bullion 0.1.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.roxanne.yml +14 -0
- data/.rubocop.yml +25 -6
- data/.ruby-version +1 -0
- data/.travis.yml +2 -1
- data/Dockerfile +2 -2
- data/Gemfile +1 -1
- data/Gemfile.lock +99 -89
- data/README.md +2 -2
- data/Rakefile +40 -37
- data/bin/console +3 -3
- data/bullion.gemspec +38 -36
- data/config/puma.rb +1 -1
- data/config.ru +5 -5
- data/db/migrate/20210104060422_create_certificates.rb +1 -1
- data/db/migrate/20210105060406_create_orders.rb +1 -1
- data/db/migrate/20210106052306_create_authorizations.rb +1 -1
- data/db/schema.rb +20 -21
- data/lib/bullion/acme/error.rb +9 -9
- data/lib/bullion/challenge_client.rb +4 -4
- data/lib/bullion/challenge_clients/dns.rb +36 -21
- data/lib/bullion/challenge_clients/http.rb +12 -8
- data/lib/bullion/helpers/acme.rb +30 -40
- data/lib/bullion/helpers/service.rb +2 -2
- data/lib/bullion/helpers/ssl.rb +50 -42
- data/lib/bullion/models/account.rb +1 -1
- data/lib/bullion/models/certificate.rb +2 -2
- data/lib/bullion/models/challenge.rb +5 -5
- data/lib/bullion/models/nonce.rb +1 -1
- data/lib/bullion/models.rb +6 -6
- data/lib/bullion/rspec/challenge_clients/dns.rb +22 -0
- data/lib/bullion/rspec/challenge_clients/http.rb +16 -0
- data/lib/bullion/service.rb +3 -2
- data/lib/bullion/services/ca.rb +107 -91
- data/lib/bullion/services/ping.rb +6 -6
- data/lib/bullion/version.rb +3 -3
- data/lib/bullion.rb +58 -45
- data/scripts/build.sh +3 -0
- data/scripts/release.sh +9 -0
- data/scripts/test.sh +6 -0
- metadata +65 -30
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f7e5e7935b8ed90f7e8e6695215b039507272a2db3ab1ed8919b0ae9abef1823
|
4
|
+
data.tar.gz: 81e4de3cc1fe7e876c487c7edb0fd3e775125d841e16ff3948fafd5e1d5adec2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e8d9a743a1b81df4ee26858d7ece2b43c77070568f01298d35c4b2eef78f6cac6a1ecab89e232d18e5321f81b4382ac331a3242d11771bd954de64b5a9a16961
|
7
|
+
data.tar.gz: 628f70c629f53e09424c59a5553c81dbb172d3d57fa117e76c74d861e8cd1ad9a0a47d52db52609d17d2da78b6c50d7fc533007966a532d2e4acc9f04dab79d6
|
data/.roxanne.yml
ADDED
data/.rubocop.yml
CHANGED
@@ -3,18 +3,18 @@ Layout/LineLength:
|
|
3
3
|
|
4
4
|
AllCops:
|
5
5
|
Exclude:
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
TargetRubyVersion: 2.6
|
6
|
+
- 'db/schema.rb'
|
7
|
+
- 'vendor/**/*'
|
8
|
+
TargetRubyVersion: 3.1
|
10
9
|
NewCops: enable
|
11
10
|
|
12
11
|
Metrics/AbcSize:
|
13
12
|
Max: 21
|
14
13
|
|
15
14
|
Metrics/BlockLength:
|
16
|
-
Max:
|
15
|
+
Max: 35
|
