Merge pull request #13 from kbarber/issue/master/8925-user_ssl_certs

(#8925) Added new function called 'get_certificate' for retrieving

Author: jamtur01

lib/puppet/parser/functions/get_certificate.rb

@@ -0,0 +1,89 @@
+module Puppet::Parser::Functions
+  newfunction(:get_certificate, :type => :rvalue, :doc => <<-EOS
+Returns the public certificate of the given CN from the local or remote Puppet
+CA.
+
+Usage is:
+
+    get_certificate($cn, $options)
+
+The first argument $cn is a valid CN for the certificate you wish to
+return. A CN is usually the hostname of a machine in Puppet. You can view all available
+certificates using the facility:
+
+    puppet cert --list --all
+
+On the main CA or puppetmaster.
+
+The second argument $options allows the user to define a hash of options to
+pass to the function.
+
+The options and descriptions are:
+
+* *conn_timeout*: Adjust timeout for remote CA connectivity (in seconds). Default is 7.
+  EOS
+  ) do |arguments|
+
+    # Make sure we have enough arguments
+    if not (1..2).include?(arguments.size) then
+      raise(Puppet::ParseError, "get_certificate(): Wrong number of arguments " +
+        "given (#{arguments.size} for 1 or 2)")
+    end
+
+    # Obtain arguments and set defaults
+    cn = arguments[0]
+    options = arguments[1] ||= {}
+    options[:conn_timeout] = 7 if !options.has_key?(:conn_timeout)
+
+    # Validation of arguments
+    if not (cn.is_a?(String) and cn.match(/^[a-zA-Z0-9@_\-\.]+$/)) then
+      raise(Puppet::ParseError, 'get_certificate(): CN name must be a valid string. Hashes and Arrays are not valid')
+    end
+    if not (1..600).include?(options[:conn_timeout]) then
+      raise(Puppet::ParseError, "get_certificate(): The option 'conn_timeout' must be an integer between 1 and 600")
+    end
+  
+    # Get and return certificate using file or rest
+    if Puppet[:ca] == true then
+      # Get the certificate locally if we are acting as a CA
+      # TODO: wrap: puppet certificate --render-as s --ca-location remote find [email protected]
+      ssl_cert_path = Puppet[:signeddir] + "/" + cn + ".pem"
+      if FileTest.exists?(ssl_cert_path) then
+        cert = File.open(ssl_cert_path,"r")
+        return cert.read
+      end
+    else
+      # Obtain the certificate from the CA if its remote
+      # TODO: wrap: puppet certificate --render-as s --ca-location local find [email protected]
+      require 'net/http'
+      require 'net/https'
+
+      http = Net::HTTP.new(Puppet[:ca_server], Puppet[:ca_port])
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+      begin
+        res = timeout(options[:conn_timeout]) do
+          http.start {|h|
+            h.get("/production/certificate/#{cn}", { "Accept" => "s" })
+          }
+        end
+      rescue Timeout::Error
+        raise(Puppet::Error, "Transaction timed out when connecting to #{Puppet[:ca_server]}:#{Puppet[:ca_port]}. Check your CA is running and that your ca_server and ca_port settings are correct on the machine this function ran on.")
+      rescue Errno::ECONNREFUSED
+        raise(Puppet::Error, "Connection refused when connecting to #{Puppet[:ca_server]}:#{Puppet[:ca_port]}. Check your CA is running and that your ca_server and ca_port settings are correct on the machine this function ran on.")
+      end
+
+      case res.code
+      when "200"
+        return res.body if res.body
+      when "404"
+        return :undef
+      else 
+        raise(Puppet::Error, "Error with REST call: #{res.code}")
+      end
+    end
+
+    :undef
+  end
+end

