AlexandrBasan/ruby_csr_example.rb

## ruby_csr_example.rb
require 'openssl'

  def create_fingerprint(string)
    key = OpenSSL::PKey::RSA.new 2048
    self.create_fingerprint(OpenSSL::Digest::SHA256.new(key.to_pem).to_s)
    string.scan(/../).map{ |s| s.upcase }.join(":")
  end

def gen_key(name)
  key = OpenSSL::PKey::RSA.new 1048
  file = File.new(name, "w")
  file.write(key)
  file.close
end

def get_key(name)
  OpenSSL::PKey::RSA.new File.open(name)
end

def csr(key)
  options = {

  :country      => 'PL',
  :state        => 'M',
  :city         => 'Cracow',
  :organization => 'OSPL',
  :department   => '',
  :common_name  => 'OSPL',
  :email        => ''

  }


  request = OpenSSL::X509::Request.new
  request.version = 0
  request.subject = OpenSSL::X509::Name.new([
  ['C',             options[:country], OpenSSL::ASN1::PRINTABLESTRING],
  ['ST',            options[:state],        OpenSSL::ASN1::PRINTABLESTRING],
  ['L',             options[:city],         OpenSSL::ASN1::PRINTABLESTRING],
  ['O',             options[:organization], OpenSSL::ASN1::UTF8STRING],
  ['OU',            options[:department],   OpenSSL::ASN1::UTF8STRING],
  ['CN',            options[:common_name],  OpenSSL::ASN1::UTF8STRING],
  ['emailAddress',  options[:email],        OpenSSL::ASN1::UTF8STRING]

  ])
  request.public_key = key.public_key
  request.sign(key, OpenSSL::Digest::SHA256.new)
end

def check_csr(request)
   csr = OpenSSL::X509::Request.new request
   p 'CSR can not be verified' unless csr.verify csr.public_key

       ['C', 'ST', 'L', 'O', 'OU', 'CN', 'emailAddress'].each do |param|
      case param
        when 'C'
          ap "country:"
        when 'ST'
          ap "state_province:"
        when 'L'
          ap "city_locality:"
        when 'O'
          ap "organisation:"
        when 'OU'
          ap "organisation_unit:"
        when 'CN'
          ap "common_name:"
        when 'emailAddress'
          ap "email:"
        else
          raise 'Can not get params from CSR'
      end
      p csr.subject.to_a.select{|name, _, _| name == param }.first[1]
end

def sign_csr(request, key)
  name = OpenSSL::X509::Name.parse 'CN=ospl/DC=example'

  csr_cert = OpenSSL::X509::Certificate.new
  csr_cert.serial = 0
  csr_cert.version = 2
  csr_cert.not_before = Time.now
  csr_cert.not_after = Time.now + 600
  csr_cert.subject = request.subject
  csr_cert.public_key = request.public_key
  csr_cert.issuer = name
  csr_cert.sign key, OpenSSL::Digest::SHA256.new
end

def public_encrypt(cert,data)
  cert.public_encrypt data
end

def private_encrypt(cert,data)
  cert.private_encrypt data
end

def public_decrypt(cert,data)
   cert.public_decrypt data
end

def private_decrypt(cert,data)
   cert.private_decrypt data
end

def test
   p "Create server and user key ..."
   gen_key 'server.key'
   gen_key 'user.key'

   p "Load server and user key ..."
   user_key = get_key 'user.key'
   server_key = get_key 'server.key'

   p "Create user csr..."
   user_csr = csr user_key

   p "Check user csr ..."
   check_csr user_csr

   p 'Sign user csr by server ...'
   signed_user_csr = sign_csr user_csr, server_key

   p "Encrypt message by server ... "
   encrypted_data = public_encrypt signed_user_csr.public_key, "Top secret from server message"
   p encrypted_data
   p "========== end ==========="

   p "Decrypt messsage by user ... "
   p private_decrypt user_key, encrypted_data
   p "========== end ==========="

   p "Encrypt message by user ... "
   p encrypted_from_user = private_encrypt( user_key, "Top secret from user")
   p "========== end ==========="

   p "Decrypt message by server ... "
   p public_decrypt signed_user_csr.public_key, encrypted_from_user
   "========== end ==========="
end
	require 'openssl'

