Module: CACertificate

Extended by:
Chef::Resource::SslCertificate::Generators
Defined in:
test/cookbooks/ssl_certificate_test/libraries/cert_ca_helper.rb

Overview

Helper module to create Certificate Authority certificates.

Constant Summary collapse

EXTENSIONS =
[
  %w(subjectKeyIdentifier hash),
  ['basicConstraints', 'CA:TRUE', true],
  ['keyUsage', 'cRLSign,keyCertSign', true]
].freeze

Constants included from Chef::Resource::SslCertificate::Generators

Chef::Resource::SslCertificate::Generators::FIELDS

Class Method Summary collapse

Methods included from Chef::Resource::SslCertificate::Generators

cert_add_extensions, compare_self_signed_cert_with_ca, compare_self_signed_cert_without_ca, generate_ca_from_content, generate_cert, generate_cert_subject, generate_cert_subject_from_hash, generate_cert_subject_from_string, generate_csr, generate_generic_x509_key_cert, generate_key, generate_self_signed_cert_with_ca, generate_self_signed_cert_with_ca_csr, generate_self_signed_cert_with_ca_extensions, generate_self_signed_cert_with_extensions, generate_self_signed_cert_without_ca, generate_self_signed_cert_without_ca_extensions, handle_extended_key_usage, handle_subject_alternative_names, load_current_subjects, log_debug_subjects, verify_self_signed_cert

Class Method Details

.ca_cert_to_file(subject, key_file, cert_file, time, key_pass = nil) ⇒ Object


66
67
68
69
70
71
72
73
74
75
# File 'test/cookbooks/ssl_certificate_test/libraries/cert_ca_helper.rb', line 66

def self.ca_cert_to_file(subject, key_file, cert_file, time, key_pass = nil)
  key = File.open(key_file, 'rb', &:read)

  key, cert = generate_generic_x509_key_cert(key, time, key_pass)

  generate_self_signed_ca_cert(key, cert, subject)

  cert.sign(key, OpenSSL::Digest::SHA1.new)
  open(cert_file, 'w') { |io| io.write cert.to_pem }
end

.generate_ca_cert_extensions(cert) ⇒ Object


50
51
52
53
54
55
56
# File 'test/cookbooks/ssl_certificate_test/libraries/cert_ca_helper.rb', line 50

def self.generate_ca_cert_extensions(cert)
  ef = OpenSSL::X509::ExtensionFactory.new
  ef.subject_certificate = cert
  ef.issuer_certificate = cert
  cert_add_extensions(cert, ef, CACertificate::EXTENSIONS)
  ef
end

.generate_self_signed_ca_cert(key, cert, subject) ⇒ Object


58
59
60
61
62
63
64
# File 'test/cookbooks/ssl_certificate_test/libraries/cert_ca_helper.rb', line 58

def self.generate_self_signed_ca_cert(key, cert, subject)
  cert.public_key = key.public_key
  cert.subject = generate_cert_subject(subject)
  cert.issuer = cert.subject
  _ef = generate_ca_cert_extensions(cert)
  cert
end

.key_to_file(key_file, pass_phrase = nil) ⇒ Object


38
39
40
41
42
43
44
45
46
47
48
# File 'test/cookbooks/ssl_certificate_test/libraries/cert_ca_helper.rb', line 38

def self.key_to_file(key_file, pass_phrase = nil)
  key = OpenSSL::PKey::RSA.new(2048)
  open(key_file, 'w', 0400) do |io|
    if pass_phrase
      cipher = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
      io.write key.export(cipher, pass_phrase)
    else
      io.write key.to_pem
    end
  end
end