Class: Puppet::SSL::Key Deprecated

Inherits:
Base show all
Extended by:
Indirector
Defined in:
lib/puppet/ssl/key.rb

Overview

Deprecated.

Use SSLProvider instead.

Manage private and public keys as a pair.

Defined Under Namespace

Classes: File, Memory

Constant Summary

Constants included from Indirector

Indirector::BadNameRegexp

Constants inherited from Base

Base::SEPARATOR, Base::VALID_CERTNAME

Instance Attribute Summary collapse

Attributes inherited from Base

#content, #name

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Indirector

configure_routes, indirects

Methods inherited from Base

#digest, #digest_algorithm, #fingerprint, from_instance, from_multiple_s, from_s, name_from_subject, #to_data_hash, to_multiple_s, #to_text, validate_certname, wrapped_class, wraps

Constructor Details

#initialize(name) ⇒ Key


30
31
32
33
34
# File 'lib/puppet/ssl/key.rb', line 30

def initialize(name)
  super

  @password_file = Puppet[:passfile]
end

Instance Attribute Details

#password_fileObject

Returns the value of attribute password_file


22
23
24
# File 'lib/puppet/ssl/key.rb', line 22

def password_file
  @password_file
end

Class Method Details

.supported_formatsObject

Because of how the format handler class is included, this can't be in the base class.


18
19
20
# File 'lib/puppet/ssl/key.rb', line 18

def self.supported_formats
  [:s]
end

Instance Method Details

#generateObject

Knows how to create keys with our system defaults.


25
26
27
28
# File 'lib/puppet/ssl/key.rb', line 25

def generate
  Puppet.info _("Creating a new SSL key for %{name}") % { name: name }
  @content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
end

#passwordObject


36
37
38
39
40
41
42
43
44
# File 'lib/puppet/ssl/key.rb', line 36

def password
  return nil unless password_file and Puppet::FileSystem.exist?(password_file)

  # Puppet generates files at the default Puppet[:capass] using ASCII
  # User configured :passfile could be in any encoding
  # Use BINARY given the string is passed to an OpenSSL API accepting bytes
  # note this is only called internally
  Puppet::FileSystem.read(password_file, :encoding => Encoding::BINARY)
end

#read(path) ⇒ Object

Optionally support specifying a password file.


47
48
49
50
51
52
# File 'lib/puppet/ssl/key.rb', line 47

def read(path)
  return super unless password_file

  # RFC 1421 states PEM is 7-bit ASCII https://tools.ietf.org/html/rfc1421
  @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII), password)
end

#to_sObject


54
55
56
57
58
59
60
# File 'lib/puppet/ssl/key.rb', line 54

def to_s
  if password
    @content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), password)
  else
    return super
  end
end