ant-ssl 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ca18b84398c21ea29bfec3b9514da6e1500dd48ac746856f2c6338289a590a1c
+  data.tar.gz: 56d31cd8d4362a258d5b5df7db889c08fdf48719ab5af2e8cff1b8c7c8eff548
+SHA512:
+  metadata.gz: f72edf2f33d4399ea9e3093b266388b0eb36c90459553219810c9233be3d698771cb17321ab3abb4acd162e066bcbc3462ce2d2d4af1560f043c0630f14e0354
+  data.tar.gz: fc3423c77f0863dbf1bd3160cc795627f6f4b8cd6dc6c488299f0bc60aeb22af23864aa8d2eac7309676d2361c905b069a213a8cb206a7c0ad7b79aaf898ac4b

data/lib/ant/ssl.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require_relative 'ssl/inventory'
+require_relative 'ssl/version'

data/lib/ant/ssl/certificate.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module Ant
+  module SSL
+    # Stores a X509 certificate.
+    class Certificate
+      attr_reader :cert, :key
+
+      def initialize(config, inventory)
+        @config = config
+        @inventory = inventory
+        @key = OpenSSL::PKey::RSA.new(@config['key_size'])
+        @cert = OpenSSL::X509::Certificate.new
+        @cert.public_key = @key.public_key
+        @extensions = OpenSSL::X509::ExtensionFactory.new
+        @extensions.subject_certificate = @cert
+      end
+
+      def create!
+        return if File.file?(@config.key_path)
+
+        @ca = @inventory.ca(@config['parent'])
+        configure_details!
+        configure_extensions!
+        sign!
+        save!
+      end
+
+      def configure_details!
+        @config.configure_cert_details!(@cert)
+      end
+
+      def configure_extensions!
+        @extensions.issuer_certificate = @ca.cert
+        @config.configure_extensions!(@cert, @extensions)
+      end
+
+      def sign!
+        @cert.issuer = @ca.cert.subject
+        @cert.sign(@ca.key, OpenSSL::Digest::SHA256.new)
+      end
+
+      def save!
+        File.write(@config.key_path, @key.to_s)
+        File.write(@config.crt_path, @cert.to_s)
+      end
+
+      def ca_name
+        @config['ca']
+      end
+    end
+  end
+end

data/lib/ant/ssl/configuration.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Ant
+  module SSL
+    # Stores a configuration for a certificate
+    class Configuration
+      ONE_YEAR = 60 * 60 * 24 * 365
+
+      def initialize(root, group, cert)
+        @config = root.merge(group).merge(cert)
+      end
+
+      def saving_directory(type)
+        path = @config['saving_directory']
+        serial = @config['serial']
+        "#{path}/#{serial}.#{type}.pem"
+      end
+
+      def crt_path
+        saving_directory('crt')
+      end
+
+      def key_path
+        saving_directory('key')
+      end
+
+      def subject_string
+        "/C=#{@config['country']}/ST=#{@config['state']}" \
+        "/L=#{@config['city']}/O=#{@config['organization']}" \
+        "/OU=#{@config['team']}/CN=#{@config['name']}"
+      end
+
+      def configure_cert_details!(cert)
+        cert.version = 2
+        cert.serial = @config['serial']
+        cert.subject = OpenSSL::X509::Name.parse(subject_string)
+        cert.not_before = Time.now
+        cert.not_after = cert.not_before + ONE_YEAR * @config['expiration']
+      end
+
+      def configure_extensions!(cert, extension_factory)
+        @config['extensions'].each do |name, details|
+          extension = extension_factory.create_extension(
+            name,
+            details['details'],
+            details['critical']
+          )
+          cert.add_extension(extension)
+        end
+      end
+
+      def [](key)
+        @config[key]
+      end
+    end
+  end
+end

data/lib/ant/ssl/inventory.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require_relative 'configuration'
+require_relative 'certificate'
+require_relative 'revocation_list'
+
+require 'fileutils'
+
+module Ant
+  module SSL
+    # This provides a full inventory of PKI.
+    # It is composed of:
+    # - Authorities
+    # - Clients
+    # - Servers
+    class Inventory
+      attr_reader :defaults
+
+      def initialize(defaults, auth, clients, servers)
+        @defaults = defaults
+        @authorities = SubInventory.new(auth, self)
+        @clients = SubInventory.new(clients, self)
+        @servers = SubInventory.new(servers, self)
+      end
+
+      def create_certificates!
+        validate_inventories!
+        create_directory!
+        [@authorities, @clients, @servers].each(&:create_certificates!)
+      end
+
+      # TODO: Implement validation of inventories
+      def validate_inventories!
+        true
+      end
+
+      def create_directory!
+        FileUtils.mkdir_p(@defaults['saving_directory'])
+      end
+
+      def ca(name)
+        @authorities.ca(name)
+      end
+    end
+
+    # Implements a single inventory. It creates certificates using similar
+    # configurations.
+    class SubInventory
+      def initialize(configs, inventory)
+        defaults = configs['defaults']
+        @parent = inventory
+        @certificates = configs['certificates'].map do |cert|
+          configuration = Configuration.new(
+            inventory.defaults,
+            defaults,
+            cert
+          )
+          Certificate.new(configuration, inventory)
+        end
+      end
+
+      def create_certificates!
+        @certificates.each(&:create!)
+      end
+
+      def ca(name)
+        @certificates.find { |cert| cert.ca_name == name }
+      end
+    end
+  end
+end

data/lib/ant/ssl/revocation_list.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Ant
+  module SSL
+    # Generates revocation list after revocating a list of certs
+    # TODO: Implement CRL
+    class RevocationList
+    end
+  end
+end

data/lib/ant/ssl/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Ant
+  module SSL
+    VERSION = '0.1.0'
+  end
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: ant-ssl
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Gilberto Vargas
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-10-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+description: Package for creating self signed certificates for development purpose
+email:
+- tachoguitar@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/ant/ssl.rb
+- lib/ant/ssl/certificate.rb
+- lib/ant/ssl/configuration.rb
+- lib/ant/ssl/inventory.rb
+- lib/ant/ssl/revocation_list.rb
+- lib/ant/ssl/version.rb
+homepage: https://github.com/KueskiEngineering/ruby-ant-server
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Ant SSL tools
+test_files: []