lib/puppet/parser/functions/get_pubkey.rb

@@ -0,0 +1,25 @@
+module Puppet::Parser::Functions
+  newfunction(:get_pubkey, :type => :rvalue, :doc => <<-EOS
+Gets a public key given a CN. This function accepts all the same
+parameters as get_certificate(), but instead returns the public
+key portion of the certificate.
+
+See get_certificate() for a more complete list of options available.
+EOS
+  ) do |arguments|
+
+    # Wrap the get_certificate method
+    method = Puppet::Parser::Functions.function(:get_certificate)
+    cert_text = send(method, arguments)
+
+    require 'openssl'
+    
+    if cert_text == :undef then
+      return :undef
+    else
+      cert = OpenSSL::X509::Certificate.new(cert_text)
+      pubkey = cert.public_key
+      return pubkey.to_s
+    end
+  end
+end

spec/fixtures/master_config/.gitignore

@@ -0,0 +1,2 @@
+manifests/
+var/

spec/fixtures/master_config/auth.conf

@@ -0,0 +1,4 @@
+path /certificate/
+auth no
+method find
+allow *

spec/fixtures/master_config/ssl/ca/ca_crl.pem

@@ -0,0 +1,8 @@
+-----BEGIN X509 CRL-----
+MIH5MGQCAQEwDQYJKoZIhvcNAQEFBQAwIjEgMB4GA1UEAwwXUHVwcGV0IENBOiBw
+dXBwZXRtYXN0ZXIXDTExMDgxMzIwMDAwOFoXDTE2MDgxMTIwMDAwOFqgDjAMMAoG
+A1UdFAQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBACBHLkJD4RvEV75ak8w468Kq7r5p
+s87Fzs0Vj2fgqH/3GPoazwBD4R0TvqMb+NUuF0WnipexdQQRjaiERmqX9aIhRjRA
+vs4ItdoxAvcgCzWs6cYm/e4SAAqY5lipfJqd+aRlQgzWaj6WDbFMVEKvqMXqM5wU
+gGQRYVnXHbohA+/I
+-----END X509 CRL-----

spec/fixtures/master_config/ssl/ca/ca_crt.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMzCCAZygAwIBAgIBATANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw
+ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAwMDhaFw0xNjA4MTAyMDAw
+MDhaMCIxIDAeBgNVBAMMF1B1cHBldCBDQTogcHVwcGV0bWFzdGVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDA6rbkI3p/YmrjE5ZNwuCPRfqUtywnBHqClp2o
+nBgqrBZiKitxAmdEH4lidGA9AbiNnBiMh0fC4s5sKAUZUjPjv1I7VBqrueYWKnKP
+1IBuggaJDoUQysj73XxPUnfFiuBuDVO+FEjLCrbB7WCfdli3KuueUJjHbcLyUh0n
+o2ceMwIDAQABo3kwdzA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1YnkvT3BlblNT
+TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUB14U4FLr4JVibAmnV+n+kw85ck4wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
+BQUAA4GBAAZ3wF7R8DDhhT31OGQ/A+/F3L59nStqvW7AD7EabrTDPPNOVcvt/las
+oi4MXiBuGPgS/xg+n4YBREaaYoF8BcGx5YMPY1XOPS0DItnDl44Wd+eHraD69kLl
+l/4pPMlE5PQ21o82dph3i6B1E5zwLxhMXzh1mfvDcCIMmRdVobQm
+-----END CERTIFICATE-----