17
16
|
Exclude:
|
17
|
+
- 'spec/**/*_spec.rb'
|
18
18
|
- 'Rakefile'
|
19
19
|
- '*.gemspec'
|
20
20
|
|
@@ -22,10 +22,29 @@ Metrics/MethodLength:
|
|
22
22
|
Max: 20
|
23
23
|
|
24
24
|
Metrics/ModuleLength:
|
25
|
-
Max:
|
25
|
+
Max: 160
|
26
|
+
Exclude:
|
27
|
+
- 'spec/**/*_spec.rb'
|
26
28
|
|
27
29
|
Metrics/ClassLength:
|
28
30
|
Max: 300
|
31
|
+
Exclude:
|
32
|
+
- 'spec/**/*_spec.rb'
|
33
|
+
|
34
|
+
Gemspec/RequireMFA:
|
35
|
+
Enabled: false
|
36
|
+
|
37
|
+
Style/MixinUsage:
|
38
|
+
Exclude:
|
39
|
+
- "bin/console"
|
40
|
+
|
41
|
+
Style/StringLiterals:
|
42
|
+
Enabled: true
|
43
|
+
EnforcedStyle: double_quotes
|
44
|
+
|
45
|
+
Style/StringLiteralsInInterpolation:
|
46
|
+
Enabled: true
|
47
|
+
EnforcedStyle: double_quotes
|
29
48
|
|
30
49
|
Style/StringConcatenation:
|
31
50
|
Exclude:
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
3.1.2
|
data/.travis.yml
CHANGED
@@ -7,9 +7,10 @@ before_install: gem install bundler -v 2.1.4
|
|
7
7
|
deploy:
|
8
8
|
provider: rubygems
|
9
9
|
api_key:
|
10
|
-
secure:
|
10
|
+
secure: jCGp7gsBcWZhEXQfFkcJKh+6zsAbsAkzyf0rS/IYuJ/IltrZzVm8KXugYMAhL8ZgvKl7ecFhjOmXOMC4q+YPh0ax5ozzbwipR9JoMiACh24RDB302Ye66eyO8xMAQK/KYqyy5ym9mT6ZpP/kKwvIEYJOBjypQ4+Rk+OZJize6L0MAmAtwfRNo9ah7czCQ2wdl18Ss7nfCs9jFrL6aTdZTHi0uolfz2lXHE5kgxSaQoF+xRIYkb4WLrUwypMt9oYimp4LGP+a5BwWIEyz+Kw1i3XXl9cdusKrkGH1no+eNoiK1pAFy6DC6tR1Dtw95EoMCnRhgJ99f5pf2J/3FrJYyUFk0Fph3SWsO8x6EJ05YAnuql+jcuzsXYn3/TCDilS6kbP2NY4anTZLxOha2VesIqtWsT6skKac+zVa9YCG+DVSqaUig93fNxyw+c27giY4oDAOvRBo10m/r4QFJ1oiK+PTHf4phuUtjhVWAzRasSk2Q+nNIK8XHNgtp/GY8RYkxzANsotwg3aZ2FsCh3+9KwZYyEh+pD+n7Ev4d+Lqr5hw2VhIzaY/RbzGkADFuXxz5BVOE42iKdtO1MSycFDGmegQancyt1XDT0dVYhXI8gnw9BvixVmgPMVqTVdodLpjZFLyFbIB93l7zO07gSQ1sVmwhEUL0rbTEBfPPwNX78w=
|
11
11
|
gem: bullion
|
12
12
|
on:
|
13
13
|
tags: true
|
14
|
+
rvm: 2.6
|
14
15
|
repo: jgnagy/bullion
|
15
16
|
skip_cleanup: 'true'
|
data/Dockerfile
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
FROM ruby:
|
1
|
+
FROM ruby:3.1-alpine AS build
|
2
2
|
|
3
3
|
ENV RACK_ENV=development
|
4
4
|
|
@@ -17,7 +17,7 @@ RUN apk add build-base \
|
|
17
17
|
|
18
18
|
WORKDIR /build
|
19
19
|
|
20
|
-
FROM ruby:
|
20
|
+
FROM ruby:3.1-alpine
|
21
21
|
LABEL maintainer="Jonathan Gnagy <jonathan.gnagy@gmail.com>"
|
22
22
|
|
23
23
|
ENV BULLION_PORT=9292
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,132 +1,140 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
bullion (0.
|
4
|
+
bullion (0.3.0)
|
5
5
|
httparty (~> 0.18)
|
6
|
-
json (~> 2.
