class Puppet::SSL::Base
The base class for wrapping SSL instances.
Constants
- SEPARATOR
For now, use the YAML separator.
- VALID_CERTNAME
Only allow printing ascii characters, excluding /
Attributes
content[RW]
name[RW]
Public Class Methods
from_instance(instance, name = nil)
click to toggle source
Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
# File lib/puppet/ssl/base.rb 62 def self.from_instance(instance, name = nil) 63 unless instance.is_a?(wrapped_class) 64 raise ArgumentError, _("Object must be an instance of %{class_name}, %{actual_class} given") % 65 { class_name: wrapped_class, actual_class: instance.class } 66 end 67 if name.nil? and !instance.respond_to?(:subject) 68 raise ArgumentError, _("Name must be supplied if it cannot be determined from the instance") 69 end 70 71 name ||= name_from_subject(instance.subject) 72 result = new(name) 73 result.content = instance 74 result 75 end
from_multiple_s(text)
click to toggle source
# File lib/puppet/ssl/base.rb 13 def self.from_multiple_s(text) 14 text.split(SEPARATOR).collect { |inst| from_s(inst) } 15 end
from_s(string, name = nil)
click to toggle source
Convert a string into an instance
# File lib/puppet/ssl/base.rb 78 def self.from_s(string, name = nil) 79 instance = wrapped_class.new(string) 80 from_instance(instance, name) 81 end
name_from_subject(subject)
click to toggle source
name_from_subject
extracts the common name attribute from the subject of an x.509 certificate certificate
@api private
@param [OpenSSL::X509::Name] subject The full subject (distinguished name) of the x.509
certificate.
@return [String] the name (CN) extracted from the subject.
# File lib/puppet/ssl/base.rb 55 def self.name_from_subject(subject) 56 if subject.respond_to? :to_a 57 (subject.to_a.assoc('CN') || [])[1] 58 end 59 end
new(name)
click to toggle source
# File lib/puppet/ssl/base.rb 40 def initialize(name) 41 @name = name.to_s.downcase 42 self.class.validate_certname(@name) 43 end
to_multiple_s(instances)
click to toggle source
# File lib/puppet/ssl/base.rb 17 def self.to_multiple_s(instances) 18 instances.collect { |inst| inst.to_s }.join(SEPARATOR) 19 end
validate_certname(name)
click to toggle source
# File lib/puppet/ssl/base.rb 30 def self.validate_certname(name) 31 raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME 32 end
wrapped_class()
click to toggle source
# File lib/puppet/ssl/base.rb 25 def self.wrapped_class 26 raise(Puppet::DevError, _("%{name} has not declared what class it wraps") % { name: self }) unless defined?(@wrapped_class) 27 @wrapped_class 28 end
wraps(klass)
click to toggle source
# File lib/puppet/ssl/base.rb 21 def self.wraps(klass) 22 @wrapped_class = klass 23 end
Public Instance Methods
digest(algorithm=nil)
click to toggle source
# File lib/puppet/ssl/base.rb 116 def digest(algorithm=nil) 117 unless algorithm 118 algorithm = digest_algorithm 119 end 120 121 Puppet::SSL::Digest.new(algorithm, content.to_der) 122 end
digest_algorithm()
click to toggle source
# File lib/puppet/ssl/base.rb 124 def digest_algorithm 125 # The signature_algorithm on the X509 cert is a combination of the digest 126 # algorithm and the encryption algorithm 127 # e.g. md5WithRSAEncryption, sha256WithRSAEncryption 128 # Unfortunately there isn't a consistent pattern 129 # See RFCs 3279, 5758 130 digest_re = Regexp.union( 131 /ripemd160/i, 132 /md[245]/i, 133 /sha\d*/i 134 ) 135 ln = content.signature_algorithm 136 match = digest_re.match(ln) 137 if match 138 match[0].downcase 139 else 140 raise Puppet::Error, _("Unknown signature algorithm '%{ln}'") % { ln: ln } 141 end 142 end
fingerprint(md = :SHA256)
click to toggle source
# File lib/puppet/ssl/base.rb 111 def fingerprint(md = :SHA256) 112 mds = md.to_s.upcase 113 digest(mds).to_hex 114 end
generate()
click to toggle source
# File lib/puppet/ssl/base.rb 36 def generate 37 raise Puppet::DevError, _("%{class_name} did not override 'generate'") % { class_name: self.class } 38 end
read(path)
click to toggle source
Read content from disk appropriately.
# File lib/puppet/ssl/base.rb 84 def read(path) 85 # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest 86 # nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors: 87 # Puppet::Indirector::CertificateStatus::File (.indirection.find) 88 # Puppet::Network::HTTP::WEBrick (.indirection.find) 89 # Puppet::Network::HTTP::RackREST (.from_instance) 90 # Puppet::Network::HTTP::WEBrickREST (.from_instance) 91 # Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8) 92 @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII)) 93 end
to_data_hash()
click to toggle source
# File lib/puppet/ssl/base.rb 101 def to_data_hash 102 to_s 103 end
to_s()
click to toggle source
Convert our thing to pem.
# File lib/puppet/ssl/base.rb 96 def to_s 97 return "" unless content 98 content.to_pem 99 end
to_text()
click to toggle source
Provide the full text of the thing we're dealing with.
# File lib/puppet/ssl/base.rb 106 def to_text 107 return "" unless content 108 content.to_text 109 end
Private Instance Methods
wrapped_class()
click to toggle source
# File lib/puppet/ssl/base.rb 146 def wrapped_class 147 self.class.wrapped_class 148 end