Sha256: 8b3ad2b6794262bc1fa516ff6b710d36348e3fa6fc76f4117087a260fc12feb7

Contents?: true

Size: 1.84 KB

Versions: 196

Compression:

Stored size: 1.84 KB

Contents

require 'puppet/ssl'
require 'openssl'
module Puppet
module SSL
  # Puppet::SSL::Configuration is intended to separate out the following concerns:
  # * CA certificates that authenticate peers (ca_auth_file)
  # * Who clients trust as distinct from who servers trust.  We should not
  #   assume one single self signed CA cert for everyone.
class Configuration
  def initialize(localcacert, options={})
    @localcacert = localcacert
    @ca_auth_file = options[:ca_auth_file]
  end

  # @deprecated Use {#ca_auth_file} instead.
  def ca_chain_file
    ca_auth_file
  end

  # The ca_auth_file method is intended to return the PEM bundle of CA certs
  # used to authenticate peer connections.
  def ca_auth_file
    @ca_auth_file || @localcacert
  end

  ##
  # ca_auth_certificates returns an Array of OpenSSL::X509::Certificate
  # instances intended to be used in the connection verify_callback.  This
  # method loads and parses the {#ca_auth_file} from the filesystem.
  #
  # @api private
  #
  # @return [Array<OpenSSL::X509::Certificate>]
  def ca_auth_certificates
    @ca_auth_certificates ||= decode_cert_bundle(read_file(ca_auth_file))
  end

  ##
  # Decode a string of concatenated certificates
  #
  # @return [Array<OpenSSL::X509::Certificate>]
  def decode_cert_bundle(bundle_str)
    re = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
    pem_ary = bundle_str.scan(re)
    pem_ary.map do |pem_str|
      OpenSSL::X509::Certificate.new(pem_str)
    end
  end
  private :decode_cert_bundle

  # read_file makes testing easier.
  def read_file(path)
    # https://www.ietf.org/rfc/rfc2459.txt defines the x509 V3 certificate format
    # CA bundles are concatenated X509 certificates, but may also include
    # comments, which could have UTF-8 characters
    Puppet::FileSystem.read(path, :encoding => Encoding::UTF_8)
  end
  private :read_file
end
end
end

Version data entries

196 entries across 196 versions & 3 rubygems

Version Path
puppet-5.5.22 lib/puppet/ssl/configuration.rb
puppet-5.5.22-x86-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.22-x64-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.22-universal-darwin lib/puppet/ssl/configuration.rb
puppet-5.5.21 lib/puppet/ssl/configuration.rb
puppet-5.5.21-x86-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.21-x64-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.21-universal-darwin lib/puppet/ssl/configuration.rb
puppet-5.5.20 lib/puppet/ssl/configuration.rb
puppet-5.5.20-x86-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.20-x64-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.20-universal-darwin lib/puppet/ssl/configuration.rb
puppet-5.5.19 lib/puppet/ssl/configuration.rb
puppet-5.5.19-x86-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.19-x64-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.19-universal-darwin lib/puppet/ssl/configuration.rb
puppet-5.5.18 lib/puppet/ssl/configuration.rb
puppet-5.5.18-x86-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.18-x64-mingw32 lib/puppet/ssl/configuration.rb
puppet-5.5.18-universal-darwin lib/puppet/ssl/configuration.rb