module Flores::PKI
Constants
- GENERATE_DEFAULT_DURATION_RANGE
- GENERATE_DEFAULT_EXPONENT
- GENERATE_DEFAULT_KEY_SIZE
Public Class Methods
generate(subject = "CN=localhost", opts = {})
click to toggle source
Generate a valid certificate with sane random values.
By default this method use `CN=localhost` as the default subject and a 1024 bits encryption key for the certificate, you can override the defaults by specifying a subject and the key size in the options hash.
Example:
Flores::PKI.generate("CN=localhost", { :key_size => 2048 }
@params subject [String] Certificate subject @params opts [Hash] Options @return [OpenSSL::X509::Certificate, OpenSSL::Pkey::RSA]
# File lib/flores/pki.rb, line 50 def generate(subject = "CN=localhost", opts = {}) key_size = opts.fetch(:key_size, GENERATE_DEFAULT_KEY_SIZE) key = OpenSSL::PKey::RSA.generate(key_size, GENERATE_DEFAULT_EXPONENT) certificate_duration = Flores::Random.number(GENERATE_DEFAULT_DURATION_RANGE) csr = Flores::PKI::CertificateSigningRequest.new csr.subject = subject csr.public_key = key.public_key csr.start_time = Time.now csr.expire_time = csr.start_time + certificate_duration csr.signing_key = key csr.want_signature_ability = true certificate = csr.create return [certificate, key] end
random_serial()
click to toggle source
Generate a random serial number for a certificate.
# File lib/flores/pki.rb, line 30 def random_serial # RFC5280 (X509) says: # > 4.1.2.2. Serial Number # > Certificate users MUST be able to handle serialNumber values up to 20 octets Flores::Random.integer(1..9).to_s + Flores::Random.iterations(0..19).collect { Flores::Random.integer(0..9) }.join end