|
7
|
-
jwt (~>
|
6
|
+
json (~> 2.6)
|
7
|
+
jwt (~> 2.4)
|
8
8
|
mysql2 (~> 0.5)
|
9
|
-
openssl (~>
|
10
|
-
prometheus-client (~>
|
11
|
-
puma (~>
|
12
|
-
sinatra (~> 2.
|
9
|
+
openssl (~> 3.0)
|
10
|
+
prometheus-client (~> 4.0)
|
11
|
+
puma (~> 5.6)
|
12
|
+
sinatra (~> 2.2)
|
13
13
|
sinatra-activerecord (~> 2.0)
|
14
|
-
sinatra-contrib (~> 2.
|
14
|
+
sinatra-contrib (~> 2.2)
|
15
15
|
sqlite3 (~> 1.4)
|
16
16
|
|
17
17
|
GEM
|
18
18
|
remote: https://rubygems.org/
|
19
19
|
specs:
|
20
|
-
acme-client (2.0.
|
21
|
-
faraday (>= 0
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
20
|
+
acme-client (2.0.11)
|
21
|
+
faraday (>= 1.0, < 3.0.0)
|
22
|
+
faraday-retry (~> 1.0)
|
23
|
+
activemodel (7.0.3.1)
|
24
|
+
activesupport (= 7.0.3.1)
|
25
|
+
activerecord (7.0.3.1)
|
26
|
+
activemodel (= 7.0.3.1)
|
27
|
+
activesupport (= 7.0.3.1)
|
28
|
+
activesupport (7.0.3.1)
|
28
29
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
29
30
|
i18n (>= 1.6, < 2)
|
30
31
|
minitest (>= 5.1)
|
31
32
|
tzinfo (~> 2.0)
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
httparty (0.18.1)
|
33
|
+
ast (2.4.2)
|
34
|
+
byebug (11.1.3)
|
35
|
+
concurrent-ruby (1.1.10)
|
36
|
+
diff-lcs (1.5.0)
|
37
|
+
docile (1.4.0)
|
38
|
+
faraday (2.3.0)
|
39
|
+
faraday-net_http (~> 2.0)
|
40
|
+
ruby2_keywords (>= 0.0.4)
|
41
|
+
faraday-net_http (2.0.3)
|
42
|
+
faraday-retry (1.0.3)
|
43
|
+
httparty (0.20.0)
|
44
44
|
mime-types (~> 3.0)
|
45
45
|
multi_xml (>= 0.5.2)
|
46
|
-
i18n (1.
|
46
|
+
i18n (1.12.0)
|
47
47
|
concurrent-ruby (~> 1.0)
|
48
|
-
json (2.
|
49
|
-
jwt (
|
50
|
-
mime-types (3.
|
48
|
+
json (2.6.2)
|
49
|
+
jwt (2.4.1)
|
50
|
+
mime-types (3.4.1)
|
51
51
|
mime-types-data (~> 3.2015)
|
52
|
-
mime-types-data (3.
|
53
|
-
minitest (5.
|
52
|
+
mime-types-data (3.2022.0105)
|
53
|
+
minitest (5.16.2)
|
54
54
|
multi_json (1.15.0)
|
55
55
|
multi_xml (0.6.0)
|
56
|
-
|
57
|
-
mustermann (1.1.1)
|
56
|
+
mustermann (1.1.2)
|
58
57
|
ruby2_keywords (~> 0.0.1)
|
59
|
-
mysql2 (0.5.
|
60
|
-
|
61
|
-
|
62
|
-
|
58
|
+
mysql2 (0.5.4)
|
59
|
+
nio4r (2.5.8)
|
60
|
+
openssl (3.0.0)
|
61
|
+
parallel (1.22.1)
|
62
|
+
parser (3.1.2.0)
|
63
63
|
ast (~> 2.4.1)
|
64
|
-
prometheus-client (
|
65
|
-
puma (
|
66
|
-
|
67
|
-
rack
|
64
|
+
prometheus-client (4.0.0)
|
65
|
+
puma (5.6.4)
|
66
|
+
nio4r (~> 2.0)
|
67
|
+
rack (2.2.4)
|
68
|
+
rack-protection (2.2.1)
|
68
69
|
rack
|
69
|
-
rack-test (0.
