class Puppet::SSL::Base
The base class for wrapping SSL instances.
Constants
- SEPARATOR
For now, use the YAML separator.
- VALID_CERTNAME
Only allow printing ascii characters, excluding /
Attributes
content[RW]
name[RW]
Public Class Methods
from_instance(instance, name = nil)
click to toggle source
Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
# File lib/puppet/ssl/base.rb 63 def self.from_instance(instance, name = nil) 64 unless instance.is_a?(wrapped_class) 65 raise ArgumentError, _("Object must be an instance of %{class_name}, %{actual_class} given") % 66 { class_name: wrapped_class, actual_class: instance.class } 67 end 68 if name.nil? and !instance.respond_to?(:subject) 69 raise ArgumentError, _("Name must be supplied if it cannot be determined from the instance") 70 end 71 72 name ||= name_from_subject(instance.subject) 73 result = new(name) 74 result.content = instance 75 result 76 end
from_multiple_s(text)
click to toggle source
# File lib/puppet/ssl/base.rb 14 def self.from_multiple_s(text) 15 text.split(SEPARATOR).collect { |inst| from_s(inst) } 16 end
from_s(string, name = nil)
click to toggle source
Convert a string into an instance
# File lib/puppet/ssl/base.rb 79 def self.from_s(string, name = nil) 80 instance = wrapped_class.new(string) 81 from_instance(instance, name) 82 end
name_from_subject(subject)
click to toggle source
name_from_subject extracts the common name attribute from the subject of an x.509 certificate certificate
@api private
@param [OpenSSL::X509::Name] subject The full subject (distinguished name) of the x.509
certificate.
@return [String] the name (CN) extracted from the subject.
# File lib/puppet/ssl/base.rb 56 def self.name_from_subject(subject) 57 if subject.respond_to? :to_a 58 (subject.to_a.assoc('CN') || [])[1] 59 end 60 end
new(name)
click to toggle source
# File lib/puppet/ssl/base.rb 41 def initialize(name) 42 @name = name.to_s.downcase 43 self.class.validate_certname(@name) 44 end
to_multiple_s(instances)
click to toggle source
# File lib/puppet/ssl/base.rb 18 def self.to_multiple_s(instances) 19 instances.collect { |inst| inst.to_s }.join(SEPARATOR) 20 end
validate_certname(name)
click to toggle source
# File lib/puppet/ssl/base.rb 31 def self.validate_certname(name) 32 raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME 33 end
wrapped_class()
click to toggle source
# File lib/puppet/ssl/base.rb 26 def self.wrapped_class 27 raise(Puppet::DevError, _("%{name} has not declared what class it wraps") % { name: self }) unless defined?(@wrapped_class) 28 @wrapped_class 29 end
wraps(klass)
click to toggle source
# File lib/puppet/ssl/base.rb 22 def self.wraps(klass) 23 @wrapped_class = klass 24 end
Public Instance Methods
digest(algorithm=nil)
click to toggle source
# File lib/puppet/ssl/base.rb 117 def digest(algorithm=nil) 118 unless algorithm 119 algorithm = digest_algorithm 120 end 121 122 Puppet::SSL::Digest.new(algorithm, content.to_der) 123 end
digest_algorithm()
click to toggle source
# File lib/puppet/ssl/base.rb 125 def digest_algorithm 126 # The signature_algorithm on the X509 cert is a combination of the digest 127 # algorithm and the encryption algorithm 128 # e.g. md5WithRSAEncryption, sha256WithRSAEncryption 129 # Unfortunately there isn't a consistent pattern 130 # See RFCs 3279, 5758 131 digest_re = Regexp.union( 132 /ripemd160/i, 133 /md[245]/i, 134 /sha\d*/i 135 ) 136 ln = content.signature_algorithm 137 match = digest_re.match(ln) 138 if match 139 match[0].downcase 140 else 141 raise Puppet::Error, _("Unknown signature algorithm '%{ln}'") % { ln: ln } 142 end 143 end
fingerprint(md = :SHA256)
click to toggle source
# File lib/puppet/ssl/base.rb 112 def fingerprint(md = :SHA256) 113 mds = md.to_s.upcase 114 digest(mds).to_hex 115 end
generate()
click to toggle source
# File lib/puppet/ssl/base.rb 37 def generate 38 raise Puppet::DevError, _("%{class_name} did not override 'generate'") % { class_name: self.class } 39 end
read(path)
click to toggle source
Read content from disk appropriately.
# File lib/puppet/ssl/base.rb 85 def read(path) 86 # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest 87 # nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors: 88 # Puppet::Indirector::CertificateStatus::File (.indirection.find) 89 # Puppet::Network::HTTP::WEBrick (.indirection.find) 90 # Puppet::Network::HTTP::RackREST (.from_instance) 91 # Puppet::Network::HTTP::WEBrickREST (.from_instance) 92 # Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8) 93 @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII)) 94 end
to_data_hash()
click to toggle source
# File lib/puppet/ssl/base.rb 102 def to_data_hash 103 to_s 104 end
to_s()
click to toggle source
Convert our thing to pem.
# File lib/puppet/ssl/base.rb 97 def to_s 98 return "" unless content 99 content.to_pem 100 end
to_text()
click to toggle source
Provide the full text of the thing we're dealing with.
# File lib/puppet/ssl/base.rb 107 def to_text 108 return "" unless content 109 content.to_text 110 end
Private Instance Methods
wrapped_class()
click to toggle source
# File lib/puppet/ssl/base.rb 147 def wrapped_class 148 self.class.wrapped_class 149 end