anchor-pki 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +21 -0
- data/lib/anchor/auto_cert/managed_certificate.rb +4 -0
- data/lib/anchor/auto_cert/manager.rb +8 -6
- data/lib/anchor/oid.rb +11 -0
- data/lib/anchor/version.rb +1 -1
- data/lib/anchor-pki.rb +1 -1
- data/lib/anchor.rb +3 -2
- data/lib/puma/plugin/auto_cert.rb +6 -2
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c07e54ede7ccff887e6023fe9842989720fdf9d63f159e4a5a3b4ba1a92c6c1a
|
|
4
|
+
data.tar.gz: dc0ba249f2125b9cc9d6a4a2dfda9fb042e86c0c7691d45fd6f7b432c5aa2d43
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e074e115e1035f8ed0b2289859073516b9cad04f9452f5dd8aa8dc070b8cdd119db2abf26b5bf2540a410818948fd4dfff4ca854cdc579b457bf15ae4065428a
|
|
7
|
+
data.tar.gz: 916f262c31580a3f92ca909bd0900d979a9ccb7a93d3f2cdb9e538bc9b29e8215db96468b5fe21c49c16ed836260857cc392f697772f032e6f76c28540af0653
|
data/README.md
CHANGED
|
@@ -44,6 +44,27 @@ ACME_KID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
|
44
44
|
ACME_HMAC_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
45
45
|
```
|
|
46
46
|
|
|
47
|
+
## Record new test cassettes
|
|
48
|
+
|
|
49
|
+
This code base tests against vcr recordings. These may need to be
|
|
50
|
+
regenerated periodically.
|
|
51
|
+
|
|
52
|
+
1. check out the code base locally
|
|
53
|
+
1. go to <https://anchor.dev/autocert-cab3bc/services/anchor-pki-rb-testing>
|
|
54
|
+
1. in the **Server Setup** section, generate new `ACME_KID` & `ACME_HMAC_KEY`
|
|
55
|
+
tokens.
|
|
56
|
+
1. Make a local `.env` file or similar containing:
|
|
57
|
+
|
|
58
|
+
export ACME_DIRECTORY_URL='https://anchor.dev/autocert-cab3bc/development/x509/ca/acme'
|
|
59
|
+
export ACME_KID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
60
|
+
export ACME_HMAC_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
61
|
+
|
|
62
|
+
1. on the command line execute:
|
|
63
|
+
|
|
64
|
+
$ . .env
|
|
65
|
+
$ rm -r spec/cassettes
|
|
66
|
+
$ bundle exec rake spec
|
|
67
|
+
|
|
47
68
|
## License
|
|
48
69
|
|
|
49
70
|
The gem is available as open source under the terms of the [MIT
|
|
@@ -62,14 +62,16 @@ module Anchor
|
|
|
62
62
|
key_pem = cache&.read("#{common_name}+#{algorithm}")
|
|
63
63
|
cert_pem = cache&.read(common_name)
|
|
64
64
|
|
|
65
|
-
if key_pem.nil?
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
cache&.write("#{common_name}+#{algorithm}", key_pem)
|
|
70
|
-
cache&.write(common_name, cert_pem)
|
|
65
|
+
if !key_pem.nil? && !cert_pem.nil?
|
|
66
|
+
managed_cert = ManagedCertificate.new(manager: self, cert_pem: cert_pem, key_pem: key_pem)
|
|
67
|
+
return managed_cert unless managed_cert.expired?
|
|
71
68
|
end
|
|
72
69
|
|
|
70
|
+
cert_pem, key_pem = provision(identifiers: identifiers, algorithm: algorithm, common_name: common_name, **opts)
|
|
71
|
+
|
|
72
|
+
cache&.write("#{common_name}+#{algorithm}", key_pem)
|
|
73
|
+
cache&.write(common_name, cert_pem)
|
|
74
|
+
|
|
73
75
|
ManagedCertificate.new(manager: self, cert_pem: cert_pem, key_pem: key_pem)
|
|
74
76
|
end
|
|
75
77
|
|
data/lib/anchor/oid.rb
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Anchor
|
|
4
|
+
# Oid is ASN.1 Object Identifiers.
|
|
5
|
+
module Oid
|
|
6
|
+
PEN = OpenSSL::ASN1::ObjectId.new('1.3.6.1.4.1.60900', OpenSSL::ASN1::OBJECT, :EXPLICIT, :PRIVATE)
|
|
7
|
+
CERT_EXT = OpenSSL::ASN1::ObjectId.new("#{PEN.oid}.1", OpenSSL::ASN1::OBJECT, :EXPLICIT, :PRIVATE)
|
|
8
|
+
|
|
9
|
+
OpenSSL::ASN1::ObjectId.register(CERT_EXT.oid, 'anchorCertExt', 'Anchor Certificate Extension')
|
|
10
|
+
end
|
|
11
|
+
end
|
data/lib/anchor/version.rb
CHANGED
data/lib/anchor-pki.rb
CHANGED
data/lib/anchor.rb
CHANGED
|
@@ -22,9 +22,10 @@ module Puma
|
|
|
22
22
|
# a plugin is created
|
|
23
23
|
module PluginInstanceMethods
|
|
24
24
|
attr_accessor :managed_certificate
|
|
25
|
+
attr_reader :port
|
|
25
26
|
|
|
26
27
|
def config(dsl)
|
|
27
|
-
port
|
|
28
|
+
@port = dsl.auto_cert_port || ENV.fetch('HTTPS_PORT', nil)
|
|
28
29
|
name = dsl.auto_cert_name || ENV.fetch('AUTO_CERT_NAME', 'default')
|
|
29
30
|
configuration = ::Anchor::AutoCert::Registry.fetch(name)
|
|
30
31
|
identifiers = configuration.allow_identifiers
|
|
@@ -46,7 +47,10 @@ module Puma
|
|
|
46
47
|
return
|
|
47
48
|
end
|
|
48
49
|
|
|
49
|
-
|
|
50
|
+
@managed_certificate.identifiers.each do |identifier|
|
|
51
|
+
log_writer.log "AutoCert >> Available at https://#{identifier}:#{port}/"
|
|
52
|
+
end
|
|
53
|
+
|
|
50
54
|
check_every = launcher.config.options[:auto_cert_check_every] ||
|
|
51
55
|
ENV.fetch('AUTO_CERT_CHECK_EVERY', nil) ||
|
|
52
56
|
::Anchor::AutoCert::RenewalBusyWait::ONE_HOUR
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: anchor-pki
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Anchor Security, Inc
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-09-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: acme-client
|
|
@@ -152,6 +152,7 @@ files:
|
|
|
152
152
|
- lib/anchor/auto_cert/registry.rb
|
|
153
153
|
- lib/anchor/auto_cert/renewal_busy_wait.rb
|
|
154
154
|
- lib/anchor/auto_cert/terms_of_service_acceptor.rb
|
|
155
|
+
- lib/anchor/oid.rb
|
|
155
156
|
- lib/anchor/version.rb
|
|
156
157
|
- lib/puma/dsl.rb
|
|
157
158
|
- lib/puma/plugin/auto_cert.rb
|