lib/r509/certificateauthority/http/server.rb in r509-ca-http-0.2.2 vs lib/r509/certificateauthority/http/server.rb in r509-ca-http-0.3.0

@@ -20,17 +20,20 @@
           disable :logging
           set :environment, :production
 
           crls = {}
           certificate_authorities = {}
+          options_builders = {}
           config_pool.names.each do |name|
             crls[name] = R509::CRL::Administrator.new(config_pool[name])
+            options_builders[name] = R509::CertificateAuthority::OptionsBuilder.new(config_pool[name])
             certificate_authorities[name] = R509::CertificateAuthority::Signer.new(config_pool[name])
           end
 
           set :crls, crls
           set :certificate_authorities, certificate_authorities
+          set :options_builders, options_builders
           set :subject_parser, R509::CertificateAuthority::HTTP::SubjectParser.new
           set :validity_period_converter, R509::CertificateAuthority::HTTP::ValidityPeriodConverter.new
           set :csr_factory, R509::CertificateAuthority::HTTP::Factory::CSRFactory.new
           set :spki_factory, R509::CertificateAuthority::HTTP::Factory::SPKIFactory.new
         end
@@ -44,10 +47,13 @@
             settings.crls[name]
           end
           def ca(name)
             settings.certificate_authorities[name]
           end
+          def builder(name)
+            settings.options_builders[name]
+          end
           def subject_parser
             settings.subject_parser
           end
           def validity_period_converter
             settings.validity_period_converter
@@ -76,27 +82,27 @@
           log.debug "go away. no children."
           "go away. no children"
         end
 
         get '/1/crl/:ca/get/?' do
-          log.info "Get CRL for #{params[:ca]}"
+          log.info "DEPRECATED: Get CRL for #{params[:ca]}"
 
           if not crl(params[:ca])
             raise ArgumentError, "CA not found"
           end
 
-          crl(params[:ca]).to_pem
+          crl(params[:ca]).generate_crl.to_pem
         end
 
         get '/1/crl/:ca/generate/?' do
           log.info "Generate CRL for #{params[:ca]}"
 
           if not crl(params[:ca])
             raise ArgumentError, "CA not found"
           end
 
-          crl(params[:ca]).generate_crl
+          crl(params[:ca]).generate_crl.to_pem
         end
 
         post '/1/certificate/issue/?' do
           log.info "Issue Certificate"
           raw = request.env["rack.input"].read
@@ -126,43 +132,52 @@
           log.info subject.to_s
           if subject.empty?
             raise ArgumentError, "Must provide a subject"
           end
 
+          extensions = []
           if params.has_key?("extensions") and params["extensions"].has_key?("subjectAlternativeName")
             san_names = params["extensions"]["subjectAlternativeName"].select { |name| not name.empty? }
+            if not san_names.empty?
+              extensions.push(R509::Cert::Extensions::SubjectAlternativeName.new(:value => R509::ASN1.general_name_parser(san_names)))
+            end
           elsif params.has_key?("extensions") and params["extensions"].has_key?("dNSNames")
             san_names = R509::ASN1::GeneralNames.new
             params["extensions"]["dNSNames"].select{ |name| not name.empty? }.each do |name|
               san_names.create_item(:tag => 2, :value => name.strip)
             end
-          else
-            san_names = []
+            if not san_names.names.empty?
+              extensions.push(R509::Cert::Extensions::SubjectAlternativeName.new(:value => san_names))
+            end
           end
 
           validity_period = validity_period_converter.convert(params["validityPeriod"])
 
           if params.has_key?("csr")
             csr = csr_factory.build(:csr => params["csr"])
-            cert = ca(params["ca"]).sign(
+            signer_opts = builder(params["ca"]).build_and_enforce(
               :csr => csr,
               :profile_name => params["profile"],
               :subject => subject,
-              :san_names => san_names,
+              :extensions => extensions,
+              :message_digest => params["message_digest"],
               :not_before => validity_period[:not_before],
-              :not_after => validity_period[:not_after]
+              :not_after => validity_period[:not_after],
             )
+            cert = ca(params["ca"]).sign(signer_opts)
           elsif params.has_key?("spki")
             spki = spki_factory.build(:spki => params["spki"], :subject => subject)
-            cert = ca(params["ca"]).sign(
+            signer_opts = builder(params["ca"]).build_and_enforce(
               :spki => spki,
               :profile_name => params["profile"],
               :subject => subject,
-              :san_names => san_names,
+              :extensions => extensions,
+              :message_digest => params["message_digest"],
               :not_before => validity_period[:not_before],
-              :not_after => validity_period[:not_after]
+              :not_after => validity_period[:not_after],
             )
+            cert = ca(params["ca"]).sign(signer_opts)
           else
             raise ArgumentError, "Must provide a CSR or SPKI"
           end
 
           pem = cert.to_pem
@@ -191,11 +206,11 @@
             reason = nil
           end
 
           crl(ca).revoke_cert(serial, reason)
 
-          crl(ca).crl.to_pem
+          crl(ca).generate_crl.to_pem
         end
 
         post '/1/certificate/unrevoke/?' do
           ca = params[:ca]
           serial = params[:serial]
@@ -211,10 +226,10 @@
             raise ArgumentError, "Serial must be provided"
           end
 
           crl(ca).unrevoke_cert(serial.to_i)
 
-          crl(ca).crl.to_pem
+          crl(ca).generate_crl.to_pem
         end
 
         get '/test/certificate/issue/?' do
           log.info "Loaded test issuance interface"
           content_type :html