spec/fixtures/master_config/ssl/ca/ca_key.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDA6rbkI3p/YmrjE5ZNwuCPRfqUtywnBHqClp2onBgqrBZiKitx
+AmdEH4lidGA9AbiNnBiMh0fC4s5sKAUZUjPjv1I7VBqrueYWKnKP1IBuggaJDoUQ
+ysj73XxPUnfFiuBuDVO+FEjLCrbB7WCfdli3KuueUJjHbcLyUh0no2ceMwIDAQAB
+AoGAdJRieXNHL3uWBCtuBQfjFDHBv+UBdYKrVgcWtzG9GOxtilzZa618Ihq8txaE
+odlMYacW3rVRlF/jRlDY4/hdChKO0PwffYzMmMklora8knG4Epi3LbMsVYCpbmvr
+AYNKkvAnTbSF/PQMq8hTRnRf8cL8KU6e0uFFiOfx0pc+YyECQQDyod+VtRiOxWM1
+/FE2eZpihibAiB0HV9VJuXW23WwKh2fIqHs2oQXzjvzjiDV+LiZu51L21hQQcAeH
+hMrNWRI/AkEAy4ulVjGybS0FqCvOX8UllJZBkN2z266HRag5a90TG0a0PEb0L+5Y
+3rokNTZAzxdrCxkHaLRXQ9PE7b3c/1CPDQJAWNeW491swZJbMoBSSG0cb6kJdYQh
+hPfPXHBxPuUy02QjR2ERxL4PTNB1nubYF3zUi9VeFo3qyN4Mk722+Jv9xwJADK8j
+Gn/2Un9fvt8b+TPb56qFY3WtY584psqY6XPZYPXC/Y6eYO5Fc3u+DeLXnxAih4qD
+v66dUYi82OPgBbkLcQJBAIFwHWNgrDZqSp8KBOldRUdwt2MkG3QzRiMziP8DczXF
+xvdxH+AHPWl7yzOLas/kgx23ozQZcTzNqFjDmnSrJZQ=
+-----END RSA PRIVATE KEY-----

spec/fixtures/master_config/ssl/ca/ca_pub.pem

@@ -0,0 +1,5 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIGJAoGBAMDqtuQjen9iauMTlk3C4I9F+pS3LCcEeoKWnaicGCqsFmIqK3ECZ0Qf
+iWJ0YD0BuI2cGIyHR8LizmwoBRlSM+O/UjtUGqu55hYqco/UgG6CBokOhRDKyPvd
+fE9Sd8WK4G4NU74USMsKtsHtYJ92WLcq655QmMdtwvJSHSejZx4zAgMBAAE=
+-----END RSA PUBLIC KEY-----

spec/fixtures/master_config/ssl/ca/inventory.txt

@@ -0,0 +1,5 @@
+# Inventory of signed certificates
+# SERIAL NOT_BEFORE NOT_AFTER SUBJECT
+0x0001 2011-08-12T20:00:08GMT 2016-08-10T20:00:08GMT /CN=Puppet CA: puppetmaster
+0x0002 2011-08-12T20:00:08GMT 2016-08-10T20:00:08GMT /CN=puppetmaster
+0x0003 2011-08-12T20:01:09GMT 2016-08-10T20:01:09GMT /[email protected]

spec/fixtures/master_config/ssl/ca/private/ca.pass

@@ -0,0 +1 @@
+[Ie3rqTiZfur`@gLW5<P

spec/fixtures/master_config/ssl/ca/serial

@@ -0,0 +1 @@
+0004

spec/fixtures/master_config/ssl/ca/signed/[email protected]

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVDCCAb2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw
+ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAxMDlaFw0xNjA4MTAyMDAx
+MDlaMBsxGTAXBgNVBAMMEGJvYkBteWRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBAL7+Idbd+eohxCXVXcICvo1IaqAzyjezWxfxMxoBF4mjdvwY
+9RalRM5jItm9ThVwLMezcISYSNPI42Y70+9XIK/3f6OxnSMoB7kDKX9MvcbZkRAt
+OfxDeWmAun+PXuH87VN1r7sViRSSB2dIxB3qjF1HNhAm0ocmSW+sZ3eul2lpAgMB
+AAGjgaAwgZ0wOAYJYIZIAYb4QgENBCsWKVB1cHBldCBSdWJ5L09wZW5TU0wgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFyA8pjL
++VkeCZHDRYCzKjzT4Cr9MAsGA1UdDwQEAwIFoDAnBgNVHSUEIDAeBggrBgEFBQcD
+AQYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBBQUAA4GBAExa0zqinr4P
+6ZmYOYxNtS1d+8YQdzjJXOnlXUURhERHfKMjvvJ125MO9i4TRF/isetRKz2w0OfO
+Vfsdio9PSJf2Fh+/1V2r5eSvLbVenRwFnvyv/u/39ukQNbX5YSwXsl9QcWhqwtwF
+dL1eEwuy2xmfxX6ZZRPDFDrideAtTEJy
+-----END CERTIFICATE-----

