Class: Certify::Authority

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Certify::Authority

Defined in:

app/models/certify/authority.rb

Instance Attribute Summary

• #city ⇒ Object
• #commonname ⇒ Object
• #country ⇒ Object
• #email ⇒ Object
• #organization ⇒ Object
• #state ⇒ Object

Instance Method Summary

• #generate_new_ca ⇒ Object

  builds a new CA.

• #private_key ⇒ Object

  property accessors.

• #root_certificate ⇒ Object
• #subject_hash ⇒ Object

  This method builds the subject hash from the x509 name.

Instance Attribute Details

#city ⇒ Object

# File 'app/models/certify/authority.rb', line 49

def city
  if root_certificate
    subject_hash["L"]
  else
    @city
  end
end

#commonname ⇒ Object

# File 'app/models/certify/authority.rb', line 33

def commonname
  if root_certificate
    subject_hash["CN"]
  else
    @commonname
  end
end

#country ⇒ Object

# File 'app/models/certify/authority.rb', line 65

def country
  if root_certificate
    subject_hash["C"]
  else
    @country
  end
end

#email ⇒ Object

# File 'app/models/certify/authority.rb', line 73

def email
  if root_certificate
    subject_hash["emailAddress"]
  else
    @email
  end
end

#organization ⇒ Object

# File 'app/models/certify/authority.rb', line 41

def organization
  if root_certificate
    subject_hash["O"]
  else
    @organization
  end
end

#state ⇒ Object

# File 'app/models/certify/authority.rb', line 57

def state
  if root_certificate
    subject_hash["ST"]
  else
    @state
  end
end

Instance Method Details

#generate_new_ca ⇒ Object

builds a new CA

# File 'app/models/certify/authority.rb', line 100

def generate_new_ca()
  # generate the root key pair
  root_key = OpenSSL::PKey::RSA.new 2048 # the CA's public/private key
  self.rsakey = root_key.to_pem

  # generate the CA name
  ca_name_str = "/C=#{country}/ST=#{state}/O=#{organization}/L=#{city}/CN=#{commonname}/emailAddress=#{email}"

  # parse the name
  ca_name = OpenSSL::X509::Name.parse  ca_name_str

  # generate the root certificate
  root_ca = OpenSSL::X509::Certificate.new
  root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
  root_ca.serial = 1
  root_ca.subject = ca_name
  root_ca.issuer = root_ca.subject # root CA's are "self-signed"
  root_ca.public_key = root_key.public_key
  root_ca.not_before = Time.now
  root_ca.not_after = root_ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
  ef = OpenSSL::X509::ExtensionFactory.new
  ef.subject_certificate = root_ca
  ef.issuer_certificate = root_ca
  root_ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true))
  root_ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
  root_ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
  root_ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false))
  root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)

  # store the root ca
  self.sslcert = root_ca.to_pem
end

#private_key ⇒ Object

property accessors

# File 'app/models/certify/authority.rb', line 25

def private_key
  OpenSSL::PKey::RSA.new(self.rsakey) if self.rsakey
end

#root_certificate ⇒ Object

# File 'app/models/certify/authority.rb', line 29

def root_certificate
  OpenSSL::X509::Certificate.new(self.sslcert) if self.sslcert
end

#subject_hash ⇒ Object

This method builds the subject hash from the x509 name

# File 'app/models/certify/authority.rb', line 83

def subject_hash
  # get the array from the name
  dataArray = self.root_certificate.subject.to_a

  # create the result hash
  dataHash = Hash.new()

  # go through
  dataArray.each do |item|
    dataHash[item[0]] = item[1]
  end

  # emit
  dataHash
end