55: def revoke(serial, cakey, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
56: Puppet.notice "Revoked certificate with serial %s" % serial
57: time = Time.now
58:
59:
60: revoked = OpenSSL::X509::Revoked.new
61: revoked.serial = serial
62: revoked.time = time
63: enum = OpenSSL::ASN1::Enumerated(reason)
64: ext = OpenSSL::X509::Extension.new("CRLReason", enum)
65: revoked.add_extension(ext)
66: @content.add_revoked(revoked)
67:
68:
69: e = @content.extensions.find { |e| e.oid == 'crlNumber' }
70: ext = @content.extensions.reject { |e| e.oid == 'crlNumber' }
71: crlNum = OpenSSL::ASN1::Integer(e ? e.value.to_i + 1 : 0)
72: ext << OpenSSL::X509::Extension.new("crlNumber", crlNum)
73: @content.extensions = ext
74:
75:
76: @content.last_update = time
77:
78: @content.next_update = time + 5 * 365*24*60*60
79:
80: @content.sign(cakey, OpenSSL::Digest::SHA1.new)
81:
82: save
83: end