Class: Ronin::CLI::Commands::CertGen Private
- Inherits:
-
Ronin::CLI::Command
- Object
- Core::CLI::Command
- Ronin::CLI::Command
- Ronin::CLI::Commands::CertGen
- Includes:
- Core::CLI::Logging
- Defined in:
- lib/ronin/cli/commands/cert_gen.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Generates a new X509 certificate.
Usage
ronin cert-gen [options]
Options
--version NUM The certificate version number (Default: 2)
--serial NUM The certificate serial number (Default: 0)
--not-before TIME When the certificate becomes valid. Defaults to the current time.
--not-after TIME When the certificate becomes no longer valid. Defaults to one year from now.
-c, --common-name DOMAIN The Common Name (CN) for the certificate
-A, --subject-alt-name HOST|IP Adds HOST or IP to subjectAltName
-O, --organization NAME The Organization (O) for the certificate
-U, --organizational-unit NAME The Organizational Unit (OU)
-L, --locality NAME The locality for the certificate
-S, --state XX The two-letter State (ST) code for the certificate
-C, --country XX The two-letter Country (C) code for the certificate
-t, --key-type rsa|ec The signing key type
--generate-key PATH Generates and saves a random key (Default: key.pem)
-k, --key-file FILE Loads the signing key from the FILE
-H sha256|sha1|md5, The hash algorithm to use for signing (Default: sha256)
--signing-hash
--ca-key FILE The Certificate Authority (CA) key
--ca-cert FILE The Certificate Authority (CA) certificate
--ca Generates a CA certificate
-o, --output FILE The output file (Default: cert.crt)
-h, --help Print help information
Examples
ronin cert_gen -c test.com -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US
ronin cert_gen -c test.com -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US --key-file private.key
ronin cert_gen -c test.com -A www.test.com -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US
ronin cert_gen --ca -c "Test CA" -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US
ronin cert_gen -c test.com -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US --ca-key ca.key --ca-cert ca.crt
Constant Summary collapse
- IP_REGEXP =
This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.
Support::Text::Patterns::IP
Instance Method Summary collapse
-
#basic_constraints_ext ⇒ (String, Boolean)?
private
Builds the
basicConstraints
extension. -
#ca_cert ⇒ Ronin::Support::Crypto::Cert?
private
Loads the
--ca-cert
certificate file. -
#ca_key ⇒ Ronin::Support::Key::RSA?
private
Loads the
--ca-key
key file. -
#extensions ⇒ Hash{String => Object}?
private
Builds the extensions.
-
#initialize(**kwargs) ⇒ CertGen
constructor
private
Initializes the
ronin cert-gen
command. -
#key_class ⇒ Class<Ronin::Support::Key::RSA>, ...
private
The
--key-type
key class. -
#not_after ⇒ Time
private
The parsed
--not-after
time or one year from now. -
#not_before ⇒ Time
private
The parsed
--not-before
time or now. -
#run ⇒ Object
private
Runs the
ronin cert-gen
command. -
#signing_key ⇒ Ronin::Support::Key::RSA, ...
private
Loads the
--key-file
key file or generates a new signing key. -
#subject_alt_name_ext ⇒ String?
private
Builds the
subjectAltName
extension.
Constructor Details
#initialize(**kwargs) ⇒ CertGen
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initializes the ronin cert-gen
command.
217 218 219 220 221 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 217 def initialize(**kwargs) super(**kwargs) @subject_alt_names = [] end |
Instance Method Details
#basic_constraints_ext ⇒ (String, Boolean)?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Builds the basicConstraints
extension.
367 368 369 370 371 372 373 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 367 def basic_constraints_ext if [:ca] ['CA:TRUE', true] elsif [:ca_key] || [:ca_cert] ['CA:FALSE', true] end end |
#ca_cert ⇒ Ronin::Support::Crypto::Cert?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Loads the --ca-cert
certificate file.
337 338 339 340 341 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 337 def ca_cert if [:ca_cert] Support::Crypto::Cert.load_file([:ca_cert]) end end |
#ca_key ⇒ Ronin::Support::Key::RSA?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Loads the --ca-key
key file.
326 327 328 329 330 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 326 def ca_key if [:ca_key] Support::Crypto::Key::RSA.load_file([:ca_key]) end end |
#extensions ⇒ Hash{String => Object}?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Builds the extensions.
348 349 350 351 352 353 354 355 356 357 358 359 360 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 348 def extensions exts = {} if (ext = basic_constraints_ext) exts['basicConstraints'] = ext end if (ext = subject_alt_name_ext) exts['subjectAltName'] = ext end exts unless exts.empty? end |
#key_class ⇒ Class<Ronin::Support::Key::RSA>, ...
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
The --key-type
key class.
292 293 294 295 296 297 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 292 def key_class case [:key_type] when :rsa then Support::Crypto::Key::RSA when :ec then Support::Crypto::Key::EC end end |
#not_after ⇒ Time
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
The parsed --not-after
time or one year from now.
278 279 280 281 282 283 284 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 278 def not_after @not_after ||= if [:not_after] Time.parse([:not_after]) else not_before + Support::Crypto::Cert::ONE_YEAR end end |
#not_before ⇒ Time
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
The parsed --not-before
time or now.
265 266 267 268 269 270 271 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 265 def not_before @not_before ||= if [:not_before] Time.parse([:not_before]) else Time.now end end |
#run ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Runs the ronin cert-gen
command.
226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 226 def run if [:generate_key] log_info "Generating new #{.fetch(:key_type,:rsa).upcase} key ..." end key = signing_key cert = Ronin::Support::Crypto::Cert.generate( version: [:version], serial: [:serial], not_before: not_before, not_after: not_after, key: key, ca_key: ca_key, ca_cert: ca_cert, subject: { common_name: [:common_name], organization: [:organization], organizational_unit: [:organizational_unit], locality: [:locality], state: [:state], country: [:country] }, extensions: extensions ) if [:generate_key] log_info "Saving key to #{[:generate_key]} ..." key.save([:generate_key]) end log_info "Saving certificate to #{[:output]} ..." cert.save([:output]) end |
#signing_key ⇒ Ronin::Support::Key::RSA, ...
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Loads the --key-file
key file or generates a new signing key.
304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 304 def signing_key if [:key_file] if [:key_type] key_class.load_file([:key_file]) else begin Support::Crypto::Key.load_file([:key_file]) rescue ArgumentError => error print_error(error.) exit(-1) end end else (key_class || Support::Crypto::Key::RSA).random end end |
#subject_alt_name_ext ⇒ String?
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Builds the subjectAltName
extension.
382 383 384 385 386 387 388 389 390 391 392 |
# File 'lib/ronin/cli/commands/cert_gen.rb', line 382 def subject_alt_name_ext unless @subject_alt_names.empty? @subject_alt_names.map { |name| if name =~ IP_REGEXP "IP: #{name}" else "DNS: #{name}" end }.join(', ') end end |