class SecurityObject

Constants

ATTRS
IATTRS

Public Class Methods

p12_certificate(params = {}) click to toggle source
# File lib/action_mailer_x509/security_object.rb, line 129
def p12_certificate(params = {})
  params.symbolize_keys!

  key, cert = signed_certificate(params)

  #root_key = OpenSSL::PKey::RSA.new 4096 # the CA's public/private key
  #root_ca = OpenSSL::X509::Certificate.new
  #root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
  #root_ca.serial = 1
  #root_ca.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby CA"
  #root_ca.issuer = root_ca.subject # root CA's are "self-signed"
  #root_ca.public_key = root_key.public_key
  #root_ca.not_before = Time.now
  #root_ca.not_after = root_ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
  #
  #ef = OpenSSL::X509::ExtensionFactory.new
  #ef.subject_certificate = root_ca
  #ef.issuer_certificate = root_ca
  #root_ca.add_extension(ef.create_extension('basicConstraints', 'CA:TRUE', true))
  #root_ca.add_extension(ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true))
  #root_ca.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
  #root_ca.add_extension(ef.create_extension('authorityKeyIdentifier', 'keyid:always', false))
  #root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
  #
  ## The next step is to create the end-entity certificate using the root CA
  ## certificate.
  ##
  #key = OpenSSL::PKey::RSA.new 4096
  #cert = OpenSSL::X509::Certificate.new
  #cert.version = 2
  #cert.serial = 2
  #cert.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby certificate"
  #cert.issuer = root_ca.subject # root CA is the issuer
  #cert.public_key = key.public_key
  #cert.not_before = Time.now
  #cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
  #
  #ef = OpenSSL::X509::ExtensionFactory.new
  #ef.subject_certificate = cert
  #ef.issuer_certificate = root_ca
  #cert.add_extension(ef.create_extension('keyUsage', 'digitalSignature', true))
  #cert.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
  #cert.sign(root_key, OpenSSL::Digest::SHA256.new)

  p12 = OpenSSL::PKCS12.create(params[:password], params[:description] || 'My Name', key, cert)
  bytes = p12.to_der
  to_file(bytes, path) if params[:file]
  bytes
end
self_signed_certificate(params = {}) click to toggle source
# File lib/action_mailer_x509/security_object.rb, line 66
    def self_signed_certificate(params = {})
      params.symbolize_keys!

      root_key, root_ca = certificate(params)
      root_ca.serial = 1

      ef = OpenSSL::X509::ExtensionFactory.new
      ef.subject_certificate = root_ca
      ef.issuer_certificate = root_ca
      root_ca.add_extension(ef.create_extension('basicConstraints', 'CA:TRUE', true))
      root_ca.add_extension(ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true))
      root_ca.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
      root_ca.add_extension(ef.create_extension('authorityKeyIdentifier', 'keyid:always', false))
      root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)


      [ root_key, root_ca ]


#      key = OpenSSL::PKey::RSA.new(1024)
#      public_key = key.public_key
#
#      subject = "/C=BE/O=Test/OU=Test/CN=Test"
#
#      cert = OpenSSL::X509::Certificate.new
#      cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
#      cert.not_before = Time.now
#      cert.not_after = Time.now + 365 * 24 * 60 * 60
#      cert.public_key = public_key
#      cert.serial = 0x0
#      cert.version = 2
#
#      ef = OpenSSL::X509::ExtensionFactory.new
#      ef.subject_certificate = cert
#      ef.issuer_certificate = cert
#      cert.extensions = [
#          ef.create_extension("basicConstraints","CA:TRUE", true),
#          ef.create_extension("subjectKeyIdentifier", "hash"),
## ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
#      ]
#      cert.add_extension ef.create_extension("authorityKeyIdentifier",
#                                             "keyid:always,issuer:always")
#
#      cert.sign key, OpenSSL::Digest::SHA1.new
    end
signed_certificate(params = {}) click to toggle source
# File lib/action_mailer_x509/security_object.rb, line 112
def signed_certificate(params = {})
  params.symbolize_keys!
  root_key, root_ca = self_signed_certificate(params)
  key, cert = certificate(params, root_ca)
  cert.serial = 2

  ef = OpenSSL::X509::ExtensionFactory.new
  ef.subject_certificate = cert
  ef.issuer_certificate = root_ca
  cert.add_extension(ef.create_extension('keyUsage', 'digitalSignature', true))
  cert.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
  cert.sign(root_key, OpenSSL::Digest::SHA256.new)

  [ key, cert ]
end

Private Class Methods

certificate(params = {}, root_certificate = nil) click to toggle source
# File lib/action_mailer_x509/security_object.rb, line 50
def certificate(params = {}, root_certificate = nil)
  root_key = rsa_key(params)

  root_ca = OpenSSL::X509::Certificate.new
  root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
  root_ca.serial = 1
  root_ca.subject = subject(params[:subject])
  root_ca.issuer = (root_certificate || root_ca).subject # root CA's are "self-signed"
  root_ca.public_key = root_key.public_key
  root_ca.not_before = params[:time_from] || Time.now
  root_ca.not_after = root_ca.not_before + (params[:time_length] || 1.year)  #2 * 365 * 24 * 60 * 60 # 2 years validity

  [ root_key, root_ca ]
end
repack_key(rsa_key, password) click to toggle source
# File lib/action_mailer_x509/security_object.rb, line 38
def repack_key(rsa_key, password)
  cipher =  OpenSSL::Cipher::Cipher.new('des3')
  private_key = rsa_key.to_pem(cipher, password)
  public_key = rsa_key.public_key.to_pem
  OpenSSL::PKey::RSA.new(private_key + public_key, password)
end
rsa_key(params={}) click to toggle source
# File lib/action_mailer_x509/security_object.rb, line 45
def rsa_key(params={})
  key = OpenSSL::PKey::RSA.new(params[:key_length] || 4096) # the CA's public/private key
  (repack_key(key, params[:password]) if params[:pack_key_with_pass]) || key
end
subject(params) click to toggle source
# File lib/action_mailer_x509/security_object.rb, line 29
def subject(params)
  params ||= {}
  params.symbolize_keys!
  subject = params.each_with_object('') do |attr, obj|
    obj << "/#{IATTRS[attr.first]}=#{attr[1]}"
  end
  OpenSSL::X509::Name.parse subject
end
to_file(data, path) click to toggle source
# File lib/action_mailer_x509/security_object.rb, line 23
def to_file(data, path)
  File.open(path, 'wb') do |file|
    file.write(data)
  end
end