Puppet Function: validate_x509_rsa_key_pair
- Defined in:
- puppet/modules/stdlib/lib/puppet/parser/functions/validate_x509_rsa_key_pair.rb
- Function type:
- Ruby 3.x API
Overview
Validates a PEM-formatted X.509 certificate and RSA private key using OpenSSL. Verifies that the certficate's signature was created from the supplied key.
Fail compilation if any value fails this check.
validate_x509_rsa_key_pair($cert, $key)
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'puppet/modules/stdlib/lib/puppet/parser/functions/validate_x509_rsa_key_pair.rb', line 3 newfunction(:validate_x509_rsa_key_pair, :doc => <<-ENDHEREDOC Validates a PEM-formatted X.509 certificate and RSA private key using OpenSSL. Verifies that the certficate's signature was created from the supplied key. Fail compilation if any value fails this check. validate_x509_rsa_key_pair($cert, $key) ENDHEREDOC ) do |args| require 'openssl' NUM_ARGS = 2 unless defined? NUM_ARGS unless args.length == NUM_ARGS then raise Puppet::ParseError, ("validate_x509_rsa_key_pair(): wrong number of arguments (#{args.length}; must be #{NUM_ARGS})") end args.each do |arg| unless arg.is_a?(String) raise Puppet::ParseError, "#{arg.inspect} is not a string." end end begin cert = OpenSSL::X509::Certificate.new(args[0]) rescue OpenSSL::X509::CertificateError => e raise Puppet::ParseError, "Not a valid x509 certificate: #{e}" end begin key = OpenSSL::PKey::RSA.new(args[1]) rescue OpenSSL::PKey::RSAError => e raise Puppet::ParseError, "Not a valid RSA key: #{e}" end unless cert.verify(key) raise Puppet::ParseError, "Certificate signature does not match supplied key" end end |