<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>
Class: R509::CertificateAuthority::Signer
— Documentation by YARD 0.8.2.1
</title>
<link rel="stylesheet" href="../../css/style.css" type="text/css" media="screen" charset="utf-8" />
<link rel="stylesheet" href="../../css/common.css" type="text/css" media="screen" charset="utf-8" />
<script type="text/javascript" charset="utf-8">
hasFrames = window.top.frames.main ? true : false;
relpath = '../../';
framesUrl = "../../frames.html#!" + escape(window.location.href);
</script>
<script type="text/javascript" charset="utf-8" src="../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../js/app.js"></script>
</head>
<body>
<div id="header">
<div id="menu">
<a href="../../_index.html">Index (S)</a> »
<span class='title'><span class='object_link'><a href="../../R509.html" title="R509 (module)">R509</a></span></span> » <span class='title'><span class='object_link'><a href="../CertificateAuthority.html" title="R509::CertificateAuthority (module)">CertificateAuthority</a></span></span>
»
<span class="title">Signer</span>
<div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../class_list.html">
Class List
</a>
<a class="full_list_link" id="method_list_link"
href="../../method_list.html">
Method List
</a>
<a class="full_list_link" id="file_list_link"
href="../../file_list.html">
File List
</a>
</div>
<div class="clear"></div>
</div>
<iframe id="search_frame"></iframe>
<div id="content"><h1>Class: R509::CertificateAuthority::Signer
</h1>
<dl class="box">
<dt class="r1">Inherits:</dt>
<dd class="r1">
<span class="inheritName">Object</span>
<ul class="fullTree">
<li>Object</li>
<li class="next">R509::CertificateAuthority::Signer</li>
</ul>
<a href="#" class="inheritanceTree">show all</a>
</dd>
<dt class="r2 last">Defined in:</dt>
<dd class="r2 last">lib/r509/certificateauthority.rb</dd>
</dl>
<div class="clear"></div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>Contains the certification authority signing operation methods</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Instance Method Summary
<small>(<a href="#" class="summary_toggle">collapse</a>)</small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">- (Signer) <strong>initialize</strong>(config = nil) </a>
</span>
<span class="note title constructor">constructor</span>
<span class="summary_desc"><div class='inline'>
<p>A new instance of Signer.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#selfsign-instance_method" title="#selfsign (instance method)">- (R509::Cert) <strong>selfsign</strong>(options) </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Self-signs a CSR.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#sign-instance_method" title="#sign (instance method)">- (R509::Cert) <strong>sign</strong>(options) </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Signs a CSR.</p>
</div></span>
</li>
</ul>
<div id="constructor_details" class="method_details_list">
<h2>Constructor Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
- (<tt><span class='object_link'><a href="" title="R509::CertificateAuthority::Signer (class)">Signer</a></span></tt>) <strong>initialize</strong>(config = nil)
</h3><div class="docstring">
<div class="discussion">
<p>A new instance of Signer</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>config</span>
<span class='type'>(<tt><span class='object_link'><a href="../Config.html" title="R509::Config (module)">R509::Config</a></span></tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
11
12
13
14
15
16
17
18
19
20</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/r509/certificateauthority.rb', line 11</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_config'>config</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='ivar'>@config</span> <span class='op'>=</span> <span class='id identifier rubyid_config'>config</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Config</span><span class='op'>::</span><span class='const'>CaConfig</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>config must be a kind of R509::Config::CaConfig or nil (for self-sign only)</span><span class='tstring_end'>"</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_has_private_key?'>has_private_key?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You must have a private key associated with your CA certificate to issue</span><span class='tstring_end'>"</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="selfsign-instance_method">
- (<tt><span class='object_link'><a href="../Cert.html" title="R509::Cert (class)">R509::Cert</a></span></tt>) <strong>selfsign</strong>(options)
</h3><div class="docstring">
<div class="discussion">
<p>Self-signs a CSR</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>options</span>
<span class='type'>(<tt>Hash</tt>)</span>
—
<div class='inline'>
<p>a customizable set of options</p>
</div>
</li>
</ul>
<p class="tag_title">Options Hash (<tt>options</tt>):</p>
<ul class="option">
<li>
<span class="name">:csr</span>
<span class="type">(<tt><span class='object_link'><a href="../Csr.html" title="R509::Csr (class)">R509::Csr</a></span></tt>)</span>
<span class="default">
</span>
</li>
<li>
<span class="name">:message_digest</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>the message digest to use for this certificate (defaults to sha1)</p>
