73: def getcert(csrtext, client = nil, clientip = nil)
74: csr = OpenSSL::X509::Request.new(csrtext)
75:
76:
77: subject = csr.subject
78:
79: nameary = subject.to_a.find { |ary|
80: ary[0] == "CN"
81: }
82:
83: if nameary.nil?
84: Puppet.err(
85: "Invalid certificate request: could not retrieve server name"
86: )
87: return "invalid"
88: end
89:
90: hostname = nameary[1]
91:
92: unless @ca
93: Puppet.notice "Host %s asked for signing from non-CA master" % hostname
94: return ""
95: end
96:
97:
98:
99:
100:
101: certfile = File.join(Puppet[:certdir], [hostname, "pem"].join("."))
102:
103:
104: cert, cacert = ca.getclientcert(hostname)
105: if cert and cacert
106: Puppet.info "Retrieving existing certificate for %s" % hostname
107: unless csr.public_key.to_s == cert.public_key.to_s
108: raise Puppet::Error, "Certificate request does not match existing certificate; run 'puppetca --clean %s'." % hostname
109: end
110: return [cert.to_pem, cacert.to_pem]
111: elsif @ca
112: if self.autosign?(hostname) or client.nil?
113: if client.nil?
114: Puppet.info "Signing certificate for CA server"
115: end
116:
117:
118:
119: Puppet.info "Signing certificate for %s" % hostname
120: cert, cacert = @ca.sign(csr)
121:
122: return [cert.to_pem, cacert.to_pem]
123: else
124: if @ca.getclientcsr(hostname)
125: Puppet.info "Not replacing existing request from %s" % hostname
126: else
127: Puppet.notice "Host %s has a waiting certificate request" %
128: hostname
129: @ca.storeclientcsr(csr)
130: end
131: return ["", ""]
132: end
133: else
134: raise "huh?"
135: end
136: end