class Puppet::SSL::CertificateSigner

Take care of signing a certificate in a FIPS 140-2 compliant manner.

@see projects.puppetlabs.com/issues/17295

@api private

Attributes

digest[R]

@!attribute [r] digest

@return [OpenSSL::Digest]

Public Class Methods

new() click to toggle source
   # File lib/puppet/ssl/certificate_signer.rb
12 def initialize
13   if OpenSSL::Digest.const_defined?('SHA256')
14     @digest = OpenSSL::Digest::SHA256
15   elsif OpenSSL::Digest.const_defined?('SHA1')
16     @digest = OpenSSL::Digest::SHA1
17   elsif OpenSSL::Digest.const_defined?('SHA512')
18     @digest = OpenSSL::Digest::SHA512
19   elsif OpenSSL::Digest.const_defined?('SHA384')
20     @digest = OpenSSL::Digest::SHA384
21   elsif OpenSSL::Digest.const_defined?('SHA224')
22     @digest = OpenSSL::Digest::SHA224
23   else
24     raise Puppet::Error,
25       "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
26   end
27   @digest
28 end

Public Instance Methods

sign(content, key) click to toggle source

Sign a certificate signing request (CSR) with a private key.

@param [OpenSSL::X509::Request] content The CSR to sign @param [OpenSSL::X509::PKey] key The private key to sign with

@api private

   # File lib/puppet/ssl/certificate_signer.rb
36 def sign(content, key)
37   content.sign(key, @digest.new)
38 end