Class: CertificateAuthority::SigningRequestKeyMaterial

Inherits:
Object
  • Object
show all
Includes:
ActiveModel::Validations, KeyMaterial
Defined in:
lib/certificate_authority/key_material.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(request = nil) ⇒ SigningRequestKeyMaterial

Returns a new instance of SigningRequestKeyMaterial.

Parameters:

  • request (OpenSSL::X508::Request, OpenSSL::Netscape::SPKI, String) (defaults to: nil)

    a signing request



81
82
83
84
85
86
87
 
# File 'lib/certificate_authority/key_material.rb', line 81

def initialize(request=nil)
  if request.is_a?(OpenSSL::X509::Request) || request.is_a?(OpenSSL::Netscape::SPKI)
    @csr = request
    raise "Invalid certificate signing request" unless @csr.verify(@csr.public_key)
    self.public_key = @csr.public_key
  end
end

Instance Attribute Details

#certificateCertificateAuthority::Certificate (readonly)

Returns:



78
79
80
 
# File 'lib/certificate_authority/key_material.rb', line 78

def certificate
  @certificate
end

#csrOpenSSL::X509::Request, OpenSSL::Netscape::SPKI (readonly)

Returns:

  • (OpenSSL::X509::Request, OpenSSL::Netscape::SPKI) 


77
78
79
 
# File 'lib/certificate_authority/key_material.rb', line 77

def csr
  @csr
end

#public_keyOpenSSL::Pkey::RSA

Returns:

  • (OpenSSL::Pkey::RSA) 


131
132
133
 
# File 'lib/certificate_authority/key_material.rb', line 131

def public_key
  @public_key
end

Instance Method Details

#is_in_hardware?Boolean

Returns:

  • (Boolean) 


116
117
118
 
# File 'lib/certificate_authority/key_material.rb', line 116

def is_in_hardware?
  false
end

#is_in_memory?Boolean

Returns:

  • (Boolean) 


121
122
123
 
# File 'lib/certificate_authority/key_material.rb', line 121

def is_in_memory?
  true
end

#private_keyNilClass

Returns:

  • (NilClass) 


126
127
128
 
# File 'lib/certificate_authority/key_material.rb', line 126

def private_key
  nil
end

#sign_and_certify(root_cert, key, serial_number, options = {}) ⇒ CertificateAuthority::Certificate

Given a root certificate and a key, will generate a signed certificate

Parameters:

  • root_cert (CertificateAuthority::Certificate)

    the parent certificate (CA)

  • key (OpenSSL::Pkey::RSA)

    the private key to sign with

  • serial_number (Integer)

    the serial number for the generated certificate

  • options (Hash{:dn => CertificateAuthority::DistinguishedName, :algorithm => OpenSSL::Digest, :not_after => Time}) (defaults to: {})

    :dn is required for SPKAC signing

Returns:



95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'lib/certificate_authority/key_material.rb', line 95

def sign_and_certify(root_cert, key, serial_number, options = {})
  if csr.is_a? OpenSSL::Netscape::SPKI
    raise "Must pass :dn in options to generate certificates for OpenSSL::Netscape::SPKI requests" unless options[:dn]
  end
  algorithm = options[:algorithm] || OpenSSL::Digest::SHA1.new
  cert = OpenSSL::X509::Certificate.new
  if options[:dn]
    cert.subject = options[:dn].to_x509_name
  else
    cert.subject = csr.subject
  end
  cert.public_key = public_key
  cert.not_before = Time.now
  cert.not_after = options[:not_after] || (Time.now + 100000000)
  cert.issuer = root_cert.subject.to_x509_name
  cert.serial = serial_number
  cert.sign key, algorithm
  @certificate = CertificateAuthority::Certificate.from_openssl cert
end