Class: EasyRSA::CA

Inherits:
Object
  • Object
show all
Defined in:
lib/easyrsa/ca.rb

Defined Under Namespace

Classes: BitLengthToWeak, InvalidCAName, MissingParameter

Instance Method Summary collapse

Constructor Details

#initialize(ca_name = nil, bits = 4096, &block) ⇒ CA

Returns a new instance of CA.



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/easyrsa/ca.rb', line 8

def initialize(ca_name=nil, bits=4096, &block)

# CA Name to generate cert for
  begin
    if ca_name.eql? nil
      raise EasyRSA::CA::MissingParameter,
        "Please provide a 'ca name', for the certificates' CN field. This should be in the format, 'CN=ca/DC=example/DC=com' for 'ca.example.com'"
    end
    @ca_name = OpenSSL::X509::Name.parse ca_name
  rescue TypeError => e
    fail EasyRSA::CA::InvalidCAName, 
      "Please provide a 'ca name', for the certificates' CN field. This should be in the format, 'CN=ca/DC=example/DC=com' for 'ca.example.com'"
  end

# Generate Private Key
  if bits < 2048
    raise EasyRSA::CA::BitLengthToWeak,
      "Please select a bit length greater than 2048. Default is 4096. You chose '#{bits}'"
  end      
  @ca_key = OpenSSL::PKey::RSA.new(bits)

# Instantiate a new certificate
  @ca_cert = OpenSSL::X509::Certificate.new

# This cert should never be valid before now
  @ca_cert.not_before = Time.now

# Set it to version
  @ca_cert.version = 2     

# Generate and assign the serial
  @ca_cert.serial = 0

  instance_eval(&block) if block_given?
end

Instance Method Details

#generate(validfor = 10) ⇒ Object 



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/easyrsa/ca.rb', line 44

def generate(validfor=10)
  
# Set the expiration date
  @ca_cert.not_after = EasyRSA::years_from_now(validfor)

# Add the public key
  @ca_cert.public_key = @ca_key.public_key

# Set the CA Cert Subject
  @ca_cert.subject = @ca_name

# Set the CA Cert Subject
  gen_issuer

# Add extensions
  add_extensions

# Sign the cert
  sign_cert

  { key: @ca_key.to_pem, crt: @ca_cert.to_pem }

end