doc/R509/CertificateAuthority/Signer.html in r509-0.9.2 vs doc/R509/CertificateAuthority/Signer.html in r509-0.10.0
- old
+ new
@@ -4,17 +4,17 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>
Class: R509::CertificateAuthority::Signer
- — Documentation by YARD 0.8.5
+ — Documentation by YARD 0.8.6.1
</title>
- <link rel="stylesheet" href="../../css/style.css" type="text/css" media="screen" charset="utf-8" />
+ <link rel="stylesheet" href="../../css/style.css" type="text/css" charset="utf-8" />
- <link rel="stylesheet" href="../../css/common.css" type="text/css" media="screen" charset="utf-8" />
+ <link rel="stylesheet" href="../../css/common.css" type="text/css" charset="utf-8" />
<script type="text/javascript" charset="utf-8">
hasFrames = window.top.frames.main ? true : false;
relpath = '../../';
framesUrl = "../../frames.html#!" + escape(window.location.href);
@@ -92,11 +92,11 @@
<dt class="r2 last">Defined in:</dt>
- <dd class="r2 last">lib/r509/certificate_authority.rb</dd>
+ <dd class="r2 last">lib/r509/certificate_authority/signer.rb</dd>
</dl>
<div class="clear"></div>
<h2>Overview</h2><div class="docstring">
@@ -117,61 +117,70 @@
<h2>
- Instance Method Summary
+ Class Method Summary
<small>(<a href="#" class="summary_toggle">collapse</a>)</small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
- <a href="#initialize-instance_method" title="#initialize (instance method)">- (Signer) <strong>initialize</strong>(config = nil) </a>
+ <a href="#selfsign-class_method" title="selfsign (class method)">+ (R509::Cert) <strong>selfsign</strong>(options) </a>
</span>
- <span class="note title constructor">constructor</span>
-
<span class="summary_desc"><div class='inline'>
-<p>A new instance of Signer.</p>
+<p>Self-signs a CSR.</p>
</div></span>
</li>
+ </ul>
+
+ <h2>
+ Instance Method Summary
+ <small>(<a href="#" class="summary_toggle">collapse</a>)</small>
+ </h2>
+
+ <ul class="summary">
+
<li class="public ">
<span class="summary_signature">
- <a href="#selfsign-instance_method" title="#selfsign (instance method)">- (R509::Cert) <strong>selfsign</strong>(options) </a>
+ <a href="#initialize-instance_method" title="#initialize (instance method)">- (Signer) <strong>initialize</strong>(config) </a>
</span>
+ <span class="note title constructor">constructor</span>
+
<span class="summary_desc"><div class='inline'>
-<p>Self-signs a CSR.</p>
+<p>A new instance of Signer.</p>
</div></span>
</li>
@@ -206,11 +215,11 @@
<h2>Constructor Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
- - (<tt><span class='object_link'><a href="" title="R509::CertificateAuthority::Signer (class)">Signer</a></span></tt>) <strong>initialize</strong>(config = nil)
+ - (<tt><span class='object_link'><a href="" title="R509::CertificateAuthority::Signer (class)">Signer</a></span></tt>) <strong>initialize</strong>(config)
@@ -232,13 +241,11 @@
<span class='type'>(<tt><span class='object_link'><a href="../Config.html" title="R509::Config (module)">R509::Config</a></span></tt>)</span>
- <em class="default">(defaults to: <tt>nil</tt>)</em>
-
</li>
</ul>
@@ -258,17 +265,17 @@
19
20
21</pre>
</td>
<td>
- <pre class="code"><span class="info file"># File 'lib/r509/certificate_authority.rb', line 12</span>
+ <pre class="code"><span class="info file"># File 'lib/r509/certificate_authority/signer.rb', line 12</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_config'>config</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_config'>config</span><span class='rparen'>)</span>
<span class='ivar'>@config</span> <span class='op'>=</span> <span class='id identifier rubyid_config'>config</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Config</span><span class='op'>::</span><span class='const'>CAConfig</span><span class='rparen'>)</span>
- <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>config must be a kind of R509::Config::CAConfig or nil (for self-sign only)</span><span class='tstring_end'>"</span></span>
+ <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>config must be a kind of R509::Config::CAConfig</span><span class='tstring_end'>"</span></span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_has_private_key?'>has_private_key?</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You must have a private key associated with your CA certificate to issue</span><span class='tstring_end'>"</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
@@ -278,18 +285,18 @@
</div>
</div>
- <div id="instance_method_details" class="method_details_list">
- <h2>Instance Method Details</h2>
+ <div id="class_method_details" class="method_details_list">
+ <h2>Class Method Details</h2>
<div class="method_details first">
- <h3 class="signature first" id="selfsign-instance_method">
