Class: Puppet::SSL::CertificateSigner Private

Inherits:

Object
Puppet::SSL::CertificateSigner

Defined in:: lib/puppet/ssl/certificate_signer.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Take care of signing a certificate in a FIPS 140-2 compliant manner.

Instance Attribute Summary collapse

#digest ⇒ Object readonly private

Instance Method Summary collapse

#initialize ⇒ CertificateSigner constructor private

A new instance of CertificateSigner.
#sign(content, key) ⇒ Object private

Sign a certificate signing request (CSR) with a private key.

Constructor Details

#initialize ⇒ `CertificateSigner`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of CertificateSigner.

# File 'lib/puppet/ssl/certificate_signer.rb', line 13

def initialize
  if OpenSSL::Digest.const_defined?('SHA256')
    @digest = OpenSSL::Digest::SHA256
  elsif OpenSSL::Digest.const_defined?('SHA1')
    @digest = OpenSSL::Digest::SHA1
  elsif OpenSSL::Digest.const_defined?('SHA512')
    @digest = OpenSSL::Digest::SHA512
  elsif OpenSSL::Digest.const_defined?('SHA384')
    @digest = OpenSSL::Digest::SHA384
  elsif OpenSSL::Digest.const_defined?('SHA224')
    @digest = OpenSSL::Digest::SHA224
  else
    raise Puppet::Error,
          "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
  end
end

Instance Attribute Details

#digest ⇒ `Object` (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.



11
12
13

# File 'lib/puppet/ssl/certificate_signer.rb', line 11

def digest
  @digest
end

Instance Method Details

#sign(content, key) ⇒ `Object`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Sign a certificate signing request (CSR) with a private key.

Parameters:

content (OpenSSL::X509::Request) —

The CSR to sign
key (OpenSSL::X509::PKey) —

The private key to sign with



36
37
38

# File 'lib/puppet/ssl/certificate_signer.rb', line 36

def sign(content, key)
  content.sign(key, @digest.new)
end

Class: Puppet::SSL::CertificateSigner Private

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize ⇒ CertificateSigner

Instance Attribute Details

#digest ⇒ Object (readonly)

Instance Method Details

#sign(content, key) ⇒ Object

#initialize ⇒ `CertificateSigner`

#digest ⇒ `Object` (readonly)

#sign(content, key) ⇒ `Object`