spec/fixtures/master_config/ssl/ca/signed/puppetmaster.pem

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw
+ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAwMDhaFw0xNjA4MTAyMDAw
+MDhaMBcxFTATBgNVBAMMDHB1cHBldG1hc3RlcjCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAzxm4O4OlcihWLbNHboKEmQ9cGlsG1vs0nkFtjLeF6eyi4cV6n8Af
+1OacZV9aqzK8MrBQvYrpbpap2/kFSWx3vbhUVDz5ynsNzhu2Jt914XaJEcDmpDMU
+UwQ+pg7JCSHocW2JilofAZdC1HrefLc570yYwxS//U/cw6N5MnskS2ECAwEAAaOB
+oDCBnTA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1YnkvT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUYSrVz684wuDJ
+3awwcfFxMZGPkNQwCwYDVR0PBAQDAgWgMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr
+BgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADgYEAEL5ZXS5TVzaI56HH
+RhcGFLnvfl2BldsPuVuE5H6fqegRUyLpH7mXHCBt1Zn3IlUUdMLHOump4UHVjw/B
+QPk6ihVjWcBTCU8xu4hKj54MixZFFIo2sJveMVdfIJ3lTQTmRpTHpIU7hYHwP46q
+hLWywdpCBvhCxpK0YSi4FSDiYQ8=
+-----END CERTIFICATE-----

spec/fixtures/master_config/ssl/certs/[email protected]

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVDCCAb2gAwIBAgIBAzANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw
+ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAxMDlaFw0xNjA4MTAyMDAx
+MDlaMBsxGTAXBgNVBAMMEGJvYkBteWRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBAL7+Idbd+eohxCXVXcICvo1IaqAzyjezWxfxMxoBF4mjdvwY
+9RalRM5jItm9ThVwLMezcISYSNPI42Y70+9XIK/3f6OxnSMoB7kDKX9MvcbZkRAt
+OfxDeWmAun+PXuH87VN1r7sViRSSB2dIxB3qjF1HNhAm0ocmSW+sZ3eul2lpAgMB
+AAGjgaAwgZ0wOAYJYIZIAYb4QgENBCsWKVB1cHBldCBSdWJ5L09wZW5TU0wgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFyA8pjL
++VkeCZHDRYCzKjzT4Cr9MAsGA1UdDwQEAwIFoDAnBgNVHSUEIDAeBggrBgEFBQcD
+AQYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBBQUAA4GBAExa0zqinr4P
+6ZmYOYxNtS1d+8YQdzjJXOnlXUURhERHfKMjvvJ125MO9i4TRF/isetRKz2w0OfO
+Vfsdio9PSJf2Fh+/1V2r5eSvLbVenRwFnvyv/u/39ukQNbX5YSwXsl9QcWhqwtwF
+dL1eEwuy2xmfxX6ZZRPDFDrideAtTEJy
+-----END CERTIFICATE-----

spec/fixtures/master_config/ssl/certs/ca.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMzCCAZygAwIBAgIBATANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw
+ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAwMDhaFw0xNjA4MTAyMDAw
+MDhaMCIxIDAeBgNVBAMMF1B1cHBldCBDQTogcHVwcGV0bWFzdGVyMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDA6rbkI3p/YmrjE5ZNwuCPRfqUtywnBHqClp2o
+nBgqrBZiKitxAmdEH4lidGA9AbiNnBiMh0fC4s5sKAUZUjPjv1I7VBqrueYWKnKP
+1IBuggaJDoUQysj73XxPUnfFiuBuDVO+FEjLCrbB7WCfdli3KuueUJjHbcLyUh0n
+o2ceMwIDAQABo3kwdzA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1YnkvT3BlblNT
+TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUB14U4FLr4JVibAmnV+n+kw85ck4wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEB
+BQUAA4GBAAZ3wF7R8DDhhT31OGQ/A+/F3L59nStqvW7AD7EabrTDPPNOVcvt/las
+oi4MXiBuGPgS/xg+n4YBREaaYoF8BcGx5YMPY1XOPS0DItnDl44Wd+eHraD69kLl
+l/4pPMlE5PQ21o82dph3i6B1E5zwLxhMXzh1mfvDcCIMmRdVobQm
+-----END CERTIFICATE-----