+ <h3 class="signature first" id="selfsign-class_method">
- - (<tt><span class='object_link'><a href="../Cert.html" title="R509::Cert (class)">R509::Cert</a></span></tt>) <strong>selfsign</strong>(options)
+ + (<tt><span class='object_link'><a href="../Cert.html" title="R509::Cert (class)">R509::Cert</a></span></tt>) <strong>selfsign</strong>(options)
@@ -344,65 +351,74 @@
<span class="default">
</span>
— <div class='inline'>
-<p>the message digest to use for this certificate (defaults to sha1)</p>
+<p>the message digest to use for this certificate (defaults to
+R509::MessageDigest::DEFAULT_MD)</p>
</div>
</li>
<li>
<span class="name">:serial</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
+ — default:
+ <tt>random serial</tt>
+
</span>
— <div class='inline'>
-<p>the serial number you want to issue the certificate with (defaults to
-random)</p>
+<p>the serial number you want to issue the certificate with</p>
</div>
</li>
<li>
- <span class="name">:not_before</span>
- <span class="type">(<tt>Time</tt>)</span>
+ <span class="name">:extensions</span>
+ <span class="type">(<tt>Array</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
-<p>the notBefore for the certificate (defaults to now)</p>
+<p>An array of R509::Cert::Extensions::* objects that represent the extensions
+you want to embed in the final certificate</p>
</div>
</li>
<li>
- <span class="name">:not_after</span>
+ <span class="name">:not_before</span>
<span class="type">(<tt>Time</tt>)</span>
<span class="default">
+ — default:
+ <tt>Time.now - 6 hours</tt>
+
</span>
— <div class='inline'>
-<p>the notAfter for the certificate (defaults to 1 year)</p>
+<p>the notBefore for the certificate</p>
</div>
</li>
<li>
- <span class="name">:san_names</span>
- <span class="type">(<tt>Array</tt>, <tt><span class='object_link'><a href="../ASN1/GeneralNames.html" title="R509::ASN1::GeneralNames (class)">R509::ASN1::GeneralNames</a></span></tt>)</span>
+ <span class="name">:not_after</span>
+ <span class="type">(<tt>Time</tt>)</span>
<span class="default">
+ — default:
+ <tt>Time.now + 365 days</tt>
+
</span>
— <div class='inline'>
-<p>optional either an array of names that will be automatically parsed to
-determine their type, or an explicit R509::ASN1::GeneralNames object</p>
+<p>the notAfter for the certificate</p>
</div>
</li>
</ul>
@@ -431,97 +447,99 @@
<tr>
<td>
<pre class="lines">
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+100
+101
+102
103
104
-105
-106
-107
-108
-109
-110
-111
-112
-113
-114
-115
-116
-117
-118
-119
-120
-121
-122
-123
-124
-125
-126
-127
-128
-129
-130
-131
-132
-133
-134
-135
-136
-137
-138
-139
-140</pre>
+105</pre>
</td>
<td>
- <pre class="code"><span class="info file"># File 'lib/r509/certificate_authority.rb', line 103</span>
+ <pre class="code"><span class="info file"># File 'lib/r509/certificate_authority/signer.rb', line 70</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_selfsign'>selfsign</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_selfsign'>selfsign</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Hash</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You must pass a hash of options consisting of at minimum :csr</span><span class='tstring_end'>"</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_csr'>csr</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:csr</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
- <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CSR must also have a private key to self sign</span><span class='tstring_end'>'</span></span>
+ <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CSR must also have a private key to self sign</span><span class='tstring_end'>'</span></span>
<span class='kw'>end</span>
- <span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='id identifier rubyid_build_cert'>build_cert</span><span class='lparen'>(</span>
- <span class='symbol'>:subject</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
- <span class='symbol'>:issuer</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
+
+ <span class='id identifier rubyid_subject'>subject</span><span class='comma'>,</span> <span class='id identifier rubyid_public_key'>public_key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CertificateAuthority</span><span class='op'>::</span><span class='const'>Signer</span><span class='period'>.</span><span class='id identifier rubyid_extract_public_key_subject'>extract_public_key_subject</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
+
+ <span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_build_cert'>build_cert</span><span class='lparen'>(</span>
+ <span class='symbol'>:subject</span> <span class='op'>=></span> <span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
