Generate crt from csr

This commit is contained in:
Martin Lensment 2015-02-05 18:46:52 +02:00
parent 994d4140c2
commit bbe8a780a8
6 changed files with 58 additions and 7 deletions

View file

@ -8,6 +8,8 @@ class ApiUser < ActiveRecord::Base
validates :username, :password, :registrar, presence: true
validates :username, uniqueness: true
before_save :create_crt, if: -> (au) { au.csr_changed? }
attr_accessor :registrar_typeahead
def registrar_typeahead
@ -21,5 +23,37 @@ class ApiUser < ActiveRecord::Base
def queued_messages
registrar.messages.queued
end
def create_crt
request = OpenSSL::X509::Request.new(csr)
fail 'CSR can not be verified' unless request.verify request.public_key
ca_cert = OpenSSL::X509::Certificate.new(File.read(APP_CONFIG['ca_cert_path']))
ca_key = OpenSSL::PKey::RSA.new(File.read(APP_CONFIG['ca_key_path']), APP_CONFIG['ca_key_password'])
csr_cert = OpenSSL::X509::Certificate.new
csr_cert.serial = 0
csr_cert.version = 2
csr_cert.not_before = Time.now
csr_cert.not_after = Time.now + 600
csr_cert.subject = request.subject
csr_cert.public_key = request.public_key
csr_cert.issuer = ca_cert.subject
extension_factory = OpenSSL::X509::ExtensionFactory.new
extension_factory.subject_certificate = csr_cert
extension_factory.issuer_certificate = ca_cert
csr_cert.add_extension extension_factory.create_extension('basicConstraints', 'CA:FALSE')
csr_cert.add_extension extension_factory.create_extension(
'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
csr_cert.add_extension extension_factory.create_extension('subjectKeyIdentifier', 'hash')
csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new
self.crt = csr_cert.to_pem
end
end
# rubocop: enable Metrics/ClassLength