6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
# File 'lib/devcert/genca.rb', line 6
def self.generate_ca(common_name, output_dir, key_type, rsa_key_size,
ec_key_size, validity)
defaults = ::DevCert::Util.get_defaults
ca_key = nil
public_key = nil
if key_type == 'rsa'
ca_key, public_key = ::DevCert::Util.generate_rsa_key(rsa_key_size)
elsif key_type == 'ec'
ca_key, public_key = ::DevCert::Util.generate_ec_key(ec_key_size.to_i)
else
raise 'Unsupported key type/size'
end
ca_name = ::OpenSSL::X509::Name.new(
[
['CN', common_name],
['O', defaults[:organization]],
['C', defaults[:country]],
['ST', defaults[:state_name]],
['L', defaults[:locality]]
]
)
ca_cert = ::OpenSSL::X509::Certificate.new
ca_cert.serial = ::DevCert::Util.generate_serial
ca_cert.version = 2
ca_cert.not_before = ::Time.now
ca_cert.not_after = ::Time.now + 60 * 60 * 24 * validity
ca_cert.public_key = public_key
ca_cert.subject = ca_name
ca_cert.issuer = ca_name
extension_factory = ::OpenSSL::X509::ExtensionFactory.new
extension_factory.subject_certificate = ca_cert
extension_factory.issuer_certificate = ca_cert
ca_cert.add_extension(
extension_factory.create_extension(
'subjectKeyIdentifier',
'hash'
)
)
ca_cert.add_extension(
extension_factory.create_extension(
'basicConstraints',
'CA:TRUE,pathlen:0',
true
)
)
ca_cert.add_extension(
extension_factory.create_extension(
'keyUsage',
'digitalSignature,cRLSign,keyCertSign',
true
)
)
ca_cert.add_extension(
extension_factory.create_extension(
'extendedKeyUsage',
'serverAuth,clientAuth'
)
)
ca_cert.sign(ca_key, ::OpenSSL::Digest::SHA256.new)
bundle_path = ::File.join(
output_dir,
"#{::DevCert::Util.normalize_name(common_name)}.devcert"
)
::DevCert::Util.save_bundle(bundle_path, common_name, ca_key, ca_cert)
puts "devcert bundle: #{bundle_path}"
end
|