Class: DevPKI::CA

Inherits:

Object

• Object
• DevPKI::CA

Defined in:

lib/devpki/ca.rb

Instance Attribute Summary

• #id ⇒ Object

  Returns the value of attribute id.

• #sqlite_db ⇒ Object

  Returns the value of attribute sqlite_db.

Class Method Summary

• .db_path(id) ⇒ Object

  Returns the path to a CA database.

• .delete(id) ⇒ Object
• .exists?(id) ⇒ Boolean

  Checks if CA with given ID exists.

• .init(id, name = nil, parent_ca_id = nil) ⇒ Object

  Initializes an empty CA database and generates a certificate for self.

Instance Method Summary

• #initialize(id = 0) ⇒ CA constructor

  A new instance of CA.

Constructor Details

#initialize(id = 0) ⇒ CA

Returns a new instance of CA.

Raises:

• (CADBError)

# File 'lib/devpki/ca.rb', line 13

def initialize(id=0)
  raise CADBError.new("CA ##{id} does not exist. It must be initialized first.") if not DevPKI::CA.exists?(id)

  @sqlite_db = SQLite3::Database.open(DevPKI::CA.db_path(id))
  @id = id
end

Instance Attribute Details

#id ⇒ Object

Returns the value of attribute id.

# File 'lib/devpki/ca.rb', line 11

def id
  @id
end

#sqlite_db ⇒ Object

Returns the value of attribute sqlite_db.

# File 'lib/devpki/ca.rb', line 10

def sqlite_db
  @sqlite_db
end

Class Method Details

.db_path(id) ⇒ Object

Returns the path to a CA database

# File 'lib/devpki/ca.rb', line 117

def self.db_path(id)
  DevPKI::DataDirectory::absolute_path_for("ca_#{id}.db")
end

.delete(id) ⇒ Object

Raises:

• (InvalidOption)

# File 'lib/devpki/ca.rb', line 20

def self.delete(id)
  raise InvalidOption.new("CA with ID #{id} does not exist.") if not self.exists?(id)
  File.delete self.db_path(id)
end

.exists?(id) ⇒ Boolean

Checks if CA with given ID exists

Returns:

• (Boolean)

# File 'lib/devpki/ca.rb', line 112

def self.exists?(id)
  File.exists?(self.db_path(id))
end

.init(id, name = nil, parent_ca_id = nil) ⇒ Object

Initializes an empty CA database and generates a certificate for self

Raises:

• (InvalidOption)

# File 'lib/devpki/ca.rb', line 26

def self.init(id, name=nil, parent_ca_id=nil)
  raise InvalidOption.new("CA with ID #{id} already exists!") if self.exists?(id)
  raise InvalidOption.new("Parent CA with ID #{id} does not exist!") if parent_ca_id != nil and not self.exists?(parent_ca_id)

  db = SQLite3::Database.new(self.db_path(id))

  sql = "    create table certificates (\n      id integer primary key autoincrement,\n      private_key_id integer not null,\n      pem text,\n\n      FOREIGN KEY(private_key_id) REFERENCES private_keys(id)\n    );\n\n    create table private_keys (\n      id integer primary key autoincrement,\n      pem text\n    );\n  SQL\n\n  db.execute_batch(sql)\n\n  if parent_ca_id != nil\n    raise InvalidOption.new(\"Parent CA with ID \#{id} does not exist!\") if not self.exists?(parent_ca_id)\n    puts \"Exists: \#{self.exists?(parent_ca_id)}\"\n    parent_db = SQLite3::Database.open(self.db_path(parent_ca_id))\n\n    parent_ca_raw = parent_db.get_first_value( \"select pem from certificates\" )\n    parent_key_raw = parent_db.get_first_value( \"select pem from private_keys\" )\n\n    parent_ca_cert = OpenSSL::X509::Certificate.new parent_ca_raw\n    parent_ca_key = OpenSSL::PKey::RSA.new parent_key_raw\n  end\n\n  key = OpenSSL::PKey::RSA.new(2048)\n  public_key = key.public_key\n\n  name ||= \"Generic DevPKI CA #\#{id}\"\n  subject = \"/CN=\#{name}\"\n\n  cert = OpenSSL::X509::Certificate.new\n  cert.subject = OpenSSL::X509::Name.parse(subject)\n  if parent_ca_id == nil\n    cert.issuer = cert.subject\n  else\n    cert.issuer = parent_ca_cert.subject\n  end\n  cert.not_before = Time.now\n  cert.not_after = Time.now + 2 * 365 * 24 * 60 * 60\n  cert.public_key = public_key\n  cert.serial = Random.rand(1..100000)\n  cert.version = 2\n\n  ef = OpenSSL::X509::ExtensionFactory.new\n  ef.subject_certificate = cert\n\n  if parent_ca_id == nil\n    ef.issuer_certificate = cert\n  else\n    ef.issuer_certificate = parent_ca_cert\n  end\n\n  cert.extensions = [\n    ef.create_extension(\"basicConstraints\",\"CA:TRUE\", true),\n    ef.create_extension(\"subjectKeyIdentifier\", \"hash\"),\n  ]\n  cert.add_extension ef.create_extension(\"authorityKeyIdentifier\",\n                                         \"keyid:always,issuer:always\")\n\n  if parent_ca_id == nil\n    cert.sign key, OpenSSL::Digest::SHA512.new\n  else\n    cert.sign parent_ca_key, OpenSSL::Digest::SHA512.new\n  end\n\n  db.execute( \"INSERT INTO private_keys (pem) VALUES ( ? )\", key.to_pem )\n  private_key_id = db.last_insert_row_id\n\n  db.execute( \"INSERT INTO certificates (private_key_id, pem) VALUES ( ?, ? )\", private_key_id, cert.to_pem)\n\n  puts key.to_pem\n  puts cert.to_pem\nend\n"