Class: Ccrypto::Ruby::X509CSREngine

Inherits:
Object
  • Object
show all
Includes:
TR::CondUtils, TeLogger::TeLogHelper
Defined in:
lib/ccrypto/ruby/engines/x509_csr_engine.rb

Instance Method Summary collapse

Constructor Details

#initialize(csrProfile) ⇒ X509CSREngine

Returns a new instance of X509CSREngine.



28
29
30
 
# File 'lib/ccrypto/ruby/engines/x509_csr_engine.rb', line 28

def initialize(csrProfile)
  @csrProfile = csrProfile
end

Instance Method Details

#generate(privKey, &block) ⇒ Object 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# File 'lib/ccrypto/ruby/engines/x509_csr_engine.rb', line 32

def generate(privKey, &block)

  cp = @csrProfile
  csr = OpenSSL::X509::Request.new
  csr.version = 0
  csr.subject = to_subject(cp)

  case cp.public_key
  when Ccrypto::PublicKey
    pubKey = cp.public_key.native_pubKey
  else
    raise X509CSREngineException, "Public key type '#{cp.public_key.class}' is not supported"
  end

  if pubKey.is_a?(OpenSSL::PKey::EC::Point)
    # ECC patch
    pub = OpenSSL::PKey::EC.new(pubKey.group)
    pub.public_key = pubKey
    csr.public_key = pub
  elsif pubKey.is_a?(String)
    pub = OpenSSL::PKey::EC.new(pubKey)
    csr.public_key = pub
  else
    csr.public_key = pubKey
  end

  exts = []
  exts << OpenSSL::X509::ExtensionFactory.new.create_extension('subjectAltName', "email:#{cp.email.join(",email:")}") if not_empty?(cp.email)
  exts << OpenSSL::X509::ExtensionFactory.new.create_extension('subjectAltName', "IP:#{cp.ip_addr.join(",IP:")}") if not_empty?(cp.ip_addr)
  exts << OpenSSL::X509::ExtensionFactory.new.create_extension('subjectAltName', "DNS:#{cp.dns_name.join(",DNS:")}") if not_empty?(cp.dns_name)
  exts << OpenSSL::X509::ExtensionFactory.new.create_extension('subjectAltName', "URI:#{cp.uri.join(",URI:")}") if not_empty?(cp.uri)

  if not_empty?(cp.custom_extension) and cp.custom_extension.is_a?(Hash)
    teLogger.debug "custom extension"
    cp.custom_extension.each do |k,v|
      case v[:type]
      when :string 
        exts << OpenSSL::X509::Extension.new(k, OpenSSL::ASN1::OctetString.new(v[:value]), v[:critical])
      else
        raise X509CSREngineException, "Unsupported custom extension type #{v[:type]}"
      end
    end
  end


  attrVal = OpenSSL::ASN1::Set [OpenSSL::ASN1::Sequence(exts)]
  csr.add_attribute OpenSSL::X509::Attribute.new('extReq', attrVal)
  csr.add_attribute OpenSSL::X509::Attribute.new('msExtReq', attrVal)

  if not_empty?(cp.additional_attributes) and cp.additional_attributes.is_a?(Hash)
    teLogger.debug "addtinal attributes"
    cp.additional_attributes.each do |k,v|
      case v[:type]
      when :string
        csr.add_attribute OpenSSL::X509::Attribute.new(k, OpenSSL::ASN1::Set.new([OpenSSL::ASN1::OctetString.new(v[:value])]))
      else
        raise X509CSREngineException, "Unknown additional attribute type #{v[:type]}"
      end
    end
  end
 

  case privKey
  when Ccrypto::KeyBundle
    pkey = privKey.private_key.native_privKey
  when Ccrypto::PrivateKey
    pkey = privKey.native_privKey
  else
    raise X509CSREngineException, "Unsupported signing key #{privKey}"
  end
  
  gcsr = csr.sign(pkey, DigestEngine.instance(cp.hashAlgo).native_instance)

  Ccrypto::X509CSR.new(gcsr)

end