Module: CertAuth

Defined in:

lib/cert_auth.rb,
lib/cert_auth/server.rb

Defined Under Namespace

Classes: Server

Class Attribute Summary

• .ca_root ⇒ Object

  Return the CA Root.

Class Method Summary

• .ca_certificate ⇒ Object

  Return the certificate for the CA.

• .certificate(serial) ⇒ Object

  Return the contents for a certificate.

• .keys ⇒ Object

  Return an array of all keys on this certificate authority.

• .public_root ⇒ Object

  Return the full path to the public folder for the certificate authority.

• .save_csr(contents) ⇒ Object

  Save a new CSR file to the local machine and return the properties.

• .sign(csr_key, passphrase) ⇒ Object

  Sign a certificate and return the serial number.

• .view_csr(key) ⇒ Object

  Return CSR information.

Class Attribute Details

.ca_root ⇒ Object

Return the CA Root

# File 'lib/cert_auth.rb', line 9

def ca_root
  @ca_root
end

Class Method Details

.ca_certificate ⇒ Object

Return the certificate for the CA

# File 'lib/cert_auth.rb', line 45

def ca_certificate
  File.read(File.join(ca_root, 'certs', 'ca.crt'))
end

.certificate(serial) ⇒ Object

Return the contents for a certificate

# File 'lib/cert_auth.rb', line 35

def certificate(serial)
  path = File.join(ca_root, 'newcerts', "#{serial}.pem")
  if File.exist?(path)
    File.read(path)
  else
    false
  end
end

.keys ⇒ Object

Return an array of all keys on this certificate authority. This information is taken from the index.txt file.

# File 'lib/cert_auth.rb', line 24

def keys
  raw = File.read(File.join(ca_root, 'index.txt')).split(/\n/)
  keys = Array.new
  for key in raw
    type, expiry_date, revoke_date, serial, filename, subject = key.split(/\t/)
    keys << {:type => type, :expiry_date => expiry_date.to_i, :revoke_date => revoke_date.to_i, :serial => serial, :subject => subject}
  end
  keys
end

.public_root ⇒ Object

Return the full path to the public folder for the certificate authority.

# File 'lib/cert_auth.rb', line 13

def public_root
  File.expand_path("../../public", __FILE__)
end

.save_csr(contents) ⇒ Object

Save a new CSR file to the local machine and return the properties

# File 'lib/cert_auth.rb', line 50

def save_csr(contents)
  FileUtils.mkdir_p(File.join(ca_root, 'csrs'))
  key = Digest::SHA1.hexdigest([contents, Time.now.to_i].join)
  File.open(File.join(ca_root, 'csrs', key), 'w') { |f| f.write(contents) }
  key
end

.sign(csr_key, passphrase) ⇒ Object

Sign a certificate and return the serial number

# File 'lib/cert_auth.rb', line 69

def sign(csr_key, passphrase)
  csr_path = File.join(ca_root, 'csrs', csr_key)
  if File.exist?(csr_path)
    output = `cd #{ca_root} && openssl ca -passin pass:#{passphrase} -batch -config openssl.conf -policy policy_anything -infiles #{csr_path} 2>&1`
    if $?.success?
      [true, output]
    else
      [false, output]
    end
  else
    false
  end
end

.view_csr(key) ⇒ Object

Return CSR information

# File 'lib/cert_auth.rb', line 58

def view_csr(key)
  path = File.join(ca_root, 'csrs', key)
  if File.exist?(path)
    output = `openssl req -noout -text -in #{path}`
    $?.success? ? output : false
  else
    false
  end
end