Class: Puppet::SSL::Certificate

Inherits:

Base

• Object
• Base
• Puppet::SSL::Certificate

Extended by:

Indirector

Defined in:

lib/puppet/ssl/certificate.rb

Overview

Manage certificates themselves. This class has no ‘generate’ method because the CA is responsible for turning CSRs into certificates; we can only retrieve them from the CA (or not, as is often the case).

Defined Under Namespace

Classes: Ca, DisabledCa, File, Rest

Constant Summary

Constants included from Indirector

Indirector::BadNameRegexp

Constants inherited from Base

Base::SEPARATOR, Base::VALID_CERTNAME

Instance Attribute Summary

Attributes inherited from Base

#content, #name

Class Method Summary

• .supported_formats ⇒ Object

  Because of how the format handler class is included, this can’t be in the base class.

Instance Method Summary

• #custom_extensions ⇒ Array<Hash{String => String}>

  Any extensions registered with custom OIDs as defined in module Puppet::SSL::Oids may be looked up here.

• #expiration ⇒ Object
• #near_expiration?(interval = nil) ⇒ Boolean
• #subject_alt_names ⇒ Object
• #unmunged_name ⇒ Object

  This name is what gets extracted from the subject before being passed to the constructor, so it’s not downcased.

Methods included from Indirector

configure_routes, indirects

Methods inherited from Base

#ca?, #digest, #digest_algorithm, #fingerprint, from_instance, from_multiple_s, from_s, #generate, #initialize, name_from_subject, #read, #to_data_hash, to_multiple_s, #to_s, #to_text, validate_certname, wrapped_class, wraps

Constructor Details

This class inherits a constructor from Puppet::SSL::Base

Class Method Details

.supported_formats ⇒ Object

Because of how the format handler class is included, this can’t be in the base class.

# File 'lib/puppet/ssl/certificate.rb', line 20

def self.supported_formats
  [:s]
end

Instance Method Details

#custom_extensions ⇒ Array<Hash{String => String}>

Any extensions registered with custom OIDs as defined in module Puppet::SSL::Oids may be looked up here.

A cert with a ‘pp_uuid’ extension having the value ‘abcd’ would return:

{ ‘oid’ => ‘pp_uuid’, ‘value’ => ‘abcd’}

with key/value pairs for the extension’s oid, and its value.

Returns:

• (Array<Hash{String => String}>) —

  An array of two element hashes,

# File 'lib/puppet/ssl/certificate.rb', line 57

def custom_extensions
  custom_exts = content.extensions.select do |ext|
    Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or
      Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid)
  end

  custom_exts.map { |ext| {'oid' => ext.oid, 'value' => ext.value} }
end

#expiration ⇒ Object

# File 'lib/puppet/ssl/certificate.rb', line 30

def expiration
  return nil unless content
  content.not_after
end

#near_expiration?(interval = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/puppet/ssl/certificate.rb', line 35

def near_expiration?(interval = nil)
  return false unless expiration
  interval ||= Puppet[:certificate_expire_warning]
  # Certificate expiration timestamps are always in UTC
  expiration < Time.now.utc + interval
end

#subject_alt_names ⇒ Object

# File 'lib/puppet/ssl/certificate.rb', line 24

def subject_alt_names
  alts = content.extensions.find{|ext| ext.oid == "subjectAltName"}
  return [] unless alts
  alts.value.split(/\s*,\s*/)
end

#unmunged_name ⇒ Object

This name is what gets extracted from the subject before being passed to the constructor, so it’s not downcased

# File 'lib/puppet/ssl/certificate.rb', line 44

def unmunged_name
  self.class.name_from_subject(content.subject)
end