acme-pki 0.1.3

data/lib/acme/pki/information.rb

@@ -0,0 +1,112 @@
+require 'fileutils'
+
+module Acme
+	class PKI
+		module Information
+			def key_info(key, tab: 0)
+				key = open(key, 'r') { |f| OpenSSL::PKey.read f } unless key.is_a? OpenSSL::PKey::PKey
+				der = key.to_der
+
+				fingerprint der, tab: tab
+
+				hpkp = Digest::SHA256.digest der
+				hpkp = Base64.encode64(hpkp).strip
+				title 'HPKP', tab: tab
+				puts "\t" * (tab+1) + "Public-Key-Pins \"max-age=5184000; pin-sha256=\\\"#{hpkp}\\\";".colorize(:blue)
+
+				tlsa = Digest::SHA512.hexdigest der
+				title 'TLSA', tab: tab
+				puts "\t" * (tab+1) + "TLSA 1 1 2 #{tlsa}".colorize(:blue)
+			end
+
+			def certifificate_info(crt)
+				title 'Subject'
+				puts "\t#{crt.subject}"
+				title 'Issuer'
+				puts "\t#{crt.issuer}"
+
+				der = crt.to_der
+
+				fingerprint der
+
+				hpkp = Digest::SHA256.digest der
+				hpkp = Base64.encode64(hpkp).strip
+				title 'HPKP'
+				puts "\tPublic-Key-Pins \"max-age=5184000; pin-sha256=\\\"#{hpkp}\\\";".colorize(:blue)
+
+				tlsa = Digest::SHA512.hexdigest der
+				title 'TLSA'
+				puts "\tTLSA 1 0 2 #{tlsa}".colorize(:blue)
+
+				title 'Public key'
+				key_info crt.public_key, tab: 1
+			end
+
+			def chain_info(chain)
+				chain = File.read(chain).split('-----BEGIN CERTIFICATE-----')
+								.reject { |s| s.empty? }
+								.collect { |s| '-----BEGIN CERTIFICATE-----' + s }
+								.collect { |s| OpenSSL::X509::Certificate.new s }
+				loop do
+					last   = chain.last
+					issuer = last.issuer
+					break if last.subject == issuer
+					# This is not a root, fetch the issuer
+
+					aia = last.extensions.detect { |e| e.oid == 'authorityInfoAccess' }
+					break unless aia
+
+					uri = aia.value.split("\n").find { |s| s.start_with? 'CA Issuers - URI:' }
+								  .sub /^CA Issuers - URI:/, ''
+					puts "Fetch certificate #{issuer} from #{uri}"
+					file = Digest::MD5.hexdigest uri
+					file = file File.join 'cache', file
+					dir = File.dirname file
+					FileUtils.mkpath dir unless Dir.exist? dir
+					crt  = if File.exist? file
+							   open(file, 'r') { |f| OpenSSL::X509::Certificate.new f }
+						   else
+							   crt = Faraday.get uri
+							   break unless crt.success?
+							   crt = crt.body
+
+							   crt = begin
+								   OpenSSL::X509::Certificate.new crt
+							   rescue
+								   pkcs7 = OpenSSL::PKCS7.new crt
+								   pkcs7.certificates.first
+							   end
+
+							   File.write file, crt.to_pem
+							   crt
+						   end
+
+					subject = crt.subject
+					puts "Warning : expecting #{issuer}, get #{subject}".colorize :magenta unless subject == issuer
+
+					chain << crt
+				end
+
+				chain.each do |c|
+					certifificate_info c
+					puts ''
+				end
+			end
+
+			private
+			def title(title, tab: 0)
+				puts "\t" * tab + title.colorize(:red) + ' :'
+			end
+
+			def fingerprint(der, tab: 0)
+				der = der.to_der if der.respond_to? :to_der
+
+				title 'Fingerprint', tab: tab
+				%w(SHA512 SHA256 SHA1).each do |h|
+					fp = Digest.const_get(h).hexdigest(der).scan(/../).join ':'
+					puts "\t" * (tab+1) + h.colorize(:yellow) + ' ' + fp.colorize(:blue)
+				end
+			end
+		end
+	end
+end

data/lib/acme/pki/monkey_patch.rb

@@ -0,0 +1 @@
+OpenSSL::PKey::EC.send :alias_method, :private?, :private_key?

metadata

@@ -0,0 +1,124 @@
+--- !ruby/object:Gem::Specification
+name: acme-pki
+version: !ruby/object:Gem::Version
+  version: 0.1.3
+platform: ruby
+authors:
+- Aeris
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-04-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: acme-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.7
+- !ruby/object:Gem::Dependency
+  name: simpleidn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.7
+description: Manage your keys, requests and certificates.
+email:
+- aeris@imirhil.fr
+executables:
+- letsencrypt
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- acme-pki.gemspec
+- bin/letsencrypt
+- lib/acme/pki.rb
+- lib/acme/pki/information.rb
+- lib/acme/pki/monkey_patch.rb
+homepage: https://github.com/aeris/acme-pki/
+licenses:
+- AGPL-3.0+
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Ruby client for Let’s Encrypt
+test_files: []