+ <span class='symbol'>:issuer</span> <span class='op'>=></span> <span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
<span class='symbol'>:not_before</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:not_before</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:not_after</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:not_after</span><span class='rbracket'>]</span><span class='comma'>,</span>
- <span class='symbol'>:public_key</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='comma'>,</span>
+ <span class='symbol'>:public_key</span> <span class='op'>=></span> <span class='id identifier rubyid_public_key'>public_key</span><span class='comma'>,</span>
<span class='symbol'>:serial</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:serial</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
- <span class='id identifier rubyid_sans'>sans</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:san_names</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='op'>?</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:san_names</span><span class='rbracket'>]</span> <span class='op'>:</span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_san'>san</span>
- <span class='id identifier rubyid_san_names'>san_names</span> <span class='op'>=</span> <span class='id identifier rubyid_parse_san_names'>parse_san_names</span><span class='lparen'>(</span><span class='id identifier rubyid_sans'>sans</span><span class='rparen'>)</span>
+ <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:extensions</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='lbracket'>[</span>
+ <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>BasicConstraints</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:ca</span> <span class='op'>=></span> <span class='kw'>true</span><span class='rparen'>)</span><span class='comma'>,</span>
+ <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectKeyIdentifier</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:public_key</span> <span class='op'>=></span> <span class='id identifier rubyid_public_key'>public_key</span><span class='rparen'>)</span><span class='comma'>,</span>
+ <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityKeyIdentifier</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:public_key</span> <span class='op'>=></span> <span class='id identifier rubyid_public_key'>public_key</span><span class='rparen'>)</span>
+ <span class='rbracket'>]</span>
- <span class='id identifier rubyid_build_extensions'>build_extensions</span><span class='lparen'>(</span>
- <span class='symbol'>:subject_certificate</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span>
- <span class='symbol'>:issuer_certificate</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span>
- <span class='symbol'>:basic_constraints</span> <span class='op'>=></span> <span class='lbrace'>{</span><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>ca</span><span class='tstring_end'>"</span></span> <span class='op'>=></span> <span class='kw'>true</span> <span class='rbrace'>}</span><span class='comma'>,</span>
- <span class='symbol'>:san_names</span> <span class='op'>=></span> <span class='id identifier rubyid_san_names'>san_names</span>
- <span class='rparen'>)</span>
-
-
<span class='kw'>if</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:message_digest</span><span class='rparen'>)</span>
<span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:message_digest</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>else</span>
- <span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>sha1</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
+ <span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='op'>::</span><span class='const'>DEFAULT_MD</span><span class='rparen'>)</span>
<span class='kw'>end</span>
- <span class='comment'># CSR#key returns R509::PrivateKey and #key on that returns OpenSSL object we need
-</span> <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_message_digest'>message_digest</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span> <span class='rparen'>)</span>
- <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
+ <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_message_digest'>message_digest</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span> <span class='rparen'>)</span>
+
+ <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span> <span class='symbol'>:key</span> <span class='op'>=></span> <span class='id identifier rubyid_csr'>csr</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
- <div class="method_details ">
- <h3 class="signature " id="sign-instance_method">
+ </div>
+
+ <div id="instance_method_details" class="method_details_list">
+ <h2>Instance Method Details</h2>
+
+
+ <div class="method_details first">
