Module: Puppet::Util::SSL Private
- Defined in:
- lib/puppet/util/ssl.rb
Overview
This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.
SSL is a private module with class methods that help work with x.509 subjects.
Constant Summary collapse
- NO_NAME =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
OpenSSL::X509::Name.new
- DN_PARSERS =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
[ OpenSSL::X509::Name.method(:parse_rfc2253), OpenSSL::X509::Name.method(:parse_openssl), lambda { |dn| NO_NAME } ]
Class Method Summary collapse
-
.cn_from_subject(subject) ⇒ String?
private
cn_from_subject extracts the CN from the given OpenSSL certtificate subject.
- .is_possibly_valid_dn?(dn) ⇒ Boolean private
-
.subject_from_dn(dn) ⇒ OpenSSL::X509::Name
private
Given a DN string, parse it into an OpenSSL certificate subject.
Class Method Details
.cn_from_subject(subject) ⇒ String?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
cn_from_subject extracts the CN from the given OpenSSL certtificate subject.
44 45 46 47 48 |
# File 'lib/puppet/util/ssl.rb', line 44 def self.cn_from_subject(subject) if subject.respond_to? :to_a (subject.to_a.assoc('CN') || [])[1] end end |
.is_possibly_valid_dn?(dn) ⇒ Boolean
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
50 51 52 |
# File 'lib/puppet/util/ssl.rb', line 50 def self.is_possibly_valid_dn?(dn) dn =~ /=/ end |
.subject_from_dn(dn) ⇒ OpenSSL::X509::Name
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Given a DN string, parse it into an OpenSSL certificate subject. This method will flexibly handle both OpenSSl and RFC2253 formats, as given by nginx and Apache, respectively.
22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/puppet/util/ssl.rb', line 22 def self.subject_from_dn(dn) if is_possibly_valid_dn?(dn) DN_PARSERS.each do |parser| begin return parser.call(dn) rescue OpenSSL::X509::NameError end end else NO_NAME end end |