Class: BetterCap::Proxy::CertStore

Inherits:
Object
  • Object
show all
Defined in:
lib/bettercap/proxy/certstore.rb

Overview

Class responsible of handling digital certificate loading or on the fly creation.

Constant Summary collapse

@@selfsigned =
{}
@@frompems =
{}

Class Method Summary collapse

Class Method Details

.from_file(filename) ⇒ Object

Load a certificate from the filename file and return an OpenSSL::X509::Certificate instance for it.


25
26
27
28
29
30
31
32
33
34
35
# File 'lib/bettercap/proxy/certstore.rb', line 25

def self.from_file( filename )
  unless @@frompems.has_key? filename
    Logger.info "Loading self signed HTTPS certificate from '#{filename}' ..."

    pem = File.read filename

    @@frompems[filename] = { :cert => OpenSSL::X509::Certificate.new(pem), :key => OpenSSL::PKey::RSA.new(pem) }
  end

  @@frompems[filename]
end

.get_selfsigned(subject = '/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com') ⇒ Object

Create a self signed digital certificate using the specified subject string. Will return a OpenSSL::X509::Certificate instance.


39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# File 'lib/bettercap/proxy/certstore.rb', line 39

def self.get_selfsigned( subject = '/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com' )
  unless @@selfsigned.has_key? subject
    Logger.info "Generating self signed HTTPS certificate for subject '#{subject}' ..."

    key = OpenSSL::PKey::RSA.new(2048)
    public_key = key.public_key

    cert = OpenSSL::X509::Certificate.new
    cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
    cert.not_before = Time.now
    cert.not_after = Time.now + 365 * 24 * 60 * 60
    cert.public_key = public_key
    cert.serial = 0x0
    cert.version = 2

    ef = OpenSSL::X509::ExtensionFactory.new
    ef.subject_certificate = cert
    ef.issuer_certificate = cert
    cert.extensions = [
        ef.create_extension("basicConstraints","CA:TRUE", true),
        ef.create_extension("subjectKeyIdentifier", "hash"),
        ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
    ]
    cert.add_extension ef.create_extension("authorityKeyIdentifier",
                                           "keyid:always,issuer:always")

    cert.sign key, OpenSSL::Digest::SHA256.new

    @@selfsigned[subject] = { :cert => cert, :key => key }
  end

  @@selfsigned[subject]
end