class Samlr::Tools::CertificateBuilder

Container for generating/referencing X509 and keys

Attributes

key_size[R]

Public Class Methods

dump(path, certificate, id = "samlr") click to toggle source
# File lib/samlr/tools/certificate_builder.rb, line 61
def self.dump(path, certificate, id = "samlr")
  File.open(File.join(path, "#{id}_private_key.pem"), "w") { |f| f.write(certificate.key_pair.to_pem) }
  File.open(File.join(path, "#{id}_certificate.pem"), "w") { |f| f.write(certificate.x509.to_pem) }
end
load(path, id = "samlr") click to toggle source
# File lib/samlr/tools/certificate_builder.rb, line 66
def self.load(path, id = "samlr")
  key_pair  = OpenSSL::PKey::RSA.new(File.read(File.join(path, "#{id}_private_key.pem")))
  x509_cert = OpenSSL::X509::Certificate.new(File.read(File.join(path, "#{id}_certificate.pem")))

  new(:key_pair => key_pair, :x509 => x509_cert)
end
new(options = {}) click to toggle source
# File lib/samlr/tools/certificate_builder.rb, line 8
def initialize(options = {})
  @key_size = options.fetch(:key_size, 4096)
  @x509     = options[:x509]
  @key_pair = options[:key_pair]
end

Public Instance Methods

key_pair() click to toggle source
# File lib/samlr/tools/certificate_builder.rb, line 45
def key_pair
  @key_pair ||= OpenSSL::PKey::RSA.new(key_size)
end
sign(string) click to toggle source
# File lib/samlr/tools/certificate_builder.rb, line 49
def sign(string)
  Base64.encode64(key_pair.sign(OpenSSL::Digest::SHA1.new, string)).delete("\n")
end
to_certificate() click to toggle source
# File lib/samlr/tools/certificate_builder.rb, line 57
def to_certificate
  Samlr::Certificate.new(x509)
end
verify(signature, string) click to toggle source
# File lib/samlr/tools/certificate_builder.rb, line 53
def verify(signature, string)
  key_pair.public_key.verify(OpenSSL::Digest::SHA1.new, Base64.decode64(signature), string)
end
x509() click to toggle source
# File lib/samlr/tools/certificate_builder.rb, line 14
def x509
  @x509 ||= begin
    domain = "example.org"
    name   = OpenSSL::X509::Name.new([
      [ 'C', 'US', OpenSSL::ASN1::PRINTABLESTRING ],
      [ 'O', domain, OpenSSL::ASN1::UTF8STRING ],
      [ 'OU', 'Samlr ResponseBuilder', OpenSSL::ASN1::UTF8STRING ],
      [ 'CN', 'CA' ]
      ])

    certificate = OpenSSL::X509::Certificate.new
    certificate.subject    = name
    certificate.issuer     = name
    certificate.not_before = (Time.now - 5)
    certificate.not_after  = (Time.now + 60 * 60 * 24 * 365 * 20)
    certificate.public_key = key_pair.public_key
    certificate.serial     = 1
    certificate.version    = 2
    certificate.sign(key_pair, OpenSSL::Digest::SHA1.new)

    certificate
  end
end
x509_as_pem() click to toggle source
# File lib/samlr/tools/certificate_builder.rb, line 38
def x509_as_pem
  pem = x509.to_pem.split("\n")
  pem.pop
  pem.shift
  pem.join
end