Class: Puppet::SSL::Certificate Deprecated

Inherits:

Base

Object
Base
Puppet::SSL::Certificate

show all

Defined in:: lib/puppet/ssl/certificate.rb

Overview

Deprecated.

Manage certificates themselves. This class has no ‘generate’ method because the CA is responsible for turning CSRs into certificates; we can only retrieve them from the CA (or not, as is often the case).

Constant Summary

Constants inherited from Base

Base::SEPARATOR, Base::VALID_CERTNAME

Instance Attribute Summary

Attributes inherited from Base

#content, #name

Class Method Summary collapse

.subject_alt_names_for(cert) ⇒ Object
.supported_formats ⇒ Object

Because of how the format handler class is included, this can’t be in the base class.

Instance Method Summary collapse

#custom_extensions ⇒ Array<Hash{String => String}>

Any extensions registered with custom OIDs as defined in module Puppet::SSL::Oids may be looked up here.
#expiration ⇒ Object
#subject_alt_names ⇒ Object
#unmunged_name ⇒ Object

This name is what gets extracted from the subject before being passed to the constructor, so it’s not downcased.

Methods inherited from Base

#digest, #digest_algorithm, #fingerprint, from_instance, from_multiple_s, from_s, #generate, #initialize, name_from_subject, #read, #to_data_hash, to_multiple_s, #to_s, #to_text, validate_certname, wrapped_class, wraps

Constructor Details

This class inherits a constructor from Puppet::SSL::Base

Class Method Details

.subject_alt_names_for(cert) ⇒ `Object`

# File 'lib/puppet/ssl/certificate.rb', line 22

def self.subject_alt_names_for(cert)
  alts = cert.extensions.find { |ext| ext.oid == "subjectAltName" }
  return [] unless alts

  alts.value.split(/\s*,\s*/)
end

.supported_formats ⇒ `Object`

Because of how the format handler class is included, this can’t be in the base class.



18
19
20

# File 'lib/puppet/ssl/certificate.rb', line 18

def self.supported_formats
  [:s]
end

Instance Method Details

#custom_extensions ⇒ `Array<Hash{String => String}>`

Any extensions registered with custom OIDs as defined in module Puppet::SSL::Oids may be looked up here.

A cert with a ‘pp_uuid’ extension having the value ‘abcd’ would return:

{ ‘oid’ => ‘pp_uuid’, ‘value’ => ‘abcd’}: with key/value pairs for the extension’s oid, and its value.

Returns:

(Array<Hash{String => String}>) —

An array of two element hashes,

# File 'lib/puppet/ssl/certificate.rb', line 54

def custom_extensions
  custom_exts = content.extensions.select do |ext|
    Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or
      Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid) or
      Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', ext.oid)
  end

  custom_exts.map do |ext|
    { 'oid' => ext.oid, 'value' => get_ext_val(ext.oid) }
  end
end

#expiration ⇒ `Object`

# File 'lib/puppet/ssl/certificate.rb', line 33

def expiration
  return nil unless content

  content.not_after
end

#subject_alt_names ⇒ `Object`



29
30
31

# File 'lib/puppet/ssl/certificate.rb', line 29

def subject_alt_names
  self.class.subject_alt_names_for(content)
end

#unmunged_name ⇒ `Object`

This name is what gets extracted from the subject before being passed to the constructor, so it’s not downcased



41
42
43

# File 'lib/puppet/ssl/certificate.rb', line 41

def unmunged_name
  self.class.name_from_subject(content.subject.to_utf8)
end