Class: CertificateWrapper

Inherits:
Object
  • Object
show all
Defined in:
lib/certie.rb

Constant Summary collapse

@@subject_prefix = 
'/C=AE/ST=Dubai/L=Dubai/O=KNR/OU=Software'

Class Method Summary collapse

Class Method Details

.build(cn) ⇒ Object 



99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'lib/certie.rb', line 99

def self.build(cn)
  load_subject_prefix

  doWeHaveARootCertificate = File.exists? 'ca.cert'
  doWeHaveARootKey = File.exists? 'ca.rsa'

  # TODO: Handle the case where we have only one and not the other (cert and key)
  if not (doWeHaveARootCertificate and doWeHaveARootKey)
    create_certificate
  end

  create_certificate cn
end

.create_certificate(cn = nil) ⇒ Object 



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/certie.rb', line 37

def self.create_certificate(cn=nil)
  if cn.nil?
    cn = "ca"
  end

  subject = @@subject_prefix + '/CN=' + cn
  serial = get_counter_next

  key = OpenSSL::PKey::RSA.new 2048
  File.open "#{cn}.rsa", 'wb' do |myfile|
    myfile.print key.to_pem
  end

  cert = OpenSSL::X509::Certificate.new
  cert.version = 2 #This is v3

  cert.serial = serial

  cert.subject =  OpenSSL::X509::Name.parse subject
  cert.public_key = key.public_key
  cert.not_before = Time.now
  cert.not_after = cert.not_before + (60 * 60 * 24 * 365)

  ef = OpenSSL::X509::ExtensionFactory.new

  if cn == "ca"
    cert.issuer = OpenSSL::X509::Name.parse subject
    ef.subject_certificate = cert
    ef.issuer_certificate = cert
    cert.add_extension ef.create_extension('basicConstraints', 'CA:TRUE', true)
    cert.add_extension ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true)
    cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash', false )
    cert.add_extension ef.create_extension('authorityKeyIdentifier', 'keyid:always', false)

    cert.sign key, OpenSSL::Digest.new('SHA256')

    File.open "#{cn}.cert", 'wb' do |myfile|
      myfile.print cert.to_pem
    end
  else
    rootCert = OpenSSL::X509::Certificate.new File.read 'ca.cert'
    rootKey = OpenSSL::PKey::RSA.new File.read 'ca.rsa'

    cert.issuer = OpenSSL::X509::Name.parse(@@subject_prefix + '/CN=' + 'ca')
    ef.subject_certificate = cert
    ef.issuer_certificate = rootCert
    # cert.add_extension ef.create_extension('keyUsage', 'digitalSignature', true)  # TODO: check if we can set webServer and webClient
    cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash', false )

    cert.sign rootKey, OpenSSL::Digest.new('SHA256')

    File.open "#{cn}.cert", 'wb' do |myfile|
      myfile.print cert.to_pem
    end
  end

  # TODO: Find an alternative to invoking OpenSSL and cat
  `openssl pkcs8 -topk8 -inform pem -in "#{cn}.rsa" -out "#{cn}.key" -nocrypt`
  `cat "#{cn}.cert" "#{cn}.key" > "#{cn}.pem"`
end

.get_counter_nextObject 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/certie.rb', line 16

def self.get_counter_next
  serial = 0
  if File.exists?('serial.txt')
    File.open 'serial.txt', 'r' do |myfile|
      strSerial = myfile.readline
      strSerial.chomp!
      serial = strSerial.to_i
    end
  else
    serial = 0
  end

  serial += 1

  File.open 'serial.txt', 'w' do |myfile|
    myfile.print serial.to_s
  end

  serial
end

.load_subject_prefixObject 



7
8
9
10
11
12
13
14
 
# File 'lib/certie.rb', line 7

def self.load_subject_prefix
  filename = "#{Dir.home}/.certie_subjprefix"
  if File.exists?(filename)
    @@subject_prefix = File.read(filename).chomp!
  else
    File.write(filename, @@subject_prefix)
  end
end