Puppet Function: openssl::cert_aia_caissuers
- Defined in:
- lib/puppet/functions/openssl/cert_aia_caissuers.rb
- Function type:
- Ruby 4.x API
Summary
Extrating the caIssuers entry from Authority Information Access extension of X509 certificateOverview
Extract a X509 certificate for x509v3 extensions, search for Authority Information Access extension and return the contents caIssuers access method. For details see [rfc5280#section-4.2.2](tools.ietf.org/html/rfc5280#section-4.2.2).
Parameter: path to ssl certificate
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/puppet/functions/openssl/cert_aia_caissuers.rb', line 11 Puppet::Functions.create_function(:'openssl::cert_aia_caissuers') do # @param certfile Path to the certificate to inspect # # @return contents of the caIssuers access method of authorityInfoAccess extension, or nil if not found # dispatch :ca_issuers do param 'String', :certfile end def ca_issuers(certfile) value = nil require 'openssl' # parsing the certificate cert = OpenSSL::X509::Certificate.new(File.read(certfile)) # iterating over all extensions cert.extensions.each do |ext| # decoding the extension and looking into it data = OpenSSL::ASN1.decode_all(ext) data.entries.each do |access_description| # skip to next extension unless AIA found next unless access_description.entries[0].value == 'authorityInfoAccess' # decode AIA content = OpenSSL::ASN1.decode_all(access_description.entries[1].value) content.entries.each do |aia| aia.entries.each do |aia_access_description| value = aia_access_description.entries[1].value if aia_access_description.entries[0].value == 'caIssuers' end end end end value rescue StandardError => e warn "Function cert_aia_caissuers failed to evaluate on #{certfile}. Caused by #{e}" value end end |