Puppet Function: complyadm::verify_certs
- Defined in:
-
lib/puppet/functions/complyadm/verify_certs.rb
- Function type:
- Ruby 4.x API
Overview
complyadm::verify_certs(String $cert_chain_contents, String $key_contents) ⇒ Any
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
# File 'lib/puppet/functions/complyadm/verify_certs.rb', line 3
Puppet::Functions.create_function(:'complyadm::verify_certs') do
dispatch :verify do
param 'String', :cert_chain_contents
param 'String', :key_contents
end
def verify(cert_chain_contents, key_contents)
contents = cert_chain_contents
cert_texts = contents.scan(%r{-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----})
if cert_texts.empty?
Puppet.err 'No valid certificates found. Please ensure the provided certificate chain contains PEM encoded certificates, with the leaf cert first.'
return false
end
begin
certs = cert_texts.map { |text| OpenSSL::X509::Certificate.new(text) }
host_cert = certs.shift
store = OpenSSL::X509::Store.new
certs.each { |cert| store.add_cert(cert) }
unless store.verify(host_cert)
Puppet.err 'Invalid certificate chain provided. Please ensure the provided certificate chain is a valid PEM encoded certificate chain, with the leaf cert first.'
return false
end
key = OpenSSL::PKey::RSA.new key_contents
return true unless !host_cert.check_private_key(key)
Puppet.err 'Key provided does not match provided leaf cert.'
false
rescue
Puppet.err 'Invalid certificates found. Please ensure the provided certificate chain contains PEM encoded certificates, with the leaf cert first.'
false
end
end
end
|