summaryrefslogtreecommitdiff
path: root/vendor/acme-client/lib/acme/client/certificate_request.rb
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/acme-client/lib/acme/client/certificate_request.rb')
-rw-r--r--vendor/acme-client/lib/acme/client/certificate_request.rb111
1 files changed, 0 insertions, 111 deletions
diff --git a/vendor/acme-client/lib/acme/client/certificate_request.rb b/vendor/acme-client/lib/acme/client/certificate_request.rb
deleted file mode 100644
index 8eae0c6..0000000
--- a/vendor/acme-client/lib/acme/client/certificate_request.rb
+++ /dev/null
@@ -1,111 +0,0 @@
-class Acme::Client::CertificateRequest
- extend Forwardable
-
- DEFAULT_KEY_LENGTH = 2048
- DEFAULT_DIGEST = OpenSSL::Digest::SHA256
- SUBJECT_KEYS = {
- common_name: 'CN',
- country_name: 'C',
- organization_name: 'O',
- organizational_unit: 'OU',
- state_or_province: 'ST',
- locality_name: 'L'
- }.freeze
-
- SUBJECT_TYPES = {
- 'CN' => OpenSSL::ASN1::UTF8STRING,
- 'C' => OpenSSL::ASN1::UTF8STRING,
- 'O' => OpenSSL::ASN1::UTF8STRING,
- 'OU' => OpenSSL::ASN1::UTF8STRING,
- 'ST' => OpenSSL::ASN1::UTF8STRING,
- 'L' => OpenSSL::ASN1::UTF8STRING
- }.freeze
-
- attr_reader :private_key, :common_name, :names, :subject
-
- def_delegators :csr, :to_pem, :to_der
-
- def initialize(common_name: nil, names: [], private_key: generate_private_key, subject: {}, digest: DEFAULT_DIGEST.new)
- @digest = digest
- @private_key = private_key
- @subject = normalize_subject(subject)
- @common_name = common_name || @subject[SUBJECT_KEYS[:common_name]] || @subject[:common_name]
- @names = names.to_a.dup
- normalize_names
- @subject[SUBJECT_KEYS[:common_name]] ||= @common_name
- validate_subject
- end
-
- def csr
- @csr ||= generate
- end
-
- private
-
- def generate_private_key
- OpenSSL::PKey::RSA.new(DEFAULT_KEY_LENGTH)
- end
-
- def normalize_subject(subject)
- @subject = subject.each_with_object({}) do |(key, value), hash|
- hash[SUBJECT_KEYS.fetch(key, key)] = value.to_s
- end
- end
-
- def normalize_names
- if @common_name
- @names.unshift(@common_name) unless @names.include?(@common_name)
- else
- raise ArgumentError, 'No common name and no list of names given' if @names.empty?
- @common_name = @names.first
- end
- end
-
- def validate_subject
- validate_subject_attributes
- validate_subject_common_name
- end
-
- def validate_subject_attributes
- extra_keys = @subject.keys - SUBJECT_KEYS.keys - SUBJECT_KEYS.values
- return if extra_keys.empty?
- raise ArgumentError, "Unexpected subject attributes given: #{extra_keys.inspect}"
- end
-
- def validate_subject_common_name
- return if @common_name == @subject[SUBJECT_KEYS[:common_name]]
- raise ArgumentError, 'Conflicting common name given in arguments and subject'
- end
-
- def generate
- OpenSSL::X509::Request.new.tap do |csr|
- csr.public_key = @private_key.public_key
- csr.subject = generate_subject
- csr.version = 2
- add_extension(csr)
- csr.sign @private_key, @digest
- end
- end
-
- def generate_subject
- OpenSSL::X509::Name.new(
- @subject.map {|name, value|
- [name, value, SUBJECT_TYPES[name]]
- }
- )
- end
-
- def add_extension(csr)
- return if @names.size <= 1
-
- extension = OpenSSL::X509::ExtensionFactory.new.create_extension(
- 'subjectAltName', @names.map { |name| "DNS:#{name}" }.join(', '), false
- )
- csr.add_attribute(
- OpenSSL::X509::Attribute.new(
- 'extReq',
- OpenSSL::ASN1::Set.new([OpenSSL::ASN1::Sequence.new([extension])])
- )
- )
- end
-end
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 00:54:33 +0000