Class: ManageIQ::ApplianceConsole::Certificate
- Inherits:
-
Object
- Object
- ManageIQ::ApplianceConsole::Certificate
- Defined in:
- lib/manageiq/appliance_console/certificate.rb
Constant Summary collapse
- STATUS_COMPLETE =
:complete
- STATUS_RETURN_CODES =
map ‘getcert status` return codes to something more descriptive 0 => :complete – keys/certs generated 1 => :no_key – either certmonger is down, or we havent asked for the key yet. (assuming the latter) 2 => :rejected – request failed. we need to resubmit once we fix stuff 3 => :waiting – couldn’t contact CA, will try again 4 => :error – certmonger is not configured properly 5 => :waiting – waiting for CA to send back the certificate
[:complete, :no_key, :rejected, :waiting, :error, :waiting]
Instance Attribute Summary collapse
-
#ca_name ⇒ Object
name of certificate authority.
-
#cert_filename ⇒ Object
Returns the value of attribute cert_filename.
-
#extensions ⇒ Object
509 v3 extesions for stuff to signify purpose of this certificate (e.g.: client).
-
#hostname ⇒ Object
hostname of current machine.
-
#key_filename ⇒ Object
writeonly
key filename defaults to certificate name w/ different extension.
-
#owner ⇒ Object
Returns the value of attribute owner.
-
#realm ⇒ Object
ipa realm.
-
#root_filename ⇒ Object
root certificate filename.
-
#service ⇒ Object
Returns the value of attribute service.
Instance Method Summary collapse
- #clear_status ⇒ Object
- #complete? ⇒ Boolean
- #enable_certmonger ⇒ Object
-
#initialize(options = {}) ⇒ Certificate
constructor
A new instance of Certificate.
-
#make_certs_world_readable ⇒ Object
workaround currently, the -C is not run after the root certificate is written.
- #no_key? ⇒ Boolean
- #principal ⇒ Object
- #rejected? ⇒ Boolean
- #request ⇒ Object
- #request_certificate ⇒ Object
- #set_owner_of_key ⇒ Object
-
#should_request_key? ⇒ Boolean
statuses.
- #status ⇒ Object
Constructor Details
#initialize(options = {}) ⇒ Certificate
Returns a new instance of Certificate.
36 37 38 39 40 41 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 36 def initialize( = {}) .each { |n, v| public_send("#{n}=", v) } @ca_name ||= "ipa" @extensions ||= %w(server client) @realm ||= hostname.split(".")[1..-1].join(".").upcase if hostname end |
Instance Attribute Details
#ca_name ⇒ Object
name of certificate authority
34 35 36 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 34 def ca_name @ca_name end |
#cert_filename ⇒ Object
Returns the value of attribute cert_filename.
21 22 23 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 21 def cert_filename @cert_filename end |
#extensions ⇒ Object
509 v3 extesions for stuff to signify purpose of this certificate (e.g.: client)
26 27 28 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 26 def extensions @extensions end |
#hostname ⇒ Object
hostname of current machine
30 31 32 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 30 def hostname @hostname end |
#key_filename=(value) ⇒ Object
key filename defaults to certificate name w/ different extension
20 21 22 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 20 def key_filename=(value) @key_filename = value end |
#owner ⇒ Object
Returns the value of attribute owner.
27 28 29 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 27 def owner @owner end |
#realm ⇒ Object
ipa realm
32 33 34 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 32 def realm @realm end |
#root_filename ⇒ Object
root certificate filename
23 24 25 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 23 def root_filename @root_filename end |
#service ⇒ Object
Returns the value of attribute service.
24 25 26 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 24 def service @service end |
Instance Method Details
#clear_status ⇒ Object
103 104 105 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 103 def clear_status @status = nil end |
#complete? ⇒ Boolean
99 100 101 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 99 def complete? status == :complete end |
#enable_certmonger ⇒ Object
111 112 113 114 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 111 def enable_certmonger say("enabling certmonger to start on reboot") LinuxAdmin::Service.new("certmonger").enable.start end |
#make_certs_world_readable ⇒ Object
workaround currently, the -C is not run after the root certificate is written
76 77 78 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 76 def make_certs_world_readable FileUtils.chmod(0644, [root_filename, cert_filename].compact) end |
#no_key? ⇒ Boolean
91 92 93 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 91 def no_key? status == :no_key end |
#principal ⇒ Object
61 62 63 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 61 def principal @principal ||= Principal.new(:hostname => hostname, :realm => realm, :service => service, :ca_name => ca_name) end |
#rejected? ⇒ Boolean
95 96 97 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 95 def rejected? status == :rejected end |
#request ⇒ Object
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 43 def request undo_tracking if complete? if should_request_key? principal.register remove_key_pair request_certificate # NOTE: status probably changed set_owner_of_key unless rejected? end if complete? make_certs_world_readable yield if block_given? end self end |
#request_certificate ⇒ Object
65 66 67 68 69 70 71 72 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 65 def request_certificate if rejected? request_again else request_first end clear_status end |
#set_owner_of_key ⇒ Object
80 81 82 83 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 80 def set_owner_of_key FileUtils.chown(owner.split(".").first, owner.split(".")[1], key_filename) if owner && (owner != "root") self end |
#should_request_key? ⇒ Boolean
statuses
87 88 89 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 87 def should_request_key? no_key? || rejected? end |
#status ⇒ Object
107 108 109 |
# File 'lib/manageiq/appliance_console/certificate.rb', line 107 def status @status ||= key_status end |