Class: UDAPSecurityTestKit::UDAPX509Certificate

Inherits:

Object

Object
UDAPSecurityTestKit::UDAPX509Certificate

show all

Defined in:: lib/udap_security_test_kit/udap_x509_certificate.rb

Instance Attribute Summary collapse

#cert ⇒ Object readonly

Returns the value of attribute cert.
#cert_private_key ⇒ Object readonly

Returns the value of attribute cert_private_key.
#san ⇒ Object readonly

Returns the value of attribute san.

Instance Method Summary collapse

#initialize(issuer_cert_pem_string, issuer_private_key_pem_string, include_san_extension: true) ⇒ UDAPX509Certificate constructor

A new instance of UDAPX509Certificate.

Constructor Details

#initialize(issuer_cert_pem_string, issuer_private_key_pem_string, include_san_extension: true) ⇒ `UDAPX509Certificate`

Returns a new instance of UDAPX509Certificate.

# File 'lib/udap_security_test_kit/udap_x509_certificate.rb', line 5

def initialize(issuer_cert_pem_string, issuer_private_key_pem_string, include_san_extension: true)
  issuer_private_key = OpenSSL::PKey.read(issuer_private_key_pem_string)
  issuer_cert = OpenSSL::X509::Certificate.new(issuer_cert_pem_string)

  @cert_private_key = OpenSSL::PKey::RSA.new 2048
  cert = OpenSSL::X509::Certificate.new

  # must be v3 or above to allow extensions
  # x509 versions are zero-based, so '2' means version 3
  cert.version = 2

  # X.509 serial numbers can be up to 20 bytes (2**(8*20))
  cert.serial = SecureRandom.random_number(2**32)
  cert.subject = OpenSSL::X509::Name.parse '/C=US/ST=MA/L=Bedford/O=Inferno/CN=UDAP-Test-Client'
  cert.issuer = issuer_cert.subject
  cert.public_key = cert_private_key.public_key
  cert.not_before = Time.now
  cert.not_after = cert.not_before + (1 * 365 * 24 * 60 * 60) # 1 years validity
  ef = OpenSSL::X509::ExtensionFactory.new
  ef.subject_certificate = cert
  ef.issuer_certificate = issuer_cert

  if include_san_extension
    # SAN must be unique for each cert
    @san = "https://inferno.org/udap_security_test_kit/#{cert.serial}"
    unique_uri_entry = "URI:#{@san}"
    cert.add_extension(ef.create_extension('subjectAltName', unique_uri_entry, false))
  end

  # TODO: add in any other relevant extensions?
  cert.add_extension(ef.create_extension('keyUsage', 'digitalSignature, nonRepudiation', true))
  cert.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
  cert.sign(issuer_private_key, OpenSSL::Digest.new('SHA256'))

  @cert = cert
end

Instance Attribute Details

#cert ⇒ `Object` (readonly)

Returns the value of attribute cert.



3
4
5

# File 'lib/udap_security_test_kit/udap_x509_certificate.rb', line 3

def cert
  @cert
end

#cert_private_key ⇒ `Object` (readonly)

Returns the value of attribute cert_private_key.



3
4
5

# File 'lib/udap_security_test_kit/udap_x509_certificate.rb', line 3

def cert_private_key
  @cert_private_key
end

#san ⇒ `Object` (readonly)

Returns the value of attribute san.



3
4
5

# File 'lib/udap_security_test_kit/udap_x509_certificate.rb', line 3

def san
  @san
end

Class: UDAPSecurityTestKit::UDAPX509Certificate

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(issuer_cert_pem_string, issuer_private_key_pem_string, include_san_extension: true) ⇒ UDAPX509Certificate

Instance Attribute Details

#cert ⇒ Object (readonly)

#cert_private_key ⇒ Object (readonly)

#san ⇒ Object (readonly)

#initialize(issuer_cert_pem_string, issuer_private_key_pem_string, include_san_extension: true) ⇒ `UDAPX509Certificate`

#cert ⇒ `Object` (readonly)

#cert_private_key ⇒ `Object` (readonly)

#san ⇒ `Object` (readonly)