lpr-partynest/app/interactors/create_x509_self_signed_certificate.rb

# frozen_string_literal: true

class CreateX509SelfSignedCertificate
  include Interactor

  before do
    context.not_before = Time.at(context.not_before).utc
    context.not_after  = Time.at(context.not_after).utc
  end

  def call # rubocop:disable Metrics/AbcSize
    context.certificate = X509Certificate.create!(
      rsa_key: context.key,
      pem: cert.to_pem,
      subject: cert.subject.to_s,
      issuer: cert.issuer.to_s,
      not_before: cert.not_before,
      not_after: cert.not_after,
    )
  end

private

  def private_key_pkey
    @private_key_pkey ||= OpenSSL::PKey::RSA.new context.key.private_key_pem
  end

  def public_key_pkey
    @public_key_pkey ||= OpenSSL::PKey::RSA.new context.key.public_key_pem
  end

  def subject
    @subject ||= OpenSSL::X509::Name.parse context.distinguished_name
  end

  def cert # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
    @cert ||= OpenSSL::X509::Certificate.new.tap do |cert|
      cert.version = 2
      cert.serial = SecureRandom.rand 0...(2**16)
      cert.subject = subject
      cert.issuer = cert.subject
      cert.public_key = public_key_pkey
      cert.not_before = context.not_before
      cert.not_after = context.not_after

      AddExtensions.call cert

      cert.sign private_key_pkey, OpenSSL::Digest::SHA256.new
    end
  end

  class AddExtensions
    def self.call(cert)
      new(cert).call
    end

    def initialize(cert)
      @cert = cert
    end

    def call
      cert.add_extension basic_constraints
      cert.add_extension key_usage
      cert.add_extension subject_key_ident
      cert.add_extension authority_key_ident
    end

  private

    attr_reader :cert

    def ext_factory
      @ext_factory ||= OpenSSL::X509::ExtensionFactory.new.tap do |ext_factory|
        ext_factory.subject_certificate = cert
        ext_factory.issuer_certificate = cert
      end
    end

    def basic_constraints
      @basic_constraints ||= ext_factory.create_extension(
        'basicConstraints',
        'CA:TRUE',
        true,
      )
    end

    def key_usage
      @key_usage ||= ext_factory.create_extension(
        'keyUsage',
        'keyCertSign, cRLSign',
        true,
      )
    end

    def subject_key_ident
      @subject_key_ident ||= ext_factory.create_extension(
        'subjectKeyIdentifier',
        'hash',
        false,
      )
    end

    def authority_key_ident
      @authority_key_ident ||= ext_factory.create_extension(
        'authorityKeyIdentifier',
        'keyid:always,issuer:always',
        false,
      )
    end
  end
end
Add CreateX509SelfSignedCertificate 2019-09-10 17:25:37 -04:00			`# frozen_string_literal: true`

			`class CreateX509SelfSignedCertificate`
			`include Interactor`

Use UTC time 2019-09-10 18:16:30 -04:00			`before do`
Validate presence of X509Certificate#not_before, #not_after 2019-09-11 05:09:37 -04:00			`context.not_before = Time.at(context.not_before).utc`
			`context.not_after = Time.at(context.not_after).utc`
Use UTC time 2019-09-10 18:16:30 -04:00			`end`

Add association X509Certificate#rsa_public_key 2019-09-11 19:36:13 -04:00			`def call # rubocop:disable Metrics/AbcSize`
Create X509Certificate in interactor 2019-09-10 19:06:14 -04:00			`context.certificate = X509Certificate.create!(`
Rename model RSAPublicKey to RSAKey 2019-09-13 13:14:28 -04:00			`rsa_key: context.key,`
Remove unnecessary freeze 2019-09-11 08:13:35 -04:00			`pem: cert.to_pem,`
Add columns X509Certificate#subject, #issuer 2019-09-11 08:03:14 -04:00			`subject: cert.subject.to_s,`
			`issuer: cert.issuer.to_s,`
Better name 2019-09-11 08:09:23 -04:00			`not_before: cert.not_before,`
			`not_after: cert.not_after,`
Create X509Certificate in interactor 2019-09-10 19:06:14 -04:00			`)`
Add CreateX509SelfSignedCertificate 2019-09-10 17:25:37 -04:00			`end`

			`private`

			`def private_key_pkey`
Rename model RSAPublicKey to RSAKey 2019-09-13 13:14:28 -04:00			`@private_key_pkey \|\|= OpenSSL::PKey::RSA.new context.key.private_key_pem`
Add CreateX509SelfSignedCertificate 2019-09-10 17:25:37 -04:00			`end`

			`def public_key_pkey`
Rename model RSAPublicKey to RSAKey 2019-09-13 13:14:28 -04:00			`@public_key_pkey \|\|= OpenSSL::PKey::RSA.new context.key.public_key_pem`
Add CreateX509SelfSignedCertificate 2019-09-10 17:25:37 -04:00			`end`

			`def subject`
			`@subject \|\|= OpenSSL::X509::Name.parse context.distinguished_name`
			`end`

Disable cops 2019-09-10 18:09:01 -04:00			`def cert # rubocop:disable Metrics/AbcSize, Metrics/MethodLength`
Add CreateX509SelfSignedCertificate 2019-09-10 17:25:37 -04:00			`@cert \|\|= OpenSSL::X509::Certificate.new.tap do \|cert\|`
			`cert.version = 2`
Random serial 2019-09-10 18:13:04 -04:00			`cert.serial = SecureRandom.rand 0...(2**16)`
Add CreateX509SelfSignedCertificate 2019-09-10 17:25:37 -04:00			`cert.subject = subject`
			`cert.issuer = cert.subject`
			`cert.public_key = public_key_pkey`
			`cert.not_before = context.not_before`
			`cert.not_after = context.not_after`

			`AddExtensions.call cert`

			`cert.sign private_key_pkey, OpenSSL::Digest::SHA256.new`
			`end`
			`end`

			`class AddExtensions`
			`def self.call(cert)`
			`new(cert).call`
			`end`

			`def initialize(cert)`
			`@cert = cert`
			`end`

			`def call`
			`cert.add_extension basic_constraints`
			`cert.add_extension key_usage`
			`cert.add_extension subject_key_ident`
			`cert.add_extension authority_key_ident`
			`end`

			`private`

			`attr_reader :cert`

			`def ext_factory`
			`@ext_factory \|\|= OpenSSL::X509::ExtensionFactory.new.tap do \|ext_factory\|`
			`ext_factory.subject_certificate = cert`
			`ext_factory.issuer_certificate = cert`
			`end`
			`end`

			`def basic_constraints`
			`@basic_constraints \|\|= ext_factory.create_extension(`
			`'basicConstraints',`
			`'CA:TRUE',`
			`true,`
			`)`
			`end`

			`def key_usage`
			`@key_usage \|\|= ext_factory.create_extension(`
			`'keyUsage',`
			`'keyCertSign, cRLSign',`
			`true,`
			`)`
			`end`

			`def subject_key_ident`
			`@subject_key_ident \|\|= ext_factory.create_extension(`
			`'subjectKeyIdentifier',`
			`'hash',`
			`false,`
			`)`
			`end`

			`def authority_key_ident`
			`@authority_key_ident \|\|= ext_factory.create_extension(`
			`'authorityKeyIdentifier',`
			`'keyid:always,issuer:always',`
			`false,`
			`)`
			`end`
			`end`
			`end`