class Vcert::Request
Attributes
common_name[R]
country[R]
id[RW]
key_type[R]
locality[R]
organization[R]
organizational_unit[R]
province[R]
san_dns[R]
thumbprint[RW]
Public Class Methods
new(common_name: nil, private_key: nil, key_type: nil, organization: nil, organizational_unit: nil, country: nil, province: nil, locality: nil, san_dns: nil, friendly_name: nil, csr: nil)
click to toggle source
# File lib/objects/objects.rb, line 13 def initialize(common_name: nil, private_key: nil, key_type: nil, organization: nil, organizational_unit: nil, country: nil, province: nil, locality: nil, san_dns: nil, friendly_name: nil, csr: nil) @common_name = common_name @private_key = private_key #todo: parse private key and set public if key_type != nil && !key_type.instance_of?(KeyType) raise Vcert::ClientBadDataError, "key_type bad type. should be Vcert::KeyType. for example KeyType('rsa', 2048)" end @key_type = key_type @organization = organization @organizational_unit = organizational_unit @country = country @province = province @locality = locality @san_dns = san_dns @friendly_name = friendly_name @id = nil @csr = csr end
Public Instance Methods
csr()
click to toggle source
# File lib/objects/objects.rb, line 88 def csr # TODO: find a way to pass CSR generation if renew is requested if @csr == nil generate_csr end @csr end
csr?()
click to toggle source
# File lib/objects/objects.rb, line 96 def csr? @csr != nil end
friendly_name()
click to toggle source
# File lib/objects/objects.rb, line 107 def friendly_name if @friendly_name != nil return @friendly_name end @common_name end
generate_csr()
click to toggle source
# File lib/objects/objects.rb, line 34 def generate_csr if @private_key == nil generate_private_key end subject_attrs = [ ['CN', @common_name] ] if @organization != nil subject_attrs.push(['O', @organization]) end if @organizational_unit != nil if @organizational_unit.kind_of?(Array) @organizational_unit.each { |ou| subject_attrs.push(['OU', ou]) } else subject_attrs.push(['OU', @organizational_unit]) end end if @country != nil subject_attrs.push(['C', @country]) end if @province != nil subject_attrs.push(['ST', @province]) end if @locality != nil subject_attrs.push(['L', @locality]) end LOG.info("#{VCERT_PREFIX} Making request from subject array #{subject_attrs.inspect}") subject = OpenSSL::X509::Name.new subject_attrs csr = OpenSSL::X509::Request.new csr.version = 0 csr.subject = subject csr.public_key = @public_key if @san_dns != nil unless @san_dns.kind_of?(Array) @san_dns = [@san_dns] end #TODO: add check that san_dns is an array san_list = @san_dns.map { |domain| "DNS:#{domain}" } extensions = [ OpenSSL::X509::ExtensionFactory.new.create_extension('subjectAltName', san_list.join(',')) ] attribute_values = OpenSSL::ASN1::Set [OpenSSL::ASN1::Sequence(extensions)] [ OpenSSL::X509::Attribute.new('extReq', attribute_values), OpenSSL::X509::Attribute.new('msExtReq', attribute_values) ].each do |attribute| csr.add_attribute attribute end end csr.sign @private_key, OpenSSL::Digest::SHA256.new # todo: changable sign alg @csr = csr.to_pem end
private_key()
click to toggle source
# File lib/objects/objects.rb, line 100 def private_key if @private_key == nil generate_private_key end @private_key.to_pem end
update_from_zone_config(zone_config)
click to toggle source
@param [ZoneConfiguration] zone_config
# File lib/objects/objects.rb, line 115 def update_from_zone_config(zone_config) if zone_config.country.locked || (!@country && !!zone_config.country.value) @country = zone_config.country.value end if zone_config.locality.locked || (!@locality && !!zone_config.locality.value) @locality = zone_config.locality.value end if zone_config.province.locked || (!@province && !!zone_config.province.value) @province = zone_config.province.value end if zone_config.organization.locked || (!@organization && !!zone_config.organization.value) @organization = zone_config.organization.value end if zone_config.organizational_unit.locked || (!@organizational_unit && !!zone_config.organizational_unit.value) @organizational_unit = zone_config.organizational_unit.value end if zone_config.key_type.locked || (@key_type == nil && zone_config.key_type.value != nil) @key_type = zone_config.key_type.value end end
Private Instance Methods
generate_private_key()
click to toggle source
# File lib/objects/objects.rb, line 139 def generate_private_key if @key_type == nil @key_type = DEFAULT_KEY_TYPE end if @key_type.type == "rsa" @private_key = OpenSSL::PKey::RSA.new @key_type.option @public_key = @private_key.public_key elsif @key_type.type == "ecdsa" @private_key, @public_key = OpenSSL::PKey::EC.new(@key_type.option), OpenSSL::PKey::EC.new(@key_type.option) @private_key.generate_key @public_key.public_key = @private_key.public_key end end