|
70
|
-
rack (>= 1.
|
71
|
-
rainbow (3.
|
70
|
+
rack-test (2.0.2)
|
71
|
+
rack (>= 1.3)
|
72
|
+
rainbow (3.1.1)
|
72
73
|
rake (12.3.3)
|
73
|
-
regexp_parser (2.0
|
74
|
-
rexml (3.2.
|
75
|
-
rspec (3.
|
76
|
-
rspec-core (~> 3.
|
77
|
-
rspec-expectations (~> 3.
|
78
|
-
rspec-mocks (~> 3.
|
79
|
-
rspec-core (3.
|
80
|
-
rspec-support (~> 3.
|
81
|
-
rspec-expectations (3.
|
74
|
+
regexp_parser (2.5.0)
|
75
|
+
rexml (3.2.5)
|
76
|
+
rspec (3.11.0)
|
77
|
+
rspec-core (~> 3.11.0)
|
78
|
+
rspec-expectations (~> 3.11.0)
|
79
|
+
rspec-mocks (~> 3.11.0)
|
80
|
+
rspec-core (3.11.0)
|
81
|
+
rspec-support (~> 3.11.0)
|
82
|
+
rspec-expectations (3.11.0)
|
82
83
|
diff-lcs (>= 1.2.0, < 2.0)
|
83
|
-
rspec-support (~> 3.
|
84
|
-
rspec-mocks (3.
|
84
|
+
rspec-support (~> 3.11.0)
|
85
|
+
rspec-mocks (3.11.1)
|
85
86
|
diff-lcs (>= 1.2.0, < 2.0)
|
86
|
-
rspec-support (~> 3.
|
87
|
-
rspec-support (3.
|
88
|
-
rubocop (
|
87
|
+
rspec-support (~> 3.11.0)
|
88
|
+
rspec-support (3.11.0)
|
89
|
+
rubocop (1.31.2)
|
90
|
+
json (~> 2.3)
|
89
91
|
parallel (~> 1.10)
|
90
|
-
parser (>=
|
92
|
+
parser (>= 3.1.0.0)
|
91
93
|
rainbow (>= 2.2.2, < 4.0)
|
92
|
-
regexp_parser (>= 1.8)
|
93
|
-
rexml
|
94
|
-
rubocop-ast (>=
|
94
|
+
regexp_parser (>= 1.8, < 3.0)
|
95
|
+
rexml (>= 3.2.5, < 4.0)
|
96
|
+
rubocop-ast (>= 1.18.0, < 2.0)
|
95
97
|
ruby-progressbar (~> 1.7)
|
96
|
-
unicode-display_width (>= 1.4.0, <
|
97
|
-
rubocop-ast (1.
|
98
|
-
parser (>=
|
98
|
+
unicode-display_width (>= 1.4.0, < 3.0)
|
99
|
+
rubocop-ast (1.19.1)
|
100
|
+
parser (>= 3.1.1.0)
|
101
|
+
rubocop-rake (0.6.0)
|
102
|
+
rubocop (~> 1.0)
|
103
|
+
rubocop-rspec (2.11.1)
|
104
|
+
rubocop (~> 1.19)
|
99
105
|
ruby-progressbar (1.11.0)
|
100
|
-
ruby2_keywords (0.0.
|
106
|
+
ruby2_keywords (0.0.5)
|
101
107
|
simplecov (0.21.2)
|
102
108
|
docile (~> 1.1)
|
103
109
|
simplecov-html (~> 0.11)
|
104
110
|
simplecov_json_formatter (~> 0.1)
|
105
|
-
simplecov-cobertura (1.
|
106
|
-
|
111
|
+
simplecov-cobertura (2.1.0)
|
112
|
+
rexml
|
113
|
+
simplecov (~> 0.19)
|
107
114
|
simplecov-html (0.12.3)
|
108
|
-
simplecov_json_formatter (0.1.
