class Acme::Client::SelfSignCertificate

Attributes

not_after[R]
not_before[R]
private_key[R]
subject_alt_names[R]

Public Class Methods

new(subject_alt_names:, not_before: default_not_before, not_after: default_not_after, private_key: generate_private_key) click to toggle source
# File lib/acme/client/self_sign_certificate.rb, line 7
def initialize(subject_alt_names:, not_before: default_not_before, not_after: default_not_after, private_key: generate_private_key)
  @private_key = private_key
  @subject_alt_names = subject_alt_names
  @not_before = not_before
  @not_after = not_after
end

Public Instance Methods

certificate() click to toggle source
# File lib/acme/client/self_sign_certificate.rb, line 14
def certificate
  @certificate ||= begin
    certificate = generate_certificate

    extension_factory = generate_extension_factory(certificate)
    subject_alt_name_entry = subject_alt_names.map { |d| "DNS: #{d}" }.join(',')
    subject_alt_name_extension = extension_factory.create_extension('subjectAltName', subject_alt_name_entry)
    certificate.add_extension(subject_alt_name_extension)

    certificate.sign(private_key, digest)
  end
end

Private Instance Methods

default_not_after() click to toggle source
# File lib/acme/client/self_sign_certificate.rb, line 37
def default_not_after
  Time.now + 30 * 24 * 3600
end
default_not_before() click to toggle source
# File lib/acme/client/self_sign_certificate.rb, line 33
def default_not_before
  Time.now - 3600
end
digest() click to toggle source
# File lib/acme/client/self_sign_certificate.rb, line 41
def digest
  OpenSSL::Digest::SHA256.new
end
generate_certificate() click to toggle source
# File lib/acme/client/self_sign_certificate.rb, line 45
def generate_certificate
  certificate = OpenSSL::X509::Certificate.new
  certificate.not_before = not_before
  certificate.not_after = not_after
  Acme::Client::Util.set_public_key(certificate, private_key)
  certificate.version = 2
  certificate.serial = 1
  certificate
end
generate_extension_factory(certificate) click to toggle source
# File lib/acme/client/self_sign_certificate.rb, line 55
def generate_extension_factory(certificate)
  extension_factory = OpenSSL::X509::ExtensionFactory.new
  extension_factory.subject_certificate = certificate
  extension_factory.issuer_certificate = certificate
  extension_factory
end
generate_private_key() click to toggle source
# File lib/acme/client/self_sign_certificate.rb, line 29
def generate_private_key
  OpenSSL::PKey::RSA.new(2048)
end