diff options
| author | asq <asq@asq.art.pl> | 2014-02-26 18:00:51 +0100 |
|---|---|---|
| committer | asq <asq@asq.art.pl> | 2014-02-26 18:00:51 +0100 |
| commit | 4d002c7d46f4a2c87ec1e3e27c4ee695f60ffa7f (patch) | |
| tree | 99cfe620f29843a83e110daeb34e9ab76dec817e | |
| parent | 5c7a58996ae7c68ffdacf9f526417174a1ca9330 (diff) | |
x509 format - fixes
| -rw-r--r-- | lib/trocla/formats/x509.rb | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/lib/trocla/formats/x509.rb b/lib/trocla/formats/x509.rb index bf94cec..5cb1fb2 100644 --- a/lib/trocla/formats/x509.rb +++ b/lib/trocla/formats/x509.rb @@ -2,6 +2,11 @@ class Trocla::Formats::X509 require 'openssl' def format(plain_password,options={}) + if plain_password.match(/-----BEGIN RSA PRIVATE KEY-----.*-----END RSA PRIVATE KEY-----.*-----BEGIN CERTIFICATE-----.*-----END CERTIFICATE-----/m) + # just an import, don't generate any new keys + return plain_password + end + if options['subject'] subject = options['subject'] elsif options['CN'] @@ -36,8 +41,9 @@ class Trocla::Formats::X509 def mkcert(serial,subject,issuer,public_key,days,altnames) cert = OpenSSL::X509::Certificate.new + issuer = cert if issuer == nil cert.subject = subject - cert.issuer = issuer + cert.issuer = issuer.subject cert.not_before = Time.now cert.not_after = Time.now + days * 24 * 60 * 60 cert.public_key = public_key @@ -46,7 +52,7 @@ class Trocla::Formats::X509 ef = OpenSSL::X509::ExtensionFactory.new ef.subject_certificate = cert - ef.issuer_certificate = cert + ef.issuer_certificate = issuer cert.extensions = [ ef.create_extension("subjectKeyIdentifier", "hash") ] cert.add_extension ef.create_extension("basicConstraints","CA:TRUE", true) if subject == issuer cert.add_extension ef.create_extension("basicConstraints","CA:FALSE", true) if subject != issuer @@ -64,7 +70,12 @@ class Trocla::Formats::X509 def getserial(ca,serial) subreq = Trocla.new - subreq.get_password("#{ca}_serial",'plain') + 1 || serial + newser = subreq.get_password("#{ca}_serial",'plain') + if newser + newser + 1 + else + serial + end end def setserial(ca,serial) @@ -84,7 +95,7 @@ class Trocla::Formats::X509 cakey = OpenSSL::PKey::RSA.new(getca(sign_with)) caserial = getserial(sign_with, serial) rescue Exception => e - raise "Value of #{sign_with} can't be loaded as CA: #{e.message}" unless ca + raise "Value of #{sign_with} can't be loaded as CA: #{e.message}" end begin @@ -96,7 +107,7 @@ class Trocla::Formats::X509 end begin - csr_cert = mkcert(caserial, request.subject, ca.subject, request.public_key, days, altnames) + csr_cert = mkcert(caserial, request.subject, ca, request.public_key, days, altnames) csr_cert.sign(cakey, OpenSSL::Digest::SHA1.new) setserial(sign_with, caserial) rescue Exception => e @@ -107,7 +118,7 @@ class Trocla::Formats::X509 else # self-signed certificate begin subj = OpenSSL::X509::Name.parse(subject) - cert = mkcert(serial, subj, subj, key.public_key, days, altnames) + cert = mkcert(serial, subj, nil, key.public_key, days, altnames) cert.sign(key, OpenSSL::Digest::SHA1.new) rescue Exception => e raise "Self-signed certificate #{subject} creation failed: #{e.message}" @@ -117,4 +128,3 @@ class Trocla::Formats::X509 end end end - |