class Puppet::SSL::CertificateSigner
Take care of signing a certificate in a FIPS 140-2 compliant manner.
@see projects.puppetlabs.com/issues/17295
@api private
Attributes
digest[R]
@!attribute [r] digest
@return [OpenSSL::Digest]
Public Class Methods
new()
click to toggle source
# File lib/puppet/ssl/certificate_signer.rb 12 def initialize 13 if OpenSSL::Digest.const_defined?('SHA256') 14 @digest = OpenSSL::Digest::SHA256 15 elsif OpenSSL::Digest.const_defined?('SHA1') 16 @digest = OpenSSL::Digest::SHA1 17 elsif OpenSSL::Digest.const_defined?('SHA512') 18 @digest = OpenSSL::Digest::SHA512 19 elsif OpenSSL::Digest.const_defined?('SHA384') 20 @digest = OpenSSL::Digest::SHA384 21 elsif OpenSSL::Digest.const_defined?('SHA224') 22 @digest = OpenSSL::Digest::SHA224 23 else 24 raise Puppet::Error, 25 "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest" 26 end 27 @digest 28 end
Public Instance Methods
sign(content, key)
click to toggle source
Sign a certificate signing request (CSR) with a private key.
@param [OpenSSL::X509::Request] content The CSR to sign @param [OpenSSL::X509::PKey] key The private key to sign with
@api private
# File lib/puppet/ssl/certificate_signer.rb 36 def sign(content, key) 37 content.sign(key, @digest.new) 38 end