class Vcert::Request

Attributes

common_name[R]
country[R]
id[RW]
key_type[R]
locality[R]
organization[R]
organizational_unit[R]
province[R]
san_dns[R]
thumbprint[RW]

Public Class Methods

new(common_name: nil, private_key: nil, key_type: nil, organization: nil, organizational_unit: nil, country: nil, province: nil, locality: nil, san_dns: nil, friendly_name: nil, csr: nil) click to toggle source
# File lib/objects/objects.rb, line 13
def initialize(common_name: nil, private_key: nil, key_type: nil,
               organization: nil, organizational_unit: nil, country: nil, province: nil, locality: nil, san_dns: nil,
               friendly_name: nil, csr: nil)
  @common_name = common_name
  @private_key = private_key
  #todo: parse private key and set public
  if key_type != nil && !key_type.instance_of?(KeyType)
    raise Vcert::ClientBadDataError, "key_type bad type. should be Vcert::KeyType. for example KeyType('rsa', 2048)"
  end
  @key_type = key_type
  @organization = organization
  @organizational_unit = organizational_unit
  @country = country
  @province = province
  @locality = locality
  @san_dns = san_dns
  @friendly_name = friendly_name
  @id = nil
  @csr = csr
end

Public Instance Methods

csr() click to toggle source
# File lib/objects/objects.rb, line 88
def csr
  # TODO: find a way to pass CSR generation if renew is requested
  if @csr == nil
    generate_csr
  end
  @csr
end
csr?() click to toggle source
# File lib/objects/objects.rb, line 96
def csr?
  @csr != nil
end
friendly_name() click to toggle source
# File lib/objects/objects.rb, line 107
def friendly_name
  if @friendly_name != nil
    return @friendly_name
  end
  @common_name
end
generate_csr() click to toggle source
# File lib/objects/objects.rb, line 34
def generate_csr
  if @private_key == nil
    generate_private_key
  end
  subject_attrs = [
      ['CN', @common_name]
  ]
  if @organization != nil
    subject_attrs.push(['O', @organization])
  end
  if @organizational_unit != nil
    if @organizational_unit.kind_of?(Array)
      @organizational_unit.each { |ou| subject_attrs.push(['OU', ou]) }
    else
      subject_attrs.push(['OU', @organizational_unit])
    end
  end
  if @country != nil
    subject_attrs.push(['C', @country])
  end
  if @province != nil
    subject_attrs.push(['ST', @province])
  end
  if @locality != nil
    subject_attrs.push(['L', @locality])
  end

  LOG.info("#{VCERT_PREFIX} Making request from subject array #{subject_attrs.inspect}")
  subject = OpenSSL::X509::Name.new subject_attrs
  csr = OpenSSL::X509::Request.new
  csr.version = 0
  csr.subject = subject
  csr.public_key = @public_key
  if @san_dns != nil
    unless @san_dns.kind_of?(Array)
      @san_dns = [@san_dns]
    end
    #TODO: add check that san_dns is an array
    san_list = @san_dns.map { |domain| "DNS:#{domain}" }
    extensions = [
        OpenSSL::X509::ExtensionFactory.new.create_extension('subjectAltName', san_list.join(','))
    ]
    attribute_values = OpenSSL::ASN1::Set [OpenSSL::ASN1::Sequence(extensions)]
    [
        OpenSSL::X509::Attribute.new('extReq', attribute_values),
        OpenSSL::X509::Attribute.new('msExtReq', attribute_values)
    ].each do |attribute|
      csr.add_attribute attribute
    end
  end
  csr.sign @private_key, OpenSSL::Digest::SHA256.new # todo: changable sign alg
  @csr = csr.to_pem
end
private_key() click to toggle source
# File lib/objects/objects.rb, line 100
def private_key
  if @private_key == nil
    generate_private_key
  end
  @private_key.to_pem
end
update_from_zone_config(zone_config) click to toggle source

@param [ZoneConfiguration] zone_config

# File lib/objects/objects.rb, line 115
def update_from_zone_config(zone_config)
  if zone_config.country.locked || (!@country && !!zone_config.country.value)
    @country = zone_config.country.value
  end
  if zone_config.locality.locked || (!@locality && !!zone_config.locality.value)
    @locality = zone_config.locality.value
  end
  if zone_config.province.locked || (!@province && !!zone_config.province.value)
    @province = zone_config.province.value
  end
  if zone_config.organization.locked || (!@organization && !!zone_config.organization.value)
    @organization = zone_config.organization.value
  end
  if zone_config.organizational_unit.locked || (!@organizational_unit && !!zone_config.organizational_unit.value)
    @organizational_unit = zone_config.organizational_unit.value
  end
  if zone_config.key_type.locked || (@key_type == nil && zone_config.key_type.value != nil)
    @key_type = zone_config.key_type.value
  end
end

Private Instance Methods

generate_private_key() click to toggle source
# File lib/objects/objects.rb, line 139
def generate_private_key
  if @key_type == nil
    @key_type = DEFAULT_KEY_TYPE
  end
  if @key_type.type == "rsa"
    @private_key = OpenSSL::PKey::RSA.new @key_type.option
    @public_key = @private_key.public_key
  elsif @key_type.type == "ecdsa"
    @private_key, @public_key = OpenSSL::PKey::EC.new(@key_type.option), OpenSSL::PKey::EC.new(@key_type.option)
    @private_key.generate_key
    @public_key.public_key = @private_key.public_key
  end
end