File: inventory.rb

package info (click to toggle)
ruby-puppetserver-ca-cli 2.7.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 696 kB
  • sloc: ruby: 6,970; sh: 4; makefile: 3
file content (84 lines) | stat: -rw-r--r-- 3,014 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
require 'time'

module Puppetserver
  module Ca
    module Utils
      module Inventory

        # Note that the inventory file may have multiple entries for the same certname,
        # so it should only provide the latest cert for the given certname.
        def self.parse_inventory_file(path, logger)
          unless File.exist?(path)
            logger.err("Could not find inventory at #{path}")
            return [{}, true]
          end
          inventory = {}
          errored = false
          File.readlines(path).each do |line|
            # Shouldn't be any blank lines, but skip them if there are
            next if line.strip.empty?
            
            items = line.strip.split
            if items.count != 4
              logger.err("Invalid entry found in inventory.txt: #{line}")
              errored = true
              next
            end
            unless items[0].match(/^(?:0x)?[A-Fa-f0-9]+$/)
              logger.err("Invalid serial found in inventory.txt line: #{line}")
              errored = true
              next
            end
            serial = items[0].hex
            not_before = nil
            not_after = nil
            begin
              not_before = Time.parse(items[1])
            rescue ArgumentError
              logger.err("Invalid not_before time found in inventory.txt line: #{line}")
              errored = true
              next
            end
            begin
              not_after = Time.parse(items[2])
            rescue ArgumentError
              logger.err("Invalid not_after time found in inventory.txt line: #{line}")
              errored = true
              next
            end
            unless items[3].start_with?('/CN=')
              logger.err("Invalid certname found in inventory.txt line: #{line}")
              errored = true
              next
            end
            certname = items[3][4..-1]

            if !inventory.keys.include?(certname) 
              inventory[certname] = {
                :serial => serial,
                :old_serials => [],
                :not_before => not_before,
                :not_after => not_after,
              }
            else
              if not_after >= inventory[certname][:not_after]
                # This is a newer cert than the one we currently have recorded,
                # so save the previous serial in :old_serials
                inventory[certname][:old_serials] << inventory[certname][:serial]
                inventory[certname][:serial] = serial
                inventory[certname][:not_before] = not_before
                inventory[certname][:not_after] = not_after
              else
                # This somehow is an older cert (shouldn't really be possible as we just append
                # to the file with each new cert and we are reading it order)
                inventory[certname][:old_serials] << serial
              end
            end
          end
          [inventory, errored]
        end
      end
    end
  end
end