Class: Vcert::FakeConnection

Inherits:
Object
  • Object
show all
Defined in:
lib/fake/fake.rb

Instance Method Summary collapse

Constructor Details

#initializeFakeConnection

Returns a new instance of FakeConnection.



7
8
9
# File 'lib/fake/fake.rb', line 7

def initialize()
  @cert_cache = {}
end

Instance Method Details

#policy(zone_tag) ⇒ Object



36
37
38
39
40
41
42
43
# File 'lib/fake/fake.rb', line 36

def policy(zone_tag)
      key_types = [1024, 2048, 4096, 8192].map {|s| Vcert::KeyType.new("rsa", s) } + Vcert::SUPPORTED_CURVES.map {|c| Vcert::KeyType.new("ecdsa", c) }
      Vcert::Policy.new(policy_id: zone_tag, name: zone_tag, system_generated: false, creation_date: nil,
                        subject_cn_regexes: [".*"], subject_o_regexes: [".*"],
                        subject_ou_regexes: [".*"], subject_st_regexes: [".*"],
                        subject_l_regexes: [".*"], subject_c_regexes: [".*"], san_regexes: [".*"],
                        key_types: key_types)
end

#renew(request, generate_new_key: true) ⇒ Object



56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/fake/fake.rb', line 56

def renew(request, generate_new_key: true)
  if request.thumbprint
    if generate_new_key
      new_key = OpenSSL::PKey::RSA.new 2048
      csr = OpenSSL::X509::Request.new
      csr.subject = @cert_cache[request.thumbprint].subject
      csr.public_key =  new_key.public_key
      csr.sign new_key, OpenSSL::Digest::SHA256.new
      return Base64.encode64(csr.to_pem), new_key.to_pem
    else
      raise Vcert::VcertError, "can not be implemented"
    end
  end
  unless generate_new_key
    return request.id, request.private_key
  end
  new_key = OpenSSL::PKey::RSA.new 2048
  csr = OpenSSL::X509::Request.new Base64.decode64(request.id)
  csr.public_key = new_key.public_key
  csr.sign new_key, OpenSSL::Digest::SHA256.new
  return Base64.encode64(csr.to_pem), new_key.to_pem
end

#request(zone_tag, request) ⇒ Object



11
12
13
# File 'lib/fake/fake.rb', line 11

def request(zone_tag, request)
  request.id = Base64.encode64(request.csr)
end

#retrieve(request) ⇒ Object



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'lib/fake/fake.rb', line 15

def retrieve(request)
  csrpem = Base64.decode64(request.id)
  csr =  OpenSSL::X509::Request.new(csrpem)
  root_ca = OpenSSL::X509::Certificate.new ROOT_CA
  root_key = OpenSSL::PKey::RSA.new ROOT_KEY
  cert = OpenSSL::X509::Certificate.new
  cert.version = 2
  cert.serial = (Time.new.to_f() * 100).to_i
  cert.subject = csr.subject
  cert.issuer = root_ca.subject
  cert.not_before = Time.now
  cert.public_key = csr.public_key
  cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60
  # todo: add extensions
  cert.sign(root_key, OpenSSL::Digest::SHA256.new)
  c = Vcert::Certificate.new cert:cert.to_pem, chain: [ROOT_CA], private_key: request.private_key
  thumbprint = OpenSSL::Digest::SHA1.new(cert.to_der).to_s
  @cert_cache[thumbprint] = cert
  c
end

#zone_configuration(zone_tag) ⇒ Object



45
46
47
48
49
50
51
52
53
54
# File 'lib/fake/fake.rb', line 45

def zone_configuration(zone_tag)
  Vcert::ZoneConfiguration.new(
      country: Vcert::CertField.new("US"),
      province: Vcert::CertField.new("Utah"),
      locality: Vcert::CertField.new("Salt Lake City"),
      organization: Vcert::CertField.new("Venafi"),
      organizational_unit: Vcert::CertField.new("DevOps"),
      key_type: Vcert::CertField.new(Vcert::KeyType.new("rsa", 2048), locked: true),
      )
end