Class: Azure::Certificate
- Inherits:
-
Object
- Object
- Azure::Certificate
- Defined in:
- lib/azure/certificate.rb
Instance Attribute Summary collapse
-
#cert_data ⇒ Object
Returns the value of attribute cert_data.
-
#certificate_version ⇒ Object
Returns the value of attribute certificate_version.
-
#connection ⇒ Object
Returns the value of attribute connection.
-
#fingerprint ⇒ Object
Returns the value of attribute fingerprint.
Instance Method Summary collapse
- #create(params) ⇒ Object
- #generate_public_key_certificate_data(params) ⇒ Object
-
#initialize(connection) ⇒ Certificate
constructor
A new instance of Certificate.
Constructor Details
#initialize(connection) ⇒ Certificate
Returns a new instance of Certificate.
35 36 37 38 |
# File 'lib/azure/certificate.rb', line 35 def initialize(connection) @connection = connection @certificate_version = 2 # cf. RFC 5280 - to make it a "v3" certificate end |
Instance Attribute Details
#cert_data ⇒ Object
Returns the value of attribute cert_data.
34 35 36 |
# File 'lib/azure/certificate.rb', line 34 def cert_data @cert_data end |
#certificate_version ⇒ Object
Returns the value of attribute certificate_version.
34 35 36 |
# File 'lib/azure/certificate.rb', line 34 def certificate_version @certificate_version end |
#connection ⇒ Object
Returns the value of attribute connection.
33 34 35 |
# File 'lib/azure/certificate.rb', line 33 def connection @connection end |
#fingerprint ⇒ Object
Returns the value of attribute fingerprint.
34 35 36 |
# File 'lib/azure/certificate.rb', line 34 def fingerprint @fingerprint end |
Instance Method Details
#create(params) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/azure/certificate.rb', line 39 def create(params) # If RSA private key has been specified, then generate an x 509 certificate from the # public part of the key @cert_data = generate_public_key_certificate_data({:ssh_key => params[:identity_file], :ssh_key_passphrase => params[:identity_file_passphrase]}) # Generate XML to call the API # Add certificate to the hosted service builder = Nokogiri::XML::Builder.new do |xml| xml.CertificateFile('xmlns'=>'http://schemas.microsoft.com/windowsazure') { xml.Data @cert_data xml.CertificateFormat 'pfx' xml.Password 'knifeazure' } end # Windows Azure API call @connection.query_azure("hostedservices/#{params[:azure_dns_name]}/certificates", "post", builder.to_xml) # Return the fingerprint to be used while adding role @fingerprint end |
#generate_public_key_certificate_data(params) ⇒ Object
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/azure/certificate.rb', line 59 def generate_public_key_certificate_data (params) # Generate OpenSSL RSA key from the mentioned ssh key path (and passphrase) key = OpenSSL::PKey::RSA.new(File.read(params[:ssh_key]), params[:ssh_key_passphrase]) # Generate X 509 certificate ca = OpenSSL::X509::Certificate.new ca.version = @certificate_version ca.serial = Random.rand(65534) + 1 # 2 digit byte range random number for better security aspect ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=knife-plugin/CN=Opscode CA" ca.issuer = ca.subject # root CA's are "self-signed" ca.public_key = key.public_key # Assign the ssh-key's public part to the certificate ca.not_before = Time.now ca.not_after = ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity ef = OpenSSL::X509::ExtensionFactory.new ef.subject_certificate = ca ef.issuer_certificate = ca ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true)) ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true)) ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false)) ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false)) ca.sign(key, OpenSSL::Digest::SHA256.new) # Generate the SHA1 fingerprint of the der format of the X 509 certificate @fingerprint = OpenSSL::Digest::SHA1.new(ca.to_der) # Create the pfx format of the certificate pfx = OpenSSL::PKCS12.create('knifeazure', 'knife-azure-pfx', key, ca) # Encode the pfx format - upload this certificate Base64.strict_encode64(pfx.to_der) end |