class Localhost::Authority

def certificate

@returns [OpenSSL::X509::Certificate] A self-signed certificate.

Generates a self-signed certificate if one does not already exist for the given hostname.

def certificate
	issuer = @issuer || self
	
	@certificate ||= OpenSSL::X509::Certificate.new.tap do |certificate|
		certificate.subject = self.subject
		certificate.issuer = issuer.subject
		
		certificate.public_key = self.key.public_key
		
		certificate.serial = Time.now.to_i
		certificate.version = 2
		
		certificate.not_before = Time.now
		certificate.not_after = Time.now + (3600 * 24 * 365)
		
		extension_factory = OpenSSL::X509::ExtensionFactory.new
		extension_factory.subject_certificate = certificate
		extension_factory.issuer_certificate = @issuer&.certificate || certificate
		
		certificate.add_extension extension_factory.create_extension("basicConstraints", "CA:FALSE", true)
		certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
		certificate.add_extension extension_factory.create_extension("subjectAltName", "DNS: #{@hostname}")
		certificate.add_extension extension_factory.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
		
		certificate.sign issuer.key, OpenSSL::Digest::SHA256.new
	end
end

Modules

Classes

class Localhost::Authority

def certificate

Class Methods

Instance Methods