Last change
on this file since 30903 was 30903, checked in by davidb, 7 years ago |
Vagrant provisioning files for a 4-node Hadoop cluster. See README.txt for more details
|
File size:
1.2 KB
|
Line | |
---|
1 | module Puppet::Parser::Functions
|
---|
2 |
|
---|
3 | newfunction(:validate_x509_rsa_key_pair, :doc => <<-ENDHEREDOC
|
---|
4 | Validates a PEM-formatted X.509 certificate and RSA private key using
|
---|
5 | OpenSSL. Verifies that the certficate's signature was created from the
|
---|
6 | supplied key.
|
---|
7 |
|
---|
8 | Fail compilation if any value fails this check.
|
---|
9 |
|
---|
10 | validate_x509_rsa_key_pair($cert, $key)
|
---|
11 |
|
---|
12 | ENDHEREDOC
|
---|
13 | ) do |args|
|
---|
14 |
|
---|
15 | require 'openssl'
|
---|
16 |
|
---|
17 | NUM_ARGS = 2 unless defined? NUM_ARGS
|
---|
18 |
|
---|
19 | unless args.length == NUM_ARGS then
|
---|
20 | raise Puppet::ParseError,
|
---|
21 | ("validate_x509_rsa_key_pair(): wrong number of arguments (#{args.length}; must be #{NUM_ARGS})")
|
---|
22 | end
|
---|
23 |
|
---|
24 | args.each do |arg|
|
---|
25 | unless arg.is_a?(String)
|
---|
26 | raise Puppet::ParseError, "#{arg.inspect} is not a string."
|
---|
27 | end
|
---|
28 | end
|
---|
29 |
|
---|
30 | begin
|
---|
31 | cert = OpenSSL::X509::Certificate.new(args[0])
|
---|
32 | rescue OpenSSL::X509::CertificateError => e
|
---|
33 | raise Puppet::ParseError, "Not a valid x509 certificate: #{e}"
|
---|
34 | end
|
---|
35 |
|
---|
36 | begin
|
---|
37 | key = OpenSSL::PKey::RSA.new(args[1])
|
---|
38 | rescue OpenSSL::PKey::RSAError => e
|
---|
39 | raise Puppet::ParseError, "Not a valid RSA key: #{e}"
|
---|
40 | end
|
---|
41 |
|
---|
42 | unless cert.verify(key)
|
---|
43 | raise Puppet::ParseError, "Certificate signature does not match supplied key"
|
---|
44 | end
|
---|
45 | end
|
---|
46 |
|
---|
47 | end
|
---|
Note:
See
TracBrowser
for help on using the repository browser.