Module: Conjur::PuppetModule::SSL

Defined in:
lib/conjur/puppet_module/ssl.rb

Overview

This module is a bundle of helper methods for handling the SSL and certificate logic

Class Method Summary collapse

Class Method Details

.load(ssl_certificate) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/conjur/puppet_module/ssl.rb', line 9

def load(ssl_certificate)
  if ssl_certificate.nil? || ssl_certificate.empty?
    Puppet.warning('No Conjur SSL certificate - YOU ARE VULNERABLE TO MITM ATTACKS!')
    return []
  end

  cert_store = OpenSSL::X509::Store.new
  parsed_certs = parse_certs(ssl_certificate)

  Puppet.info("Parsed #{parsed_certs.length} certificate(s) from SSL cert chain")

  parsed_certs.each do |x509_cert|
    cert_store.add_cert x509_cert
  end

  cert_store
end

.parse_certs(certs) ⇒ Object 



27
28
29
30
31
32
33
 
# File 'lib/conjur/puppet_module/ssl.rb', line 27

def parse_certs(certs)
  cert_header = '-----BEGIN CERTIFICATE-----'
  cert_footer = '-----END CERTIFICATE-----'
  cert_re = %r{#{cert_header}\r?\n.*?\r?\n#{cert_footer}}m

  certs.scan(cert_re).map(&OpenSSL::X509::Certificate.method(:new))
end