Class: Puppet::SSL::Key

Inherits:

Base

• Object
• Base
• Puppet::SSL::Key

Extended by:

Indirector

Defined in:

lib/puppet/ssl/key.rb

Overview

Manage private and public keys as a pair.

Defined Under Namespace

Classes: Ca, DisabledCa, File, Memory

Constant Summary

Constants included from Indirector

Indirector::BadNameRegexp

Constants inherited from Base

Base::SEPARATOR, Base::VALID_CERTNAME

Instance Attribute Summary

• #password_file ⇒ Object

  Returns the value of attribute password_file.

Attributes inherited from Base

#content, #name

Class Method Summary

• .supported_formats ⇒ Object

  Because of how the format handler class is included, this can’t be in the base class.

Instance Method Summary

• #generate ⇒ Object

  Knows how to create keys with our system defaults.

• #initialize(name) ⇒ Key constructor

  A new instance of Key.

• #password ⇒ Object
• #read(path) ⇒ Object

  Optionally support specifying a password file.

• #to_s ⇒ Object

Methods included from Indirector

configure_routes, indirects

Methods inherited from Base

#ca?, #digest, #digest_algorithm, #fingerprint, from_instance, from_multiple_s, from_s, name_from_subject, #to_data_hash, to_multiple_s, #to_text, validate_certname, wrapped_class, wraps

Constructor Details

#initialize(name) ⇒ Key

Returns a new instance of Key.

# File 'lib/puppet/ssl/key.rb', line 28

def initialize(name)
  super

  if ca?
    @password_file = Puppet[:capass]
  else
    @password_file = Puppet[:passfile]
  end
end

Instance Attribute Details

#password_file ⇒ Object

Returns the value of attribute password_file.

# File 'lib/puppet/ssl/key.rb', line 20

def password_file
  @password_file
end

Class Method Details

.supported_formats ⇒ Object

Because of how the format handler class is included, this can’t be in the base class.

# File 'lib/puppet/ssl/key.rb', line 16

def self.supported_formats
  [:s]
end

Instance Method Details

#generate ⇒ Object

Knows how to create keys with our system defaults.

# File 'lib/puppet/ssl/key.rb', line 23

def generate
  Puppet.info _("Creating a new SSL key for %{name}") % { name: name }
  @content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
end

#password ⇒ Object

# File 'lib/puppet/ssl/key.rb', line 38

def password
  return nil unless password_file and Puppet::FileSystem.exist?(password_file)

  # Puppet generates files at the default Puppet[:capass] using ASCII
  # User configured :passfile could be in any encoding
  # Use BINARY given the string is passed to an OpenSSL API accepting bytes
  # note this is only called internally
  Puppet::FileSystem.read(password_file, :encoding => Encoding::BINARY)
end

#read(path) ⇒ Object

Optionally support specifying a password file.

# File 'lib/puppet/ssl/key.rb', line 49

def read(path)
  return super unless password_file

  # RFC 1421 states PEM is 7-bit ASCII https://tools.ietf.org/html/rfc1421
  @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII), password)
end

#to_s ⇒ Object

# File 'lib/puppet/ssl/key.rb', line 56

def to_s
  if pass = password
    @content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), pass)
  else
    return super
  end
end