17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# File 'lib/fauthentic.rb', line 17
def self.generate(opts = {})
options = DEFAULT_OPTIONS.merge(opts)
key = OpenSSL::PKey::RSA.new(2048)
subject = ""
subject << "/C=#{options[:country]}" if options[:country]
subject << "/ST=#{options[:state]}" if options[:state]
subject << "/O=#{options[:org]}" if options[:org]
subject << "/OU=#{options[:org_unit]}" if options[:org_unit]
subject << "/CN=#{options[:common_name]}" if options[:common_name]
subject << "/emailAddress=#{options[:email]}" if options[:email]
cert = OpenSSL::X509::Certificate.new
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
cert.not_before = Time.now
cert.not_after = Time.now + options[:expire_in_days] * 24 * 60 * 60
cert.public_key = key.public_key
cert.serial = options[:serial] || self.generate_serial
cert.version = 2
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = cert
cert.add_extension ef.create_extension("basicConstraints","CA:TRUE", true)
cert.add_extension ef.create_extension("subjectKeyIdentifier", "hash")
cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
cert.sign key, OpenSSL::Digest::SHA256.new
return SslData.new(cert, key)
end
|