|
109
|
-
sinatra (2.1
|
115
|
+
simplecov_json_formatter (0.1.4)
|
116
|
+
sinatra (2.2.1)
|
110
117
|
mustermann (~> 1.0)
|
111
118
|
rack (~> 2.2)
|
112
|
-
rack-protection (= 2.1
|
119
|
+
rack-protection (= 2.2.1)
|
113
120
|
tilt (~> 2.0)
|
114
|
-
sinatra-activerecord (2.0.
|
121
|
+
sinatra-activerecord (2.0.25)
|
115
122
|
activerecord (>= 4.1)
|
116
123
|
sinatra (>= 1.0)
|
117
|
-
sinatra-contrib (2.1
|
124
|
+
sinatra-contrib (2.2.1)
|
118
125
|
multi_json
|
119
126
|
mustermann (~> 1.0)
|
120
|
-
rack-protection (= 2.1
|
121
|
-
sinatra (= 2.1
|
127
|
+
rack-protection (= 2.2.1)
|
128
|
+
sinatra (= 2.2.1)
|
122
129
|
tilt (~> 2.0)
|
123
|
-
sqlite3 (1.4.
|
130
|
+
sqlite3 (1.4.4)
|
124
131
|
tilt (2.0.10)
|
125
132
|
tzinfo (2.0.4)
|
126
133
|
concurrent-ruby (~> 1.0)
|
127
|
-
unicode-display_width (
|
128
|
-
|
129
|
-
|
134
|
+
unicode-display_width (2.2.0)
|
135
|
+
webrick (1.7.0)
|
136
|
+
yard (0.9.28)
|
137
|
+
webrick (~> 1.7.0)
|
130
138
|
|
131
139
|
PLATFORMS
|
132
140
|
ruby
|
@@ -134,15 +142,17 @@ PLATFORMS
|
|
134
142
|
DEPENDENCIES
|
135
143
|
acme-client (~> 2.0)
|
136
144
|
bullion!
|
137
|
-
bundler (~> 2.
|
138
|
-
byebug (~>
|
139
|
-
rack-test (~> 0
|
145
|
+
bundler (~> 2.3)
|
146
|
+
byebug (~> 11)
|
147
|
+
rack-test (~> 2.0)
|
140
148
|
rake (~> 12.3)
|
141
149
|
rspec (~> 3.10)
|
142
|
-
rubocop (~>
|
143
|
-
|
144
|
-
|
150
|
+
rubocop (~> 1.31)
|
151
|
+
rubocop-rake (~> 0.6)
|
152
|
+
rubocop-rspec (~> 2.11)
|
153
|
+
simplecov (~> 0.21)
|
154
|
+
simplecov-cobertura (~> 2.1)
|
145
155
|
yard (~> 0.9)
|
146
156
|
|
147
157
|
BUNDLED WITH
|
148
|
-
2.
