class Ronin::CLI::Commands::CertGen

Generates a new X509 certificate.

## Usage

ronin cert-gen [options]

## Options

    --version NUM                The certificate version number (Default: 2)
    --serial NUM                 The certificate serial number (Default: 0)
    --not-before TIME            When the certificate becomes valid. Defaults to the current time.
    --not-after TIME             When the certificate becomes no longer valid. Defaults to one year from now.
-c, --common-name DOMAIN         The Common Name (CN) for the certificate
-A, --subject-alt-name HOST|IP   Adds HOST or IP to subjectAltName
-O, --organization NAME          The Organization (O) for the certificate
-U, --organizational-unit NAME   The Organizational Unit (OU)
-L, --locality NAME              The locality for the certificate
-S, --state XX                   The two-letter State (ST) code for the certificate
-C, --country XX                 The two-letter Country (C) code for the certificate
-t, --key-type rsa|dsa|ec        The signing key type
    --generate-key PATH          Generates and saves a random key (Default: key.pem)
-k, --key-file FILE              Loads the signing key from the FILE
-H sha256|sha1|md5,              The hash algorithm to use for signing (Default: sha256)
    --signing-hash
    --ca-key FILE                The Certificate Authority (CA) key
    --ca-cert FILE               The Certificate Authority (CA) certificate
    --ca                         Generates a CA certificate
-o, --output FILE                The output file (Default: cert.crt)
-h, --help                       Print help information

### Examples

ronin cert_gen -c test.com -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US
ronin cert_gen -c test.com -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US --key-file private.key
ronin cert_gen -c test.com -A www.test.com -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US
ronin cert_gen --ca -c "Test CA" -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US
ronin cert_gen -c test.com -O "Test Co" -U "Test Dept" -L "Test City" -S NY -C US --ca-key ca.key --ca-cert ca.crt

Constants

IP_REGEXP

Public Class Methods

new(**kwargs) click to toggle source

Initializes the ‘ronin cert-gen` command.

@param [Hash{Symbol => Object}] kwargs

Additional keyword arguments.
Calls superclass method
# File lib/ronin/cli/commands/cert_gen.rb, line 221
def initialize(**kwargs)
  super(**kwargs)

  @subject_alt_names = []
end

Public Instance Methods

ca_cert() click to toggle source

Loads the ‘–ca-cert` certificate file.

@return [Ronin::Support::Crypto::Cert, nil]

# File lib/ronin/cli/commands/cert_gen.rb, line 344
def ca_cert
  if options[:ca_cert]
    Support::Crypto::Cert.load_file(options[:ca_cert])
  end
end
ca_key() click to toggle source

Loads the ‘–ca-key` key file.

@return [Ronin::Support::Key::RSA, nil]

# File lib/ronin/cli/commands/cert_gen.rb, line 333
def ca_key
  if options[:ca_key]
    Support::Crypto::Key::RSA.load_file(options[:ca_key])
  end
end
extensions() click to toggle source

Builds the extensions.

@return [Hash{String => Object}, nil]

# File lib/ronin/cli/commands/cert_gen.rb, line 355
def extensions
  exts = {}

  if (ext = subject_alt_name_ext)
    exts['subjectAltName'] = ext
  end

  exts unless exts.empty?
end
key_class() click to toggle source

The ‘–key-type` key class.

@return [Class<Ronin::Support::Key::RSA>,

Class<Ronin::Support::Key::DSA>,
Class<Ronin::Support::Key::EC>, nil]
# File lib/ronin/cli/commands/cert_gen.rb, line 298
def key_class
  case options[:key_type]
  when :rsa then Support::Crypto::Key::RSA
  when :dsa then Support::Crypto::Key::DSA
  when :ec  then Support::Crypto::Key::EC
  end
end
not_after() click to toggle source

The parsed ‘–not-after` time or one year from now.

@return [Time]

# File lib/ronin/cli/commands/cert_gen.rb, line 283
def not_after
  @not_after ||= if options[:not_after]
                   Time.parse(options[:not_after])
                 else
                   not_before + Support::Crypto::Cert::ONE_YEAR
                 end
end
not_before() click to toggle source

The parsed ‘–not-before` time or now.

@return [Time]

# File lib/ronin/cli/commands/cert_gen.rb, line 270
def not_before
  @not_before ||= if options[:not_before]
                    Time.parse(options[:not_before])
                  else
                    Time.now
                  end
end
run() click to toggle source

Runs the ‘ronin cert-gen` command.

# File lib/ronin/cli/commands/cert_gen.rb, line 230
def run
  if options[:generate_key]
    log_info "Generating new #{options.fetch(:key_type,:rsa).upcase} key ..."
  end

  key  = signing_key
  cert = Ronin::Support::Crypto::Cert.generate(
    version:    options[:version],
    serial:     options[:serial],
    not_before: not_before,
    not_after:  not_after,
    key:        key,
    ca_key:     ca_key,
    ca_cert:    ca_cert,
    subject: {
      common_name:         options[:common_name],
      organization:        options[:organization],
      organizational_unit: options[:organizational_unit],
      locality:            options[:locality],
      state:               options[:state],
      country:             options[:country]
    },
    ca:         options[:ca],
    extensions: extensions
  )

  if options[:generate_key]
    log_info "Saving key to #{options[:generate_key]} ..."
    key.save(options[:generate_key])
  end

  log_info "Saving certificate to #{options[:output]} ..."
  cert.save(options[:output])
end
signing_key() click to toggle source

Loads the ‘–key-file` key file or generates a new signing key.

@return [Ronin::Support::Key::RSA, Ronin::Support::Key::EC, nil]

# File lib/ronin/cli/commands/cert_gen.rb, line 311
def signing_key
  if options[:key_file]
    if options[:key_type]
      key_class.load_file(options[:key_file])
    else
      begin
        Support::Crypto::Key.load_file(options[:key_file])
      rescue ArgumentError => error
        print_error(error.message)
        exit(-1)
      end
    end
  else
    (key_class || Support::Crypto::Key::RSA).random
  end
end
subject_alt_name_ext() click to toggle source

Builds the ‘subjectAltName` extension.

@return [String, nil]

# File lib/ronin/cli/commands/cert_gen.rb, line 372
def subject_alt_name_ext
  unless @subject_alt_names.empty?
    @subject_alt_names.map { |name|
      if name =~ IP_REGEXP
        "IP: #{name}"
      else
        "DNS: #{name}"
      end
    }.join(', ')
  end
end