anchor-pki 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +21 -0
- data/lib/anchor/auto_cert/managed_certificate.rb +4 -0
- data/lib/anchor/auto_cert/manager.rb +8 -6
- data/lib/anchor/oid.rb +11 -0
- data/lib/anchor/version.rb +1 -1
- data/lib/anchor-pki.rb +1 -1
- data/lib/anchor.rb +3 -2
- data/lib/puma/plugin/auto_cert.rb +6 -2
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c07e54ede7ccff887e6023fe9842989720fdf9d63f159e4a5a3b4ba1a92c6c1a
|
|
4
|
+
data.tar.gz: dc0ba249f2125b9cc9d6a4a2dfda9fb042e86c0c7691d45fd6f7b432c5aa2d43
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e074e115e1035f8ed0b2289859073516b9cad04f9452f5dd8aa8dc070b8cdd119db2abf26b5bf2540a410818948fd4dfff4ca854cdc579b457bf15ae4065428a
|
|
7
|
+
data.tar.gz: 916f262c31580a3f92ca909bd0900d979a9ccb7a93d3f2cdb9e538bc9b29e8215db96468b5fe21c49c16ed836260857cc392f697772f032e6f76c28540af0653
|
data/README.md
CHANGED
|
@@ -44,6 +44,27 @@ ACME_KID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
|
44
44
|
ACME_HMAC_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
45
45
|
```
|
|
46
46
|
|
|
47
|
+
## Record new test cassettes
|
|
48
|
+
|
|
49
|
+
This code base tests against vcr recordings. These may need to be
|
|
50
|
+
regenerated periodically.
|
|
51
|
+
|
|
52
|
+
1. check out the code base locally
|
|
53
|
+
1. go to <https://anchor.dev/autocert-cab3bc/services/anchor-pki-rb-testing>
|
|
54
|
+
1. in the **Server Setup** section, generate new `ACME_KID` & `ACME_HMAC_KEY`
|
|
55
|
+
tokens.
|
|
56
|
+
1. Make a local `.env` file or similar containing:
|
|
57
|
+
|
|
58
|
+
export ACME_DIRECTORY_URL='https://anchor.dev/autocert-cab3bc/development/x509/ca/acme'
|
|
59
|
+
export ACME_KID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
60
|
+
export ACME_HMAC_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
61
|
+
|
|
62
|
+
1. on the command line execute:
|
|
63
|
+
|
|
64
|
+
$ . .env
|
|
65
|
+
$ rm -r spec/cassettes
|
|
66
|
+
$ bundle exec rake spec
|
|
67
|
+
|
|
47
68
|
## License
|
|
48
69
|
|
|
49
70
|
The gem is available as open source under the terms of the [MIT
|
|
@@ -62,14 +62,16 @@ module Anchor
|
|
|
62
62
|
key_pem = cache&.read("#{common_name}+#{algorithm}")
|
|
63
63
|
cert_pem = cache&.read(common_name)
|
|
64
64
|
|
|
65
|
-
if key_pem.nil?
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
cache&.write("#{common_name}+#{algorithm}", key_pem)
|
|
70
|
-
cache&.write(common_name, cert_pem)
|
|
65
|
+
if !key_pem.nil? && !cert_pem.nil?
|
|
66
|
+
managed_cert = ManagedCertificate.new(manager: self, cert_pem: cert_pem, key_pem: key_pem)
|
|
67
|
+
return managed_cert unless managed_cert.expired?
|
|
71
68
|
end
|
|
72
69
|
|
|
70
|
+
cert_pem, key_pem = provision(identifiers: identifiers, algorithm: algorithm, common_name: common_name, **opts)
|
|
71
|
+
|
|
72
|
+
cache&.write("#{common_name}+#{algorithm}", key_pem)
|
|
73
|
+
cache&.write(common_name, cert_pem)
|
|
74
|
+
|
|
73
75
|
ManagedCertificate.new(manager: self, cert_pem: cert_pem, key_pem: key_pem)
|
|
74
76
|
end
|
|
75
77
|
|
data/lib/anchor/oid.rb
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Anchor
|
|
4
|
+
# Oid is ASN.1 Object Identifiers.
|
|
5
|
+
module Oid
|
|
6
|
+
PEN = OpenSSL::ASN1::ObjectId.new('1.3.6.1.4.1.60900', OpenSSL::ASN1::OBJECT, :EXPLICIT, :PRIVATE)
|
|
7
|
+
CERT_EXT = OpenSSL::ASN1::ObjectId.new("#{PEN.oid}.1", OpenSSL::ASN1::OBJECT, :EXPLICIT, :PRIVATE)
|
|
8
|
+
|
|
9
|
+
OpenSSL::ASN1::ObjectId.register(CERT_EXT.oid, 'anchorCertExt', 'Anchor Certificate Extension')
|
|
10
|
+
end
|
|
11
|
+
end
|
data/lib/anchor/version.rb
CHANGED
data/lib/anchor-pki.rb
CHANGED
data/lib/anchor.rb
CHANGED
|
@@ -22,9 +22,10 @@ module Puma
|
|
|
22
22
|
# a plugin is created
|
|
23
23
|
module PluginInstanceMethods
|
|
24
24
|
attr_accessor :managed_certificate
|
|
25
|
+
attr_reader :port
|
|
25
26
|
|
|
26
27
|
def config(dsl)
|
|
27
|
-
port
|
|
28
|
+
@port = dsl.auto_cert_port || ENV.fetch('HTTPS_PORT', nil)
|
|
28
29
|
name = dsl.auto_cert_name || ENV.fetch('AUTO_CERT_NAME', 'default')
|
|
29
30
|
configuration = ::Anchor::AutoCert::Registry.fetch(name)
|
|
30
31
|
identifiers = configuration.allow_identifiers
|
|
@@ -46,7 +47,10 @@ module Puma
|
|
|
46
47
|
return
|
|
47
48
|
end
|
|
48
49
|
|
|
49
|
-
|
|
50
|
+
@managed_certificate.identifiers.each do |identifier|
|
|
51
|
+
log_writer.log "AutoCert >> Available at https://#{identifier}:#{port}/"
|
|
52
|
+
end
|
|
53
|
+
|
|
50
54
|
check_every = launcher.config.options[:auto_cert_check_every] ||
|
|
51
55
|
ENV.fetch('AUTO_CERT_CHECK_EVERY', nil) ||
|
|
52
56
|
::Anchor::AutoCert::RenewalBusyWait::ONE_HOUR
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: anchor-pki
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Anchor Security, Inc
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-09-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: acme-client
|
|
@@ -152,6 +152,7 @@ files:
|
|
|
152
152
|
- lib/anchor/auto_cert/registry.rb
|
|
153
153
|
- lib/anchor/auto_cert/renewal_busy_wait.rb
|
|
154
154
|
- lib/anchor/auto_cert/terms_of_service_acceptor.rb
|
|
155
|
+
- lib/anchor/oid.rb
|
|
155
156
|
- lib/anchor/version.rb
|
|
156
157
|
- lib/puma/dsl.rb
|
|
157
158
|
- lib/puma/plugin/auto_cert.rb
|