class Puppet::SSL::Base

The base class for wrapping SSL instances.

Constants

SEPARATOR

For now, use the YAML separator.

VALID_CERTNAME

Only allow printing ascii characters, excluding /

Attributes

content[RW]
name[RW]

Public Class Methods

from_instance(instance, name = nil) click to toggle source

Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class

   # File lib/puppet/ssl/base.rb
62 def self.from_instance(instance, name = nil)
63   unless instance.is_a?(wrapped_class)
64     raise ArgumentError, _("Object must be an instance of %{class_name}, %{actual_class} given") %
65         { class_name: wrapped_class, actual_class: instance.class }
66   end
67   if name.nil? and !instance.respond_to?(:subject)
68     raise ArgumentError, _("Name must be supplied if it cannot be determined from the instance")
69   end
70 
71   name ||= name_from_subject(instance.subject)
72   result = new(name)
73   result.content = instance
74   result
75 end
from_multiple_s(text) click to toggle source
   # File lib/puppet/ssl/base.rb
13 def self.from_multiple_s(text)
14   text.split(SEPARATOR).collect { |inst| from_s(inst) }
15 end
from_s(string, name = nil) click to toggle source

Convert a string into an instance

   # File lib/puppet/ssl/base.rb
78 def self.from_s(string, name = nil)
79   instance = wrapped_class.new(string)
80   from_instance(instance, name)
81 end
name_from_subject(subject) click to toggle source

name_from_subject extracts the common name attribute from the subject of an x.509 certificate certificate

@api private

@param [OpenSSL::X509::Name] subject The full subject (distinguished name) of the x.509

certificate.

@return [String] the name (CN) extracted from the subject.

   # File lib/puppet/ssl/base.rb
55 def self.name_from_subject(subject)
56   if subject.respond_to? :to_a
57     (subject.to_a.assoc('CN') || [])[1]
58   end
59 end
new(name) click to toggle source
   # File lib/puppet/ssl/base.rb
40 def initialize(name)
41   @name = name.to_s.downcase
42   self.class.validate_certname(@name)
43 end
to_multiple_s(instances) click to toggle source
   # File lib/puppet/ssl/base.rb
17 def self.to_multiple_s(instances)
18   instances.collect { |inst| inst.to_s }.join(SEPARATOR)
19 end
validate_certname(name) click to toggle source
   # File lib/puppet/ssl/base.rb
30 def self.validate_certname(name)
31   raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME
32 end
wrapped_class() click to toggle source
   # File lib/puppet/ssl/base.rb
25 def self.wrapped_class
26   raise(Puppet::DevError, _("%{name} has not declared what class it wraps") % { name: self }) unless defined?(@wrapped_class)
27   @wrapped_class
28 end
wraps(klass) click to toggle source
   # File lib/puppet/ssl/base.rb
21 def self.wraps(klass)
22   @wrapped_class = klass
23 end

Public Instance Methods

digest(algorithm=nil) click to toggle source
    # File lib/puppet/ssl/base.rb
116 def digest(algorithm=nil)
117   unless algorithm
118     algorithm = digest_algorithm
119   end
120 
121   Puppet::SSL::Digest.new(algorithm, content.to_der)
122 end
digest_algorithm() click to toggle source
    # File lib/puppet/ssl/base.rb
124 def digest_algorithm
125   # The signature_algorithm on the X509 cert is a combination of the digest
126   # algorithm and the encryption algorithm
127   # e.g. md5WithRSAEncryption, sha256WithRSAEncryption
128   # Unfortunately there isn't a consistent pattern
129   # See RFCs 3279, 5758
130   digest_re = Regexp.union(
131     /ripemd160/i,
132     /md[245]/i,
133     /sha\d*/i
134   )
135   ln = content.signature_algorithm
136   match = digest_re.match(ln)
137   if match
138     match[0].downcase
139   else
140     raise Puppet::Error, _("Unknown signature algorithm '%{ln}'") % { ln: ln }
141   end
142 end
fingerprint(md = :SHA256) click to toggle source
    # File lib/puppet/ssl/base.rb
111 def fingerprint(md = :SHA256)
112   mds = md.to_s.upcase
113   digest(mds).to_hex
114 end
generate() click to toggle source
   # File lib/puppet/ssl/base.rb
36 def generate
37   raise Puppet::DevError, _("%{class_name} did not override 'generate'") % { class_name: self.class }
38 end
read(path) click to toggle source

Read content from disk appropriately.

   # File lib/puppet/ssl/base.rb
84 def read(path)
85   # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
86   # nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
87   # Puppet::Indirector::CertificateStatus::File (.indirection.find)
88   # Puppet::Network::HTTP::WEBrick (.indirection.find)
89   # Puppet::Network::HTTP::RackREST (.from_instance)
90   # Puppet::Network::HTTP::WEBrickREST (.from_instance)
91   # Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
92   @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
93 end
to_data_hash() click to toggle source
    # File lib/puppet/ssl/base.rb
101 def to_data_hash
102   to_s
103 end
to_s() click to toggle source

Convert our thing to pem.

   # File lib/puppet/ssl/base.rb
96 def to_s
97   return "" unless content
98   content.to_pem
99 end
to_text() click to toggle source

Provide the full text of the thing we're dealing with.

    # File lib/puppet/ssl/base.rb
106 def to_text
107   return "" unless content
108   content.to_text
109 end

Private Instance Methods

wrapped_class() click to toggle source
    # File lib/puppet/ssl/base.rb
146 def wrapped_class
147   self.class.wrapped_class
148 end