Module: Puppet::Util::SSL Private

Defined in:: lib/puppet/util/ssl.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

SSL is a private module with class methods that help work with x.509 subjects.

Constant Summary collapse

NO_NAME =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

OpenSSL::X509::Name.new

DN_PARSERS =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

[
  OpenSSL::X509::Name.method(:parse_rfc2253),
  OpenSSL::X509::Name.method(:parse_openssl),
  lambda { |dn| NO_NAME }
]

Class Method Summary collapse

.cn_from_subject(subject) ⇒ String^? private

cn_from_subject extracts the CN from the given OpenSSL certtificate subject.
.is_possibly_valid_dn?(dn) ⇒ Boolean private
.subject_from_dn(dn) ⇒ OpenSSL::X509::Name private

Given a DN string, parse it into an OpenSSL certificate subject.

Class Method Details

.cn_from_subject(subject) ⇒ `String`^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

cn_from_subject extracts the CN from the given OpenSSL certtificate subject.

Parameters:

subject (OpenSSL::X509::Name) —

the subject to extract the CN field from

Returns:

(String, nil) —

the CN, or nil if not found

# File 'lib/puppet/util/ssl.rb', line 44

def self.cn_from_subject(subject)
  if subject.respond_to? :to_a
    (subject.to_a.assoc('CN') || [])[1]
  end
end

.is_possibly_valid_dn?(dn) ⇒ `Boolean`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

(Boolean)



50
51
52

# File 'lib/puppet/util/ssl.rb', line 50

def self.is_possibly_valid_dn?(dn)
  dn =~ /=/
end

.subject_from_dn(dn) ⇒ `OpenSSL::X509::Name`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Given a DN string, parse it into an OpenSSL certificate subject. This method will flexibly handle both OpenSSl and RFC2253 formats, as given by nginx and Apache, respectively.

Parameters:

dn (String) —

the x.509 Distinguished Name (DN) string.

Returns:

(OpenSSL::X509::Name) —

the certificate subject

# File 'lib/puppet/util/ssl.rb', line 22

def self.subject_from_dn(dn)
  if is_possibly_valid_dn?(dn)
    DN_PARSERS.each do |parser|
      begin
        return parser.call(dn)
      rescue OpenSSL::X509::NameError
      end
    end
  else
    NO_NAME
  end
end

Module: Puppet::Util::SSL Private

Overview

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.cn_from_subject(subject) ⇒ String?

.is_possibly_valid_dn?(dn) ⇒ Boolean

.subject_from_dn(dn) ⇒ OpenSSL::X509::Name

.cn_from_subject(subject) ⇒ `String`^?

.is_possibly_valid_dn?(dn) ⇒ `Boolean`

.subject_from_dn(dn) ⇒ `OpenSSL::X509::Name`