spec/fixtures/master_config/ssl/certs/puppetmaster.pem

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbmgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAiMSAwHgYDVQQDDBdQdXBw
+ZXQgQ0E6IHB1cHBldG1hc3RlcjAeFw0xMTA4MTIyMDAwMDhaFw0xNjA4MTAyMDAw
+MDhaMBcxFTATBgNVBAMMDHB1cHBldG1hc3RlcjCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAzxm4O4OlcihWLbNHboKEmQ9cGlsG1vs0nkFtjLeF6eyi4cV6n8Af
+1OacZV9aqzK8MrBQvYrpbpap2/kFSWx3vbhUVDz5ynsNzhu2Jt914XaJEcDmpDMU
+UwQ+pg7JCSHocW2JilofAZdC1HrefLc570yYwxS//U/cw6N5MnskS2ECAwEAAaOB
+oDCBnTA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1YnkvT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUYSrVz684wuDJ
+3awwcfFxMZGPkNQwCwYDVR0PBAQDAgWgMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr
+BgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADgYEAEL5ZXS5TVzaI56HH
+RhcGFLnvfl2BldsPuVuE5H6fqegRUyLpH7mXHCBt1Zn3IlUUdMLHOump4UHVjw/B
+QPk6ihVjWcBTCU8xu4hKj54MixZFFIo2sJveMVdfIJ3lTQTmRpTHpIU7hYHwP46q
+hLWywdpCBvhCxpK0YSi4FSDiYQ8=
+-----END CERTIFICATE-----

spec/fixtures/master_config/ssl/crl.pem

@@ -0,0 +1,8 @@
+-----BEGIN X509 CRL-----
+MIH5MGQCAQEwDQYJKoZIhvcNAQEFBQAwIjEgMB4GA1UEAwwXUHVwcGV0IENBOiBw
+dXBwZXRtYXN0ZXIXDTExMDgxMzIwMDAwOFoXDTE2MDgxMTIwMDAwOFqgDjAMMAoG
+A1UdFAQDAgEAMA0GCSqGSIb3DQEBBQUAA4GBACBHLkJD4RvEV75ak8w468Kq7r5p
+s87Fzs0Vj2fgqH/3GPoazwBD4R0TvqMb+NUuF0WnipexdQQRjaiERmqX9aIhRjRA
+vs4ItdoxAvcgCzWs6cYm/e4SAAqY5lipfJqd+aRlQgzWaj6WDbFMVEKvqMXqM5wU
+gGQRYVnXHbohA+/I
+-----END X509 CRL-----

spec/fixtures/master_config/ssl/private_keys/[email protected]

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC+/iHW3fnqIcQl1V3CAr6NSGqgM8o3s1sX8TMaAReJo3b8GPUW
+pUTOYyLZvU4VcCzHs3CEmEjTyONmO9PvVyCv93+jsZ0jKAe5Ayl/TL3G2ZEQLTn8
+Q3lpgLp/j17h/O1Tda+7FYkUkgdnSMQd6oxdRzYQJtKHJklvrGd3rpdpaQIDAQAB
+AoGAWlPwhyFWd9/eV5JQlFgd7M3J99hmk+9Ubr9ZTrwjeKoBtPrMtxgUsZN7QQVh
+74us8gmwdlVbZCZHPeufsTtAroYX9lru3he0oopn82Revc9OYll8hHoXjpLlhJyz
+G40e1DQ5wO0z1WKxAiMvR06i56z03nCgJYp5RzVIx6As0bECQQD1HHuEHZU69C64
+NnDLlokoCMxs/zgjO/oFJbuit63vOc/Ua6oCciEt6xaxUUzVUcOK4VEcjwBKifiK
+ua2Z7ZANAkEAx3owTktjSU2RleIE6aZq7gfgC2ZAjHiIwtFRq573dfCfbj1b2wKk
+8GBudLsXNLZEEgJwJofljjXPAcPAebSLzQJBAM0hVCGCHITlHEBgl09aoViW3HaP
+tSyPojMym/CWpgMiL9OHcxVu7GOgbjJhZtrT/cE5xgcPil/XTeDTefzrevUCQEW0
+X+7sDwzNa0M50Meo3JLC87poB8ROVlPleymCiiyPYdbO4Cs+2E4bFF38Bpbn3g+B
+BJmiQUgZa3XNZpPg0D0CQGJocWKoiWBUcZSbEAaJtBCG+CO+Z8QQP62RpiiYck4W
+VMn3s3fSS8cLdl65jSLM/dXA6YWZlwT/7Vl46ooGdDQ=
+-----END RSA PRIVATE KEY-----

