Puppet Function: cd4peadm::verify_certs
- Defined in:
-
lib/puppet/functions/cd4peadm/verify_certs.rb
- Function type:
- Ruby 4.x API
Overview
cd4peadm::verify_certs(String $cert_chain_contents, String $key_contents) ⇒ Any
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# File 'lib/puppet/functions/cd4peadm/verify_certs.rb', line 3
Puppet::Functions.create_function(:'cd4peadm::verify_certs') do
dispatch :verify do
param 'String', :cert_chain_contents
param 'String', :key_contents
end
def verify(cert_chain_contents, key_contents)
contents = cert_chain_contents
cert_texts = contents.scan(/-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/)
if cert_texts.empty?
Puppet.err "No valid certificates found. Please ensure the provided certificate chain contains PEM encoded certificates, with the leaf cert first."
return false
end
certs = cert_texts.map { |text| OpenSSL::X509::Certificate.new(text) }
host_cert = certs.shift
store = OpenSSL::X509::Store.new
certs.each { |cert| store.add_cert(cert) }
if !store.verify(host_cert)
Puppet.err "Invalid certificate chain provided. Please ensure the provided certificate chain is a valid PEM encoded certificate chain, with the leaf cert first."
return false
end
key = OpenSSL::PKey::RSA.new key_contents
if !host_cert.check_private_key(key)
Puppet.err "Key provided does not match provided leaf cert."
return false
else
return true
end
end
end
|