Class: Puppet::SSL::Key
- Extended by:
- Indirector
- Defined in:
- lib/puppet/ssl/key.rb
Overview
Manage private and public keys as a pair.
Defined Under Namespace
Classes: Ca, DisabledCa, File, Memory
Constant Summary
Constants included from Indirector
Constants inherited from Base
Base::SEPARATOR, Base::VALID_CERTNAME
Instance Attribute Summary collapse
-
#password_file ⇒ Object
Returns the value of attribute password_file.
Attributes inherited from Base
Class Method Summary collapse
-
.supported_formats ⇒ Object
Because of how the format handler class is included, this can’t be in the base class.
Instance Method Summary collapse
-
#generate ⇒ Object
Knows how to create keys with our system defaults.
-
#initialize(name) ⇒ Key
constructor
A new instance of Key.
- #password ⇒ Object
-
#read(path) ⇒ Object
Optionally support specifying a password file.
- #to_s ⇒ Object
Methods included from Indirector
Methods inherited from Base
#ca?, #digest, #digest_algorithm, #fingerprint, from_instance, from_multiple_s, from_s, name_from_subject, #to_data_hash, to_multiple_s, #to_text, validate_certname, wrapped_class, wraps
Constructor Details
Instance Attribute Details
#password_file ⇒ Object
Returns the value of attribute password_file.
20 21 22 |
# File 'lib/puppet/ssl/key.rb', line 20 def password_file @password_file end |
Class Method Details
.supported_formats ⇒ Object
Because of how the format handler class is included, this can’t be in the base class.
16 17 18 |
# File 'lib/puppet/ssl/key.rb', line 16 def self.supported_formats [:s] end |
Instance Method Details
#generate ⇒ Object
Knows how to create keys with our system defaults.
23 24 25 26 |
# File 'lib/puppet/ssl/key.rb', line 23 def generate Puppet.info _("Creating a new SSL key for %{name}") % { name: name } @content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i) end |
#password ⇒ Object
38 39 40 41 42 43 44 45 46 |
# File 'lib/puppet/ssl/key.rb', line 38 def password return nil unless password_file and Puppet::FileSystem.exist?(password_file) # Puppet generates files at the default Puppet[:capass] using ASCII # User configured :passfile could be in any encoding # Use BINARY given the string is passed to an OpenSSL API accepting bytes # note this is only called internally Puppet::FileSystem.read(password_file, :encoding => Encoding::BINARY) end |
#read(path) ⇒ Object
Optionally support specifying a password file.
49 50 51 52 53 54 |
# File 'lib/puppet/ssl/key.rb', line 49 def read(path) return super unless password_file # RFC 1421 states PEM is 7-bit ASCII https://tools.ietf.org/html/rfc1421 @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII), password) end |
#to_s ⇒ Object
56 57 58 59 60 61 62 |
# File 'lib/puppet/ssl/key.rb', line 56 def to_s if pass = password @content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), pass) else return super end end |