module Puppet::Util::SSL

SSL is a private module with class methods that help work with x.509 subjects.

@api private

Constants

DN_PARSERS
NO_NAME

Public Class Methods

cn_from_subject(subject) click to toggle source

::cn_from_subject extracts the CN from the given OpenSSL certtificate subject.

@api private

@param [OpenSSL::X509::Name] subject the subject to extract the CN field from

@return [String, nil] the CN, or nil if not found

# File lib/puppet/util/ssl.rb, line 44
def self.cn_from_subject(subject)
  if subject.respond_to? :to_a
    (subject.to_a.assoc('CN') || [])[1]
  end
end

is_possibly_valid_dn?(dn) click to toggle source

# File lib/puppet/util/ssl.rb, line 50
def self.is_possibly_valid_dn?(dn)
  dn =~ /=/
end

subject_from_dn(dn) click to toggle source

Given a DN string, parse it into an OpenSSL certificate subject. This method will flexibly handle both OpenSSl and RFC2253 formats, as given by nginx and Apache, respectively.

@param [String] dn the x.509 Distinguished Name (DN) string.

@return [OpenSSL::X509::Name] the certificate subject

# File lib/puppet/util/ssl.rb, line 22
def self.subject_from_dn(dn)
  if is_possibly_valid_dn?(dn)
    DN_PARSERS.each do |parser|
      begin
        return parser.call(dn)
      rescue OpenSSL::X509::NameError
      end
    end
  else
    NO_NAME
  end
end