Class: CertificateAuthority::SigningRequest
- Inherits:
-
Object
- Object
- CertificateAuthority::SigningRequest
- Defined in:
- lib/certificate_authority/signing_request.rb
Instance Attribute Summary collapse
-
#attributes ⇒ Object
Returns the value of attribute attributes.
-
#digest ⇒ Object
Returns the value of attribute digest.
-
#distinguished_name ⇒ Object
Returns the value of attribute distinguished_name.
-
#key_material ⇒ Object
Returns the value of attribute key_material.
-
#openssl_csr ⇒ Object
Returns the value of attribute openssl_csr.
-
#raw_body ⇒ Object
Returns the value of attribute raw_body.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize ⇒ SigningRequest
constructor
A new instance of SigningRequest.
-
#subject_alternative_names=(alt_names) ⇒ Object
Fake attribute for convenience because adding alternative names on a CSR is remarkably non-trivial.
- #to_cert ⇒ Object
- #to_pem ⇒ Object
- #to_x509_csr ⇒ Object
Constructor Details
#initialize ⇒ SigningRequest
Returns a new instance of SigningRequest.
10 11 12 |
# File 'lib/certificate_authority/signing_request.rb', line 10 def initialize() @attributes = [] end |
Instance Attribute Details
#attributes ⇒ Object
Returns the value of attribute attributes.
8 9 10 |
# File 'lib/certificate_authority/signing_request.rb', line 8 def attributes @attributes end |
#digest ⇒ Object
Returns the value of attribute digest.
7 8 9 |
# File 'lib/certificate_authority/signing_request.rb', line 7 def digest @digest end |
#distinguished_name ⇒ Object
Returns the value of attribute distinguished_name.
3 4 5 |
# File 'lib/certificate_authority/signing_request.rb', line 3 def distinguished_name @distinguished_name end |
#key_material ⇒ Object
Returns the value of attribute key_material.
4 5 6 |
# File 'lib/certificate_authority/signing_request.rb', line 4 def key_material @key_material end |
#openssl_csr ⇒ Object
Returns the value of attribute openssl_csr.
6 7 8 |
# File 'lib/certificate_authority/signing_request.rb', line 6 def openssl_csr @openssl_csr end |
#raw_body ⇒ Object
Returns the value of attribute raw_body.
5 6 7 |
# File 'lib/certificate_authority/signing_request.rb', line 5 def raw_body @raw_body end |
Class Method Details
.from_netscape_spkac(raw_spkac) ⇒ Object
82 83 84 85 86 87 88 89 |
# File 'lib/certificate_authority/signing_request.rb', line 82 def self.from_netscape_spkac(raw_spkac) openssl_spkac = OpenSSL::Netscape::SPKI.new raw_spkac csr = SigningRequest.new csr.raw_body = raw_spkac key_material = SigningRequestKeyMaterial.new key_material.public_key = openssl_spkac.public_key csr end |
.from_x509_csr(raw_csr) ⇒ Object
69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/certificate_authority/signing_request.rb', line 69 def self.from_x509_csr(raw_csr) csr = SigningRequest.new openssl_csr = OpenSSL::X509::Request.new(raw_csr) csr.distinguished_name = DistinguishedName.from_openssl openssl_csr.subject csr.raw_body = raw_csr csr.openssl_csr = openssl_csr csr.attributes = openssl_csr.attributes key_material = SigningRequestKeyMaterial.new key_material.public_key = openssl_csr.public_key csr.key_material = key_material csr end |
Instance Method Details
#subject_alternative_names=(alt_names) ⇒ Object
Fake attribute for convenience because adding alternative names on a CSR is remarkably non-trivial.
16 17 18 19 20 21 22 23 24 25 |
# File 'lib/certificate_authority/signing_request.rb', line 16 def subject_alternative_names=(alt_names) raise "alt_names must be an Array" unless alt_names.is_a?(Array) factory = OpenSSL::X509::ExtensionFactory.new name_list = alt_names.map{|m| "DNS:#{m}"}.join(",") ext = factory.create_ext("subjectAltName",name_list,false) ext_set = OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence([ext])]) attr = OpenSSL::X509::Attribute.new("extReq", ext_set) @attributes << attr end |
#to_cert ⇒ Object
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/certificate_authority/signing_request.rb', line 32 def to_cert cert = Certificate.new if !@distinguished_name.nil? cert.distinguished_name = @distinguished_name end cert.key_material = @key_material if attribute = read_attributes_by_oid('extReq', 'msExtReq') set = OpenSSL::ASN1.decode(attribute.value) seq = set.value.first seq.value.collect { |asn1ext| OpenSSL::X509::Extension.new(asn1ext).to_a }.each do |o, v, c| Certificate::EXTENSIONS.each do |klass| cert.extensions[klass::OPENSSL_IDENTIFIER] = klass.parse(v, c) if v && klass::OPENSSL_IDENTIFIER == o end end end cert end |
#to_pem ⇒ Object
50 51 52 |
# File 'lib/certificate_authority/signing_request.rb', line 50 def to_pem to_x509_csr.to_pem end |
#to_x509_csr ⇒ Object
54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/certificate_authority/signing_request.rb', line 54 def to_x509_csr raise "Must specify a DN/subject on csr" if @distinguished_name.nil? raise "Invalid DN in request" unless @distinguished_name.valid? raise "CSR must have key material" if @key_material.nil? raise "CSR must include a public key on key material" if @key_material.public_key.nil? raise "Need a private key on key material for CSR generation" if @key_material.private_key.nil? opensslcsr = OpenSSL::X509::Request.new opensslcsr.subject = @distinguished_name.to_x509_name opensslcsr.public_key = @key_material.public_key opensslcsr.attributes = @attributes unless @attributes.nil? opensslcsr.sign @key_material.private_key, OpenSSL::Digest.new(@digest || "SHA512") opensslcsr end |