Class: Varanus::SSL

Inherits:
Object
  • Object
show all
Defined in:
lib/varanus/ssl.rb

Overview

An connection to the SSL/TSL API. This should not be initialized directly. Instead, use Varanus#ssl

Defined Under Namespace

Classes: CSR

Instance Method Summary collapse

Constructor Details

#initialize(varanus) ⇒ SSL

Note:

Do not call this directly. Use Varanus#ssl to initialize

Returns a new instance of SSL.



7
8
9
 
# File 'lib/varanus/ssl.rb', line 7

def initialize varanus
  @varanus = varanus
end

Instance Method Details

#certificate_type_from_csr(csr) ⇒ Hash

Returns the option from #certificate_types that best matches the csr.

Parameters:

Returns:



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/varanus/ssl.rb', line 14

def certificate_type_from_csr csr
  # first exclude certificate types we don't want
  types = certificate_types.reject do |ct|
    ct['name'] =~ /\b(?:EV|ECC|AMT|Elite)\b/
  end
  if csr.all_names.any? { |n| n.start_with?('*.') }
    types.find { |ct| ct['name'] =~ /Wildcard.+SSL/i }
  elsif csr.subject_alt_names.any?
    types.find { |ct| ct['name'] =~ /Multi.?Domain.+SSL/i }
  else
    types.find do |ct|
      ct['name'] =~ /\bSSL\b/ && ct['name'] !~ /(?:Multi.?Domain|Wildcard)/i
    end
  end
end

#certificate_typesArray<Hash>

Certificate types that can be used to sign a cert

Returns:

  • (Array<Hash>) 


32
33
34
 
# File 'lib/varanus/ssl.rb', line 32

def certificate_types
  @certificate_types ||= get('types')
end

#collect(id, type = 'x509') ⇒ String

Retrieves the cert. type can be one of:

'x509'    - X509 format - cert and chain (default)
'x509CO'  - X509 format - cert only
'x509IO'  - X509 format - intermediates/root only
'x590IOR' - X509 format - intermediates/root only reversed
'base64'  - PKCS#7 base64 encoded
'bin'     - PKCS#7 bin encoded

Parameters:

  • id (Integer)

    As returned by #sign

  • type (String) (defaults to: 'x509')

Returns:

  • (String)

    Certificate

Raises:



50
51
52
 
# File 'lib/varanus/ssl.rb', line 50

def collect id, type = 'x509'
  get("collect/#{id}/#{type}")
end

#revoke(id, reason) ⇒ Object

Revoke an ssl cert

Parameters:

  • id (Integer)

    As returned by #sign

  • reason (String)

    Reason for revoking. Sectigo’s API will return an error if it is blank.



58
59
60
61
 
# File 'lib/varanus/ssl.rb', line 58

def revoke id, reason
  post("revoke/#{id}", reason: reason)
  nil
end

#sign(csr, org_id, opts = {}) ⇒ Integer

Sign an SSL cert. Returns the id of the SSL cert

Parameters:

  • csr (Varanus::SSL::CSR, OpenSSL::X509::Request, String)

    CSR to sign

  • org_id (Integer)

    your organization id on cert-manager.com

  • opts (Hash) (defaults to: {})

Options Hash (opts):

  • :comments (String) — default: ''

    Limited to 1,024 characters

  • :external_requester (String) — default: ''

    email address associated with cert on cert-manager.com - limited to 512 characters

  • :cert_type (String, Integer)

    name(String) or id(Integer) of the cert type to use. If none is specified, Varanus will attempt to find one

  • :years (Integer)

    number of years cert should be valid for (this number is multiplied by 365 and used as days)

  • :days (Integer)

    number of days cert should be valid for (if none is specified, lowest allowed for the cert type will be used)

Returns:

  • (Integer)

    Id of SSL cert.



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/varanus/ssl.rb', line 77

def sign csr, org_id, opts = {}
  csr = Varanus::SSL::CSR.new(csr) unless csr.is_a?(Varanus::SSL::CSR)
  cert_type_id = opts_to_cert_type_id opts, csr
  args = {
    orgId: org_id,
    csr: csr.to_s,
    subjAltNames: csr.subject_alt_names.join(','),
    certType: cert_type_id,
    term: opts_to_term(opts, cert_type_id),
    serverType: -1,
    comments: opts[:comments].to_s[0, 1024],
    externalRequester: opts[:external_requester].to_s[0, 512]
  }
  post('enroll', args)['sslId']
end