File: ssl_helper.rb

package info (click to toggle)
ruby-http 4.4.1-6
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 704 kB
  • sloc: ruby: 5,388; makefile: 9
file content (107 lines) | stat: -rw-r--r-- 2,322 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# frozen_string_literal: true

require "pathname"

require "certificate_authority"

module SSLHelper
  CERTS_PATH = Pathname.new File.expand_path("../../../tmp/certs", __FILE__)

  class RootCertificate < ::CertificateAuthority::Certificate
    EXTENSIONS = {"keyUsage" => {"usage" => %w[critical keyCertSign]}}.freeze

    def initialize
      super()

      subject.common_name  = "honestachmed.com"
      serial_number.number = 1
      key_material.generate_key

      self.signing_entity = true

      sign!("extensions" => EXTENSIONS)
    end

    def file
      return @file if defined? @file

      CERTS_PATH.mkpath

      cert_file = CERTS_PATH.join("ca.crt")
      cert_file.open("w") { |io| io << to_pem }

      @file = cert_file.to_s
    end
  end

  class ChildCertificate < ::CertificateAuthority::Certificate
    EXTENSIONS = {"extendedKeyUsage" => {"usage" => %w(serverAuth clientAuth)}}

    def initialize(parent)
      super()

      subject.common_name  = "127.0.0.1"
      serial_number.number = 1

      key_material.generate_key

      self.parent = parent

      sign!("extensions" => EXTENSIONS)

    end

    def cert
      OpenSSL::X509::Certificate.new to_pem
    end

    def key
      OpenSSL::PKey::RSA.new key_material.private_key.to_pem
    end
  end

  class << self
    def server_context
      context = OpenSSL::SSL::SSLContext.new

      context.verify_mode = OpenSSL::SSL::VERIFY_PEER
      context.key         = server_cert.key
      context.cert        = server_cert.cert
      context.ca_file     = ca.file

      context
    end

    def client_context
      context = OpenSSL::SSL::SSLContext.new

      context.options     = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options]
      context.verify_mode = OpenSSL::SSL::VERIFY_PEER
      context.key         = client_cert.key
      context.cert        = client_cert.cert
      context.ca_file     = ca.file

      context
    end

    def client_params
      {
        :key => client_cert.key,
        :cert => client_cert.cert,
        :ca_file => ca.file
      }
    end

    %w[server client].each do |side|
      class_eval <<-RUBY, __FILE__, __LINE__
        def #{side}_cert
          @#{side}_cert ||= ChildCertificate.new ca
        end
      RUBY
    end

    def ca
      @ca ||= RootCertificate.new
    end
  end
end