diff options
author | elijah <elijah@riseup.net> | 2016-08-30 23:27:39 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2016-08-30 23:27:39 -0700 |
commit | cd809a6b69790b48344abfaa294edd8c4d4c7231 (patch) | |
tree | 80effc5c22179bd678a5d5d3873c81153fc8dbcf /vendor/acme-client/lib/acme/client/self_sign_certificate.rb | |
parent | d324b3e4af6869414ee928c6f507093791c10c1c (diff) |
added acme-client gem
Diffstat (limited to 'vendor/acme-client/lib/acme/client/self_sign_certificate.rb')
-rw-r--r-- | vendor/acme-client/lib/acme/client/self_sign_certificate.rb | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/vendor/acme-client/lib/acme/client/self_sign_certificate.rb b/vendor/acme-client/lib/acme/client/self_sign_certificate.rb new file mode 100644 index 0000000..2e7d98c --- /dev/null +++ b/vendor/acme-client/lib/acme/client/self_sign_certificate.rb @@ -0,0 +1,60 @@ +class Acme::Client::SelfSignCertificate + attr_reader :private_key, :subject_alt_names, :not_before, :not_after + + extend Forwardable + def_delegators :certificate, :to_pem, :to_der + + def initialize(subject_alt_names:, not_before: default_not_before, not_after: default_not_after, private_key: generate_private_key) + @private_key = private_key + @subject_alt_names = subject_alt_names + @not_before = not_before + @not_after = not_after + end + + def certificate + @certificate ||= begin + certificate = generate_certificate + + extension_factory = generate_extension_factory(certificate) + subject_alt_name_entry = subject_alt_names.map { |d| "DNS: #{d}" }.join(',') + subject_alt_name_extension = extension_factory.create_extension('subjectAltName', subject_alt_name_entry) + certificate.add_extension(subject_alt_name_extension) + + certificate.sign(private_key, digest) + end + end + + private + + def generate_private_key + OpenSSL::PKey::RSA.new(2048) + end + + def default_not_before + Time.now - 3600 + end + + def default_not_after + Time.now + 30 * 24 * 3600 + end + + def digest + OpenSSL::Digest::SHA256.new + end + + def generate_certificate + certificate = OpenSSL::X509::Certificate.new + certificate.not_before = not_before + certificate.not_after = not_after + certificate.public_key = private_key.public_key + certificate.version = 2 + certificate + end + + def generate_extension_factory(certificate) + extension_factory = OpenSSL::X509::ExtensionFactory.new + extension_factory.subject_certificate = certificate + extension_factory.issuer_certificate = certificate + extension_factory + end +end |