+ <h3 class="signature first" id="sign-instance_method">
- (<tt><span class='object_link'><a href="../Cert.html" title="R509::Cert (class)">R509::Cert</a></span></tt>) <strong>sign</strong>(options)
@@ -580,80 +598,74 @@
</span>
</li>
<li>
- <span class="name">:profile_name</span>
- <span class="type">(<tt>String</tt>)</span>
+ <span class="name">:subject</span>
+ <span class="type">(<tt><span class='object_link'><a href="../Subject.html" title="R509::Subject (class)">R509::Subject</a></span></tt>, <tt>OpenSSL::X509::Subject</tt>, <tt>Array</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
-<p>The CA profile you want to use (eg "server" in your config)</p>
+<p>This is optional when passing a :csr but required for :spki</p>
</div>
</li>
<li>
- <span class="name">:subject</span>
- <span class="type">(<tt><span class='object_link'><a href="../Subject.html" title="R509::Subject (class)">R509::Subject</a></span></tt>, <tt>OpenSSL::X509::Subject</tt>, <tt>Array</tt>)</span>
+ <span class="name">:message_digest</span>
+ <span class="type">(<tt>String</tt>)</span>
<span class="default">
- — default:
- <tt>optional for R509::CSR</tt>, <tt>required for R509::SPKI</tt>
-
</span>
- </li>
-
- <li>
- <span class="name">:san_names</span>
- <span class="type">(<tt>Array</tt>, <tt><span class='object_link'><a href="../ASN1/GeneralNames.html" title="R509::ASN1::GeneralNames (class)">R509::ASN1::GeneralNames</a></span></tt>)</span>
- <span class="default">
-
- </span>
-
— <div class='inline'>
-<p>optional either an array of names that will be automatically parsed to
-determine their type, or an explicit R509::ASN1::GeneralNames object</p>
+<p>the message digest to use for this certificate instead of the default (see
+R509::MessageDigest::DEFAULT_MD).</p>
</div>
</li>
<li>
- <span class="name">:message_digest</span>
+ <span class="name">:serial</span>
<span class="type">(<tt>String</tt>)</span>
<span class="default">
+ — default:
+ <tt>random serial</tt>
+
</span>
— <div class='inline'>
-<p>the message digest to use for this certificate instead of the config's
-default</p>
+<p>the serial number you want to issue the certificate with</p>
</div>
</li>
<li>
- <span class="name">:serial</span>
- <span class="type">(<tt>String</tt>)</span>
+ <span class="name">:extensions</span>
+ <span class="type">(<tt>Array</tt>)</span>
<span class="default">
</span>
— <div class='inline'>
-<p>the serial number you want to issue the certificate with</p>
+<p>An array of R509::Cert::Extensions::* objects that represent the extensions
+you want to embed in the final certificate</p>
</div>
</li>
<li>
<span class="name">:not_before</span>
<span class="type">(<tt>Time</tt>)</span>
<span class="default">
+ — default:
+ <tt>Time.now - 6 hours</tt>
+
</span>
— <div class='inline'>
<p>the notBefore for the certificate</p>
</div>
@@ -663,10 +675,13 @@
<li>
<span class="name">:not_after</span>
<span class="type">(<tt>Time</tt>)</span>
<span class="default">
+ — default:
+ <tt>Time.now + 365 days</tt>
+
</span>
— <div class='inline'>
<p>the notAfter for the certificate</p>
</div>
@@ -699,10 +714,11 @@
<tr>
<td>
<pre class="lines">
+33
34
35
36
37
38
@@ -725,107 +741,42 @@
55
56
57
58
59
-60
-61
-62
-63
-64
-65
-66
-67
-68
-69
-70
-71
-72
-73
-74
-75
-76
-77
-78
-79
-80
-81
-82
-83
-84
-85
-86
-87
-88
-89
-90
-91
-92
-93</pre>
+60</pre>
</td>
<td>
- <pre class="code"><span class="info file"># File 'lib/r509/certificate_authority.rb', line 34</span>
+ <pre class="code"><span class="info file"># File 'lib/r509/certificate_authority/signer.rb', line 33</span>
<span class='kw'>def</span> <span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
- <span class='kw'>if</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
- <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>When instantiating the signer without a config you can only call #selfsign</span><span class='tstring_end'>"</span></span>
- <span class='kw'>elsif</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_num_profiles'>num_profiles</span> <span class='op'>==</span> <span class='int'>0</span>
- <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>You must have at least one CAProfile on your CAConfig to issue</span><span class='tstring_end'>"</span></span>
- <span class='kw'>end</span>
+ <span class='const'>R509</span><span class='op'>::</span><span class='const'>CertificateAuthority</span><span class='op'>::</span><span class='const'>Signer</span><span class='period'>.</span><span class='id identifier rubyid_check_options'>check_options</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
- <span class='id identifier rubyid_check_options'>check_options</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
