Class: Puppet::SSL::VerifierAdapter

Inherits:

Object

• Object
• Puppet::SSL::VerifierAdapter

Defined in:

lib/puppet/ssl/verifier_adapter.rb

Overview

Allows a Puppet::SSL::Validator to be used in situations where a Verifier is required, while preserving the legacy validator behavior of:

• Loading CA certs from ssl_client_ca_auth or localcacert

• Verifying each cert in the peer’s chain is contained in the file loaded above.

Instance Attribute Summary

• #ssl_context ⇒ Object readonly

  Returns the value of attribute ssl_context.

• #validator ⇒ Object readonly

  Returns the value of attribute validator.

Instance Method Summary

• #handle_connection_error(http, error) ⇒ Object

  Handle an SSL connection error.

• #initialize(validator) ⇒ VerifierAdapter constructor

  A new instance of VerifierAdapter.

• #reusable?(verifier) ⇒ Boolean

  Return true if self is reusable with verifier meaning they are both using the same class of Puppet::SSL::Validator.

• #setup_connection(http) ⇒ Object private

  Configure the http connection based on the current ssl_context.

Constructor Details

#initialize(validator) ⇒ VerifierAdapter

Returns a new instance of VerifierAdapter.

# File 'lib/puppet/ssl/verifier_adapter.rb', line 11

def initialize(validator)
  @validator = validator

  if validator.is_a?(Puppet::SSL::Validator::NoValidator)
    ssl = Puppet::SSL::SSLProvider.new
    @ssl_context = ssl.create_insecure_context
  else
    # nil means use the default SSLContext
    @ssl_context = nil
  end
end

Instance Attribute Details

#ssl_context ⇒ Object (readonly)

Returns the value of attribute ssl_context.

# File 'lib/puppet/ssl/verifier_adapter.rb', line 9

def ssl_context
  @ssl_context
end

#validator ⇒ Object (readonly)

Returns the value of attribute validator.

# File 'lib/puppet/ssl/verifier_adapter.rb', line 9

def validator
  @validator
end

Instance Method Details

#handle_connection_error(http, error) ⇒ Object

Handle an SSL connection error.

Parameters:

• http (Net::HTTP) —

  connection

• error (OpenSSL::SSL::SSLError) —

  connection error

Raises:

• (Puppet::SSL::CertVerifyError) —

  SSL connection failed due to a verification error with the server’s certificate or chain

• (Puppet::Error) —

  server hostname does not match certificate

• (OpenSSL::SSL::SSLError) —

  low-level SSL connection failure

# File 'lib/puppet/ssl/verifier_adapter.rb', line 53

def handle_connection_error(http, error)
  raise @validator.last_error if @validator.respond_to?(:last_error) && @validator.last_error

  Puppet::Util::SSL.handle_connection_error(error, @validator, http.address)
end

#reusable?(verifier) ⇒ Boolean

Return true if self is reusable with verifier meaning they are both using the same class of Puppet::SSL::Validator. In this case we only care the Validator class is the same. We can’t require the same instances, because a new instance is created each time HttpPool.http_instance is called.

Parameters:

• verifier (Puppet::SSL::Verifier) —

  the verifier to compare against

Returns:

• (Boolean) —

  return true if a cached connection can be used, false otherwise

# File 'lib/puppet/ssl/verifier_adapter.rb', line 31

def reusable?(verifier)
  verifier.instance_of?(self.class) &&
    verifier.validator.instance_of?(@validator.class)
end

#setup_connection(http) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Configure the http connection based on the current ssl_context.

Parameters:

• http (Net::HTTP) —

  connection

# File 'lib/puppet/ssl/verifier_adapter.rb', line 40

def setup_connection(http)
  @validator.setup_connection(http)
end