Place for any authentication related bits
Check the expiration of known certificates and optionally any that are specified as part of a request
# File lib/puppet/network/authentication.rb, line 12 def warn_if_near_expiration(*certs) # Check CA cert if we're functioning as a CA certs << Puppet::SSL::CertificateAuthority.instance.host.certificate if Puppet::SSL::CertificateAuthority.ca? # Always check the host cert if we have one, this will be the agent or master cert depending on the run mode certs << Puppet::SSL::Host.localhost.certificate if FileTest.exist?(Puppet[:hostcert]) # Remove nil values for caller convenience certs.compact.each do |cert| # Allow raw OpenSSL certificate instances or Puppet certificate wrappers to be specified cert = Puppet::SSL::Certificate.from_instance(cert) if cert.is_a?(OpenSSL::X509::Certificate) raise ArgumentError, "Invalid certificate '#{cert.inspect}'" unless cert.is_a?(Puppet::SSL::Certificate) if cert.near_expiration? @@logger.warning("Certificate '#{cert.unmunged_name}' will expire on #{cert.expiration.strftime('%Y-%m-%dT%H:%M:%S%Z')}") end end end