Class: EasyRSA::Certificate

Inherits:
Object
  • Object
show all
Defined in:
lib/easyrsa/certificate.rb

Defined Under Namespace

Classes: BitLengthToWeak, InvalidCertType, MissingParameter, UnableToReadCACert, UnableToReadCAKey

Constant Summary collapse

Client = 
1
Server = 
2

Instance Method Summary collapse

Constructor Details

#initialize(ca_crt, ca_key, id = nil, email = nil, bits = 4096, certtype = EasyRSA::Certificate::Client, &block) ⇒ Certificate

Returns a new instance of Certificate.



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/easyrsa/certificate.rb', line 13

def initialize(ca_crt, ca_key, id=nil, email=nil, bits=4096, certtype=EasyRSA::Certificate::Client, &block)
  if certtype < 1 || certtype > 2
    raise EasyRSA::Certificate::InvalidCertType,
      "Please provide a valid Cert Type, either Client or Server"
  end
  @certtype = certtype

  # ID to generate cert for
  if id.eql? nil
    raise EasyRSA::Certificate::MissingParameter,
      "Please provide an 'id', also known as a subject, for the certificates' CN field"
  end
  @id = id

   # ID to generate cert for
  if email.eql? nil
    raise EasyRSA::Certificate::MissingParameter,
      "Please provide an 'email', also known as a subject, for the certificates' emailAddress field"
  end
  @email = email

# Get cert details if it's in a file
  unless ca_crt.is_a? OpenSSL::X509::Certificate
    if ca_crt.include?('BEGIN CERTIFICATE')
      ca_crt = OpenSSL::X509::Certificate.new ca_crt
    else
      begin
        ca_crt = OpenSSL::X509::Certificate.new File.read ca_crt
      rescue
        fail EasyRSA::Certificate::UnableToReadCACert,
          'Invalid CA Certificate.'
      end
    end
  end
  @ca_cert = ca_crt

# Get cert details if it's in a file
  unless ca_key.is_a? OpenSSL::PKey::RSA
    if ca_key.include?('BEGIN RSA PRIVATE KEY')
      ca_key = OpenSSL::PKey::RSA.new ca_key
    else
      begin
        ca_key = OpenSSL::PKey::RSA.new File.read ca_key
      rescue
        fail EasyRSA::Certificate::UnableToReadCAKey,
          'This is not a valid CA Private key file.'
      end
    end
  end
  @ca_key = ca_key


  # Generate Private Key and new Certificate
  if bits < 2048
    raise EasyRSA::Certificate::BitLengthToWeak,
      "Please select a bit length greater than 2048. Default is 4096. You chose '#{bits}'"
  end
  @key = OpenSSL::PKey::RSA.new(bits)

  # Instantiate a new certificate
  @cert = OpenSSL::X509::Certificate.new

  # This cert should never be valid before now
  @cert.not_before = Time.now

  # Set it to version
  @cert.version = 2

  instance_eval(&block) if block_given?
end

Instance Method Details

#generate(type = Client, validfor = 10) ⇒ Object 



84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
# File 'lib/easyrsa/certificate.rb', line 84

def generate(type=Client,validfor=10)

  # Set the expiration date
  @cert.not_after = EasyRSA::years_from_now(validfor)

  # Add the public key
  @cert.public_key = @key.public_key

  # Generate and assign the serial
  @cert.serial = EasyRSA::gen_serial(@id)

  # Generate issuer
  @cert.issuer = EasyRSA::gen_issuer

  # Generate subject
  gen_subject

  # Add extensions
  add_extensions

  # Sign the cert
  sign_cert_with_ca

  { key: @key.to_pem, crt: @cert.to_pem }

end

#get_extensionsObject 



111
112
113
114
115
116
117
118
 
# File 'lib/easyrsa/certificate.rb', line 111

def get_extensions
  extensions = Hash.new
  cert = OpenSSL::X509::Certificate.new @cert.to_pem
  cert.extensions.each do |ext|
    extensions[ext.oid] = ext.value
  end
  extensions
end