HEX
Server: Apache
System: Linux vpshost0650.publiccloud.com.br 4.4.79-grsec-1.lc.x86_64 #1 SMP Wed Aug 2 14:18:21 -03 2017 x86_64
User: bandeirantesbomb3 (10068)
PHP: 8.0.7
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /proc/self/root/proc/self/root/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/
Upload Files
File: //proc/self/root/proc/self/root/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/ssl/base.rb
require 'openssl'
require 'puppet/ssl'
require 'puppet/ssl/digest'
require 'puppet/util/ssl'

# The base class for wrapping SSL instances.
class Puppet::SSL::Base
  # For now, use the YAML separator.
  SEPARATOR = "\n---\n"

  # Only allow printing ascii characters, excluding /
  VALID_CERTNAME = /\A[ -.0-~]+\Z/

  def self.from_multiple_s(text)
    text.split(SEPARATOR).collect { |inst| from_s(inst) }
  end

  def self.to_multiple_s(instances)
    instances.collect { |inst| inst.to_s }.join(SEPARATOR)
  end

  def self.wraps(klass)
    @wrapped_class = klass
  end

  def self.wrapped_class
    raise(Puppet::DevError, _("%{name} has not declared what class it wraps") % { name: self }) unless defined?(@wrapped_class)
    @wrapped_class
  end

  def self.validate_certname(name)
    raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME
  end

  attr_accessor :name, :content

  # Is this file for the CA?
  def ca?
    name == Puppet::SSL::Host.ca_name
  end

  def generate
    raise Puppet::DevError, _("%{class_name} did not override 'generate'") % { class_name: self.class }
  end

  def initialize(name)
    @name = name.to_s.downcase
    self.class.validate_certname(@name)
  end

  ##
  # name_from_subject extracts the common name attribute from the subject of an
  # x.509 certificate certificate
  #
  # @api private
  #
  # @param [OpenSSL::X509::Name] subject The full subject (distinguished name) of the x.509
  #   certificate.
  #
  # @return [String] the name (CN) extracted from the subject.
  def self.name_from_subject(subject)
    Puppet::Util::SSL.cn_from_subject(subject)
  end

  # Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
  def self.from_instance(instance, name = nil)
    unless instance.is_a?(wrapped_class)
      raise ArgumentError, _("Object must be an instance of %{class_name}, %{actual_class} given") %
          { class_name: wrapped_class, actual_class: instance.class }
    end
    if name.nil? and !instance.respond_to?(:subject)
      raise ArgumentError, _("Name must be supplied if it cannot be determined from the instance")
    end

    name ||= name_from_subject(instance.subject)
    result = new(name)
    result.content = instance
    result
  end

  # Convert a string into an instance
  def self.from_s(string, name = nil)
    instance = wrapped_class.new(string)
    from_instance(instance, name)
  end

  # Read content from disk appropriately.
  def read(path)
    # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest, Puppet::SSL::CertificateRevocationList
    # Puppet::SSL::Key uses this, but also provides its own override
    # nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
    # Puppet::SSL::Certificate::DisabledCa (:find, :save, :destroy)
    # Puppet::Indirector::CertificateStatus::File (.indirection.find)
    # Puppet::Network::HTTP::WEBrick (.indirection.find)
    # Puppet::Network::HTTP::RackREST (.from_instance)
    # Puppet::Network::HTTP::WEBrickREST (.from_instance)
    # Puppet::SSL::CertificateAuthority (.new, .indirection.find, .indirection.save)
    # Puppet::SSL::Host (.indirection.find)
    # Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
    # Puppet::SSL::CertificateAuthority::Interface (.indirection.find)
    # Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
    @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
  end

  # Convert our thing to pem.
  def to_s
    return "" unless content
    content.to_pem
  end

  def to_data_hash
    to_s
  end

  # Provide the full text of the thing we're dealing with.
  def to_text
    return "" unless content
    content.to_text
  end

  def fingerprint(md = :SHA256)
    mds = md.to_s.upcase
    digest(mds).to_hex
  end

  def digest(algorithm=nil)
    unless algorithm
      algorithm = digest_algorithm
    end

    Puppet::SSL::Digest.new(algorithm, content.to_der)
  end

  def digest_algorithm
    # The signature_algorithm on the X509 cert is a combination of the digest
    # algorithm and the encryption algorithm
    # e.g. md5WithRSAEncryption, sha256WithRSAEncryption
    # Unfortunately there isn't a consistent pattern
    # See RFCs 3279, 5758
    digest_re = Regexp.union(
      /ripemd160/i,
      /md[245]/i,
      /sha\d*/i
    )
    ln = content.signature_algorithm
    if match = digest_re.match(ln)
      match[0].downcase
    else
      raise Puppet::Error, _("Unknown signature algorithm '%{ln}'") % { ln: ln }
    end
  end

  private

  def wrapped_class
    self.class.wrapped_class
  end
end
@ Telegram