module Porkadot::Assets::CertsUtils

def unsigned_cert(name, key, ca_cert=nil, expire=(1 * 365 * 24 * 60 * 60))
  cert = OpenSSL::X509::Certificate.new
  cert.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
  cert.serial = self.random_number
  cert.subject = OpenSSL::X509::Name.parse name
  if ca_cert
    cert.issuer = ca_cert.subject
  else
    cert.issuer = cert.subject # root CA's are "self-signed"
  end
  cert.public_key = key.public_key
  cert.not_before = Time.now
  cert.not_after = cert.not_before + expire
  return cert
end