+ <span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:message_digest</span><span class='rbracket'>]</span><span class='rparen'>)</span>
- <span class='id identifier rubyid_subject'>subject</span><span class='comma'>,</span> <span class='id identifier rubyid_san_names'>san_names</span><span class='comma'>,</span> <span class='id identifier rubyid_public_key'>public_key</span> <span class='op'>=</span> <span class='id identifier rubyid_extract_public_key_subject_san'>extract_public_key_subject_san</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
+ <span class='id identifier rubyid_subject'>subject</span><span class='comma'>,</span> <span class='id identifier rubyid_public_key'>public_key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CertificateAuthority</span><span class='op'>::</span><span class='const'>Signer</span><span class='period'>.</span><span class='id identifier rubyid_extract_public_key_subject'>extract_public_key_subject</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='rparen'>)</span>
-
- <span class='kw'>if</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:csr</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:csr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_verify_signature'>verify_signature</span>
- <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>Certificate request signature is invalid.</span><span class='tstring_end'>"</span></span>
- <span class='kw'>end</span>
-
- <span class='comment'># prior to OpenSSL 1.0 DSA could only use DSS1 (aka SHA1) signatures. post-1.0 anything
-</span> <span class='comment'># goes but at the moment we don't enforce this restriction so an OpenSSL error could
-</span> <span class='comment'># bubble up if they do it wrong.
-</span> <span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:message_digest</span><span class='rparen'>)</span><span class='rparen'>)</span><span class='op'>?</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:message_digest</span><span class='rbracket'>]</span><span class='rparen'>)</span> <span class='op'>:</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_message_digest'>message_digest</span><span class='rparen'>)</span>
-
- <span class='id identifier rubyid_profile'>profile</span> <span class='op'>=</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_profile'>profile</span><span class='lparen'>(</span><span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:profile_name</span><span class='rbracket'>]</span><span class='rparen'>)</span>
-
- <span class='id identifier rubyid_validated_subject'>validated_subject</span> <span class='op'>=</span> <span class='id identifier rubyid_validate_subject'>validate_subject</span><span class='lparen'>(</span><span class='id identifier rubyid_subject'>subject</span><span class='comma'>,</span><span class='id identifier rubyid_profile'>profile</span><span class='rparen'>)</span>
-
- <span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='id identifier rubyid_build_cert'>build_cert</span><span class='lparen'>(</span>
- <span class='symbol'>:subject</span> <span class='op'>=></span> <span class='id identifier rubyid_validated_subject'>validated_subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
+ <span class='id identifier rubyid_cert'>cert</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>CertificateAuthority</span><span class='op'>::</span><span class='const'>Signer</span><span class='period'>.</span><span class='id identifier rubyid_build_cert'>build_cert</span><span class='lparen'>(</span>
+ <span class='symbol'>:subject</span> <span class='op'>=></span> <span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
<span class='symbol'>:issuer</span> <span class='op'>=></span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='comma'>,</span>
<span class='symbol'>:not_before</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:not_before</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:not_after</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:not_after</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:public_key</span> <span class='op'>=></span> <span class='id identifier rubyid_public_key'>public_key</span><span class='comma'>,</span>
<span class='symbol'>:serial</span> <span class='op'>=></span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:serial</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
- <span class='id identifier rubyid_basic_constraints'>basic_constraints</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_basic_constraints'>basic_constraints</span>
- <span class='id identifier rubyid_key_usage'>key_usage</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_key_usage'>key_usage</span>
- <span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span>