</div>
</li>
<li>
<span class="name">:serial</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>the serial number you want to issue the certificate with (defaults to
random)</p>
</div>
</li>
<li>
<span class="name">:not_before</span>
<span class="type">(<tt>Time</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>the notBefore for the certificate (defaults to now)</p>
</div>
</li>
<li>
<span class="name">:not_after</span>
<span class="type">(<tt>Time</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>the notAfter for the certificate (defaults to 1 year)</p>
</div>
</li>
<li>
<span class="name">:san_names</span>
<span class="type">(<tt>Array</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>Optional array of subject alternative names</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="../Cert.html" title="R509::Cert (class)">R509::Cert</a></span></tt>)</span>
—
<div class='inline'>
<p>the signed cert object</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/r509/certificateauthority.rb', line 121</span>
<span class='kw'>def</span> <span class='id identifier rubyid_selfsign'>selfsign</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Hash</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You must pass a hash of options consisting of at minimum :csr</span><span class='tstring_end'>"</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:csr</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CSR must also have a private key to self sign</span><span class='tstring_end'>'</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='id identifier rubyid_build_cert'>build_cert</span><span class='lparen'>(</span>
<span class='symbol'>:subject</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
<span class='symbol'>:issuer</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
<span class='symbol'>:not_before</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:not_before</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:not_after</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:not_after</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:public_key</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='comma'>,</span>
<span class='symbol'>:serial</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:serial</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:san_names</span><span class='rparen'>)</span>
<span class='id identifier rubyid_san_names'>san_names</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:san_names</span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_san_names'>san_names</span> <span class='op'>=</span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_san_names'>san_names</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_build_extensions'>build_extensions</span><span class='lparen'>(</span>
<span class='symbol'>:subject_certificate</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span>
<span class='symbol'>:issuer_certificate</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span>
<span class='symbol'>:basic_constraints</span> <span class='op'>=></span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>CA:TRUE</span><span class='tstring_end'>"</span></span><span class='comma'>,</span>
<span class='symbol'>:san_names</span> <span class='op'>=></span> <span class='id identifier rubyid_san_names'>san_names</span>
<span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:message_digest</span><span class='rparen'>)</span>
<span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:message_digest</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>sha1</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='comment'># Csr#key returns R509::PrivateKey and #key on that returns OpenSSL object we need
</span> <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_message_digest'>message_digest</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span> <span class='rparen'>)</span>
<span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="sign-instance_method">
- (<tt><span class='object_link'><a href="../Cert.html" title="R509::Cert (class)">R509::Cert</a></span></tt>) <strong>sign</strong>(options)
</h3><div class="docstring">
<div class="discussion">
<p>Signs a CSR</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>options</span>
<span class='type'>(<tt>Hash</tt>)</span>
—
<div class='inline'>
<p>a customizable set of options</p>
</div>
</li>
</ul>
<p class="tag_title">Options Hash (<tt>options</tt>):</p>
<ul class="option">
<li>
<span class="name">:csr</span>
<span class="type">(<tt><span class='object_link'><a href="../Csr.html" title="R509::Csr (class)">R509::Csr</a></span></tt>)</span>
<span class="default">
</span>
</li>
<li>
<span class="name">:spki</span>
<span class="type">(<tt><span class='object_link'><a href="../Spki.html" title="R509::Spki (class)">R509::Spki</a></span></tt>)</span>
<span class="default">
</span>
</li>
<li>
<span class="name">:profile_name</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>The CA profile you want to use (eg "server in your config)</p>
</div>
</li>
<li>
<span class="name">:data_hash</span>
<span class="type">(<tt>Hash</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>a hash containing the subject and SAN names you want encoded for this cert.
