Skip to content

Instantly share code, notes, and snippets.

@mcr
Created May 4, 2016
Embed
What would you like to do?
# -*- ruby -*-
class OpenSSL::PKey::EC
def private?
private_key?
end
end
namespace :highway do
desc "Create initial self-signed certificate"
task :selfsigned => :environment do
curve='X25519'
#curve='secp112r1'
certdir = Rails.root.join('db').join('cert')
FileUtils.mkpath(certdir)
vendorprivkey=certdir.join("vendor_#{curve}.key")
if File.exists?(vendorprivkey)
root_key = OpenSSL::PKey.read(File.open(vendorprivkey))
else
# the CA's public/private key - 3*1024 + 8
root_key = OpenSSL::PKey::EC.new(curve)
root_key.generate_key
File.open(vendorprivkey, "w") do |f| f.write root_key.to_pem end
end
root_ca = OpenSSL::X509::Certificate.new
# cf. RFC 5280 - to make it a "v3" certificate
root_ca.version = 2
root_ca.serial = 1
root_ca.subject = OpenSSL::X509::Name.parse "/DC=ca/DC=sandelman/CN=Unstrung Highway CA"
# root CA's are "self-signed"
root_ca.issuer = root_ca.subject
#root_ca.public_key = root_key.public_key
root_ca.public_key = root_key
root_ca.not_before = Time.now
# 2 years validity
root_ca.not_after = root_ca.not_before + 2 * 365 * 24 * 60 * 60
# Extension Factory
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = root_ca
ef.issuer_certificate = root_ca
root_ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true))
root_ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
root_ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
root_ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false))
root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
File.open(certdir.join("vendor_#{curve}.crt"),'w') do |f|
f.write root_ca.to_pem
end
end
desc "Create initial self-signed certificate"
task :signmic => :environment do
key = OpenSSL::PKey::RSA.new 2048
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 2
cert.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby certificate"
cert.issuer = root_ca.subject # root CA is the issuer
cert.public_key = key.public_key
cert.not_before = Time.now
cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = root_ca
cert.add_extension(ef.create_extension("keyUsage","digitalSignature", true))
cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
cert.sign(root_key, OpenSSL::Digest::SHA256.new)
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment