Module: Puppet::Util::SSL Private

Defined in:: lib/puppet/util/ssl.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

SSL is a private module with class methods that help work with x.509 subjects.

Constant Summary collapse

@@dn_parsers =

This classvariable is part of a private API. You should avoid using this classvariable if possible, as it may be removed or be changed in the future.

nil

@@no_name =

This classvariable is part of a private API. You should avoid using this classvariable if possible, as it may be removed or be changed in the future.

nil

Class Method Summary collapse

.cn_from_subject(subject) ⇒ String^? private

cn_from_subject extracts the CN from the given OpenSSL certificate subject.
.is_possibly_valid_dn?(dn) ⇒ Boolean private
.subject_from_dn(dn) ⇒ OpenSSL::X509::Name private

Given a DN string, parse it into an OpenSSL certificate subject.

Class Method Details

.cn_from_subject(subject) ⇒ `String`^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

cn_from_subject extracts the CN from the given OpenSSL certificate subject.

Parameters:

subject (OpenSSL::X509::Name) —

the subject to extract the CN field from

Returns:

(String, nil) —

the CN, or nil if not found

# File 'lib/puppet/util/ssl.rb', line 44

def self.cn_from_subject(subject)
  if subject.respond_to? :to_a
    (subject.to_a.assoc('CN') || [])[1]
  end
end

.is_possibly_valid_dn?(dn) ⇒ `Boolean`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

(Boolean)



50
51
52

# File 'lib/puppet/util/ssl.rb', line 50

def self.is_possibly_valid_dn?(dn)
  dn =~ /=/
end

.subject_from_dn(dn) ⇒ `OpenSSL::X509::Name`

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Given a DN string, parse it into an OpenSSL certificate subject. This method will flexibly handle both OpenSSL and RFC2253 formats, as given by nginx and Apache, respectively.

Parameters:

dn (String) —

the x.509 Distinguished Name (DN) string.

Returns:

(OpenSSL::X509::Name) —

the certificate subject

# File 'lib/puppet/util/ssl.rb', line 18

def self.subject_from_dn(dn)
  if is_possibly_valid_dn?(dn)
    parsers = @@dn_parsers ||= [
          OpenSSL::X509::Name.method(:parse_rfc2253),
          OpenSSL::X509::Name.method(:parse_openssl)
      ]
    parsers.each do |parser|
      begin
        return parser.call(dn)
      rescue OpenSSL::X509::NameError
      end
    end
  end

  @@no_name ||= OpenSSL::X509::Name.new
end

Module: Puppet::Util::SSL Private

Overview

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.cn_from_subject(subject) ⇒ String?

.is_possibly_valid_dn?(dn) ⇒ Boolean

.subject_from_dn(dn) ⇒ OpenSSL::X509::Name

.cn_from_subject(subject) ⇒ `String`^?

.is_possibly_valid_dn?(dn) ⇒ `Boolean`

.subject_from_dn(dn) ⇒ `OpenSSL::X509::Name`