Project

General

Profile

Statistics
| Branch: | Tag: | Revision:

puppet-certs/lib/puppet_x @ b9667a02

Name Size
  certs

Latest revisions

# Date Author Comment
b9667a02 04/25/2024 08:48 AM Evgeni Golov

Fixes #37384 - properly pass fips=false when checking keystore

In a FIPS-enabled environment, calling `keytool -list` with a wrong
password doesn't yield an error, unless we also pass `fips=false` like
we do when creating the keystore:

  1. keytool -list -keystore ./store -storepass wrong-password...
b0451d19 10/05/2023 05:07 PM Ewoud Kohl van Wijngaarden

Handle more unknown password errors

When using keytool on a truststore the error is different than on a
keystore.

Fixes: 6fea0bbb4143ca439cff01bf9f0e54cf88140d10 ("Support changing passwords on keystores & truststores")
6fea0bbb 10/04/2023 05:36 PM Ewoud Kohl van Wijngaarden

Support changing passwords on keystores & truststores

Opening the store when checking if it exists will raise an exception if
the password is incorrect. This takes an approach of catching all
exceptions and treating them all the same.
3419d96a 09/26/2023 03:23 PM Ewoud Kohl van Wijngaarden

Set required params and autorequire

Some fields are always required and things break if they are not set.
It's also possible to automatically require the password files which
gives a better guarantee that things are executed in the correct order.
8e24fd5d 06/02/2023 04:07 AM Andrew Teixeira

Fix bad requires and old Puppet_X notation
a48d1da3 03/14/2022 12:48 PM Eric Helms

Fixes #34598: Disable fips for keytool

Starting with EL 8, the Java stack has FIPS support built in. This
causes the keytool utility to break on FIPS enabled machines. To solve this,
and achieve EL7-like comptability for FIPS, FIPS is disabled during the keytool...
e8d03461 07/12/2021 07:28 PM Eric Helms

Support ensuring certs::keypair cert and key can be absent
a19a260e 07/12/2021 07:28 PM Ewoud Kohl van Wijngaarden

Add data types to certs::keypair and tests
fd5cd4eb 06/01/2021 08:47 PM Eric Helms

Declare the build directory for all certificate creation

The build directory for certificates is declared as a parameter
but has no direct link to what the underlying tool would use
as the build directory. This change links the two up so that
there is no discrepancy and enables relying on the build directory...
b73ebec1 05/27/2021 08:32 PM Eric Helms

Fixes #32637: Add truststore type and provider

Refactors the keystore provider code into a common module within
the Puppet_X namespace that is re-used by the truststore. The mechanics
behind a truststore and keystore are very similar with a truststore
only containing public certificates while a keystore manages private...

View revisions

Also available in: Atom