Commit 7e8cd6a

mokha <mokha@cisco.com>
2018-01-02 20:56:54
improve clarity of self signed cert.
main
1 parent ece5266
Changed files (4)
lib
xml
kit
fingerprint.rb
key_pair.rb
self_signed_certificate.rb
spec
support
certificate_helper.rb
lib/xml/kit/fingerprint.rb
@@ -2,7 +2,7 @@ module Xml
   module Kit
     # This generates a fingerprint for an X509 Certificate.
     #
-    #   certificate, _ = Xml::Kit::SelfSignedCertificate.new("password").create
+    #   certificate, _ = Xml::Kit::SelfSignedCertificate.new.create
     #
     #   puts Xml::Kit::Fingerprint.new(certificate).to_s
     #   # B7:AB:DC:BD:4D:23:58:65:FD:1A:99:0C:5F:89:EA:87:AD:F1:D7:83:34:7A:E9:E4:88:12:DD:46:1F:38:05:93
lib/xml/kit/key_pair.rb
@@ -27,7 +27,7 @@ module Xml
       # @param algorithm [String] the symmetric algorithm to use for encrypting the private key.
       def self.generate(use:, passphrase: SecureRandom.uuid, algorithm: ::Xml::Kit::Crypto::SymmetricCipher::DEFAULT_ALGORITHM)
         algorithm = ::Xml::Kit::Crypto::SymmetricCipher::ALGORITHMS[algorithm]
-        certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new(passphrase).create(algorithm)
+        certificate, private_key = ::Xml::Kit::SelfSignedCertificate.new.create(algorithm: algorithm, passphrase: passphrase)
         new(certificate, private_key, passphrase, use)
       end
     end
lib/xml/kit/self_signed_certificate.rb
@@ -3,24 +3,33 @@ module Xml
     class SelfSignedCertificate
       SUBJECT="/C=CA/ST=Alberta/L=Calgary/O=XmlKit/OU=XmlKit/CN=XmlKit"
 
-      def initialize(passphrase)
-        @passphrase = passphrase
+      def create(algorithm: 'AES-256-CBC', passphrase: nil)
+        key_pair = OpenSSL::PKey::RSA.new(2048)
+        certificate = certificate_for(key_pair.public_key)
+        certificate.sign(key_pair, OpenSSL::Digest::SHA256.new)
+        [ certificate.to_pem, export(key_pair, algorithm, passphrase) ]
       end
 
-      def create(algorithm = 'AES-256-CBC')
-        rsa_key = OpenSSL::PKey::RSA.new(2048)
+      private
+
+      def export(key_pair, algorithm, passphrase)
+        if passphrase.present?
+          cipher = OpenSSL::Cipher.new(algorithm)
+          key_pair.export(cipher, passphrase)
+        else
+          key_pair.export
+        end
+      end
+
+      def certificate_for(public_key)
         certificate = OpenSSL::X509::Certificate.new
         certificate.subject = certificate.issuer = OpenSSL::X509::Name.parse(SUBJECT)
-        certificate.not_before = Time.now.to_i
-        certificate.not_after = (Date.today + 30).to_time.to_i
-        certificate.public_key = rsa_key.public_key
+        certificate.not_before = Time.now
+        certificate.not_after = certificate.not_before + 30 * 24 * 60 * 60 # 30 days
+        certificate.public_key = public_key
         certificate.serial = 0x0
         certificate.version = 2
-        certificate.sign(rsa_key, OpenSSL::Digest::SHA256.new)
-        [
-          certificate.to_pem,
-          rsa_key.to_pem(OpenSSL::Cipher.new(algorithm), @passphrase)
-        ]
+        certificate
       end
     end
   end
spec/support/certificate_helper.rb
@@ -1,5 +1,5 @@
 module CertificateHelper
   def generate_key_pair(passphrase)
-    ::Xml::Kit::SelfSignedCertificate.new(passphrase).create
+    ::Xml::Kit::SelfSignedCertificate.new.create(passphrase: passphrase)
   end
 end