bin/autosign-validator
#!/usr/bin/env ruby
require 'autosign'
require 'logging'
### Ensure stdin is read https://tickets.puppetlabs.com/browse/SERVER-1116
raw_csr = $stdin.read
### Start logging
@logger = Logging.logger['Autosign']
@logger.level = :warn
# Start logging to stdout first so we get errors while loading the config file
@logger.add_appenders Logging.appenders.stdout
# Load config and then add logfile as a log appender
config_settings = Autosign::Config.new.settings
unless config_settings['general']['logfile'].nil?
file_layout = Logging.layouts.pattern(:pattern => "%d %-5l -- %c : %m\n", :date_pattern => "%Y-%m-%dT%H:%M:%S.%s")
@logger.add_appenders Logging.appenders.file(config_settings['general']['logfile'], :layout => file_layout)
end
@logger.level = config_settings['general']['loglevel'].to_sym unless config_settings['general']['loglevel'].nil?
### End logging initialization
### Get Inputs
unless ARGV.count == 1
@logger.error "This executable must be called with a certname as the only parameter and with an X509 CSR piped into STDIN"
exit 1
end
certname = ARGV.shift
@logger.debug "certname is " + certname
@logger.debug "reading CSR from stdin"
csr = Autosign::Decoder.decode_csr(raw_csr)
exit 1 unless csr.is_a?(Hash)
@logger.debug "CSR: " + csr.to_s
### End Inputs
### validate token
token_validation = Autosign::Validator.any_validator(csr[:challenge_password].to_s, certname.to_s, raw_csr, config_settings)
### end validation
### Exit with correct exit status
if token_validation == true
@logger.info "token validated successfully"
exit 0
else
STDERR.puts "failed to validate token"
@logger.error "Unable to validate token"
exit 1
end
### Done exiting
# end with an exit 1 just in case
exit 1