spec/fixtures/master_config/ssl/private_keys/puppetmaster.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDPGbg7g6VyKFYts0dugoSZD1waWwbW+zSeQW2Mt4Xp7KLhxXqf
+wB/U5pxlX1qrMrwysFC9iululqnb+QVJbHe9uFRUPPnKew3OG7Ym33XhdokRwOak
+MxRTBD6mDskJIehxbYmKWh8Bl0LUet58tznvTJjDFL/9T9zDo3kyeyRLYQIDAQAB
+AoGAIseQ9v2uxTMc9ePLtTVaC1JXB14OEgBx37nhKeaQKK7C0+OUKkvbjKeF0Ehp
+M6L7lA+kH5C6jwXiVLzHNINwwDAqgx+n2O73BjKbqXSVNmdwirX+7nlqVKP6lR+E
+xGYn3MMQhZe956qGJffHbEPQB3dx0mzIcvXSWCTwWaPfTgECQQD4gbARjcSiirGi
+1GA8hMGzdkozt9yb2hbiF79NMGN/wbdYe4FxrmnzGkKXEBvkUFPlGu7GkEwNDtkF
+3MqpsBbxAkEA1VhnLYoPpIDxupJRclwBFxEOBFQ3pkgA5/kxayoeAYLoiMRU6mfE
+bhtA8lWoV9BFNvzVCSFS3Yvb1sXLgWrbcQJAfuu9wTlm9J1hnIhbno0vYTlJLKD7
+S55XkaIPUp0kNFv8CHUL58Ps2PzQhdb0Z+ee8aSPz1pjfUfYD+Z0m7YUAQJBAIvn
+ohnB/MoS6PJBe3m0Dd7zhy6dj7TSaQ22Y4r0HqM9FoKBxXHGRJEz/B4uv+t+H7WU
+jZukJ7QzQCISqYaf7XECQQCbmDO/lv8qdmLfApN2v1H7t9R7tXhEm8jK7OLZsoAT
+QAwCPYh7YRnhpFE0gMUncg+lVu3CTrXtlBRDRgF68Lhx
+-----END RSA PRIVATE KEY-----

spec/fixtures/master_config/ssl/public_keys/[email protected]

@@ -0,0 +1,5 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIGJAoGBAL7+Idbd+eohxCXVXcICvo1IaqAzyjezWxfxMxoBF4mjdvwY9RalRM5j
+Itm9ThVwLMezcISYSNPI42Y70+9XIK/3f6OxnSMoB7kDKX9MvcbZkRAtOfxDeWmA
+un+PXuH87VN1r7sViRSSB2dIxB3qjF1HNhAm0ocmSW+sZ3eul2lpAgMBAAE=
+-----END RSA PUBLIC KEY-----

spec/fixtures/master_config/ssl/public_keys/puppetmaster.pem

@@ -0,0 +1,5 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIGJAoGBAM8ZuDuDpXIoVi2zR26ChJkPXBpbBtb7NJ5BbYy3hensouHFep/AH9Tm
+nGVfWqsyvDKwUL2K6W6Wqdv5BUlsd724VFQ8+cp7Dc4btibfdeF2iRHA5qQzFFME
+PqYOyQkh6HFtiYpaHwGXQtR63ny3Oe9MmMMUv/1P3MOjeTJ7JEthAgMBAAE=
+-----END RSA PUBLIC KEY-----