Class: EaSSL::Certificate
- Inherits:
-
Object
- Object
- EaSSL::Certificate
- Defined in:
- lib/eassl/certificate.rb
Overview
- Author
-
Paul Nicholson ([email protected])
- Co-Author
-
Adam Williams ([email protected])
- Copyright
-
Copyright © 2006 WebPower Design
- License
-
Distributes under the same terms as Ruby
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(options) ⇒ Certificate
constructor
A new instance of Certificate.
- #load(pem_string) ⇒ Object
-
#method_missing(method) ⇒ Object
This method is used to intercept and pass-thru calls to openSSL methods and instance variables.
-
#sha1_fingerprint ⇒ Object
Returns a SHA1 fingerprint of the certificate in the OpenSSL style.
- #sign(ca_key) ⇒ Object
- #ssl ⇒ Object
- #to_pem ⇒ Object
Constructor Details
#initialize(options) ⇒ Certificate
Returns a new instance of Certificate.
9 10 11 12 13 14 15 16 17 |
# File 'lib/eassl/certificate.rb', line 9 def initialize() @options = { :days_valid => (365 * 5), :signing_request => nil, #required :ca_certificate => nil, #required :comment => "Ruby/OpenSSL/EaSSL Generated Certificate", :type => "server" }.update() end |
Dynamic Method Handling
This class handles dynamic methods through the method_missing method
#method_missing(method) ⇒ Object
This method is used to intercept and pass-thru calls to openSSL methods and instance variables.
70 71 72 |
# File 'lib/eassl/certificate.rb', line 70 def method_missing(method) ssl.send(method) end |
Class Method Details
.load(pem_file_path) ⇒ Object
74 75 76 |
# File 'lib/eassl/certificate.rb', line 74 def self.load(pem_file_path) new({}).load(File.read(pem_file_path)) end |
Instance Method Details
#load(pem_string) ⇒ Object
78 79 80 81 82 83 84 85 |
# File 'lib/eassl/certificate.rb', line 78 def load(pem_string) begin @ssl = OpenSSL::X509::Certificate.new(pem_string) rescue raise "CertificateLoader: Error loading certificate" end self end |
#sha1_fingerprint ⇒ Object
Returns a SHA1 fingerprint of the certificate in the OpenSSL style
64 65 66 |
# File 'lib/eassl/certificate.rb', line 64 def sha1_fingerprint Digest::SHA1.hexdigest(ssl.to_der).upcase.gsub(/(..)/, '\1:').chop end |
#sign(ca_key) ⇒ Object
55 56 57 |
# File 'lib/eassl/certificate.rb', line 55 def sign(ca_key) ssl.sign(ca_key.private_key, OpenSSL::Digest::SHA1.new) end |
#ssl ⇒ Object
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/eassl/certificate.rb', line 19 def ssl unless @ssl @ssl = OpenSSL::X509::Certificate.new @ssl.not_before = Time.now @ssl.subject = @options[:signing_request].subject @ssl.issuer = @options[:ca_certificate]? @options[:ca_certificate].subject : @ssl.subject @ssl.not_after = @ssl.not_before + @options[:days_valid] * 24 * 60 * 60 @ssl.public_key = @options[:signing_request].public_key @ssl.serial = @options[:serial] || 2 @ssl.version = 2 # X509v3 ef = OpenSSL::X509::ExtensionFactory.new ef.subject_certificate = @ssl ef.issuer_certificate = @options[:ca_certificate]? @options[:ca_certificate].ssl : @ssl @ssl.extensions = [ ef.create_extension("basicConstraints","CA:FALSE"), ef.create_extension("subjectKeyIdentifier", "hash"), ef.create_extension("nsComment", @options[:comment]), ] # this extension must be added separately, after the others. # presumably needs subjectKeyIdentifier to already be in place @ssl.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")) if @options[:type] == 'server' @ssl.add_extension(ef.create_extension("keyUsage", "digitalSignature,keyEncipherment")) @ssl.add_extension(ef.create_extension("extendedKeyUsage", "serverAuth")) end if @options[:type] == 'client' @ssl.add_extension(ef.create_extension("keyUsage", "nonRepudiation,digitalSignature,keyEncipherment")) @ssl.add_extension(ef.create_extension("extendedKeyUsage", "clientAuth,emailProtection")) end end @ssl end |
#to_pem ⇒ Object
59 60 61 |
# File 'lib/eassl/certificate.rb', line 59 def to_pem ssl.to_pem end |