class CertificateAuthority::Pkcs11KeyMaterial

Attributes

engine[RW]
openssl_pkcs11_engine_lib[RW]
pin[RW]
pkcs11_lib[RW]
token_id[RW]

Public Class Methods

new(attributes = {}) click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/pkcs11_key_material.rb, line 11
def initialize(attributes = {})
  @attributes = attributes
  initialize_engine
end

Public Instance Methods

generate_key(modulus_bits=1024) click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/pkcs11_key_material.rb, line 24
def generate_key(modulus_bits=1024)
  puts "Key generation is not currently supported in hardware"
  nil
end
is_in_hardware?() click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/pkcs11_key_material.rb, line 16
def is_in_hardware?
  true
end
is_in_memory?() click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/pkcs11_key_material.rb, line 20
def is_in_memory?
  false
end
private_key() click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/pkcs11_key_material.rb, line 29
def private_key
  initialize_engine
  self.engine.load_private_key(self.token_id)
end
public_key() click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/pkcs11_key_material.rb, line 34
def public_key
  initialize_engine
  self.engine.load_public_key(self.token_id)
end

Private Instance Methods

initialize_engine() click to toggle source
# File vendor/certificate_authority/lib/certificate_authority/pkcs11_key_material.rb, line 41
def initialize_engine
  ## We're going to return early and try again later if params weren't passed in
  ## at initialization.  Any attempt at getting a public/private key will try
  ## again.
  return false if self.openssl_pkcs11_engine_lib.nil? or self.pkcs11_lib.nil?
  return self.engine unless self.engine.nil?
  OpenSSL::Engine.load

  pkcs11 = OpenSSL::Engine.by_id("dynamic") do |e|
    e.ctrl_cmd("SO_PATH",self.openssl_pkcs11_engine_lib)
    e.ctrl_cmd("ID","pkcs11")
    e.ctrl_cmd("LIST_ADD","1")
    e.ctrl_cmd("LOAD")
    e.ctrl_cmd("PIN",self.pin) unless self.pin.nil? or self.pin == ""
    e.ctrl_cmd("MODULE_PATH",self.pkcs11_lib)
  end

  self.engine = pkcs11
  pkcs11
end