Sha256: 9df638d8f796f546e4be1aef3d23134a8368a052ce3df392b8445081791b5e20
Contents?: true
Size: 1.15 KB
Versions: 20
Compression:
Stored size: 1.15 KB
Contents
# frozen_string_literal: true
# Take care of signing a certificate in a FIPS 140-2 compliant manner.
#
# @see https://projects.puppetlabs.com/issues/17295
#
# @api private
class Puppet::SSL::CertificateSigner
# @!attribute [r] digest
# @return [OpenSSL::Digest]
attr_reader :digest
def initialize
if OpenSSL::Digest.const_defined?('SHA256')
@digest = OpenSSL::Digest::SHA256
elsif OpenSSL::Digest.const_defined?('SHA1')
@digest = OpenSSL::Digest::SHA1
elsif OpenSSL::Digest.const_defined?('SHA512')
@digest = OpenSSL::Digest::SHA512
elsif OpenSSL::Digest.const_defined?('SHA384')
@digest = OpenSSL::Digest::SHA384
elsif OpenSSL::Digest.const_defined?('SHA224')
@digest = OpenSSL::Digest::SHA224
else
raise Puppet::Error,
"No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
end
@digest
end
# Sign a certificate signing request (CSR) with a private key.
#
# @param [OpenSSL::X509::Request] content The CSR to sign
# @param [OpenSSL::X509::PKey] key The private key to sign with
#
# @api private
def sign(content, key)
content.sign(key, @digest.new)
end
end
Version data entries
20 entries across 20 versions & 1 rubygems