Method: VPNMaker::KeyBuilder#build_key

Defined in:
lib/vpnmaker/key_builder.rb

#build_key(user, name, email, pass, delegate) ⇒ Object 



100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
 
# File 'lib/vpnmaker/key_builder.rb', line 100

def build_key(user, name, email, pass, delegate)
  h = {:key_cn => user, :key_name => name, :key_email => email}
  place_file('ca.crt')
  place_file('ca.key')
  place_file('index.txt')
  place_file('serial')
  if pass
    pass_spec = "-passin 'pass:#{pass}' -passout 'pass:#{pass}'"
  else
    pass_spec = '-nodes'
  end
  `openssl req -batch -days 3650 -new -keyout #{tmppath(user, 'key')} -out #{tmppath(user, 'csr')} -config #{opensslcnf(h)} -nodes`
  `openssl ca -batch -days 3650 -out #{tmppath(user, 'crt')} -in #{tmppath(user, 'csr')} -config #{opensslcnf(h)}`
  # TODO: this still asks for the export password and we hack
  # around it from bin/vpnmaker. This is actually something that
  # should only be generated dynamically upon user request.
  `openssl pkcs12 -export -clcerts -in #{tmppath(user, 'crt')} -inkey #{tmppath(user, 'key')} -out #{tmppath(user, 'p12')} #{pass_spec}`
  @tracker.send(delegate, user, name, email, tmpfile(user, 'key'), tmpfile(user, 'crt'), tmpfile(user, 'p12'), tmpfile('index.txt'), tmpfile('serial'))
end