class Varanus::SSL::CSR

Wrapper class around a OpenSSL::X509::Request Provides helper functions to make reading information from the CSR easier

Constants

DEFAULT_KEY_SIZE

Key size used when calling {.generate}

Public Class Methods

generate(names, key = nil, subject = {}) click to toggle source

Generate a CSR @param names [Array<String>] List of DNS names. The first one will be the CN @param key [OpenSSL::PKey::RSA, OpenSSL::PKey::DSA, nil] Secret key for the cert.

A DSA key will be generated if +nil+ is passed in.

@param subject [Hash] Options for the subject of the cert. By default only CN will

be set

@return [Array(OpenSSL::PKey::PKey, Varanus::SSL::CSR)] The private key for the cert

and CSR
# File lib/varanus/ssl/csr.rb, line 17
def self.generate names, key = nil, subject = {}
  raise ArgumentError, 'names cannot be empty' if names.empty?

  subject = subject.dup
  subject['CN'] = names.first

  key ||= OpenSSL::PKey::DSA.new(DEFAULT_KEY_SIZE)

  request = OpenSSL::X509::Request.new
  request.version = 0
  request.subject = OpenSSL::X509::Name.parse subject.map { |k, v| "/#{k}=#{v}" }.join
  request.add_attribute names_to_san_attribute(names)
  request.public_key = key.public_key

  request.sign(key, OpenSSL::Digest.new('SHA256'))

  [key, Varanus::SSL::CSR.new(request)]
end