Class: Samlr::Tools::CertificateBuilder

Inherits:

Object

• Object
• Samlr::Tools::CertificateBuilder

Defined in:

lib/samlr/tools/certificate_builder.rb

Overview

Container for generating/referencing X509 and keys

Instance Attribute Summary

• #key_size ⇒ Object readonly

  Returns the value of attribute key_size.

Class Method Summary

• .dump(path, certificate, id = "samlr") ⇒ Object
• .load(path, id = "samlr") ⇒ Object

Instance Method Summary

• #initialize(options = {}) ⇒ CertificateBuilder constructor

  A new instance of CertificateBuilder.

• #key_pair ⇒ Object
• #sign(string) ⇒ Object
• #to_certificate ⇒ Object
• #verify(signature, string) ⇒ Object
• #x509 ⇒ Object
• #x509_as_pem ⇒ Object

Constructor Details

#initialize(options = {}) ⇒ CertificateBuilder

Returns a new instance of CertificateBuilder.

# File 'lib/samlr/tools/certificate_builder.rb', line 7

def initialize(options = {})
  @key_size = options.fetch(:key_size, 4096)
  @x509 = options[:x509]
  @key_pair = options[:key_pair]
end

Instance Attribute Details

#key_size ⇒ Object (readonly)

Returns the value of attribute key_size.

# File 'lib/samlr/tools/certificate_builder.rb', line 5

def key_size
  @key_size
end

Class Method Details

.dump(path, certificate, id = "samlr") ⇒ Object

# File 'lib/samlr/tools/certificate_builder.rb', line 60

def self.dump(path, certificate, id = "samlr")
  File.write(File.join(path, "#{id}_private_key.pem"), certificate.key_pair.to_pem)
  File.write(File.join(path, "#{id}_certificate.pem"), certificate.x509.to_pem)
end

.load(path, id = "samlr") ⇒ Object

# File 'lib/samlr/tools/certificate_builder.rb', line 65

def self.load(path, id = "samlr")
  key_pair = OpenSSL::PKey::RSA.new(File.read(File.join(path, "#{id}_private_key.pem")))
  x509_cert = OpenSSL::X509::Certificate.new(File.read(File.join(path, "#{id}_certificate.pem")))

  new(key_pair: key_pair, x509: x509_cert)
end

Instance Method Details

#key_pair ⇒ Object

# File 'lib/samlr/tools/certificate_builder.rb', line 44

def key_pair
  @key_pair ||= OpenSSL::PKey::RSA.new(key_size)
end

#sign(string) ⇒ Object

# File 'lib/samlr/tools/certificate_builder.rb', line 48

def sign(string)
  Base64.encode64(key_pair.sign(OpenSSL::Digest.new("SHA1"), string)).delete("\n")
end

#to_certificate ⇒ Object

# File 'lib/samlr/tools/certificate_builder.rb', line 56

def to_certificate
  Samlr::Certificate.new(x509)
end

#verify(signature, string) ⇒ Object

# File 'lib/samlr/tools/certificate_builder.rb', line 52

def verify(signature, string)
  key_pair.public_key.verify(OpenSSL::Digest.new("SHA1"), Base64.decode64(signature), string)
end

#x509 ⇒ Object

# File 'lib/samlr/tools/certificate_builder.rb', line 13

def x509
  @x509 ||= begin
    domain = "example.org"
    name = OpenSSL::X509::Name.new([
      ["C", "US", OpenSSL::ASN1::PRINTABLESTRING],
      ["O", domain, OpenSSL::ASN1::UTF8STRING],
      ["OU", "Samlr ResponseBuilder", OpenSSL::ASN1::UTF8STRING],
      ["CN", "CA"]
    ])

    certificate = OpenSSL::X509::Certificate.new
    certificate.subject = name
    certificate.issuer = name
    certificate.not_before = (Time.now - 5)
    certificate.not_after = (Time.now + 60 * 60 * 24 * 365 * 20)
    certificate.public_key = key_pair.public_key
    certificate.serial = 1
    certificate.version = 2
    certificate.sign(key_pair, OpenSSL::Digest.new("SHA1"))

    certificate
  end
end

#x509_as_pem ⇒ Object

# File 'lib/samlr/tools/certificate_builder.rb', line 37

def x509_as_pem
  pem = x509.to_pem.split("\n")
  pem.pop
  pem.shift
  pem.join
end