Manage certificates themselves. This class has no ‘generate’ method because the CA is responsible for turning CSRs into certificates; we can only retrieve them from the CA (or not, as is often the case).
Because of how the format handler class is included, this can’t be in the base class.
# File lib/puppet/ssl/certificate.rb, line 20 def self.supported_formats [:s] end
Any extensions registered with custom OIDs as defined in module Puppet::SSL::Oids may be looked up here.
A cert with a ‘pp_uuid’ extension having the value ‘abcd’ would return:
@return [Array<Hash{String => String}>] An array of two element hashes, with key/value pairs for the extension’s oid, and its value.
# File lib/puppet/ssl/certificate.rb, line 57 def custom_extensions custom_exts = content.extensions.select do |ext| Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid) end custom_exts.map { |ext| {'oid' => ext.oid, 'value' => ext.value} } end
# File lib/puppet/ssl/certificate.rb, line 30 def expiration return nil unless content content.not_after end
# File lib/puppet/ssl/certificate.rb, line 35 def near_expiration?(interval = nil) return false unless expiration interval ||= Puppet[:certificate_expire_warning] # Certificate expiration timestamps are always in UTC expiration < Time.now.utc + interval end
# File lib/puppet/ssl/certificate.rb, line 24 def subject_alt_names alts = content.extensions.find{|ext| ext.oid == "subjectAltName"} return [] unless alts alts.value.split(/\s*,\s*/) end
This name is what gets extracted from the subject before being passed to the constructor, so it’s not downcased
# File lib/puppet/ssl/certificate.rb, line 44 def unmunged_name self.class.name_from_subject(content.subject) end