view release on metacpan or  search on metacpan

lib/App/sslmaker.pm  view on Meta::CPAN

  waitpid $pid, 0;
  return $self->$cb($buf) unless $?;
  croak $buf;
}

sub make_cert {
  my ($self, $args) = @_;
  my $asset = $args->{cert} ? Path::Tiny->new($args->{cert}) : Path::Tiny->tempfile;

  local $UMASK = 0222;    # make files with mode 444
  croak 'Parameter "subject" is required' unless my $subject = $self->_render_subject($self->subject, $args->{subject});
  openssl qw(req -new -sha256 -x509 -extensions v3_ca), (map { (-addext => $_) } grep {length} @{$args->{ext} || []}),
    -passin => $self->_passphrase($args->{passphrase}),
    -days   => $args->{days} || DEFAULT_DAYS,
    -key    => $args->{key},
    -out    => $asset->path,
    -subj   => $subject;

  return $asset;
}

sub make_crl {
  my ($self, $args) = @_;
  my $asset = $args->{crl} ? Path::Tiny->new($args->{crl}) : Path::Tiny->tempfile;

  local $UMASK = 0122;    # make files with mode 644

  openssl qw(ca -gencrl),
    -keyfile => $args->{key},
    -cert    => $args->{cert},
    $args->{passphrase} ? (-passin => $self->_passphrase($args->{passphrase})) : (), -out => $asset->path;

  return $asset;
}

sub make_csr {
  my ($self, $args) = @_;
  my $asset = $args->{csr} ? Path::Tiny->new($args->{csr}) : Path::Tiny->tempfile;

  local $UMASK = 0277;    # make files with mode 400

  croak 'Parameter "subject" is required' unless my $subject = $self->_render_subject($self->subject, $args->{subject});
  openssl qw(req -new -sha256), $args->{passphrase} ? (-passin => $self->_passphrase($args->{passphrase})) : (),
    (map { (-addext => $_) } grep {length} @{$args->{ext} || []}),
    -key  => $args->{key},
    -out  => $asset->path,
    -subj => $subject;

  return $asset;
}

sub make_directories {
  my ($self, $args) = @_;
  my $home = $self->_home($args);
  my $file;

  $home->mkpath;
  -w $home or croak "Can't write to $home";
  mkdir $home->child($_) for qw(certs csr crl newcerts private);
  chmod 0700, $home->child('private') or croak "Couldn't chmod 0700 'private' in $home";

  if ($args->{templates}) {
    local $UMASK = 0122;    # make files with mode 644
    $self->render_to_file('crlnumber',      $file, {}) unless -e ($file = $home->child('crlnumber'));
    $self->render_to_file('index.txt',      $file, {}) unless -e ($file = $home->child('index.txt'));
    $self->render_to_file('index.txt.attr', $file, {}) unless -e ($file = $home->child('index.txt.attr'));
    $self->render_to_file('serial',         $file, {}) unless -e ($file = $home->child('serial'));
  }

  return $args->{home};    # TBD, but will be true
}

sub make_key {
  my ($self, $args) = @_;
  my $asset = $args->{key} ? Path::Tiny->new($args->{key}) : Path::Tiny->tempfile;
  my $passphrase;

  local $UMASK = 0277;     # make files with mode 400

  if ($passphrase = $args->{passphrase}) {
    $passphrase = $self->_passphrase($passphrase);
    Path::Tiny->new($1)->spew({binmode => ':raw'}, $self->_random_passphrase(64))
      if $passphrase =~ m!^file:(.+)! and !-e $1;
  }

  openssl 'genrsa', $passphrase ? (-aes256 => -passout => $passphrase) : (),
    -out => $asset->path,
    $args->{bits} || DEFAULT_BITS;

  return $asset;
}

# copy/paste from Mojo::Base::new()
sub new {
  my $class = shift;
  bless @_ ? @_ > 1 ? {@_} : {%{$_[0]}} : {}, ref $class || $class;
}

sub render_to_file {
  my $stash = pop;
  my ($self, $name, $path) = @_;
  my $template = $self->_render_template($name, $stash);
  my $asset;

  $asset = $path ? Path::Tiny->new($path) : Path::Tiny->tempfile;
  $asset->spew({binmode => ":raw"}, $template);
  $asset;
}

sub revoke_cert {
  my ($self, $args) = @_;
  my $home = $self->_home($args);

  local $args->{crl} = $args->{crl} || $home->child('crl.pem');

  openssl qw(ca), $args->{passphrase} ? (-passin => $self->_passphrase($args->{passphrase})) : (),
    -revoke => $args->{revoke};

  return $self->make_crl($args);    # TBD, but will be true
}