since'] = if_modified_since.httpdate if if_modified_since

    response = @client.get(
      with_base_url("/certificate/#{name}"),
      headers: headers,
      options: { ssl_context: ssl_context }
    )

    process_response(response)

    [response, response.body.to_s]
  end

  # Submit a GET request to retrieve the certificate revocation list from the
  #   server.
  #
  # @param [Time] if_modified_since If not nil, only download the CRL if it has
  #   been modified since the specified time.
  # @param [Puppet::SSL::SSLContext] ssl_context
  #
  # @return [Array<Puppet::HTTP::Response, String>] An array containing the
  #   request response and the stringified body of the request response
  #
  # @api public
  def get_certificate_revocation_list(if_modified_since: nil, ssl_context: nil)
    headers = add_puppet_headers(HEADERS)
    headers['If-Modified-Since'] = if_modified_since.httpdate if if_modified_since

    response = @client.get(
      with_base_url("/certificate_revocation_list/ca"),
      headers: headers,
      options: { ssl_context: ssl_context }
    )

    process_response(response)

    [response, response.body.to_s]
  end

  # Submit a PUT request to send a certificate request to the server.
  #
  # @param [String] name The name of the certificate request being sent
  # @param [OpenSSL::X509::Request] csr Certificate request to send to the
  #   server
  # @param [Puppet::SSL::SSLContext] ssl_context
  #
  # @return [Puppet::HTTP::Response] The request response
  #
  # @api public
  def put_certificate_request(name, csr, ssl_context: nil)
    headers = add_puppet_headers(HEADERS)
    headers['Content-Type'] = 'text/plain'

    response = @client.put(
      with_base_url("/certificate_request/#{name}"),
      csr.to_pem,
      headers: headers,
      options: {
        ssl_context: ssl_context
      }
    )

    process_response(response)

    response
  end

  # Submit a POST request to send a certificate renewal request to the server
  #
  # @param [Puppet::SSL::SSLContext] ssl_context
  #
  # @return [Array<Puppet::HTTP::Response, String>] The request response
  #
  # @api public
  def post_certificate_renewal(ssl_context)
    headers = add_puppet_headers(HEADERS)
    headers['Content-Type'] = 'text/plain'

    response = @client.post(
      with_base_url('/certificate_renewal'),
      '', # Puppet::HTTP::Client.post requires a body, the API endpoint does not
      headers: headers,
      options: { ssl_context: ssl_context }
    )

    raise ArgumentError, _('SSL context must contain a client certificate.') unless ssl_context.client_cert

    process_response(response)

    [response, response.body.to_s]
  end
end