239: def sign(csr)
240: unless csr.is_a?(OpenSSL::X509::Request)
241: raise Puppet::Error,
242: "CA#sign only accepts OpenSSL::X509::Request objects, not %s" %
243: csr.class
244: end
245:
246: unless csr.verify(csr.public_key)
247: raise Puppet::Error, "CSR sign verification failed"
248: end
249:
250: serial = nil
251: Puppet.settings.readwritelock(:serial) { |f|
252: serial = File.read(@config[:serial]).chomp.hex
253:
254: f << "%04X" % (serial + 1)
255: }
256:
257: newcert = Puppet::SSLCertificates.mkcert(
258: :type => :server,
259: :name => csr.subject,
260: :ttl => ttl,
261: :issuer => @cert,
262: :serial => serial,
263: :publickey => csr.public_key
264: )
265:
266:
267: sign_with_key(newcert)
268:
269: self.storeclientcert(newcert)
270:
271: return [newcert, @cert]
272: end