acme-pki 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +4 -0
  3. data/Gemfile +2 -0
  4. data/LICENSE +661 -0
  5. data/README.md +87 -0
  6. data/acme-pki.gemspec +26 -0
  7. data/bin/letsencrypt +79 -0
  8. data/lib/acme/pki.rb +276 -0
  9. data/lib/acme/pki/information.rb +112 -0
  10. data/lib/acme/pki/monkey_patch.rb +1 -0
  11. metadata +124 -0
data/lib/acme/pki/information.rb ADDED
@@ -0,0 +1,112 @@
1
+ require 'fileutils'
2
+
3
+ module Acme
4
+ class PKI
5
+ module Information
6
+ def key_info(key, tab: 0)
7
+ key = open(key, 'r') { |f| OpenSSL::PKey.read f } unless key.is_a? OpenSSL::PKey::PKey
8
+ der = key.to_der
9
+
10
+ fingerprint der, tab: tab
11
+
12
+ hpkp = Digest::SHA256.digest der
13
+ hpkp = Base64.encode64(hpkp).strip
14
+ title 'HPKP', tab: tab
15
+ puts "\t" * (tab+1) + "Public-Key-Pins \"max-age=5184000; pin-sha256=\\\"#{hpkp}\\\";".colorize(:blue)
16
+
17
+ tlsa = Digest::SHA512.hexdigest der
18
+ title 'TLSA', tab: tab
19
+ puts "\t" * (tab+1) + "TLSA 1 1 2 #{tlsa}".colorize(:blue)
20
+ end
21
+
22
+ def certifificate_info(crt)
23
+ title 'Subject'
24
+ puts "\t#{crt.subject}"
25
+ title 'Issuer'
26
+ puts "\t#{crt.issuer}"
27
+
28
+ der = crt.to_der
29
+
30
+ fingerprint der
31
+
32
+ hpkp = Digest::SHA256.digest der
33
+ hpkp = Base64.encode64(hpkp).strip
34
+ title 'HPKP'
35
+ puts "\tPublic-Key-Pins \"max-age=5184000; pin-sha256=\\\"#{hpkp}\\\";".colorize(:blue)
36
+
37
+ tlsa = Digest::SHA512.hexdigest der
38
+ title 'TLSA'
39
+ puts "\tTLSA 1 0 2 #{tlsa}".colorize(:blue)
40
+
41
+ title 'Public key'
42
+ key_info crt.public_key, tab: 1
43
+ end
44
+
45
+ def chain_info(chain)
46
+ chain = File.read(chain).split('-----BEGIN CERTIFICATE-----')
47
+ .reject { |s| s.empty? }
48
+ .collect { |s| '-----BEGIN CERTIFICATE-----' + s }
49
+ .collect { |s| OpenSSL::X509::Certificate.new s }
50
+ loop do
51
+ last = chain.last
52
+ issuer = last.issuer
53
+ break if last.subject == issuer
54
+ # This is not a root, fetch the issuer
55
+
56
+ aia = last.extensions.detect { |e| e.oid == 'authorityInfoAccess' }
57
+ break unless aia
58
+
59
+ uri = aia.value.split("\n").find { |s| s.start_with? 'CA Issuers - URI:' }
60
+ .sub /^CA Issuers - URI:/, ''
61
+ puts "Fetch certificate #{issuer} from #{uri}"
62
+ file = Digest::MD5.hexdigest uri
63
+ file = file File.join 'cache', file
64
+ dir = File.dirname file
65
+ FileUtils.mkpath dir unless Dir.exist? dir
66
+ crt = if File.exist? file
67
+ open(file, 'r') { |f| OpenSSL::X509::Certificate.new f }
68
+ else
69
+ crt = Faraday.get uri
70
+ break unless crt.success?
71
+ crt = crt.body
72
+
73
+ crt = begin
74
+ OpenSSL::X509::Certificate.new crt
75
+ rescue
76
+ pkcs7 = OpenSSL::PKCS7.new crt
77
+ pkcs7.certificates.first
78
+ end
79
+
80
+ File.write file, crt.to_pem
81
+ crt
82
+ end
83
+
84
+ subject = crt.subject
85
+ puts "Warning : expecting #{issuer}, get #{subject}".colorize :magenta unless subject == issuer
86
+
87
+ chain << crt
88
+ end
89
+
90
+ chain.each do |c|
91
+ certifificate_info c
92
+ puts ''
93
+ end
94
+ end
95
+
96
+ private
97
+ def title(title, tab: 0)
98
+ puts "\t" * tab + title.colorize(:red) + ' :'
99
+ end
100
+
101
+ def fingerprint(der, tab: 0)
102
+ der = der.to_der if der.respond_to? :to_der
103
+
104
+ title 'Fingerprint', tab: tab
105
+ %w(SHA512 SHA256 SHA1).each do |h|
106
+ fp = Digest.const_get(h).hexdigest(der).scan(/../).join ':'
107
+ puts "\t" * (tab+1) + h.colorize(:yellow) + ' ' + fp.colorize(:blue)
108
+ end
109
+ end
110
+ end
111
+ end
112
+ end
data/lib/acme/pki/monkey_patch.rb ADDED
@@ -0,0 +1 @@
1
+ OpenSSL::PKey::EC.send :alias_method, :private?, :private_key?
metadata ADDED
@@ -0,0 +1,124 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: acme-pki
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.3
5
+ platform: ruby
6
+ authors:
7
+ - Aeris
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-04-24 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.11'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.11'
27
+ - !ruby/object:Gem::Dependency
28
+ name: acme-client
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 0.3.1
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 0.3.1
41
+ - !ruby/object:Gem::Dependency
42
+ name: faraday_middleware
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: 0.10.0
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: 0.10.0
55
+ - !ruby/object:Gem::Dependency
56
+ name: colorize
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: 0.7.7
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: 0.7.7
69
+ - !ruby/object:Gem::Dependency
70
+ name: simpleidn
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: 0.0.7
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: 0.0.7
83
+ description: Manage your keys, requests and certificates.
84
+ email:
85
+ - aeris@imirhil.fr
86
+ executables:
87
+ - letsencrypt
88
+ extensions: []
89
+ extra_rdoc_files: []
90
+ files:
91
+ - ".gitignore"
92
+ - Gemfile
93
+ - LICENSE
94
+ - README.md
95
+ - acme-pki.gemspec
96
+ - bin/letsencrypt
97
+ - lib/acme/pki.rb
98
+ - lib/acme/pki/information.rb
99
+ - lib/acme/pki/monkey_patch.rb
100
+ homepage: https://github.com/aeris/acme-pki/
101
+ licenses:
102
+ - AGPL-3.0+
103
+ metadata: {}
104
+ post_install_message:
105
+ rdoc_options: []
106
+ require_paths:
107
+ - lib
108
+ required_ruby_version: !ruby/object:Gem::Requirement
109
+ requirements:
110
+ - - ">="
111
+ - !ruby/object:Gem::Version
112
+ version: '0'
113
+ required_rubygems_version: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ requirements: []
119
+ rubyforge_project:
120
+ rubygems_version: 2.5.1
121
+ signing_key:
122
+ specification_version: 4
123
+ summary: Ruby client for Let’s Encrypt
124
+ test_files: []