class EaSSL::SigningRequest

Author

Paul Nicholson (paul@webpowerdesign.net)

Co-Author

Adam Williams (adam@thewilliams.ws)

Copyright

Copyright © 2006 WebPower Design

License

Distributes under the same terms as Ruby

Attributes

extensions[R]

Public Class Methods

load(pem_file_path) click to toggle source
# File lib/eassl/signing_request.rb, line 87
def self.load(pem_file_path)
  new.load(File.read(pem_file_path))
end
new(options = {}) click to toggle source
# File lib/eassl/signing_request.rb, line 11
def initialize(options = {})
  @options = {
    :name       => {},                #required, CertificateName
    :key        => nil,               #required
    :digest     => OpenSSL::Digest::SHA512.new,
    :extensions => nil
  }.update(options)
  @options[:key] ||= Key.new(@options)
end

Public Instance Methods

key() click to toggle source
# File lib/eassl/signing_request.rb, line 69
def key
  @options[:key]
end
load(pem_string) click to toggle source
# File lib/eassl/signing_request.rb, line 91
def load(pem_string)
  begin
    @ssl = OpenSSL::X509::Request.new(pem_string)
    @extensions = begin
      if attr = ssl.attributes.detect { |a| ['extReq','msExtReq'].include?(a.oid)}
        set = OpenSSL::ASN1.decode(attr.value)
        seq = set.value.first
        seq.value.collect { |e| OpenSSL::X509::Extension.new(e) }
      end
    end
  rescue
    raise "SigningRequestLoader: Error loading signing request"
  end
  self
end
method_missing(method) click to toggle source

This method is used to intercept and pass-thru calls to openSSL methods and instance variables.

# File lib/eassl/signing_request.rb, line 83
def method_missing(method)
  ssl.send(method)
end
options() click to toggle source
# File lib/eassl/signing_request.rb, line 73
def options
  @options
end
ssl() click to toggle source
# File lib/eassl/signing_request.rb, line 21
def ssl
  unless @ssl
    @ssl = OpenSSL::X509::Request.new
    @ssl.version = 0
    @ssl.subject = CertificateName.new(@options[:name].options).name
    @ssl.public_key = key.public_key
    
    @extensions = Array.new
    ef = OpenSSL::X509::ExtensionFactory.new
    
    case @options[:type]
    when 'subordinate'
      @extensions << ef.create_extension("basicConstraints","CA:TRUE")
    when 'server'
      @extensions << ef.create_extension("basicConstraints","CA:FALSE")
      @extensions << ef.create_extension("keyUsage", "digitalSignature,keyEncipherment")
      @extensions << ef.create_extension("extendedKeyUsage", "serverAuth")
    when 'client'
      @extensions << ef.create_extension("basicConstraints","CA:FALSE")
      @extensions << ef.create_extension("keyUsage", "nonRepudiation,digitalSignature,keyEncipherment")
      @extensions << ef.create_extension("extendedKeyUsage", "clientAuth,emailProtection")
    when 'peer'
      @extensions << ef.create_extension("basicConstraints","CA:FALSE")
      @extensions << ef.create_extension("keyUsage", "digitalSignature,keyEncipherment")
      @extensions << ef.create_extension("extendedKeyUsage", "serverAuth,clientAuth")
    when 'custom'
      @options[:extensions].each do |ext|
        @extensions << ef.create_extensions(ext[:name], ext[:value])
      end
    end
    
    if @options[:subject_alt_name]
      subjectAltName = @options[:subject_alt_name].map {|d| d.is_a?(Hash) ? "#{d[:name]}: #{d[:value]}" : "DNS: #{d}"  }.join(',')
      @extensions << ef.create_extension("subjectAltName", subjectAltName)
    end

    if @extensions.count > 0
      seq = OpenSSL::ASN1::Sequence.new(extensions)
      set = OpenSSL::ASN1::Set.new([seq])
      attr = OpenSSL::X509::Attribute.new('extReq', set)
      @ssl.add_attribute(attr)
    end

    @ssl.sign(key.private_key, @options[:digest])
  end
  @ssl
end
to_pem() click to toggle source
# File lib/eassl/signing_request.rb, line 77
def to_pem
  ssl.to_pem
end