Module: Puppet::SSL::CertificateFactory

Defined in:
lib/vendor/puppet/ssl/certificate_factory.rb

Overview

The tedious class that does all the manipulations to the certificate to correctly sign it. Yay.

Constant Summary collapse

UNITMAP =

How we convert from various units to the required seconds.

{
  "y" => 365 * 24 * 60 * 60,
  "d" => 24 * 60 * 60,
  "h" => 60 * 60,
  "s" => 1
}

Class Method Summary collapse

Class Method Details

.build(cert_type, csr, issuer, serial) ⇒ Object 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/vendor/puppet/ssl/certificate_factory.rb', line 14

def self.build(cert_type, csr, issuer, serial)
  # Work out if we can even build the requested type of certificate.
  build_extensions = "build_#{cert_type.to_s}_extensions"
  respond_to?(build_extensions) or
    raise ArgumentError, "#{cert_type.to_s} is an invalid certificate type!"

  # set up the certificate, and start building the content.
  cert = OpenSSL::X509::Certificate.new

  cert.version    = 2 # X509v3
  cert.subject    = csr.content.subject
  cert.issuer     = issuer.subject
  cert.public_key = csr.content.public_key
  cert.serial     = serial

  # Make the certificate valid as of yesterday, because so many people's
  # clocks are out of sync.  This gives one more day of validity than people
  # might expect, but is better than making every person who has a messed up
  # clock fail, and better than having every cert we generate expire a day
  # before the user expected it to when they asked for "one year".
  cert.not_before = Time.now - (60*60*24)
  cert.not_after  = Time.now + ttl

  add_extensions_to(cert, csr, issuer, send(build_extensions))

  return cert
end