class Issuer

def self.fetch(*arguments, **options)
	issuer = self.new(*arguments, **options)
	
	unless issuer.load
		issuer.save
	end
	
	return issuer
end

parameter　name　String

The common name to use for the certificate.

parameter　path　String

The path path for loading and saving the certificate.

def initialize(name = nil, path: State.path)
	@name = name || NAME
	@path = path
	
	@subject = nil
	@key = nil
	@certificate = nil
end

returns　String

The path to the private key.

def key_path
	File.join(@path, "#{@name}.key")
end

returns　String

The path to the public certificate.

def certificate_path
	File.join(@path, "#{@name}.crt")
end

returns　OpenSSL::X509::Name

The subject name for the certificate.

def subject
	@subject ||= OpenSSL::X509::Name.parse("/O=localhost.rb/CN=#{@name}")
end

parameter　subject　OpenSSL::X509::Name

The subject name for the certificate.

def subject= subject
	@subject = subject
end

returns　OpenSSL::PKey::RSA

The private key.

def key
	@key ||= OpenSSL::PKey::RSA.new(BITS)
end

returns　OpenSSL::X509::Certificate

A self-signed certificate.

def certificate
	@certificate ||= OpenSSL::X509::Certificate.new.tap do |certificate|
		certificate.subject = self.subject
		# We use the same issuer as the subject, which makes this certificate self-signed:
		certificate.issuer = self.subject
		
		certificate.public_key = self.key.public_key
		
		certificate.serial = Time.now.to_i
		certificate.version = 2
		
		certificate.not_before = Time.now - 10
		certificate.not_after = Time.now + VALIDITY
		
		extension_factory = ::OpenSSL::X509::ExtensionFactory.new
		extension_factory.subject_certificate = certificate
		extension_factory.issuer_certificate = certificate
		
		certificate.add_extension extension_factory.create_extension("basicConstraints", "CA:TRUE", true)
		certificate.add_extension extension_factory.create_extension("keyUsage", "keyCertSign, cRLSign", true)
		certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
		certificate.add_extension extension_factory.create_extension("authorityKeyIdentifier", "keyid:always", false)
		
		certificate.sign self.key, OpenSSL::Digest::SHA256.new
	end
end

parameter　path　String

The path to load the certificate and key.

returns　Boolean

True if the certificate and key were loaded successfully.

def load(path = @root)
	certificate_path = self.certificate_path
	key_path = self.key_path
	
	return false unless File.exist?(certificate_path) and File.exist?(key_path)
	
	certificate = OpenSSL::X509::Certificate.new(File.read(certificate_path))
	key = OpenSSL::PKey::RSA.new(File.read(key_path))
	
	@certificate = certificate
	@key = key
	
	return true
end

returns　String

The path to the lockfile.

def lockfile_path
	File.join(@path, "#{@name}.lock")
end

parameter　path　String

The path to save the certificate and key.

def save(path = @root)
	lockfile_path = self.lockfile_path
	
	File.open(lockfile_path, File::RDWR|File::CREAT, 0644) do |lockfile|
		lockfile.flock(File::LOCK_EX)
		
		File.write(
			self.certificate_path,
			self.certificate.to_pem
		)
		
		File.write(
			self.key_path,
			self.key.to_pem
		)
	end
	
	return true
end