Commit f6ae53bb authored by Dylan Griffith's avatar Dylan Griffith

Reduce duplication in code in Gitlab::Kubernetes::Helm::Certificate

parent cb21560b
......@@ -22,53 +22,46 @@ module Gitlab
end
def self.generate_root
_issue(signed_by: nil, expires_in: INFINITE_EXPIRY, ca: true)
end
def issue(expires_in: SHORT_EXPIRY)
self.class._issue(signed_by: self, expires_in: expires_in, ca: false)
end
private
def self._issue(signed_by:, expires_in:, ca:)
key = OpenSSL::PKey::RSA.new(4096)
public_key = key.public_key
subject = "/C=US"
subject = OpenSSL::X509::Name.parse("/C=US")
cert = OpenSSL::X509::Certificate.new
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
cert.subject = subject
cert.issuer = signed_by&.cert&.subject || subject
cert.not_before = Time.now
cert.not_after = INFINITE_EXPIRY.from_now
cert.not_after = expires_in.from_now
cert.public_key = public_key
cert.serial = 0x0
cert.version = 2
if ca
extension_factory = OpenSSL::X509::ExtensionFactory.new
extension_factory.subject_certificate = cert
extension_factory.issuer_certificate = cert
cert.add_extension(extension_factory.create_extension('subjectKeyIdentifier', 'hash'))
cert.add_extension(extension_factory.create_extension('basicConstraints', 'CA:TRUE', true))
cert.add_extension(extension_factory.create_extension('keyUsage', 'cRLSign,keyCertSign', true))
cert.sign key, OpenSSL::Digest::SHA256.new
new(key, cert)
end
def issue(expires_in: SHORT_EXPIRY)
key = OpenSSL::PKey::RSA.new(4096)
public_key = key.public_key
subject = "/C=US"
cert = OpenSSL::X509::Certificate.new
cert.subject = OpenSSL::X509::Name.parse(subject)
cert.issuer = self.cert.subject
cert.not_before = Time.now
cert.not_after = expires_in.from_now
cert.public_key = public_key
cert.serial = 0x0
cert.version = 2
cert.sign self.key, OpenSSL::Digest::SHA256.new
cert.sign(signed_by&.key || key, OpenSSL::Digest::SHA256.new)
self.class.new(key, cert)
new(key, cert)
end
private
def initialize(key, cert)
@key = key
@cert = cert
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment