pzb/csr2cert.rb

## csr2cert.rb
#!/usr/bin/env ruby
require 'openssl'
require 'base64'

csr = File.read(ARGV[0])
der = Base64.decode64(csr.lines.reject{|l|l.include?('----')}.join)

# Basic sanity check (will throw exception if not sane)
req = OpenSSL::X509::Request.new(der)

asn = OpenSSL::ASN1.decode(der)

if asn.value.length != 3
  raise "Not a SIGNED{}"
end

cri = asn.value[0]
signature_alg = asn.value[1]
signature = asn.value[2]

if cri.value[0].value.to_i != 0
  raise "Not v1 CertificationRequestInfo"
end

subject = cri.value[1]
spki = cri.value[2]

extensions = nil
cri.value[3].value.each do |attr|
  type = attr.value[0]
  next unless type.oid == "1.2.840.113549.1.9.14"
  if attr.value[1].value.length != 1
    raise "ExtensionRequest must be single value"
  end
  if !extensions.nil?
    raise "Multiple extension requests"
  end
  extensions = attr.value[1].value[0]
end

=begin
# This code created the static placeholder certificate

# Create a place holder certificate
tempkey = OpenSSL::PKey::RSA.new(512)
cert = OpenSSL::X509::Certificate.new
cert.version = 2 # V3
cert.serial = 0xda39a3ee5e6b4b0d3255bfef95601890afd80709
cert.issuer = OpenSSL::X509::Name.new([
  ["C", "US", 19],
  ["O", "Example Corp", 19],
  ["CN", "Example SSL xV CA", 19]
])
cert.not_before = Time.now
cert.not_after = cert.not_before + (360 * 24 * 60 * 60)
cert.subject = OpenSSL::X509::Name.new([["C", "US", 19]])
cert.public_key = tempkey
ef = OpenSSL::X509::ExtensionFactory.new
cert.add_extension(ef.create_extension("basicConstraints", "CA:FALSE", true))
cert.sign(tempkey, OpenSSL::Digest::SHA256.new)
c = OpenSSL::ASN1.decode(cert.to_der)
=end

# Static placeholder certificate; contents get replaced below
c = OpenSSL::ASN1.decode(Base64.decode64('MIIBYjCCAQygAwIBAgIVANo5o+5ea0sNMlW/75VgGJCv2AcJMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxFeGFtcGxlIENvcnAxGjAYBgNVBAMTEUV4YW1wbGUgU1NMIHhWIENBMB4XDTE3MDYxMzE0MjE1M1oXDTE4MDYwODE0MjE1M1owDTELMAkGA1UEBhMCVVMwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA4o81+V59Zh9LHsz0AYW1/zUWR4gitQXrCGZ16sllcsYre4pm25r1YEK0uqtPPFeH/bu3naCngPX8nUzEXU5tywIDAQABoxAwDjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA0EAJ2C7N4zHas499BPkkkENr1FFfUS/pX1HCbO5Sherupja8lW+0+oSenMTxmpFzwHH4kmQfPtonFfhg7xb5+icTA=='))

# Reset the validity period
nb = Time.now
c.value[0].value[4].value[0].value = nb
c.value[0].value[4].value[1].value = nb + (360 * 24 * 60 * 60)

# Copy subject & spki and extensions
c.value[0].value[5] = subject
c.value[0].value[6] = spki

c.value[0].value[7].value[0] = extensions

# Copy signature algorithm
c.value[0].value[2] = signature_alg
c.value[1] = signature_alg
c.value[2] = signature

puts OpenSSL::X509::Certificate.new(c.to_der).to_pem
	#!/usr/bin/env ruby
	require 'openssl'
	require 'base64'

	csr = File.read(ARGV[0])
	der = Base64.decode64(csr.lines.reject{\|l\|l.include?('----')}.join)

	# Basic sanity check (will throw exception if not sane)
	req = OpenSSL::X509::Request.new(der)

	asn = OpenSSL::ASN1.decode(der)

	if asn.value.length != 3
	raise "Not a SIGNED{}"
	end

	cri = asn.value[0]
	signature_alg = asn.value[1]
	signature = asn.value[2]

	if cri.value[0].value.to_i != 0
	raise "Not v1 CertificationRequestInfo"
	end

	subject = cri.value[1]
	spki = cri.value[2]

	extensions = nil
	cri.value[3].value.each do \|attr\|
	type = attr.value[0]
	next unless type.oid == "1.2.840.113549.1.9.14"
	if attr.value[1].value.length != 1
	raise "ExtensionRequest must be single value"
	end
	if !extensions.nil?
	raise "Multiple extension requests"
	end
	extensions = attr.value[1].value[0]
	end

	=begin
	# This code created the static placeholder certificate

	# Create a place holder certificate
	tempkey = OpenSSL::PKey::RSA.new(512)
	cert = OpenSSL::X509::Certificate.new
	cert.version = 2 # V3
	cert.serial = 0xda39a3ee5e6b4b0d3255bfef95601890afd80709
	cert.issuer = OpenSSL::X509::Name.new([
	["C", "US", 19],
	["O", "Example Corp", 19],
	["CN", "Example SSL xV CA", 19]
	])
	cert.not_before = Time.now
	cert.not_after = cert.not_before + (360 * 24 * 60 * 60)
	cert.subject = OpenSSL::X509::Name.new([["C", "US", 19]])
	cert.public_key = tempkey
	ef = OpenSSL::X509::ExtensionFactory.new
	cert.add_extension(ef.create_extension("basicConstraints", "CA:FALSE", true))
	cert.sign(tempkey, OpenSSL::Digest::SHA256.new)
	c = OpenSSL::ASN1.decode(cert.to_der)
	=end

	# Static placeholder certificate; contents get replaced below
	c = OpenSSL::ASN1.decode(Base64.decode64('MIIBYjCCAQygAwIBAgIVANo5o+5ea0sNMlW/75VgGJCv2AcJMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxFeGFtcGxlIENvcnAxGjAYBgNVBAMTEUV4YW1wbGUgU1NMIHhWIENBMB4XDTE3MDYxMzE0MjE1M1oXDTE4MDYwODE0MjE1M1owDTELMAkGA1UEBhMCVVMwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA4o81+V59Zh9LHsz0AYW1/zUWR4gitQXrCGZ16sllcsYre4pm25r1YEK0uqtPPFeH/bu3naCngPX8nUzEXU5tywIDAQABoxAwDjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA0EAJ2C7N4zHas499BPkkkENr1FFfUS/pX1HCbO5Sherupja8lW+0+oSenMTxmpFzwHH4kmQfPtonFfhg7xb5+icTA=='))

	# Reset the validity period
	nb = Time.now
	c.value[0].value[4].value[0].value = nb
	c.value[0].value[4].value[1].value = nb + (360 * 24 * 60 * 60)

	# Copy subject & spki and extensions
	c.value[0].value[5] = subject
	c.value[0].value[6] = spki

	c.value[0].value[7].value[0] = extensions

	# Copy signature algorithm
	c.value[0].value[2] = signature_alg
	c.value[1] = signature_alg
	c.value[2] = signature

	puts OpenSSL::X509::Certificate.new(c.to_der).to_pem