Class: Kybus::SSL::Certificate

Inherits:

Object

• Object
• Kybus::SSL::Certificate

Defined in:

lib/kybus/ssl/certificate.rb

Overview

Stores a X509 certificate.

Instance Attribute Summary

• #cert ⇒ Object readonly

  Returns the value of attribute cert.

• #config ⇒ Object readonly

  Returns the value of attribute config.

• #key ⇒ Object readonly

  Returns the value of attribute key.

Instance Method Summary

• #ca_name ⇒ Object
• #configure_details! ⇒ Object
• #configure_extensions! ⇒ Object
• #create! ⇒ Object
• #create_key! ⇒ Object
• #export_to_pfx! ⇒ Object
• #initialize(config, inventory) ⇒ Certificate constructor

  A new instance of Certificate.

• #load_key! ⇒ Object
• #save! ⇒ Object
• #sign! ⇒ Object

Constructor Details

#initialize(config, inventory) ⇒ Certificate

Returns a new instance of Certificate.

# File 'lib/kybus/ssl/certificate.rb', line 12

def initialize(config, inventory)
  @config = config
  @inventory = inventory

  if File.file?(@config.key_path) && File.file?(@config.crt_path)
    load_key!
  else
    create_key!
  end
end

Instance Attribute Details

#cert ⇒ Object (readonly)

Returns the value of attribute cert.

# File 'lib/kybus/ssl/certificate.rb', line 10

def cert
  @cert
end

#config ⇒ Object (readonly)

Returns the value of attribute config.

# File 'lib/kybus/ssl/certificate.rb', line 10

def config
  @config
end

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/kybus/ssl/certificate.rb', line 10

def key
  @key
end

Instance Method Details

#ca_name ⇒ Object

# File 'lib/kybus/ssl/certificate.rb', line 78

def ca_name
  @config['ca']
end

#configure_details! ⇒ Object

# File 'lib/kybus/ssl/certificate.rb', line 49

def configure_details!
  @config.configure_cert_details!(@cert)
end

#configure_extensions! ⇒ Object

# File 'lib/kybus/ssl/certificate.rb', line 53

def configure_extensions!
  @extensions.issuer_certificate = @ca.cert
  @config.configure_extensions!(@cert, @extensions)
end

#create! ⇒ Object

# File 'lib/kybus/ssl/certificate.rb', line 37

def create!
  if File.file?(@config.key_path) && File.file?(@config.crt_path)
    return puts "Certificate already exists #{@config.key_path} #{@cert.subject}"
  end

  @ca = @inventory.ca(@config['parent'])
  configure_details!
  configure_extensions!
  sign!
  save!
end

#create_key! ⇒ Object

# File 'lib/kybus/ssl/certificate.rb', line 23

def create_key!
  puts @config.instance_variable_get(:@config)
  @key = OpenSSL::PKey::RSA.new(@config['key_size'])
  @cert = OpenSSL::X509::Certificate.new
  @cert.public_key = @key.public_key
  @extensions = OpenSSL::X509::ExtensionFactory.new
  @extensions.subject_certificate = @cert
end

#export_to_pfx! ⇒ Object

# File 'lib/kybus/ssl/certificate.rb', line 70

def export_to_pfx!
  passphrase = SecureRandom.alphanumeric(15)
  chain = [@cert] + @inventory.ca_cert_chain(@config['parent'])
  pkcs12 = OpenSSL::PKCS12.create(passphrase, @config['email'] || @config['name'], @key, @cert, chain)
  File.write(@config.pfx_path, pkcs12.to_der)
  puts "PFX certificate saved with passphrase: #{passphrase}"
end

#load_key! ⇒ Object

# File 'lib/kybus/ssl/certificate.rb', line 32

def load_key!
  @key = OpenSSL::PKey::RSA.new(File.read(@config.key_path))
  @cert = OpenSSL::X509::Certificate.new(File.read(@config.crt_path))
end

#save! ⇒ Object

# File 'lib/kybus/ssl/certificate.rb', line 63

def save!
  puts "Saving certificate #{@cert.subject}"
  File.write(@config.key_path, @key.to_s)
  File.write(@config.crt_path, @cert.to_s)
  export_to_pfx!
end

#sign! ⇒ Object

# File 'lib/kybus/ssl/certificate.rb', line 58

def sign!
  @cert.issuer = @ca.cert.subject
  @cert.sign(@ca.key, OpenSSL::Digest.new('SHA256'))
end