- <span class='id identifier rubyid_certificate_policies'>certificate_policies</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_certificate_policies'>certificate_policies</span>
- <span class='id identifier rubyid_ocsp_no_check'>ocsp_no_check</span> <span class='op'>=</span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_ocsp_no_check'>ocsp_no_check</span>
+ <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:extensions</span><span class='rbracket'>]</span> <span class='op'>||</span> <span class='lbracket'>[</span>
+ <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectKeyIdentifier</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:public_key</span> <span class='op'>=></span> <span class='id identifier rubyid_public_key'>public_key</span><span class='rparen'>)</span><span class='comma'>,</span>
+ <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityKeyIdentifier</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:public_key</span> <span class='op'>=></span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='rparen'>)</span>
+ <span class='rbracket'>]</span>
- <span class='id identifier rubyid_build_extensions'>build_extensions</span><span class='lparen'>(</span>
- <span class='symbol'>:subject_certificate</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span>
- <span class='symbol'>:issuer_certificate</span> <span class='op'>=></span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='comma'>,</span>
- <span class='symbol'>:basic_constraints</span> <span class='op'>=></span> <span class='id identifier rubyid_basic_constraints'>basic_constraints</span><span class='comma'>,</span>
- <span class='symbol'>:key_usage</span> <span class='op'>=></span> <span class='id identifier rubyid_key_usage'>key_usage</span><span class='comma'>,</span>
- <span class='symbol'>:extended_key_usage</span> <span class='op'>=></span> <span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span><span class='comma'>,</span>
- <span class='symbol'>:ocsp_no_check</span> <span class='op'>=></span> <span class='id identifier rubyid_ocsp_no_check'>ocsp_no_check</span><span class='comma'>,</span>
- <span class='symbol'>:certificate_policies</span> <span class='op'>=></span> <span class='id identifier rubyid_certificate_policies'>certificate_policies</span><span class='comma'>,</span>
- <span class='symbol'>:san_names</span> <span class='op'>=></span> <span class='id identifier rubyid_san_names'>san_names</span><span class='comma'>,</span>
- <span class='symbol'>:inhibit_any_policy</span> <span class='op'>=></span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_inhibit_any_policy'>inhibit_any_policy</span><span class='comma'>,</span>
- <span class='symbol'>:policy_constraints</span> <span class='op'>=></span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_policy_constraints'>policy_constraints</span><span class='comma'>,</span>
- <span class='symbol'>:name_constraints</span> <span class='op'>=></span> <span class='id identifier rubyid_profile'>profile</span><span class='period'>.</span><span class='id identifier rubyid_name_constraints'>name_constraints</span>
- <span class='rparen'>)</span>
-
-
<span class='comment'>#@config.ca_cert.key.key ... ugly. ca_cert returns R509::Cert
</span> <span class='comment'># #key returns R509::PrivateKey and #key on that returns OpenSSL object we need
</span> <span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_sign'>sign</span><span class='lparen'>(</span> <span class='ivar'>@config</span><span class='period'>.</span><span class='id identifier rubyid_ca_cert'>ca_cert</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_message_digest'>message_digest</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span> <span class='rparen'>)</span>
- <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span><span class='rparen'>)</span>
+ <span class='id identifier rubyid_cert_opts'>cert_opts</span> <span class='op'>=</span> <span class='lbrace'>{</span> <span class='symbol'>:cert</span> <span class='op'>=></span> <span class='id identifier rubyid_cert'>cert</span> <span class='rbrace'>}</span>
+ <span class='id identifier rubyid_cert_opts'>cert_opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:csr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:csr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:csr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+ <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_cert_opts'>cert_opts</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
@@ -833,12 +784,12 @@
</div>
</div>
<div id="footer">
- Generated on Tue Apr 23 10:46:07 2013 by
+ Generated on Sun Jan 26 13:37:28 2014 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
- 0.8.5 (ruby-1.9.3).
+ 0.8.6.1 (ruby-2.0.0).
</div>
</body>
</html>
\ No newline at end of file