class Puppet::SSL::CertificateSigner

Take care of signing a certificate in a FIPS 140-2 compliant manner.

@see projects.puppetlabs.com/issues/17295

@api private

Public Class Methods

new() click to toggle source

# File lib/puppet/ssl/certificate_signer.rb, line 7
def initialize
  if OpenSSL::Digest.const_defined?('SHA256')
    @digest = OpenSSL::Digest::SHA256
  elsif OpenSSL::Digest.const_defined?('SHA1')
    @digest = OpenSSL::Digest::SHA1
  else
    raise Puppet::Error,
      "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
  end
  @digest
end

Public Instance Methods

sign(content, key) click to toggle source

# File lib/puppet/ssl/certificate_signer.rb, line 19
def sign(content, key)
  content.sign(key, @digest.new)
end