module Flores::PKI

Constants

GENERATE_DEFAULT_DURATION_RANGE
GENERATE_DEFAULT_EXPONENT
GENERATE_DEFAULT_KEY_SIZE

Public Class Methods

generate(subject = "CN=localhost", opts = {}) click to toggle source

Generate a valid certificate with sane random values.

By default this method use `CN=localhost` as the default subject and a 1024 bits encryption key for the certificate, you can override the defaults by specifying a subject and the key size in the options hash.

Example:

Flores::PKI.generate("CN=localhost", { :key_size => 2048 }

@params subject [String] Certificate subject @params opts [Hash] Options @return [OpenSSL::X509::Certificate, OpenSSL::Pkey::RSA]

# File lib/flores/pki.rb, line 50
def generate(subject = "CN=localhost", opts = {})
  key_size = opts.fetch(:key_size, GENERATE_DEFAULT_KEY_SIZE)
  key = OpenSSL::PKey::RSA.generate(key_size, GENERATE_DEFAULT_EXPONENT)

  certificate_duration = Flores::Random.number(GENERATE_DEFAULT_DURATION_RANGE)

  csr = Flores::PKI::CertificateSigningRequest.new
  csr.subject = subject
  csr.public_key = key.public_key
  csr.start_time = Time.now
  csr.expire_time = csr.start_time + certificate_duration
  csr.signing_key = key
  csr.want_signature_ability = true
  certificate = csr.create

  return [certificate, key]
end
random_serial() click to toggle source

Generate a random serial number for a certificate.

# File lib/flores/pki.rb, line 30
def random_serial
  # RFC5280 (X509) says:
  # > 4.1.2.2.  Serial Number
  # > Certificate users MUST be able to handle serialNumber values up to 20 octets
  Flores::Random.integer(1..9).to_s + Flores::Random.iterations(0..19).collect { Flores::Random.integer(0..9) }.join
end