Module: Sus::Fixtures::OpenSSL::HostsCertificatesContext

Includes:
CertificateAuthorityContext
Defined in:
lib/sus/fixtures/openssl/hosts_certificates_context.rb

Instance Method Summary collapse

Methods included from CertificateAuthorityContext

#certificate_authority_certificate, #certificate_authority_key, #certificate_authority_name, #certificate_store

Instance Method Details

#certificatesObject

The certificate used for actual communication:



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/sus/fixtures/openssl/hosts_certificates_context.rb', line 26

def certificates
	@certificates ||= Hash[
		hosts.collect do |name|
			certificate_name = ::OpenSSL::X509::Name.parse("O=Test/CN=#{name}")
			
			certificate = ::OpenSSL::X509::Certificate.new
			certificate.subject = certificate_name
			certificate.issuer = certificate_authority_certificate.subject
			
			certificate.public_key = keys[name].public_key
			
			certificate.serial = 2
			certificate.version = 2
			
			certificate.not_before = Time.now - 10
			certificate.not_after = Time.now + 3600
			
			extension_factory = ::OpenSSL::X509::ExtensionFactory.new
			extension_factory.subject_certificate = certificate
			extension_factory.issuer_certificate = certificate_authority_certificate
			certificate.add_extension extension_factory.create_extension("keyUsage", "digitalSignature", true)
			certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
			
			certificate.sign certificate_authority_key, ::OpenSSL::Digest::SHA256.new
			
			[name, certificate]
		end
	]
end

#client_contextObject 



71
72
73
74
75
76
 
# File 'lib/sus/fixtures/openssl/hosts_certificates_context.rb', line 71

def client_context
	@client_context ||= ::OpenSSL::SSL::SSLContext.new.tap do |context|
		context.cert_store = certificate_store
		context.verify_mode = ::OpenSSL::SSL::VERIFY_PEER
	end
end

#hostsObject

Override this to provide a list of host names.



15
16
17
 
# File 'lib/sus/fixtures/openssl/hosts_certificates_context.rb', line 15

def hosts
	[]
end

#keysObject 



19
20
21
22
23
 
# File 'lib/sus/fixtures/openssl/hosts_certificates_context.rb', line 19

def keys
	@keys ||= Hash[
		hosts.collect{|name| [name, ::OpenSSL::PKey::RSA.new(2048)]}
	]
end

#server_contextObject 



56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/sus/fixtures/openssl/hosts_certificates_context.rb', line 56

def server_context
	@server_context ||= ::OpenSSL::SSL::SSLContext.new.tap do |context|
		context.servername_cb = Proc.new do |socket, name|
			if hosts.include? name
				socket.hostname = name
				
				::OpenSSL::SSL::SSLContext.new.tap do |context|
					context.cert = certificates[name]
					context.key = keys[name]
				end
			end
		end
	end
end