Module: IRC::SSLUtils

Defined in:

lib/failirc/sslutils.rb

Class Method Summary

• .context(cert, key) ⇒ Object
• .selfSignedCertificate(bits, comment) ⇒ Object

Class Method Details

.context(cert, key) ⇒ Object

# File 'lib/failirc/sslutils.rb', line 56

def self.context (cert, key)
    context = OpenSSL::SSL::SSLContext.new

    if !cert
        comment   = 'Generated by Ruby/OpenSSL'
        cert, key = self.selfSignedCertificate(1024, comment)
    else
        cert = OpenSSL::X509::Certificate.new(cert.is_a?(File) ? cert.read : File.read(cert))
        key  = OpenSSL::PKey::RSA.new(key.is_a?(File) ? key.read : File.read(key))
    end

    context.cert = cert
    context.key  = key

    return context
end

.selfSignedCertificate(bits, comment) ⇒ Object

# File 'lib/failirc/sslutils.rb', line 25

def self.selfSignedCertificate (bits, comment)
    rsa = OpenSSL::PKey::RSA.new(bits)
  
    cert            = OpenSSL::X509::Certificate.new
    cert.version    = 3
    cert.serial     = 0
    name            = OpenSSL::X509::Name.new
    cert.subject    = name
    cert.issuer     = name
    cert.not_before = Time.now
    cert.not_after  = Time.now + (365*24*60*60)
    cert.public_key = rsa.public_key
  
    ef                    = OpenSSL::X509::ExtensionFactory.new(nil, cert)
    ef.issuer_certificate = cert
  
    cert.extensions = [
        ef.create_extension('basicConstraints', 'CA:FALSE'),
        ef.create_extension('keyUsage', 'keyEncipherment'),
        ef.create_extension('subjectKeyIdentifier', 'hash'),
        ef.create_extension('extendedKeyUsage', 'serverAuth'),
        ef.create_extension('nsComment', comment),
    ]
  
    aki = ef.create_extension('authorityKeyIdentifier', 'keyid:always,issuer:always')
    cert.add_extension(aki)
    cert.sign(rsa, OpenSSL::Digest::SHA1.new)
  
    return [cert, rsa]
end