Class: EaSSL::Certificate

Inherits:
Object
  • Object
show all
Defined in:
lib/eassl/certificate.rb

Overview

Author

Paul Nicholson ([email protected])

Co-Author

Adam Williams ([email protected])

Copyright

Copyright © 2006 WebPower Design

License

Distributes under the same terms as Ruby

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options) ⇒ Certificate

Returns a new instance of Certificate.



9
10
11
12
13
14
15
16
17
# File 'lib/eassl/certificate.rb', line 9

def initialize(options)
  @options = {
    :days_valid       => (365 * 5),
    :signing_request  => nil,               #required
    :ca_certificate   => nil,               #required
    :comment          => "Ruby/OpenSSL/EaSSL Generated Certificate",
    :type             => "server"
  }.update(options)
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method) ⇒ Object

This method is used to intercept and pass-thru calls to openSSL methods and instance variables.



70
71
72
# File 'lib/eassl/certificate.rb', line 70

def method_missing(method)
  ssl.send(method)
end

Class Method Details

.load(pem_file_path) ⇒ Object



74
75
76
# File 'lib/eassl/certificate.rb', line 74

def self.load(pem_file_path)
  new({}).load(File.read(pem_file_path))
end

Instance Method Details

#load(pem_string) ⇒ Object



78
79
80
81
82
83
84
85
# File 'lib/eassl/certificate.rb', line 78

def load(pem_string)
  begin
    @ssl = OpenSSL::X509::Certificate.new(pem_string)
  rescue
    raise "CertificateLoader: Error loading certificate"
  end
  self
end

#sha1_fingerprintObject

Returns a SHA1 fingerprint of the certificate in the OpenSSL style



64
65
66
# File 'lib/eassl/certificate.rb', line 64

def sha1_fingerprint
  Digest::SHA1.hexdigest(ssl.to_der).upcase.gsub(/(..)/, '\1:').chop
end

#sign(ca_key) ⇒ Object



55
56
57
# File 'lib/eassl/certificate.rb', line 55

def sign(ca_key)
  ssl.sign(ca_key.private_key, OpenSSL::Digest::SHA1.new)
end

#sslObject



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# File 'lib/eassl/certificate.rb', line 19

def ssl
  unless @ssl
    @ssl = OpenSSL::X509::Certificate.new
    @ssl.not_before = Time.now
    @ssl.subject = @options[:signing_request].subject
    @ssl.issuer = @options[:ca_certificate]? @options[:ca_certificate].subject :  @ssl.subject
    @ssl.not_after = @ssl.not_before + @options[:days_valid] * 24 * 60 * 60
    @ssl.public_key = @options[:signing_request].public_key
    @ssl.serial = @options[:serial] || 2
    @ssl.version = 2 # X509v3

    ef = OpenSSL::X509::ExtensionFactory.new
    ef.subject_certificate = @ssl
    ef.issuer_certificate = @options[:ca_certificate]? @options[:ca_certificate].ssl : @ssl
    @ssl.extensions = [
      ef.create_extension("basicConstraints","CA:FALSE"),
      ef.create_extension("subjectKeyIdentifier", "hash"),

      ef.create_extension("nsComment", @options[:comment]),
    ]
    # this extension must be added separately, after the others.
    # presumably needs subjectKeyIdentifier to already be in place
    @ssl.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always"))

    if @options[:type] == 'server'
      @ssl.add_extension(ef.create_extension("keyUsage", "digitalSignature,keyEncipherment"))
      @ssl.add_extension(ef.create_extension("extendedKeyUsage", "serverAuth"))
    end
    if @options[:type] == 'client'
      @ssl.add_extension(ef.create_extension("keyUsage", "nonRepudiation,digitalSignature,keyEncipherment"))
      @ssl.add_extension(ef.create_extension("extendedKeyUsage", "clientAuth,emailProtection"))
    end
  end
  @ssl
end

#to_pemObject



59
60
61
# File 'lib/eassl/certificate.rb', line 59

def to_pem
  ssl.to_pem
end