The base class for wrapping SSL instances.
For now, use the YAML separator.
Only allow printing ascii characters, excluding /
Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
# File lib/puppet/ssl/base.rb, line 56 def self.from_instance(instance, name = nil) raise ArgumentError, "Object must be an instance of #{wrapped_class}, #{instance.class} given" unless instance.is_a? wrapped_class raise ArgumentError, "Name must be supplied if it cannot be determined from the instance" if name.nil? and !instance.respond_to?(:subject) name ||= name_from_subject(instance.subject) result = new(name) result.content = instance result end
# File lib/puppet/ssl/base.rb, line 13 def self.from_multiple_s(text) text.split(SEPARATOR).collect { |inst| from_s(inst) } end
Convert a string into an instance
# File lib/puppet/ssl/base.rb, line 67 def self.from_s(string, name = nil) instance = wrapped_class.new(string) from_instance(instance, name) end
Method to extract a ‘name’ from the subject of a certificate
# File lib/puppet/ssl/base.rb, line 51 def self.name_from_subject(subject) subject.to_s.sub(/\/CN=/, '') end
# File lib/puppet/ssl/base.rb, line 45 def initialize(name) @name = name.to_s.downcase self.class.validate_certname(@name) end
# File lib/puppet/ssl/base.rb, line 17 def self.to_multiple_s(instances) instances.collect { |inst| inst.to_s }.join(SEPARATOR) end
# File lib/puppet/ssl/base.rb, line 30 def self.validate_certname(name) raise "Certname #{name.inspect} must not contain unprintable or non-ASCII characters" unless name =~ VALID_CERTNAME end
# File lib/puppet/ssl/base.rb, line 25 def self.wrapped_class raise(Puppet::DevError, "#{self} has not declared what class it wraps") unless defined?(@wrapped_class) @wrapped_class end
# File lib/puppet/ssl/base.rb, line 21 def self.wraps(klass) @wrapped_class = klass end
Is this file for the CA?
# File lib/puppet/ssl/base.rb, line 37 def ca? name == Puppet::SSL::Host.ca_name end
# File lib/puppet/ssl/base.rb, line 94 def digest(algorithm=nil) unless algorithm algorithm = digest_algorithm end Puppet::SSL::Digest.new(algorithm, content.to_der) end
# File lib/puppet/ssl/base.rb, line 102 def digest_algorithm # The signature_algorithm on the X509 cert is a combination of the digest # algorithm and the encryption algorithm # e.g. md5WithRSAEncryption, sha256WithRSAEncryption # Unfortunately there isn't a consistent pattern # See RFCs 3279, 5758 digest_re = Regexp.union( /ripemd160/, /md[245]/, /sha\d*/ ) ln = content.signature_algorithm if match = digest_re.match(ln) match[0].downcase else raise Puppet::Error, "Unknown signature algorithm '#{ln}'" end end
# File lib/puppet/ssl/base.rb, line 89 def fingerprint(md = :SHA256) mds = md.to_s.upcase digest(mds).to_hex end
# File lib/puppet/ssl/base.rb, line 41 def generate raise Puppet::DevError, "#{self.class} did not override 'generate'" end
Read content from disk appropriately.
# File lib/puppet/ssl/base.rb, line 73 def read(path) @content = wrapped_class.new(File.read(path)) end
Convert our thing to pem.
# File lib/puppet/ssl/base.rb, line 78 def to_s return "" unless content content.to_pem end
Provide the full text of the thing we’re dealing with.
# File lib/puppet/ssl/base.rb, line 84 def to_text return "" unless content content.to_text end