Rails openssl X.509证书生成返回PEM?

时间:2014-03-11 23:21:48

标签: ruby-on-rails ruby openssl

所以我有一个看起来像这样的方法:

def self.generateNewSignedCert(csr, uId)
    # CSR = certificate signing request
    # filename = uId + '.pem'

    # csr = OpenSSL::X509::Request.new File.read Rails.root.join('keys','csr',filename)
    # raise 'CSR can not be verified' unless csr.verify csr.public_key

    ca_cert = OpenSSL::X509::Certificate.new File.read Rails.root.join('keys','certs','ca_cert.pem')
    ca_key_pem = File.read Rails.root.join('keys','certs','ca_key.pem')
    ca_key = OpenSSL::PKey::RSA.new ca_key_pem, 'ning'

    csr_cert = OpenSSL::X509::Certificate.new
    csr_cert.serial = 0
    csr_cert.version = 2
    csr_cert.not_before = Time.now
    csr_cert.not_after = Time.now + 2592000

    csr_cert.subject = csr.subject
    csr_cert.public_key = csr.public_key
    csr_cert.issuer = ca_cert.subject

    extension_factory = OpenSSL::X509::ExtensionFactory.new
    extension_factory.subject_certificate = csr_cert
    extension_factory.issuer_certificate = ca_cert

    extension_factory.create_extension 'basicConstraints', 'CA:FALSE'
    extension_factory.create_extension 'keyUsage',
      'keyEncipherment,dataEncipherment,digitalSignature'
    extension_factory.create_extension 'subjectKeyIdentifier', 'hash'

    csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new

    filename = uId + '_cert.pem'
    open Rails.root.join('keys','certs',filename), 'w' do |io|
      io.write csr_cert.to_pem
    end
    return csr_cert
end

返回控制器的csr_cert是PEM格式吗?

我有另一种生成CA Cert的方法,看起来几乎相同,将文件保存为PEM并返回ca_cert并且工作正常(返回证书,而不是PEM)

任何人都知道我为什么要获得PEM而不是证书?

进一步的信息:

控制器

def newCert
    csr = CertificateAuthority.newCSR(session[:uID].to_s)
    @cert = CertificateAuthority.generateNewSignedCert(csr, session[:uID].to_s)
    render :layout => false
end

如果我在puts csr_cert行之后添加extension_factory,它仍打印出一个PEM?

0 个答案:

没有答案