Generate by calling Csr#to_hash or Spki#to_hash</p>
</div>
</li>
<li>
<span class="name">:message_digest</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>the message digest to use for this certificate instead of the config's
default</p>
</div>
</li>
<li>
<span class="name">:serial</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>the serial number you want to issue the certificate with</p>
</div>
</li>
<li>
<span class="name">:not_before</span>
<span class="type">(<tt>Time</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>the notBefore for the certificate</p>
</div>
</li>
<li>
<span class="name">:not_after</span>
<span class="type">(<tt>Time</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
<p>the notAfter for the certificate</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="../Cert.html" title="R509::Cert (class)">R509::Cert</a></span></tt>)</span>
—
<div class='inline'>
<p>the signed cert object</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/r509/certificateauthority.rb', line 32</span>
<span class='kw'>def</span> <span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>When instantiating the signer without a config you can only call #selfsign</span><span class='tstring_end'>"</span></span>
<span class='kw'>elsif</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_num_profiles'>num_profiles</span> <span class='op'>==</span> <span class='int'>0</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You must have at least one CaProfile on your CaConfig to issue</span><span class='tstring_end'>"</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:csr</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:spki</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You can't pass both :csr and :spki</span><span class='tstring_end'>"</span></span>
<span class='kw'>elsif</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:csr</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:spki</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You must supply either :csr or :spki</span><span class='tstring_end'>"</span></span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:csr</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:csr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Csr</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You must pass an R509::Csr object for :csr</span><span class='tstring_end'>"</span></span>
<span class='kw'>else</span>
<span class='id identifier rubyid_signable_object'>signable_object</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:csr</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>elsif</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:csr</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:spki</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:spki</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Spki</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You must pass an R509::Spki object for :spki</span><span class='tstring_end'>"</span></span>
<span class='kw'>else</span>
<span class='id identifier rubyid_signable_object'>signable_object</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:spki</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:data_hash</span><span class='rparen'>)</span>
<span class='id identifier rubyid_san_names'>san_names</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:data_hash</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='symbol'>:san_names</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_subject'>subject</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:data_hash</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='symbol'>:subject</span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_san_names'>san_names</span> <span class='op'>=</span> <span class='id identifier rubyid_signable_object'>signable_object</span><span class='period'>.</span><span class='id identifier rubyid_to_hash'>to_hash</span><span class='lbracket'>[</span><span class='symbol'>:san_names</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_subject'>subject</span> <span class='op'>=</span> <span class='id identifier rubyid_signable_object'>signable_object</span><span class='period'>.</span><span class='id identifier rubyid_to_hash'>to_hash</span><span class='lbracket'>[</span><span class='symbol'>:subject</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:csr</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:csr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_verify_signature'>verify_signature</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Certificate request signature is invalid.</span><span class='tstring_end'>"</span></span>
<span class='kw'>end</span>
<span class='comment'>#handle DSA here
</span> <span class='kw'>if</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:message_digest</span><span class='rparen'>)</span>
<span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:message_digest</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_message_digest'>message_digest</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_profile'>profile</span> <span class='op'>=</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_profile'>profile</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:profile_name</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_validated_subject'>validated_subject</span> <span class='op'>=</span> <span class='id identifier rubyid_validate_subject'>validate_subject</span><span class='lparen'>(</span><span class='id identifier rubyid_subject'>subject</span><span class='comma'>,</span><span class='id identifier rubyid_profile'>profile</span><span class='rparen'>)</span>
<span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='id identifier rubyid_build_cert'>build_cert</span><span class='lparen'>(</span>
<span class='symbol'>:subject</span> <span class='op'>=></span> <span class='id identifier rubyid_validated_subject'>validated_subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
<span class='symbol'>:issuer</span> <span class='op'>=></span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='comma'>,</span>
<span class='symbol'>:not_before</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:not_before</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:not_after</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:not_after</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:public_key</span> <span class='op'>=></span> <span class='id identifier rubyid_signable_object'>signable_object</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='comma'>,</span>
<span class='symbol'>:serial</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:serial</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_basic_constraints'>basic_constraints</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_basic_constraints'>basic_constraints</span>
<span class='id identifier rubyid_key_usage'>key_usage</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_key_usage'>key_usage</span>
<span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span>
<span class='id identifier rubyid_certificate_policies'>certificate_policies</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_certificate_policies'>certificate_policies</span>
<span class='id identifier rubyid_build_extensions'>build_extensions</span><span class='lparen'>(</span>
<span class='symbol'>:subject_certificate</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span>
<span class='symbol'>:issuer_certificate</span> <span class='op'>=></span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span>
<span class='symbol'>:basic_constraints</span> <span class='op'>=></span> <span class='id identifier rubyid_basic_constraints'>basic_constraints</span><span class='comma'>,</span>
<span class='symbol'>:key_usage</span> <span class='op'>=></span> <span class='id identifier rubyid_key_usage'>key_usage</span><span class='comma'>,</span>
<span class='symbol'>:extended_key_usage</span> <span class='op'>=></span> <span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span><span class='comma'>,</span>
<span class='symbol'>:certificate_policies</span> <span class='op'>=></span> <span class='id identifier rubyid_certificate_policies'>certificate_policies</span><span class='comma'>,</span>
<span class='symbol'>:san_names</span> <span class='op'>=></span> <span class='id identifier rubyid_san_names'>san_names</span>
<span class='rparen'>)</span>
<span class='comment'>#@config.ca_cert.key.key ... ugly. ca_cert returns R509::Cert
</span> <span class='comment'># #key returns R509::PrivateKey and #key on that returns OpenSSL object we need
</span> <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_message_digest'>message_digest</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span> <span class='rparen'>)</span>
<span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Thu Nov 8 14:19:29 2012 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.8.2.1 (ruby-1.9.3).
</div>
</body>
</html>