(PUP-2995) Proposal for processing an external OID mapping file for

resolving custom trusted OIDs This patch is a proposal that allows custom OIDs used in trusted facts to be resolved into user-friendly names that can be used in puppet manifests. For instance a mapping file such as ``` --- oid_mapping: - ['1.3.6.1.4.1.34380.1.2.1.1', 'shortname', 'Long name'] - ['1.3.6.1.4.1.34380.1.2.1.2', 'othershortname', 'Other Long name'] ``` could be used to obtain `$trusted[extensions][shortname]`. Before deciding to submit this proposal, we had written a custom puppet function that does quite the same (`$mapped_trusted = oid_to_name($trusted, '/etc/puppet/trusted_oid_mapping.yaml')`) but we realize that other sites could need this feature. _Note_: I couldn't achieve to add a configuration option for this as the `puppet/ssl/oids` library seems to be loaded very early and I don't have more time to dig deeper.
ccin2p3 · Jul 31, 2014 · e6c7e5f · e6c7e5f
1 parent 92c539f
commit e6c7e5f
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/lib/puppet/ssl/oids.rb b/lib/puppet/ssl/oids.rb
@@ -25,6 +25,8 @@
 # @api private
 module Puppet::SSL::Oids
 
+  EXTERNAL_OID_DEFINITION_FILE = '/etc/puppet/ssl_trusted_oid_mapping.yaml'
+
   PUPPET_OIDS = [
     ["1.3.6.1.4.1.34380", 'puppetlabs', 'Puppet Labs'],
     ["1.3.6.1.4.1.34380.1", 'ppCertExt', 'Puppet Certificate Extension'],
@@ -43,6 +45,18 @@ module Puppet::SSL::Oids
     OpenSSL::ASN1::ObjectId.register(*oid_defn)
   end
 
+  # Process external oid definition file if present
+  if File.exists?(EXTERNAL_OID_DEFINITION_FILE)
+    begin
+      mapping = YAML.load_file(EXTERNAL_OID_DEFINITION_FILE)['oid_mapping']
+      mapping.each do |oid_defn|
+        OpenSSL::ASN1::ObjectId.register(*oid_defn)
+      end
+    rescue
+      # Do nothing
+    end
+  end
+
   # Determine if the first OID contains the second OID
   #
   # @param first [String] The containing OID, in dotted form or as the short name