The base class for wrapping SSL instances.
For now, use the YAML separator.
Only allow printing ascii characters, excluding /
Is this file for the CA?
# File lib/puppet/ssl/base.rb, line 38 def ca? name == Puppet::SSL::Host.ca_name end
# File lib/puppet/ssl/base.rb, line 108 def digest(algorithm=nil) unless algorithm algorithm = digest_algorithm end Puppet::SSL::Digest.new(algorithm, content.to_der) end
# File lib/puppet/ssl/base.rb, line 116 def digest_algorithm # The signature_algorithm on the X509 cert is a combination of the digest # algorithm and the encryption algorithm # e.g. md5WithRSAEncryption, sha256WithRSAEncryption # Unfortunately there isn't a consistent pattern # See RFCs 3279, 5758 digest_re = Regexp.union( /ripemd160/, /md[245]/, /sha\d*/ ) ln = content.signature_algorithm if match = digest_re.match(ln) match[0].downcase else raise Puppet::Error, "Unknown signature algorithm '#{ln}'" end end
# File lib/puppet/ssl/base.rb, line 103 def fingerprint(md = :SHA256) mds = md.to_s.upcase digest(mds).to_hex end
# File lib/puppet/ssl/base.rb, line 42 def generate raise Puppet::DevError, "#{self.class} did not override 'generate'" end
Read content from disk appropriately.
# File lib/puppet/ssl/base.rb, line 83 def read(path) @content = wrapped_class.new(File.read(path)) end
# File lib/puppet/ssl/base.rb, line 93 def to_data_hash to_s end
Convert our thing to pem.
# File lib/puppet/ssl/base.rb, line 88 def to_s return "" unless content content.to_pem end
Provide the full text of the thing we’re dealing with.
# File lib/puppet/ssl/base.rb, line 98 def to_text return "" unless content content.to_text end
Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
# File lib/puppet/ssl/base.rb, line 66 def self.from_instance(instance, name = nil) raise ArgumentError, "Object must be an instance of #{wrapped_class}, #{instance.class} given" unless instance.is_a? wrapped_class raise ArgumentError, "Name must be supplied if it cannot be determined from the instance" if name.nil? and !instance.respond_to?(:subject) name ||= name_from_subject(instance.subject) result = new(name) result.content = instance result end
# File lib/puppet/ssl/base.rb, line 14 def self.from_multiple_s(text) text.split(SEPARATOR).collect { |inst| from_s(inst) } end
Convert a string into an instance
# File lib/puppet/ssl/base.rb, line 77 def self.from_s(string, name = nil) instance = wrapped_class.new(string) from_instance(instance, name) end
::name_from_subject extracts the common name attribute from the subject of an x.509 certificate certificate
@api private
@param [OpenSSL::X509::Name] subject The full subject (distinguished name) of the x.509
certificate.
@return [String] the name (CN) extracted from the subject.
# File lib/puppet/ssl/base.rb, line 61 def self.name_from_subject(subject) Puppet::Util::SSL.cn_from_subject(subject) end
# File lib/puppet/ssl/base.rb, line 46 def initialize(name) @name = name.to_s.downcase self.class.validate_certname(@name) end
# File lib/puppet/ssl/base.rb, line 18 def self.to_multiple_s(instances) instances.collect { |inst| inst.to_s }.join(SEPARATOR) end
# File lib/puppet/ssl/base.rb, line 31 def self.validate_certname(name) raise "Certname #{name.inspect} must not contain unprintable or non-ASCII characters" unless name =~ VALID_CERTNAME end
# File lib/puppet/ssl/base.rb, line 26 def self.wrapped_class raise(Puppet::DevError, "#{self} has not declared what class it wraps") unless defined?(@wrapped_class) @wrapped_class end
# File lib/puppet/ssl/base.rb, line 22 def self.wraps(klass) @wrapped_class = klass end