Module: Puppet::SSL::Oids Private

Defined in:: lib/puppet/ssl/oids.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

This module defines OIDs for use within Puppet.

ASN.1 Definition

The following is the formal definition of OIDs specified in this file.

puppetCertExtensions OBJECT IDENTIFIER ::= identified-organization(3)

dod(6) internet(1) private(4) enterprise(1) 34380 1

– the tree under registeredExtensions ‘belongs’ to puppetlabs – privateExtensions can be extended by enterprises to suit their own needs registeredExtensions OBJECT IDENTIFIER ::= { puppetCertExtensions 1 } privateExtensions OBJECT IDENTIFIER ::= { puppetCertExtensions 2 }

– subtree of common registered extensions – The short names for these OIDs are intentionally lowercased and formatted – since they may be exposed inside the Puppet DSL as variables. pp_uuid OBJECT IDENTIFIER ::= { registeredExtensions 1 } pp_instance_id OBJECT IDENTIFIER ::= { registeredExtensions 2 } pp_image_name OBJECT IDENTIFIER ::= { registeredExtensions 3 } pp_preshared_key OBJECT IDENTIFIER ::= { registeredExtensions 4 }

Constant Summary collapse

PUPPET_OIDS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

[
  ["1.3.6.1.4.1.34380", 'puppetlabs', 'Puppet Labs'],
  ["1.3.6.1.4.1.34380.1", 'ppCertExt', 'Puppet Certificate Extension'],

  ["1.3.6.1.4.1.34380.1.1", 'ppRegCertExt', 'Puppet Registered Certificate Extension'],

  ["1.3.6.1.4.1.34380.1.1.1", 'pp_uuid', 'Puppet Node UUID'],
  ["1.3.6.1.4.1.34380.1.1.2", 'pp_instance_id', 'Puppet Node Instance ID'],
  ["1.3.6.1.4.1.34380.1.1.3", 'pp_image_name', 'Puppet Node Image Name'],
  ["1.3.6.1.4.1.34380.1.1.4", 'pp_preshared_key', 'Puppet Node Preshared Key'],

  ["1.3.6.1.4.1.34380.1.2", 'ppPrivCertExt', 'Puppet Private Certificate Extension'],
]

Class Method Summary collapse

.subtree_of?(first, second, exclusive = false) ⇒ true, false private

Determine if the first OID contains the second OID.

Class Method Details

.subtree_of?(first, second, exclusive = false) ⇒ `true`, `false`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Determine if the first OID contains the second OID

Examples:

Comparing two dotted OIDs

Puppet::SSL::Oids.subtree_of?('1.3.6.1', '1.3.6.1.4.1') #=> true
Puppet::SSL::Oids.subtree_of?('1.3.6.1', '1.3.6') #=> false

Comparing an OID short name with a dotted OID

Puppet::SSL::Oids.subtree_of?('IANA', '1.3.6.1.4.1') #=> true
Puppet::SSL::Oids.subtree_of?('1.3.6.1', 'enterprises') #=> true

Comparing an OID against itself

Puppet::SSL::Oids.subtree_of?('IANA', 'IANA') #=> true
Puppet::SSL::Oids.subtree_of?('IANA', 'IANA', true) #=> false

Parameters:

first (String) —

The containing OID, in dotted form or as the short name
second (String) —

The contained OID, in dotted form or as the short name
exclusive (true, false) (defaults to: false) —

If an OID should not be considered as a subtree of itself

Returns:

(true, false)

# File 'lib/puppet/ssl/oids.rb', line 65

def self.subtree_of?(first, second, exclusive = false)
  first_oid = OpenSSL::ASN1::ObjectId.new(first).oid
  second_oid = OpenSSL::ASN1::ObjectId.new(second).oid


  if exclusive and first_oid == second_oid
    false
  else
    second_oid.index(first_oid) == 0
  end
rescue OpenSSL::ASN1::ASN1Error
  false
end