[PUP-4617] puppet cert list should display long names for extensions Created: 2015/05/15  Updated: 2016/08/11  Resolved: 2016/05/26

Status: Closed
Project: Puppet
Component/s: None
Affects Version/s: PUP 4.0.0
Fix Version/s: PUP 4.6.0

Type: Improvement Priority: Normal
Reporter: Josh Cooper Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to PUP-2995 Allow certificate extensions to refer... Closed
Template:
Story Points: 1
Sprint: Client 2016-05-18, Client 2016-06-01
Release Notes: New Feature
Release Notes Summary: cert list now displays long names for extensions

 Description   

PUP-2995 allows certificate extensions to be referenced in manifests using the short name of the extension.

However, when executing `puppet cert print <certname>`, we print the oid as the name of the extension:

bundle exec puppet cert print <hostname>
...
        X509v3 extensions:
            Netscape Comment:
                .(Puppet Ruby/OpenSSL Internal Certificate
            1.3.6.1.4.1.34380.1.2.1.1:
                ..somedata
            1.3.6.1.4.1.34380.1.2.1.2:
someotherdata   .
...

Since we now have a capability to specify the mapping of oid to short and long names, it would be useful to print the long name, like is done with other "known" extensions:

 $ bundle exec puppet cert print <hostname> --trusted_oid_mapping_file oid.yaml
...
        X509v3 extensions:
            Netscape Comment:
                .(Puppet Ruby/OpenSSL Internal Certificate
            My Long Name:
                ..somedata
            My Other Long Name:
someotherdata   .

This is a one line change to the cert application, and perhaps certificate too?

 $ git diff
diff --git a/lib/puppet/application/cert.rb b/lib/puppet/application/cert.rb
index 833840b..1453717 100644
--- a/lib/puppet/application/cert.rb
+++ b/lib/puppet/application/cert.rb
@@ -230,6 +230,7 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
     exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
 
     Puppet::SSL::Oids.register_puppet_oids
+    Puppet::SSL::Oids.load_custom_oid_file(Puppet[:trusted_oid_mapping_file])



 Comments   
Comment by Eric Thompson [ 2016/05/26 ]

validated on rhel7 at stable puppet agent SHA: ab8106c06ce0fe5f41c3aff3f62ecec233c586c7

Last login: Fri Dec  4 12:55:37 2015 from 10.32.128.239
[root@pqo92adku4aj9ee ~]# puppet cert print $(hostname -f)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
[...]
        X509v3 extensions:
            Netscape Comment:
                .(Puppet Ruby/OpenSSL Internal Certificate
            X509v3 Subject Alternative Name:
                DNS:pqo92adku4aj9ee, DNS:pqo92adku4aj9ee.delivery.puppetlabs.net, DNS:puppet
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: critical
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE

Generated at Mon Oct 21 07:42:53 PDT 2019 using JIRA 7.7.1#77002-sha1:e75ca93d5574d9409c0630b81c894d9065296414.