class Puppet::SSL::CertificateSigner
Take care of signing a certificate in a FIPS 140-2 compliant manner.
@see projects.puppetlabs.com/issues/17295
@api private
Attributes
digest[R]
@!attribute [r] digest
@return [OpenSSL::Digest]
Public Class Methods
new()
click to toggle source
# File lib/puppet/ssl/certificate_signer.rb 13 def initialize 14 if OpenSSL::Digest.const_defined?('SHA256') 15 @digest = OpenSSL::Digest::SHA256 16 elsif OpenSSL::Digest.const_defined?('SHA1') 17 @digest = OpenSSL::Digest::SHA1 18 elsif OpenSSL::Digest.const_defined?('SHA512') 19 @digest = OpenSSL::Digest::SHA512 20 elsif OpenSSL::Digest.const_defined?('SHA384') 21 @digest = OpenSSL::Digest::SHA384 22 elsif OpenSSL::Digest.const_defined?('SHA224') 23 @digest = OpenSSL::Digest::SHA224 24 else 25 raise Puppet::Error, 26 "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest" 27 end 28 @digest 29 end
Public Instance Methods
sign(content, key)
click to toggle source
Sign a certificate signing request (CSR) with a private key.
@param [OpenSSL::X509::Request] content The CSR to sign @param [OpenSSL::X509::PKey] key The private key to sign with
@api private
# File lib/puppet/ssl/certificate_signer.rb 37 def sign(content, key) 38 content.sign(key, @digest.new) 39 end