Class: Vcert::Request

Inherits:
Object
  • Object
show all
Defined in:
lib/objects/objects.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(common_name: nil, private_key: nil, key_type: nil, organization: nil, organizational_unit: nil, country: nil, province: nil, locality: nil, san_dns: nil, friendly_name: nil, csr: nil) ⇒ Request

Returns a new instance of Request.



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# File 'lib/objects/objects.rb', line 13

def initialize(common_name: nil, private_key: nil, key_type: nil,
               organization: nil, organizational_unit: nil, country: nil, province: nil, locality: nil, san_dns: nil,
               friendly_name: nil, csr: nil)
  @common_name = common_name
  @private_key = private_key
  #todo: parse private key and set public
  if key_type != nil && !key_type.instance_of?(KeyType)
    raise Vcert::ClientBadDataError, "key_type bad type. should be Vcert::KeyType. for example KeyType('rsa', 2048)"
  end
  @key_type = key_type
  @organization = organization
  @organizational_unit = organizational_unit
  @country = country
  @province = province
  @locality = locality
  @san_dns = san_dns
  @friendly_name = friendly_name
  @id = nil
  @csr = csr
end

Instance Attribute Details

#common_nameObject (readonly)

Returns the value of attribute common_name.



11
12
13
# File 'lib/objects/objects.rb', line 11

def common_name
  @common_name
end

#countryObject (readonly)

Returns the value of attribute country.



11
12
13
# File 'lib/objects/objects.rb', line 11

def country
  @country
end

#idObject

Returns the value of attribute id.



10
11
12
# File 'lib/objects/objects.rb', line 10

def id
  @id
end

#key_typeObject (readonly)

Returns the value of attribute key_type.



11
12
13
# File 'lib/objects/objects.rb', line 11

def key_type
  @key_type
end

#localityObject (readonly)

Returns the value of attribute locality.



11
12
13
# File 'lib/objects/objects.rb', line 11

def locality
  @locality
end

#organizationObject (readonly)

Returns the value of attribute organization.



11
12
13
# File 'lib/objects/objects.rb', line 11

def organization
  @organization
end

#organizational_unitObject (readonly)

Returns the value of attribute organizational_unit.



11
12
13
# File 'lib/objects/objects.rb', line 11

def organizational_unit
  @organizational_unit
end

#provinceObject (readonly)

Returns the value of attribute province.



11
12
13
# File 'lib/objects/objects.rb', line 11

def province
  @province
end

#san_dnsObject (readonly)

Returns the value of attribute san_dns.



11
12
13
# File 'lib/objects/objects.rb', line 11

def san_dns
  @san_dns
end

#thumbprintObject

Returns the value of attribute thumbprint.



10
11
12
# File 'lib/objects/objects.rb', line 10

def thumbprint
  @thumbprint
end

Instance Method Details

#csrObject



88
89
90
91
92
93
94
# File 'lib/objects/objects.rb', line 88

def csr
  # TODO: find a way to pass CSR generation if renew is requested
  if @csr == nil
    generate_csr
  end
  @csr
end

#csr?Boolean

Returns:

  • (Boolean)


96
97
98
# File 'lib/objects/objects.rb', line 96

def csr?
  @csr != nil
end

#friendly_nameObject



107
108
109
110
111
112
# File 'lib/objects/objects.rb', line 107

def friendly_name
  if @friendly_name != nil
    return @friendly_name
  end
  @common_name
end

#generate_csrObject



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# File 'lib/objects/objects.rb', line 34

def generate_csr
  if @private_key == nil
    generate_private_key
  end
  subject_attrs = [
      ['CN', @common_name]
  ]
  if @organization != nil
    subject_attrs.push(['O', @organization])
  end
  if @organizational_unit != nil
    if @organizational_unit.kind_of?(Array)
      @organizational_unit.each { |ou| subject_attrs.push(['OU', ou]) }
    else
      subject_attrs.push(['OU', @organizational_unit])
    end
  end
  if @country != nil
    subject_attrs.push(['C', @country])
  end
  if @province != nil
    subject_attrs.push(['ST', @province])
  end
  if @locality != nil
    subject_attrs.push(['L', @locality])
  end

  LOG.info("#{VCERT_PREFIX} Making request from subject array #{subject_attrs.inspect}")
  subject = OpenSSL::X509::Name.new subject_attrs
  csr = OpenSSL::X509::Request.new
  csr.version = 0
  csr.subject = subject
  csr.public_key = @public_key
  if @san_dns != nil
    unless @san_dns.kind_of?(Array)
      @san_dns = [@san_dns]
    end
    #TODO: add check that san_dns is an array
    san_list = @san_dns.map { |domain| "DNS:#{domain}" }
    extensions = [
        OpenSSL::X509::ExtensionFactory.new.create_extension('subjectAltName', san_list.join(','))
    ]
    attribute_values = OpenSSL::ASN1::Set [OpenSSL::ASN1::Sequence(extensions)]
    [
        OpenSSL::X509::Attribute.new('extReq', attribute_values),
        OpenSSL::X509::Attribute.new('msExtReq', attribute_values)
    ].each do |attribute|
      csr.add_attribute attribute
    end
  end
  csr.sign @private_key, OpenSSL::Digest::SHA256.new # todo: changable sign alg
  @csr = csr.to_pem
end

#private_keyObject



100
101
102
103
104
105
# File 'lib/objects/objects.rb', line 100

def private_key
  if @private_key == nil
    generate_private_key
  end
  @private_key.to_pem
end

#update_from_zone_config(zone_config) ⇒ Object

Parameters:



115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# File 'lib/objects/objects.rb', line 115

def update_from_zone_config(zone_config)
  if zone_config.country.locked || (!@country && !!zone_config.country.value)
    @country = zone_config.country.value
  end
  if zone_config.locality.locked || (!@locality && !!zone_config.locality.value)
    @locality = zone_config.locality.value
  end
  if zone_config.province.locked || (!@province && !!zone_config.province.value)
    @province = zone_config.province.value
  end
  if zone_config.organization.locked || (!@organization && !!zone_config.organization.value)
    @organization = zone_config.organization.value
  end
  if zone_config.organizational_unit.locked || (!@organizational_unit && !!zone_config.organizational_unit.value)
    @organizational_unit = zone_config.organizational_unit.value
  end
  if zone_config.key_type.locked || (@key_type == nil && zone_config.key_type.value != nil)
    @key_type = zone_config.key_type.value
  end
end