class Certificate

Manage certificates themselves. This class has no ‘generate’ method because the CA is responsible for turning CSRs into certificates; we can only retrieve them from the CA (or not, as is often the case).

Public Class Methods

supported_formats() click to toggle source

Because of how the format handler class is included, this can’t be in the base class.

# File lib/puppet/ssl/certificate.rb, line 17
def self.supported_formats
  [:s]
end

Public Instance Methods

expiration() click to toggle source

# File lib/puppet/ssl/certificate.rb, line 27
def expiration
  return nil unless content
  content.not_after
end

near_expiration?(interval = nil) click to toggle source

# File lib/puppet/ssl/certificate.rb, line 32
def near_expiration?(interval = nil)
  return false unless expiration
  interval ||= Puppet[:certificate_expire_warning]
  # Certificate expiration timestamps are always in UTC
  expiration < Time.now.utc + interval
end

subject_alt_names() click to toggle source

# File lib/puppet/ssl/certificate.rb, line 21
def subject_alt_names
  alts = content.extensions.find{|ext| ext.oid == "subjectAltName"}
  return [] unless alts
  alts.value.split(/\s*,\s*/)
end

unmunged_name() click to toggle source

This name is what gets extracted from the subject before being passed to the constructor, so it’s not downcased

# File lib/puppet/ssl/certificate.rb, line 41
def unmunged_name
  self.class.name_from_subject(content.subject)
end