Class: R509::CSR

Inherits:

Object

• Object
• R509::CSR

show all

Includes:

Helpers

Defined in:

lib/r509/csr.rb

Overview

Instance Attribute Summary (collapse)

• - (Object) attributes readonly

  Returns the value of attribute attributes.

• - (Object) key readonly

  Returns the value of attribute key.

• - (Object) message_digest readonly

  Returns the value of attribute message_digest.

• - (Object) req readonly

  Returns the value of attribute req.

• - (Object) san readonly

  Returns the value of attribute san.

• - (Object) subject readonly

  Returns the value of attribute subject.

Class Method Summary (collapse)

• + (R509::CSR) load_from_file(filename)

  Helper method to quickly load a CSR from the filesystem.

Instance Method Summary (collapse)

• - (Integer) bit_length (also: #bit_strength) included from Helpers

  Returns the bit length of the key.

• - (String) curve_name included from Helpers

  Returns the short name of the elliptic curve used to generate the public key if the key is EC.

• - (Boolean) dsa? included from Helpers

  Returns whether the public key is DSA.

• - (Boolean) ec? included from Helpers

  Returns whether the public key is EC.

• - (Boolean) has_private_key?

  Boolean of whether the object contains a private key.

• - (CSR) initialize(opts = {}) constructor

  A new instance of CSR.

• - (String) key_algorithm

  Returns key algorithm (RSA/DSA/EC).

• - (OpenSSL::PKey::RSA, ...) public_key

  Public key.

• - (Boolean) rsa? included from Helpers

  Returns whether the public key is RSA.

• - (String) signature_algorithm

  Returns signature algorithm.

• - (String) subject_component(short_name)

  Returns subject component.

• - (String) to_der included from Helpers

  Converts the object into DER format.

• - (String) to_pem included from Helpers

  Converts the object into PEM format.

• - (Boolean) verify_signature

  Verifies the integrity of the signature on the request.

• - (Object) write_der(filename_or_io) included from Helpers

  Writes the object into DER format.

• - (Object) write_pem(filename_or_io) included from Helpers

  Writes the object into PEM format.

:type => "RSA",
:bit_length => 4096,
:subject => [
  ['CN','somedomain.com'],
  ['O','My Org'],
  ['L','City'],
  ['ST','State'],
  ['C','US']
]

:type => "RSA",
:bit_length => 4096,
:subject => { :CN => "myCN", :O => "org" }

:type => "EC",
:curve_name => 'secp384r1',
:message_digest => 'sha512',
:subject => [
  ['CN','somedomain.com'],
]

46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

# File 'lib/r509/csr.rb', line 46

def initialize(opts={})
  if not opts.kind_of?(Hash)
    raise ArgumentError, 'Must provide a hash of options'
  end
  if opts.has_key?(:subject) and opts.has_key?(:csr)
    raise ArgumentError, "You must provide :subject or :csr, not both"
  end
  @bit_length = opts[:bit_length] || opts[:bit_strength] || R509::PrivateKey::DEFAULT_STRENGTH
  @curve_name = opts[:curve_name] || R509::PrivateKey::DEFAULT_CURVE

  @key = load_private_key(opts)


  @type = opts[:type] || R509::PrivateKey::DEFAULT_TYPE
  if not R509::PrivateKey::KNOWN_TYPES.include?(@type.upcase) and @key.nil?
    raise ArgumentError, "Must provide #{R509::PrivateKey::KNOWN_TYPES.join(", ")} as type when key is nil"
  end

  if opts.has_key?(:subject)
    san_names = R509::ASN1.general_name_parser(opts[:san_names])
    create_request(opts[:subject], san_names) #sets @req
  elsif opts.has_key?(:csr)
    if opts.has_key?(:san_names)
      raise ArgumentError, "You can't add domains to an existing CSR"
    end
    parse_csr(opts[:csr])
  else
    raise ArgumentError, "You must provide :subject or :csr"
  end

  if dsa?
    #only DSS1 is acceptable for DSA signing in OpenSSL < 1.0
    #post-1.0 you can sign with anything, but let's be conservative
    #see: http://www.ruby-doc.org/stdlib-1.9.3/libdoc/openssl/rdoc/OpenSSL/PKey/DSA.html
    @message_digest = R509::MessageDigest.new('dss1')
  else
    @message_digest = R509::MessageDigest.new(opts[:message_digest])
  end

  if not opts.has_key?(:csr)
    @req.sign(@key.key, @message_digest.digest)
  end
  if not @key.nil? and not @req.verify(@key.public_key) then
    raise R509Error, 'Key does not match request.'
  end

end

15
16
17

# File 'lib/r509/csr.rb', line 15

def attributes
  @attributes
end

15
16
17

# File 'lib/r509/csr.rb', line 15

def key
  @key
end

15
16
17

# File 'lib/r509/csr.rb', line 15

def message_digest
  @message_digest
end

15
16
17

# File 'lib/r509/csr.rb', line 15

def req
  @req
end

15
16
17

# File 'lib/r509/csr.rb', line 15

def san
  @san
end

15
16
17

# File 'lib/r509/csr.rb', line 15

def subject
  @subject
end

98
99
100

# File 'lib/r509/csr.rb', line 98

def self.load_from_file( filename )
  return R509::CSR.new(:csr => IOHelpers.read_data(filename) )
end

116
117
118
119
120
121
122

# File 'lib/r509/csr.rb', line 116

def has_private_key?
  if not @key.nil?
    true
  else
    false
  end
end

148
149
150
151
152
153
154
155
156

# File 'lib/r509/csr.rb', line 148

def key_algorithm
  if @req.public_key.kind_of? OpenSSL::PKey::RSA then
    "RSA"
  elsif @req.public_key.kind_of? OpenSSL::PKey::DSA then
    "DSA"
  elsif @req.public_key.kind_of? OpenSSL::PKey::EC then
    "EC"
  end
end

103
104
105
106
107

# File 'lib/r509/csr.rb', line 103

def public_key
  if(@req.kind_of?(OpenSSL::X509::Request)) then
    @req.public_key
  end
end

141
142
143

# File 'lib/r509/csr.rb', line 141

def signature_algorithm
  @req.signature_algorithm
end

129
130
131
132
133
134
135
136

# File 'lib/r509/csr.rb', line 129

def subject_component short_name
  @req.subject.to_a.each do |element|
    if element[0].downcase == short_name.downcase then
      return element[1]
    end
  end
  nil
end

111
112
113

# File 'lib/r509/csr.rb', line 111

def verify_signature
  @req.verify(public_key)
end