Class: SCEP::Keypair

Inherits:

Object

• Object
• SCEP::Keypair

Defined in:

lib/scep/keypair.rb

Overview

A public / private keypair

Defined Under Namespace

Classes: UnsupportedCryptosystem

Constant Summary

SUPPORTED_CRYPTOSYSTEMS =

The various cryptosystems we support. Used mostly for ruby 1.8.7, which cannot automatically determine which cryptosystem is being used.

[
  OpenSSL::PKey::RSA,
  OpenSSL::PKey::DSA,
  OpenSSL::PKey::EC,
  OpenSSL::PKey::DH
]

Instance Attribute Summary

• #certificate ⇒ OpenSSL::X509::Certificate (also: #cert)
• #private_key ⇒ OpenSSL::PKey

Class Method Summary

• .read(certificate_filepath, private_key_filepath, private_key_passphrase = nil) ⇒ Keypair

  Loads a keypair from a file.

• .read_private_key(encoded_key, passphrase = nil) ⇒ Object protected

  Reads a DER or PEM encoded private key that is one of the SUPPORTED_CRYPTOSYSTEMS.

Instance Method Summary

• #initialize(certificate, private_key) ⇒ Keypair constructor

  A new instance of Keypair.

Constructor Details

#initialize(certificate, private_key) ⇒ Keypair

Returns a new instance of Keypair.

Raises:

• (ArgumentError)

# File 'lib/scep/keypair.rb', line 21

def initialize(certificate, private_key)
  raise ArgumentError, '`certificate` must be an OpenSSL::X509::Certificate' unless
    certificate.is_a?(OpenSSL::X509::Certificate)

  unless certificate.check_private_key(private_key)
    raise ArgumentError, '`private_key` does not match `certificate`'
  end

  @certificate = certificate
  @private_key = private_key
end

Instance Attribute Details

#certificate ⇒ OpenSSL::X509::Certificate Also known as: cert

Returns:

• (OpenSSL::X509::Certificate)

# File 'lib/scep/keypair.rb', line 15

def certificate
  @certificate
end

#private_key ⇒ OpenSSL::PKey

Returns:

• (OpenSSL::PKey)

# File 'lib/scep/keypair.rb', line 19

def private_key
  @private_key
end

Class Method Details

.read(certificate_filepath, private_key_filepath, private_key_passphrase = nil) ⇒ Keypair

Loads a keypair from a file

Parameters:

• certificate_filepath (String)
• private_key_filepath (String)
• private_key_passphrase (String) (defaults to: nil) —

  add this if you

Returns:

• (Keypair)

# File 'lib/scep/keypair.rb', line 38

def self.read(certificate_filepath, private_key_filepath, private_key_passphrase = nil)
  x509_cert = OpenSSL::X509::Certificate.new File.read(certificate_filepath.to_s)
  pkey      = read_private_key(File.open(private_key_filepath.to_s).read, private_key_passphrase)
  new(x509_cert, pkey)
end

.read_private_key(encoded_key, passphrase = nil) ⇒ Object (protected)

Reads a DER or PEM encoded private key that is one of the SUPPORTED_CRYPTOSYSTEMS. In ruby 1.9+ we can do this easily. In ruby 1.8.7 we have to keep on guessing until we get it right.

# File 'lib/scep/keypair.rb', line 49

def self.read_private_key(encoded_key, passphrase = nil)
  # Ruby 1.9.3+
  if OpenSSL::PKey.respond_to?(:read)
    OpenSSL::PKey.read encoded_key, passphrase

  # Ruby 1.8.7 - keep on guessing which cryptosystem until we're correct
  else
    SUPPORTED_CRYPTOSYSTEMS.each do |system|
      begin
        return system.new(encoded_key, passphrase)
      rescue
      end
    end

    # If we're here, then the file is probably invalid
    raise UnsupportedCryptosystem,
      "Either private key is invalid, passphrase is invalid, or does not support one " \
      "of cryptosystems: #{SUPPORTED_CRYPTOSYSTEMS.map(&:name).join(', ')}"
  end
end