class Vcert::FakeConnection

Constants

ROOT_CA
ROOT_KEY

Public Class Methods

new() click to toggle source
# File lib/fake/fake.rb, line 7
def initialize()
  @cert_cache = {}
end

Public Instance Methods

policy(zone_tag) click to toggle source
# File lib/fake/fake.rb, line 36
def policy(zone_tag)
      key_types = [1024, 2048, 4096, 8192].map {|s| Vcert::KeyType.new("rsa", s) } + Vcert::SUPPORTED_CURVES.map {|c| Vcert::KeyType.new("ecdsa", c) }
      Vcert::Policy.new(policy_id: zone_tag, name: zone_tag, system_generated: false, creation_date: nil,
                        subject_cn_regexes: [".*"], subject_o_regexes: [".*"],
                        subject_ou_regexes: [".*"], subject_st_regexes: [".*"],
                        subject_l_regexes: [".*"], subject_c_regexes: [".*"], san_regexes: [".*"],
                        key_types: key_types)
end
renew(request, generate_new_key: true) click to toggle source
# File lib/fake/fake.rb, line 56
def renew(request, generate_new_key: true)
  if request.thumbprint
    if generate_new_key
      new_key = OpenSSL::PKey::RSA.new 2048
      csr = OpenSSL::X509::Request.new
      csr.subject = @cert_cache[request.thumbprint].subject
      csr.public_key =  new_key.public_key
      csr.sign new_key, OpenSSL::Digest::SHA256.new
      return Base64.encode64(csr.to_pem), new_key.to_pem
    else
      raise Vcert::VcertError, "can not be implemented"
    end
  end
  unless generate_new_key
    return request.id, request.private_key
  end
  new_key = OpenSSL::PKey::RSA.new 2048
  csr = OpenSSL::X509::Request.new Base64.decode64(request.id)
  csr.public_key = new_key.public_key
  csr.sign new_key, OpenSSL::Digest::SHA256.new
  return Base64.encode64(csr.to_pem), new_key.to_pem
end
request(zone_tag, request) click to toggle source
# File lib/fake/fake.rb, line 11
def request(zone_tag, request)
  request.id = Base64.encode64(request.csr)
end
retrieve(request) click to toggle source
# File lib/fake/fake.rb, line 15
def retrieve(request)
  csrpem = Base64.decode64(request.id)
  csr =  OpenSSL::X509::Request.new(csrpem)
  root_ca = OpenSSL::X509::Certificate.new ROOT_CA
  root_key = OpenSSL::PKey::RSA.new ROOT_KEY
  cert = OpenSSL::X509::Certificate.new
  cert.version = 2
  cert.serial = (Time.new.to_f() * 100).to_i
  cert.subject = csr.subject
  cert.issuer = root_ca.subject
  cert.not_before = Time.now
  cert.public_key = csr.public_key
  cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60
  # todo: add extensions
  cert.sign(root_key, OpenSSL::Digest::SHA256.new)
  c = Vcert::Certificate.new cert:cert.to_pem, chain: [ROOT_CA], private_key: request.private_key
  thumbprint = OpenSSL::Digest::SHA1.new(cert.to_der).to_s
  @cert_cache[thumbprint] = cert
  c
end
zone_configuration(zone_tag) click to toggle source
# File lib/fake/fake.rb, line 45
def zone_configuration(zone_tag)
  Vcert::ZoneConfiguration.new(
      country: Vcert::CertField.new("US"),
      province: Vcert::CertField.new("Utah"),
      locality: Vcert::CertField.new("Salt Lake City"),
      organization: Vcert::CertField.new("Venafi"),
      organizational_unit: Vcert::CertField.new("DevOps"),
      key_type: Vcert::CertField.new(Vcert::KeyType.new("rsa", 2048), locked: true),
      )
end