	def create_fingerprint(string)
	key = OpenSSL::PKey::RSA.new 2048
	self.create_fingerprint(OpenSSL::Digest::SHA256.new(key.to_pem).to_s)
	string.scan(/../).map{ \|s\| s.upcase }.join(":")
	end

	def gen_key(name)
	key = OpenSSL::PKey::RSA.new 1048
	file = File.new(name, "w")
	file.write(key)
	file.close
	end

	def get_key(name)
	OpenSSL::PKey::RSA.new File.open(name)
	end

	def csr(key)
	options = {

	:country => 'PL',
	:state => 'M',
	:city => 'Cracow',
	:organization => 'OSPL',
	:department => '',
	:common_name => 'OSPL',
	:email => ''

	}


	request = OpenSSL::X509::Request.new
	request.version = 0
	request.subject = OpenSSL::X509::Name.new([
	['C', options[:country], OpenSSL::ASN1::PRINTABLESTRING],
	['ST', options[:state], OpenSSL::ASN1::PRINTABLESTRING],
	['L', options[:city], OpenSSL::ASN1::PRINTABLESTRING],
	['O', options[:organization], OpenSSL::ASN1::UTF8STRING],
	['OU', options[:department], OpenSSL::ASN1::UTF8STRING],
	['CN', options[:common_name], OpenSSL::ASN1::UTF8STRING],
	['emailAddress', options[:email], OpenSSL::ASN1::UTF8STRING]

	])
	request.public_key = key.public_key
	request.sign(key, OpenSSL::Digest::SHA256.new)
	end

	def check_csr(request)
	csr = OpenSSL::X509::Request.new request
	p 'CSR can not be verified' unless csr.verify csr.public_key

	['C', 'ST', 'L', 'O', 'OU', 'CN', 'emailAddress'].each do \|param\|
	case param
	when 'C'
	ap "country:"
	when 'ST'
	ap "state_province:"
	when 'L'
	ap "city_locality:"
	when 'O'
	ap "organisation:"
	when 'OU'
	ap "organisation_unit:"
	when 'CN'
	ap "common_name:"
	when 'emailAddress'
	ap "email:"
	else
	raise 'Can not get params from CSR'
	end
	p csr.subject.to_a.select{\|name, _, _\| name == param }.first[1]
	end

	def sign_csr(request, key)
	name = OpenSSL::X509::Name.parse 'CN=ospl/DC=example'

	csr_cert = OpenSSL::X509::Certificate.new
	csr_cert.serial = 0
	csr_cert.version = 2
	csr_cert.not_before = Time.now
	csr_cert.not_after = Time.now + 600
	csr_cert.subject = request.subject
	csr_cert.public_key = request.public_key
	csr_cert.issuer = name
	csr_cert.sign key, OpenSSL::Digest::SHA256.new
	end

	def public_encrypt(cert,data)
	cert.public_encrypt data
	end

	def private_encrypt(cert,data)
	cert.private_encrypt data
	end

	def public_decrypt(cert,data)
	cert.public_decrypt data
	end

	def private_decrypt(cert,data)
	cert.private_decrypt data
	end

	def test
	p "Create server and user key ..."
	gen_key 'server.key'
	gen_key 'user.key'

	p "Load server and user key ..."
	user_key = get_key 'user.key'
	server_key = get_key 'server.key'

	p "Create user csr..."
	user_csr = csr user_key

	p "Check user csr ..."
	check_csr user_csr

	p 'Sign user csr by server ...'
	signed_user_csr = sign_csr user_csr, server_key

	p "Encrypt message by server ... "
	encrypted_data = public_encrypt signed_user_csr.public_key, "Top secret from server message"
	p encrypted_data
	p "========== end ==========="

	p "Decrypt messsage by user ... "
	p private_decrypt user_key, encrypted_data
	p "========== end ==========="

	p "Encrypt message by user ... "
	p encrypted_from_user = private_encrypt( user_key, "Top secret from user")
	p "========== end ==========="

	p "Decrypt message by server ... "
	p public_decrypt signed_user_csr.public_key, encrypted_from_user
	"========== end ==========="
	end