Class: Localhost::Authority
- Inherits:
-
Object
- Object
- Localhost::Authority
- Defined in:
- lib/localhost/authority.rb
Constant Summary collapse
- BITS =
1024*2
- SERVER_CIPHERS =
"EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5".freeze
Class Method Summary collapse
Instance Method Summary collapse
- #certificate ⇒ Object
- #client_context(*args) ⇒ Object
- #dh_key ⇒ Object
- #ecdh_key ⇒ Object
-
#initialize(hostname = "localhost") ⇒ Authority
constructor
A new instance of Authority.
- #key ⇒ Object
- #key=(key) ⇒ Object
- #load(path) ⇒ Object
- #name ⇒ Object
- #name=(name) ⇒ Object
- #save(path) ⇒ Object
- #server_context(*args) ⇒ Object
-
#store ⇒ Object
The certificate store which is used for validating the server certificate:.
Constructor Details
#initialize(hostname = "localhost") ⇒ Authority
Returns a new instance of Authority.
43 44 45 46 47 48 49 50 |
# File 'lib/localhost/authority.rb', line 43 def initialize(hostname = "localhost") @hostname = hostname @key = nil @name = nil @certificate = nil @store = nil end |
Class Method Details
.fetch(*args) ⇒ Object
30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/localhost/authority.rb', line 30 def self.fetch(*args) = self.new(*args) path = self.path unless .load(path) Dir.mkdir(path, 0700) unless File.directory?(path) .save(path) end return end |
.path ⇒ Object
26 27 28 |
# File 'lib/localhost/authority.rb', line 26 def self.path File.("~/.localhost") end |
Instance Method Details
#certificate ⇒ Object
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'lib/localhost/authority.rb', line 78 def certificate @certificate ||= OpenSSL::X509::Certificate.new.tap do |certificate| certificate.subject = self.name # We use the same issuer as the subject, which makes this certificate self-signed: certificate.issuer = self.name certificate.public_key = self.key.public_key certificate.serial = 1 certificate.version = 2 certificate.not_before = Time.now certificate.not_after = Time.now + (3600 * 24 * 365 * 10) extension_factory = OpenSSL::X509::ExtensionFactory.new extension_factory.subject_certificate = certificate extension_factory.issuer_certificate = certificate certificate.extensions = [ extension_factory.create_extension("basicConstraints", "CA:FALSE", true), extension_factory.create_extension("subjectKeyIdentifier", "hash"), ] certificate.add_extension extension_factory.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") certificate.add_extension extension_factory.create_extension("subjectAltName", "DNS: #{@hostname}") certificate.sign self.key, OpenSSL::Digest::SHA256.new end end |
#client_context(*args) ⇒ Object
140 141 142 143 144 145 146 147 148 |
# File 'lib/localhost/authority.rb', line 140 def client_context(*args) OpenSSL::SSL::SSLContext.new(*args).tap do |context| context.cert_store = self.store context.set_params( verify_mode: OpenSSL::SSL::VERIFY_PEER, ) end end |
#dh_key ⇒ Object
58 59 60 |
# File 'lib/localhost/authority.rb', line 58 def dh_key @dh_key ||= OpenSSL::PKey::DH.new(BITS) end |
#ecdh_key ⇒ Object
54 55 56 |
# File 'lib/localhost/authority.rb', line 54 def ecdh_key @ecdh_key ||= OpenSSL::PKey::EC.new "prime256v1" end |
#key ⇒ Object
62 63 64 |
# File 'lib/localhost/authority.rb', line 62 def key @key ||= OpenSSL::PKey::RSA.new(BITS) end |
#key=(key) ⇒ Object
66 67 68 |
# File 'lib/localhost/authority.rb', line 66 def key= key @key = key end |
#load(path) ⇒ Object
150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
# File 'lib/localhost/authority.rb', line 150 def load(path) if File.directory? path certificate_path = File.join(path, "#{@hostname}.crt") key_path = File.join(path, "#{@hostname}.key") return false unless File.exist?(certificate_path) and File.exist?(key_path) certificate = OpenSSL::X509::Certificate.new(File.read(certificate_path)) key = OpenSSL::PKey::RSA.new(File.read(key_path)) # Certificates with old version need to be regenerated. return false if certificate.version < 2 @certificate = certificate @key = key return true end end |
#name ⇒ Object
70 71 72 |
# File 'lib/localhost/authority.rb', line 70 def name @name ||= OpenSSL::X509::Name.parse("O=Development/CN=#{@hostname}") end |
#name=(name) ⇒ Object
74 75 76 |
# File 'lib/localhost/authority.rb', line 74 def name= name @name = name end |
#save(path) ⇒ Object
170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/localhost/authority.rb', line 170 def save(path) File.write( File.join(path, "#{@hostname}.crt"), self.certificate.to_pem ) File.write( File.join(path, "#{@hostname}.key"), self.key.to_pem ) end |
#server_context(*args) ⇒ Object
117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 |
# File 'lib/localhost/authority.rb', line 117 def server_context(*args) OpenSSL::SSL::SSLContext.new(*args).tap do |context| context.key = self.key context.cert = self.certificate context.session_id_context = "localhost" if context.respond_to? :tmp_dh_callback= context.tmp_dh_callback = proc {self.dh_key} end if context.respond_to? :ecdh_curves= context.ecdh_curves = 'P-256:P-384:P-224:P-521' elsif context.respond_to? :tmp_ecdh_callback= context.tmp_ecdh_callback = proc {self.ecdh_key} end context.set_params( ciphers: SERVER_CIPHERS ) end end |
#store ⇒ Object
The certificate store which is used for validating the server certificate:
109 110 111 112 113 |
# File 'lib/localhost/authority.rb', line 109 def store @store ||= OpenSSL::X509::Store.new.tap do |store| store.add_cert(self.certificate) end end |