def self.build_self_signed_cert(email_addr, opt = {})
Gem.ensure_ssl_available
opt = OPT.merge(opt)
path = { :key => nil, :cert => nil }
cn, dcs = email_addr.split('@')
dcs = dcs.split('.')
cn = cn.gsub(opt[:munge_re], '_')
dcs = dcs.map { |dc| dc.gsub(opt[:munge_re], '_') }
name = "CN=#{cn}/" << dcs.map { |dc| "DC=#{dc}" }.join('/')
name = OpenSSL::X509::Name::parse(name)
key = opt[:key_algo].new(opt[:key_size])
verify_trust_dir(opt[:trust_dir], opt[:perms][:trust_dir])
if opt[:save_key]
path[:key] = opt[:save_key_path] || (opt[:output_fmt] % 'private_key')
File.open(path[:key], 'wb') do |file|
file.chmod(opt[:perms][:signing_key])
file.write(key.to_pem)
end
end
cert = build_cert(name, key, opt)
if opt[:save_cert]
path[:cert] = opt[:save_cert_path] || (opt[:output_fmt] % 'public_cert')
File.open(path[:cert], 'wb') do |file|
file.chmod(opt[:perms][:signing_cert])
file.write(cert.to_pem)
end
end
{ :key => key, :cert => cert,
:key_path => path[:key], :cert_path => path[:cert] }
end