From b185bada8d4e9928146606b7e8c8f246b4c48235 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 25 Aug 2015 19:54:52 +0200
Subject: [PATCH] also add ca.pem

---
 modules/roles/files/sso_rp/ca.pem | 85 +++++++++++++++++++++++++++++++
 modules/roles/manifests/sso_rp.pp |  3 ++
 2 files changed, 88 insertions(+)
 create mode 100644 modules/roles/files/sso_rp/ca.pem

diff --git a/modules/roles/files/sso_rp/ca.pem b/modules/roles/files/sso_rp/ca.pem
new file mode 100644
index 00000000..e77dd056
--- /dev/null
+++ b/modules/roles/files/sso_rp/ca.pem
@@ -0,0 +1,85 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=SSO CA 2015-08-21, O=Debian SSO client certificate
+        Validity
+            Not Before: Aug 21 20:43:35 2015 GMT
+            Not After : Dec 31 23:59:59 9999 GMT
+        Subject: CN=SSO CA 2015-08-21, O=Debian SSO client certificate
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d5:25:0c:36:21:15:32:5c:9c:c0:33:e5:26:18:
+                    09:d3:df:55:a2:b2:c3:4d:6e:79:e9:7b:db:59:2c:
+                    3c:97:b7:27:ca:0b:3c:57:d6:cd:f3:77:fa:5b:63:
+                    fc:c7:7d:bc:77:3f:94:d4:ec:44:67:f3:e7:4b:ef:
+                    f3:33:07:28:d3:75:d0:82:05:dc:34:df:94:8c:7c:
+                    14:bb:d5:8f:e6:4a:0d:b0:f1:47:e8:74:5b:bd:4c:
+                    b9:a0:10:df:6d:d5:4d:13:30:44:da:05:c4:e1:66:
+                    05:a2:3e:39:53:da:d2:53:aa:8b:12:74:f8:40:ac:
+                    49:fc:26:d3:78:c1:af:2c:ac:ee:5d:d0:af:e9:6f:
+                    94:c5:47:db:87:5f:3a:91:2a:8c:b5:f0:ed:63:76:
+                    90:f8:be:8c:b8:f0:35:6b:e6:ee:99:48:7d:10:65:
+                    59:ae:b2:0c:6e:38:26:d7:1a:d0:a2:14:01:24:2e:
+                    f9:5f:5d:1d:9e:27:14:96:21:99:fb:b0:b4:87:ba:
+                    54:42:52:18:fb:f2:31:44:44:38:eb:10:58:d4:23:
+                    58:79:93:4c:10:8f:44:ac:c6:e2:16:24:a1:b1:cd:
+                    e6:3f:76:8b:c5:30:10:e0:ac:c7:08:3b:48:bb:3c:
+                    03:12:51:fc:68:c3:f1:21:03:94:c8:bf:c5:2f:1f:
+                    19:4d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Extended Key Usage: 
+                OCSP Signing
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                D0:E2:7E:26:81:E0:CD:AA:CB:34:5F:B6:7A:26:B2:D7:51:82:93:8E
+            X509v3 CRL Distribution Points: 
+
+                Full Name:
+                  URI:https://sso.debian.org/spkac/ca.crl
+
+    Signature Algorithm: sha256WithRSAEncryption
+         ac:a7:c6:44:6b:ef:0f:39:2c:76:33:1f:9a:bd:c5:51:d7:5f:
+         af:8a:ea:bd:66:03:76:fe:38:0a:29:34:c2:59:4c:24:e7:ee:
