Change cert existance logic
Add checking commonName and subjectAltName in old certificate if it exists. In other way we could not regenerate a new certificate if any of these fields change. Closes-Bug: #1490966 Upstream pull-request: https://github.com/camptocamp/puppet-openssl/pull/51 Change-Id: I1375a9d1ce5f50e84edee4ecc21614450408ae73
This commit is contained in:
parent
deb63f09df
commit
75b186af50
|
@ -65,7 +65,7 @@ class cobbler::server (
|
|||
if $production == 'docker-build' {
|
||||
$real_fqdn = "fuel.${domain_name}"
|
||||
} else {
|
||||
$real_fdqn = $::fqdn
|
||||
$real_fqdn = $::fqdn
|
||||
}
|
||||
|
||||
case $::operatingsystem {
|
||||
|
|
|
@ -22,11 +22,39 @@ Puppet::Type.type(:x509_cert).provide(:openssl) do
|
|||
cert.check_private_key(priv)
|
||||
end
|
||||
|
||||
def self.old_cert_is_equal(resource)
|
||||
cert = OpenSSL::X509::Certificate.new(File.read(resource[:path]))
|
||||
|
||||
altname = ''
|
||||
cert.extensions.each do |ext|
|
||||
altname = ext.value if ext.oid == 'subjectAltName'
|
||||
end
|
||||
|
||||
subjectName = ''
|
||||
cert.subject.to_s.split('/').each do |name|
|
||||
k,v = name.split('=')
|
||||
subjectName = v if k == 'CN'
|
||||
end
|
||||
|
||||
require File.expand_path('../../../../../../inifile/lib/puppet/util/ini_file', __FILE__)
|
||||
ini_file = Puppet::Util::IniFile.new(resource[:template], '=')
|
||||
ini_file.section_names.each do |section_name|
|
||||
ini_file.get_settings(section_name).each do |setting, value|
|
||||
return false if setting == 'subjectAltName' and value.delete(' ').gsub(/^"|"$/, '') != altname.delete(' ').gsub(/^"|"$/, '')
|
||||
return false if setting == 'commonName' and value != subjectName
|
||||
end
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def exists?
|
||||
if Pathname.new(resource[:path]).exist?
|
||||
if resource[:force] and !self.class.check_private_key(resource)
|
||||
return false
|
||||
end
|
||||
if !self.class.old_cert_is_equal(resource)
|
||||
return false
|
||||
end
|
||||
return true
|
||||
else
|
||||
return false
|
||||
|
|
Loading…
Reference in New Issue