Class: CertificateAuthority::SigningRequest

Inherits:

Object

• Object
• CertificateAuthority::SigningRequest

Defined in:

lib/certificate_authority/signing_request.rb

Instance Attribute Summary

• #attributes ⇒ Object

  Returns the value of attribute attributes.

• #digest ⇒ Object

  Returns the value of attribute digest.

• #distinguished_name ⇒ Object

  Returns the value of attribute distinguished_name.

• #key_material ⇒ Object

  Returns the value of attribute key_material.

• #openssl_csr ⇒ Object

  Returns the value of attribute openssl_csr.

• #raw_body ⇒ Object

  Returns the value of attribute raw_body.

Class Method Summary

• .from_netscape_spkac(raw_spkac) ⇒ Object
• .from_x509_csr(raw_csr) ⇒ Object

Instance Method Summary

• #initialize ⇒ SigningRequest constructor

  A new instance of SigningRequest.

• #subject_alternative_names=(alt_names) ⇒ Object

  Fake attribute for convenience because adding alternative names on a CSR is remarkably non-trivial.

• #to_cert ⇒ Object
• #to_pem ⇒ Object
• #to_x509_csr ⇒ Object

Constructor Details

#initialize ⇒ SigningRequest

Returns a new instance of SigningRequest.

# File 'lib/certificate_authority/signing_request.rb', line 10

def initialize()
  @attributes = []
end

Instance Attribute Details

#attributes ⇒ Object

Returns the value of attribute attributes.

# File 'lib/certificate_authority/signing_request.rb', line 8

def attributes
  @attributes
end

#digest ⇒ Object

Returns the value of attribute digest.

# File 'lib/certificate_authority/signing_request.rb', line 7

def digest
  @digest
end

#distinguished_name ⇒ Object

Returns the value of attribute distinguished_name.

# File 'lib/certificate_authority/signing_request.rb', line 3

def distinguished_name
  @distinguished_name
end

#key_material ⇒ Object

Returns the value of attribute key_material.

# File 'lib/certificate_authority/signing_request.rb', line 4

def key_material
  @key_material
end

#openssl_csr ⇒ Object

Returns the value of attribute openssl_csr.

# File 'lib/certificate_authority/signing_request.rb', line 6

def openssl_csr
  @openssl_csr
end

#raw_body ⇒ Object

Returns the value of attribute raw_body.

# File 'lib/certificate_authority/signing_request.rb', line 5

def raw_body
  @raw_body
end

Class Method Details

.from_netscape_spkac(raw_spkac) ⇒ Object

# File 'lib/certificate_authority/signing_request.rb', line 82

def self.from_netscape_spkac(raw_spkac)
  openssl_spkac = OpenSSL::Netscape::SPKI.new raw_spkac
  csr = SigningRequest.new
  csr.raw_body = raw_spkac
  key_material = SigningRequestKeyMaterial.new
  key_material.public_key = openssl_spkac.public_key
  csr
end

.from_x509_csr(raw_csr) ⇒ Object

# File 'lib/certificate_authority/signing_request.rb', line 69

def self.from_x509_csr(raw_csr)
  csr = SigningRequest.new
  openssl_csr = OpenSSL::X509::Request.new(raw_csr)
  csr.distinguished_name = DistinguishedName.from_openssl openssl_csr.subject
  csr.raw_body = raw_csr
  csr.openssl_csr = openssl_csr
  csr.attributes = openssl_csr.attributes
  key_material = SigningRequestKeyMaterial.new
  key_material.public_key = openssl_csr.public_key
  csr.key_material = key_material
  csr
end

Instance Method Details

#subject_alternative_names=(alt_names) ⇒ Object

Fake attribute for convenience because adding alternative names on a CSR is remarkably non-trivial.

# File 'lib/certificate_authority/signing_request.rb', line 16

def subject_alternative_names=(alt_names)
  raise "alt_names must be an Array" unless alt_names.is_a?(Array)

  factory = OpenSSL::X509::ExtensionFactory.new
  name_list = alt_names.map{|m| "DNS:#{m}"}.join(",")
  ext = factory.create_ext("subjectAltName",name_list,false)
  ext_set = OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence([ext])])
  attr = OpenSSL::X509::Attribute.new("extReq", ext_set)
  @attributes << attr
end

#to_cert ⇒ Object

# File 'lib/certificate_authority/signing_request.rb', line 32

def to_cert
  cert = Certificate.new
  if !@distinguished_name.nil?
    cert.distinguished_name = @distinguished_name
  end
  cert.key_material = @key_material
  if attribute = read_attributes_by_oid('extReq', 'msExtReq')
    set = OpenSSL::ASN1.decode(attribute.value)
    seq = set.value.first
    seq.value.collect { |asn1ext| OpenSSL::X509::Extension.new(asn1ext).to_a }.each do |o, v, c|
     Certificate::EXTENSIONS.each do |klass|
        cert.extensions[klass::OPENSSL_IDENTIFIER] = klass.parse(v, c) if v && klass::OPENSSL_IDENTIFIER == o
      end
    end
  end
  cert
end

#to_pem ⇒ Object

# File 'lib/certificate_authority/signing_request.rb', line 50

def to_pem
  to_x509_csr.to_pem
end

#to_x509_csr ⇒ Object

# File 'lib/certificate_authority/signing_request.rb', line 54

def to_x509_csr
  raise "Must specify a DN/subject on csr" if @distinguished_name.nil?
  raise "Invalid DN in request" unless @distinguished_name.valid?
  raise "CSR must have key material" if @key_material.nil?
  raise "CSR must include a public key on key material" if @key_material.public_key.nil?
  raise "Need a private key on key material for CSR generation" if @key_material.private_key.nil?

  opensslcsr = OpenSSL::X509::Request.new
  opensslcsr.subject = @distinguished_name.to_x509_name
  opensslcsr.public_key = @key_material.public_key
  opensslcsr.attributes = @attributes unless @attributes.nil?
  opensslcsr.sign @key_material.private_key, OpenSSL::Digest.new(@digest || "SHA512")
  opensslcsr
end