+         ff:54:54:39:dc:a7:6e:b0:39:e1:ce:50:4b:da:c1:66:90:db:
+         51:c1:77:bd:02:88:51:f4:5c:60:e8:c3:4f:ca:eb:c8:ad:7b:
+         fd:11:1f:1a:b5:58:0b:a0:80:17:3a:ef:c7:7f:d3:20:e4:a1:
+         67:45:1c:07:fd:9f:90:20:cd:fe:09:ad:7a:2f:fb:e5:e6:05:
+         76:07:45:78:87:ba:7b:92:2e:73:37:8b:c1:d3:a1:e8:d9:30:
+         20:bb:3f:d9:ea:a4:fa:34:b4:ae:ce:db:67:1a:95:b6:67:db:
+         43:dd:bd:ee:a4:2a:b2:b1:c3:08:f1:a6:e3:71:7b:3a:fa:b9:
+         81:ae:35:32:c9:39:9b:72:8c:5d:3d:16:e0:1e:6d:29:47:bd:
+         7e:95:60:f9:7b:16:73:14:0d:c4:ba:41:ea:c4:ca:87:0b:06:
+         fe:e9:6e:c3:56:7a:12:1f:bd:f8:ea:3c:94:30:ab:39:e2:7a:
+         27:99:18:be:ac:d7:30:7c:fd:75:90:c3:7e:c2:d2:2d:bc:2e:
+         a2:7c:0d:3b:c4:8e:09:85:e3:84:4f:e8:98:53:60:39:c8:d3:
+         aa:4a:7d:06
+-----BEGIN CERTIFICATE-----
+MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBEMRowGAYDVQQDExFTU08g
+Q0EgMjAxNS0wOC0yMTEmMCQGA1UEChMdRGViaWFuIFNTTyBjbGllbnQgY2VydGlm
+aWNhdGUwIhgPMjAxNTA4MjEyMDQzMzVaGA85OTk5MTIzMTIzNTk1OVowRDEaMBgG
+A1UEAxMRU1NPIENBIDIwMTUtMDgtMjExJjAkBgNVBAoTHURlYmlhbiBTU08gY2xp
+ZW50IGNlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+1SUMNiEVMlycwDPlJhgJ099VorLDTW556XvbWSw8l7cnygs8V9bN83f6W2P8x328
+dz+U1OxEZ/PnS+/zMwco03XQggXcNN+UjHwUu9WP5koNsPFH6HRbvUy5oBDfbdVN
+EzBE2gXE4WYFoj45U9rSU6qLEnT4QKxJ/CbTeMGvLKzuXdCv6W+UxUfbh186kSqM
+tfDtY3aQ+L6MuPA1a+bumUh9EGVZrrIMbjgm1xrQohQBJC75X10dnicUliGZ+7C0
+h7pUQlIY+/IxREQ46xBY1CNYeZNMEI9ErMbiFiShsc3mP3aLxTAQ4KzHCDtIuzwD
+ElH8aMPxIQOUyL/FLx8ZTQIDAQABo4GPMIGMMA8GA1UdEwEB/wQFMAMBAf8wEwYD
+VR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQU0OJ+
+JoHgzarLNF+2eiay11GCk44wNAYDVR0fBC0wKzApoCegJYYjaHR0cHM6Ly9zc28u
+ZGViaWFuLm9yZy9zcGthYy9jYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAKynxkRr
+7w85LHYzH5q9xVHXX6+K6r1mA3b+OAopNMJZTCTn7v9UVDncp26wOeHOUEvawWaQ
+21HBd70CiFH0XGDow0/K68ite/0RHxq1WAuggBc678d/0yDkoWdFHAf9n5Agzf4J
+rXov++XmBXYHRXiHunuSLnM3i8HToejZMCC7P9nqpPo0tK7O22calbZn20Pdve6k
+KrKxwwjxpuNxezr6uYGuNTLJOZtyjF09FuAebSlHvX6VYPl7FnMUDcS6QerEyocL
+Bv7pbsNWehIfvfjqPJQwqznieieZGL6s1zB8/XWQw37C0i28LqJ8DTvEjgmF44RP
+6JhTYDnI06pKfQY=
+-----END CERTIFICATE-----
diff --git a/modules/roles/manifests/sso_rp.pp b/modules/roles/manifests/sso_rp.pp
index e4eb9ac9..4ca3300b 100644
--- a/modules/roles/manifests/sso_rp.pp
+++ b/modules/roles/manifests/sso_rp.pp
@@ -10,5 +10,8 @@ class roles::sso_rp {
 	file { '/var/lib/dsa/sso/ca.crl':
 		content => template('roles/sso_rp/ca.crl.erb'),
 	}
+	file { '/var/lib/dsa/sso/ca.pem':
+		source => 'puppet:///modules/roles/sso_rp/ca.pem',
+	}
 
 }
-- 
2.39.2