Handy scripts

Generating TLS certificates

Because I followed the instructions in the following links:

• https://rossta.net/blog/local-ssl-for-rails-5.html

  This is a good primer on what you need to do, and from where I took the script below.

• https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/

  If I ever want to become my own CA, this is a good primer.

  First, here’s a script for generating an OpenSSL cnf file:

  name=${1:-$(whoami)}
  configFile=$(mktemp "./ssl/$name.cnf.XXXX")
  cat <<-EOF > $configFile
            [req]
            distinguished_name = req_distinguished_name
            x509_extensions = v3_req
            prompt = yes
            [req_distinguished_name]
            CN = Issuer
            [v3_req]
            basicConstraints = CA:FALSE
            keyUsage = nonRepudiation, digitalSignature, keyCertSign, cRLSign
            extendedKeyUsage = serverAuth
            subjectAltName = @alt_names
            [alt_names]
            DNS.1 = $name
            DNS.2 = *.$name
  EOF
      

  And here is a script for generating a non-self-signed certificate (taken from https://gist.github.com/kyledrake/d7457a46a03d7408da31):

  ca_key_prefix=${3:-ca}
  site_name=${1:-$(whoami)}
  configFile=${2:-./ssl/$1.cnf}
  
  if [ ! -f $ca_key_prefix.key ] || [ ! -f $ca_key_prefix.crt ]; then
    openssl genrsa -aes256 -out $ca_key_prefix.key 2048
    openssl req -new -x509 -days 7300 -key $ca_key_prefix.key -sha256 -extensions v3_ca -out $ca_key_prefix.crt
  fi
  
  # Generate the domain key:
  openssl genrsa -out $site_name.key 2048
  
  # Generate the certificate signing request
  openssl req -sha256 -new -key $site_name.key -out $site_name.csr -config $configFile
  
  # Sign the request with your root key
  openssl x509 -sha256 -req -in $site_name.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out $site_name.crt -days 7300 -extfile $configFile -extensions v3_req
  
  # Check your homework:
  openssl verify -CAfile ca.crt $site_name.crt
  
  cat $site_name.key $site_name.crt > $site_name.pem
      

  Also, this is very comprehensive: https://stackoverflow.com/questions/21297139/how-do-you-sign-a-certificate-signing-request-with-your-certification-authority/21340898#21340898

Get where clause from Arel

This is an example I took from reading rails/rails#21958, https://jpospisil.com/2014/06/16/the-definitive-guide-to-arel-the-sql-manager-for-ruby.html and playing around with the console:

where_clause ||= begin
                   collector = Arel::Collectors::SubstituteBinds.new(
                     Table.connection,
                     Arel::Collectors::SQLString.new
                   )
                   Table.connection.visitor.accept(table_scope.all.where_clause.ast, collector)
                   if (where = collector.value.presence)
                     "WHERE #{where}"
                   else
                     ''
                   end
                 end