diff options
author | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-25 14:32:02 +0100 |
---|---|---|
committer | Dylan Griffith <dyl.griffith@gmail.com> | 2018-07-25 16:12:00 +0100 |
commit | 28d74a369880b3da9f2568ad4c13563a969b19e3 (patch) | |
tree | fd1c9eb0db2b7f5925be61b2536a6ae15274231a | |
parent | 967a6d00cdabfe1487a29f6e529147f25eb65a07 (diff) | |
download | gitlab-ce-48098-mutual-auth-cluster-applications.tar.gz |
Reduce duplication in code in Gitlab::Kubernetes::Helm::Certificate48098-mutual-auth-cluster-applications
-rw-r--r-- | lib/gitlab/kubernetes/helm/certificate.rb | 53 |
1 files changed, 23 insertions, 30 deletions
diff --git a/lib/gitlab/kubernetes/helm/certificate.rb b/lib/gitlab/kubernetes/helm/certificate.rb index d5afc737654..cebf3f1461a 100644 --- a/lib/gitlab/kubernetes/helm/certificate.rb +++ b/lib/gitlab/kubernetes/helm/certificate.rb @@ -22,52 +22,45 @@ module Gitlab end def self.generate_root - key = OpenSSL::PKey::RSA.new(4096) - public_key = key.public_key - - subject = "/C=US" - - cert = OpenSSL::X509::Certificate.new - cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject) - cert.not_before = Time.now - cert.not_after = INFINITE_EXPIRY.from_now - cert.public_key = public_key - cert.serial = 0x0 - cert.version = 2 - - extension_factory = OpenSSL::X509::ExtensionFactory.new - extension_factory.subject_certificate = cert - extension_factory.issuer_certificate = cert - cert.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash')) - cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:TRUE', true)) - cert.add_extension(extension_factory.create_extension('keyUsage', 'cRLSign,keyCertSign', true)) - - cert.sign key, OpenSSL::Digest::SHA256.new - - new(key, cert) + _issue(signed_by: nil, expires_in: INFINITE_EXPIRY, ca: true) end def issue(expires_in: SHORT_EXPIRY) + self.class._issue(signed_by: self, expires_in: expires_in, ca: false) + end + + private + + def self._issue(signed_by:, expires_in:, ca:) key = OpenSSL::PKey::RSA.new(4096) public_key = key.public_key - subject = "/C=US" + subject = OpenSSL::X509::Name.parse("/C=US") cert = OpenSSL::X509::Certificate.new - cert.subject = OpenSSL::X509::Name.parse(subject) - cert.issuer = self.cert.subject + cert.subject = subject + + cert.issuer = signed_by&.cert&.subject || subject + cert.not_before = Time.now cert.not_after = expires_in.from_now cert.public_key = public_key cert.serial = 0x0 cert.version = 2 - cert.sign self.key, OpenSSL::Digest::SHA256.new + if ca + extension_factory = OpenSSL::X509::ExtensionFactory.new + extension_factory.subject_certificate = cert + extension_factory.issuer_certificate = cert + cert.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash')) + cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:TRUE', true)) + cert.add_extension(extension_factory.create_extension('keyUsage', 'cRLSign,keyCertSign', true)) + end - self.class.new(key, cert) - end + cert.sign(signed_by&.key || key, OpenSSL::Digest::SHA256.new) - private + new(key, cert) + end def initialize(key, cert) @key = key |