Class: Puppet::SSL::Base
Overview
The base class for wrapping SSL instances.
Direct Known Subclasses
Constant Summary collapse
- SEPARATOR =
For now, use the YAML separator.
"\n---\n"
- VALID_CERTNAME =
Only allow printing ascii characters, excluding /
/\A[ -.0-~]+\Z/
Instance Attribute Summary collapse
-
#content ⇒ Object
Returns the value of attribute content.
-
#name ⇒ Object
Returns the value of attribute name.
Class Method Summary collapse
-
.from_instance(instance, name = nil) ⇒ Object
Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class.
- .from_multiple_s(text) ⇒ Object
-
.from_s(string, name = nil) ⇒ Object
Convert a string into an instance.
-
.name_from_subject(subject) ⇒ String
private
name_from_subject extracts the common name attribute from the subject of an x.509 certificate certificate.
- .to_multiple_s(instances) ⇒ Object
- .validate_certname(name) ⇒ Object
- .wrapped_class ⇒ Object
- .wraps(klass) ⇒ Object
Instance Method Summary collapse
- #digest(algorithm = nil) ⇒ Object
- #digest_algorithm ⇒ Object
- #fingerprint(md = :SHA256) ⇒ Object
- #generate ⇒ Object
-
#initialize(name) ⇒ Base
constructor
A new instance of Base.
-
#read(path) ⇒ Object
Read content from disk appropriately.
- #to_data_hash ⇒ Object
-
#to_s ⇒ Object
Convert our thing to pem.
-
#to_text ⇒ Object
Provide the full text of the thing we’re dealing with.
Constructor Details
#initialize(name) ⇒ Base
Returns a new instance of Base.
41 42 43 44 |
# File 'lib/puppet/ssl/base.rb', line 41 def initialize(name) @name = name.to_s.downcase self.class.validate_certname(@name) end |
Instance Attribute Details
#content ⇒ Object
Returns the value of attribute content.
35 36 37 |
# File 'lib/puppet/ssl/base.rb', line 35 def content @content end |
#name ⇒ Object
Returns the value of attribute name.
35 36 37 |
# File 'lib/puppet/ssl/base.rb', line 35 def name @name end |
Class Method Details
.from_instance(instance, name = nil) ⇒ Object
Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/puppet/ssl/base.rb', line 61 def self.from_instance(instance, name = nil) unless instance.is_a?(wrapped_class) raise ArgumentError, _("Object must be an instance of %{class_name}, %{actual_class} given") % { class_name: wrapped_class, actual_class: instance.class } end if name.nil? and !instance.respond_to?(:subject) raise ArgumentError, _("Name must be supplied if it cannot be determined from the instance") end name ||= name_from_subject(instance.subject) result = new(name) result.content = instance result end |
.from_multiple_s(text) ⇒ Object
14 15 16 |
# File 'lib/puppet/ssl/base.rb', line 14 def self.from_multiple_s(text) text.split(SEPARATOR).collect { |inst| from_s(inst) } end |
.from_s(string, name = nil) ⇒ Object
Convert a string into an instance
77 78 79 80 |
# File 'lib/puppet/ssl/base.rb', line 77 def self.from_s(string, name = nil) instance = wrapped_class.new(string) from_instance(instance, name) end |
.name_from_subject(subject) ⇒ String
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
name_from_subject extracts the common name attribute from the subject of an x.509 certificate certificate
56 57 58 |
# File 'lib/puppet/ssl/base.rb', line 56 def self.name_from_subject(subject) Puppet::Util::SSL.cn_from_subject(subject) end |
.to_multiple_s(instances) ⇒ Object
18 19 20 |
# File 'lib/puppet/ssl/base.rb', line 18 def self.to_multiple_s(instances) instances.collect { |inst| inst.to_s }.join(SEPARATOR) end |
.validate_certname(name) ⇒ Object
31 32 33 |
# File 'lib/puppet/ssl/base.rb', line 31 def self.validate_certname(name) raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME end |
.wrapped_class ⇒ Object
26 27 28 29 |
# File 'lib/puppet/ssl/base.rb', line 26 def self.wrapped_class raise(Puppet::DevError, _("%{name} has not declared what class it wraps") % { name: self }) unless defined?(@wrapped_class) @wrapped_class end |
.wraps(klass) ⇒ Object
22 23 24 |
# File 'lib/puppet/ssl/base.rb', line 22 def self.wraps(klass) @wrapped_class = klass end |
Instance Method Details
#digest(algorithm = nil) ⇒ Object
118 119 120 121 122 123 124 |
# File 'lib/puppet/ssl/base.rb', line 118 def digest(algorithm=nil) unless algorithm algorithm = digest_algorithm end Puppet::SSL::Digest.new(algorithm, content.to_der) end |
#digest_algorithm ⇒ Object
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/puppet/ssl/base.rb', line 126 def digest_algorithm # The signature_algorithm on the X509 cert is a combination of the digest # algorithm and the encryption algorithm # e.g. md5WithRSAEncryption, sha256WithRSAEncryption # Unfortunately there isn't a consistent pattern # See RFCs 3279, 5758 digest_re = Regexp.union( /ripemd160/i, /md[245]/i, /sha\d*/i ) ln = content.signature_algorithm if match = digest_re.match(ln) match[0].downcase else raise Puppet::Error, _("Unknown signature algorithm '%{ln}'") % { ln: ln } end end |
#fingerprint(md = :SHA256) ⇒ Object
113 114 115 116 |
# File 'lib/puppet/ssl/base.rb', line 113 def fingerprint(md = :SHA256) mds = md.to_s.upcase digest(mds).to_hex end |
#generate ⇒ Object
37 38 39 |
# File 'lib/puppet/ssl/base.rb', line 37 def generate raise Puppet::DevError, _("%{class_name} did not override 'generate'") % { class_name: self.class } end |
#read(path) ⇒ Object
Read content from disk appropriately.
83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/puppet/ssl/base.rb', line 83 def read(path) # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest # Puppet::SSL::Key uses this, but also provides its own override # nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors: # Puppet::Indirector::CertificateStatus::File (.indirection.find) # Puppet::Network::HTTP::WEBrick (.indirection.find) # Puppet::Network::HTTP::RackREST (.from_instance) # Puppet::Network::HTTP::WEBrickREST (.from_instance) # Puppet::SSL::Host (.indirection.find) # Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8) # Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII)) end |
#to_data_hash ⇒ Object
103 104 105 |
# File 'lib/puppet/ssl/base.rb', line 103 def to_data_hash to_s end |
#to_s ⇒ Object
Convert our thing to pem.
98 99 100 101 |
# File 'lib/puppet/ssl/base.rb', line 98 def to_s return "" unless content content.to_pem end |
#to_text ⇒ Object
Provide the full text of the thing we’re dealing with.
108 109 110 111 |
# File 'lib/puppet/ssl/base.rb', line 108 def to_text return "" unless content content.to_text end |