1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
# Take care of signing a certificate in a FIPS 140-2 compliant manner.
#
# @see https://projects.puppetlabs.com/issues/17295
#
# @api private
class Puppet::SSL::CertificateSigner
# @!attribute [r] digest
# @return [OpenSSL::Digest]
attr_reader :digest
def initialize
if OpenSSL::Digest.const_defined?('SHA256')
@digest = OpenSSL::Digest::SHA256
elsif OpenSSL::Digest.const_defined?('SHA1')
@digest = OpenSSL::Digest::SHA1
elsif OpenSSL::Digest.const_defined?('SHA512')
@digest = OpenSSL::Digest::SHA512
elsif OpenSSL::Digest.const_defined?('SHA384')
@digest = OpenSSL::Digest::SHA384
elsif OpenSSL::Digest.const_defined?('SHA224')
@digest = OpenSSL::Digest::SHA224
else
raise Puppet::Error,
"No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
end
@digest
end
# Sign a certificate signing request (CSR) with a private key.
#
# @param [OpenSSL::X509::Request] content The CSR to sign
# @param [OpenSSL::X509::PKey] key The private key to sign with
#
# @api private
def sign(content, key)
content.sign(key, @digest.new)
end
end
|
