1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
module CertificateAuthority
module KeyMaterial
def public_key
raise "Required implementation"
end
def private_key
raise "Required implementation"
end
def is_in_hardware?
raise "Required implementation"
end
def is_in_memory?
raise "Required implementation"
end
def self.from_x509_key_pair(pair,password=nil)
if password.nil?
key = OpenSSL::PKey::RSA.new(pair)
else
key = OpenSSL::PKey::RSA.new(pair,password)
end
mem_key = MemoryKeyMaterial.new
mem_key.public_key = key.public_key
mem_key.private_key = key
mem_key
end
def self.from_x509_public_key(public_key_pem)
key = OpenSSL::PKey::RSA.new(public_key_pem)
signing_request_key = SigningRequestKeyMaterial.new
signing_request_key.public_key = key.public_key
signing_request_key
end
end
class MemoryKeyMaterial
include KeyMaterial
include ActiveModel::Validations
attr_accessor :keypair
attr_accessor :private_key
attr_accessor :public_key
def initialize
end
validates_each :private_key do |record, attr, value|
record.errors.add :private_key, "cannot be blank" if record.private_key.nil?
end
validates_each :public_key do |record, attr, value|
record.errors.add :public_key, "cannot be blank" if record.public_key.nil?
end
def is_in_hardware?
false
end
def is_in_memory?
true
end
def generate_key(modulus_bits=2048)
self.keypair = OpenSSL::PKey::RSA.new(modulus_bits)
self.private_key = keypair
self.public_key = keypair.public_key
self.keypair
end
def private_key
@private_key
end
def public_key
@public_key
end
end
class SigningRequestKeyMaterial
include KeyMaterial
include ActiveModel::Validations
validates_each :public_key do |record, attr, value|
record.errors.add :public_key, "cannot be blank" if record.public_key.nil?
end
attr_accessor :public_key
def initialize(request=nil)
if request.is_a? OpenSSL::X509::Request
raise "Invalid certificate signing request" unless request.verify request.public_key
self.public_key = request.public_key
end
end
def is_in_hardware?
false
end
def is_in_memory?
true
end
def private_key
nil
end
def public_key
@public_key
end
end
class SigningRequestKeyMaterial
include KeyMaterial
include ActiveModel::Validations
validates_each :public_key do |record, attr, value|
record.errors.add :public_key, "cannot be blank" if record.public_key.nil?
end
attr_accessor :public_key
def initialize(request=nil)
if request.is_a? OpenSSL::X509::Request
raise "Invalid certificate signing request" unless request.verify request.public_key
self.public_key = request.public_key
end
end
def is_in_hardware?
false
end
def is_in_memory?
true
end
def private_key
nil
end
def public_key
@public_key
end
end
end
|