Sha256: 8b3ad2b6794262bc1fa516ff6b710d36348e3fa6fc76f4117087a260fc12feb7
Contents?: true
Size: 1.84 KB
Versions: 196
Compression:
Stored size: 1.84 KB
Contents
require 'puppet/ssl'
require 'openssl'
module Puppet
module SSL
# Puppet::SSL::Configuration is intended to separate out the following concerns:
# * CA certificates that authenticate peers (ca_auth_file)
# * Who clients trust as distinct from who servers trust. We should not
# assume one single self signed CA cert for everyone.
class Configuration
def initialize(localcacert, options={})
@localcacert = localcacert
@ca_auth_file = options[:ca_auth_file]
end
# @deprecated Use {#ca_auth_file} instead.
def ca_chain_file
ca_auth_file
end
# The ca_auth_file method is intended to return the PEM bundle of CA certs
# used to authenticate peer connections.
def ca_auth_file
@ca_auth_file || @localcacert
end
##
# ca_auth_certificates returns an Array of OpenSSL::X509::Certificate
# instances intended to be used in the connection verify_callback. This
# method loads and parses the {#ca_auth_file} from the filesystem.
#
# @api private
#
# @return [Array<OpenSSL::X509::Certificate>]
def ca_auth_certificates
@ca_auth_certificates ||= decode_cert_bundle(read_file(ca_auth_file))
end
##
# Decode a string of concatenated certificates
#
# @return [Array<OpenSSL::X509::Certificate>]
def decode_cert_bundle(bundle_str)
re = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
pem_ary = bundle_str.scan(re)
pem_ary.map do |pem_str|
OpenSSL::X509::Certificate.new(pem_str)
end
end
private :decode_cert_bundle
# read_file makes testing easier.
def read_file(path)
# https://www.ietf.org/rfc/rfc2459.txt defines the x509 V3 certificate format
# CA bundles are concatenated X509 certificates, but may also include
# comments, which could have UTF-8 characters
Puppet::FileSystem.read(path, :encoding => Encoding::UTF_8)
end
private :read_file
end
end
end
Version data entries
196 entries across 196 versions & 3 rubygems