|
158
|
+
2.3.10
|
data/README.md
CHANGED
@@ -36,8 +36,8 @@ Whether run locally or via Docker, the following environment variables configure
|
|
36
36
|
| `CA_CERT_PATH` | `$CA_DIR/tls.crt` | Public cert for Bullion. If Bullion is an intermediate CA, you'll want to include the root CA's public cert in this file as well the signed cert for Bullion. |
|
37
37
|
| `CA_DOMAINS` | `example.com` | A comma-delimited list of domains for which Bullion will sign certificate requests. Subdomains are automatically allowed. Certificates containing other domains will be rejected. |
|
38
38
|
| `CERT_VALIDITY_DURATION` | `7776000` | How long should issued certs be valid (in seconds)? Default is 90 days. |
|
39
|
-
| `DATABASE_URL` | _None_ | A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either being with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
|
40
|
-
| `DNS01_NAMESERVERS` |
|
39
|
+
| `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either being with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
|
40
|
+
| `DNS01_NAMESERVERS` | _None_ | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. When not set, it'll use the host's DNS. |
|
41
41
|
| `LOG_LEVEL` | `warn` | Log level for Bullion. Supported levels (starting with the noisiest) are debug, info, warn, error, and fatal. |
|
42
42
|
| `BULLION_PORT` | `9292` | TCP port Bullion will listen on. |
|
43
43
|
| `MIN_THREADS` | `2` | Minimum number of [Puma](https://puma.io/) threads for processing requests. |
|
data/Rakefile
CHANGED
@@ -1,20 +1,22 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
3
|
+
ENV["RACK_ENV"] ||= "development"
|
4
|
+
|
5
|
+
if %w[development test].include? ENV["RACK_ENV"]
|
6
|
+
ENV["DATABASE_URL"] = "sqlite3:#{File.expand_path(".")}/tmp/db/#{ENV["RACK_ENV"]}.sqlite3"
|
5
7
|
end
|
6
8
|
|
7
|
-
require
|
8
|
-
require
|
9
|
-
require
|
10
|
-
require
|
11
|
-
require
|
12
|
-
require
|
13
|
-
require
|
9
|
+
require "bundler/gem_tasks"
|
10
|
+
require "rspec/core/rake_task"
|
11
|
+
require "rubocop/rake_task"
|
12
|
+
require "yard"
|
13
|
+
require "openssl"
|
14
|
+
require "sqlite3"
|
15
|
+
require "sinatra/activerecord/rake"
|
14
16
|
|
15
17
|
namespace :db do
|
16
18
|
task :load_config do
|
17
|
-
ActiveRecord::Base.establish_connection(ENV
|
19
|
+
ActiveRecord::Base.establish_connection(url: ENV.fetch("DATABASE_URL", nil))
|
18
20
|
end
|
19
21
|
end
|
20
22
|
|
@@ -23,69 +25,70 @@ RuboCop::RakeTask.new(:rubocop)
|
|
23
25
|
YARD::Rake::YardocTask.new
|
24
26
|
|
25
27
|
task :prep do
|
26
|
-
FileUtils.mkdir_p(File.join(File.expand_path(
|
27
|
-
ENV[
|
28
|
-
ENV[
|
29
|
-
ENV[
|
28
|
+
FileUtils.mkdir_p(File.join(File.expand_path("."), "tmp"))
|
29
|
+
ENV["CA_DIR"] = File.join(File.expand_path("."), "tmp").to_s
|
30
|
+
ENV["CA_SECRET"] = "SomeS3cret"
|
31
|
+
ENV["CA_DOMAINS"] = "test.domain"
|
30
32
|
|
31
33
|
key = OpenSSL::PKey::RSA.new(4096)
|
32
|
-
File.
|
33
|
-
|
34
|
-
end
|
34
|
+
File.write(File.join(File.expand_path("."), "tmp", "tls.key"),
|
35
|
+
key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET", nil)))
|
35
36
|
|
36
37
|
root_ca = OpenSSL::X509::Certificate.new
|
37
38
|
root_ca.version = 2
|
38
39
|
root_ca.serial = (2**rand(10..20)) - 1
|
39
40
|
root_ca.subject = OpenSSL::X509::Name.parse(
|
40
|
-
%w[test domain].reverse.map { |piece| "DC=#{piece}" }.join(
|
41
|
+
%w[test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
|
41
42
|
)
|
42
43
|
root_ca.issuer = root_ca.subject # root CA's are "self-signed"
|
43
44
|
root_ca.public_key = key.public_key
|
44
45
|
root_ca.not_before = Time.now
|
45
|
-
root_ca.not_after = root_ca.not_before + 5 * 365 * 24 * 60 * 60 # 5 years validity
|
46
|
+
root_ca.not_after = root_ca.not_before + (5 * 365 * 24 * 60 * 60) # 5 years validity
|
46
47
|
ef = OpenSSL::X509::ExtensionFactory.new
|
47
48
|
ef.subject_certificate = root_ca
|
48
49
|
ef.issuer_certificate = root_ca
|
49
50
|
root_ca.add_extension(
|
50
|
-
ef.create_extension(
|
51
|
+
ef.create_extension("basicConstraints", "CA:TRUE", true)
|
51
52
|
)
|
52
53
|
root_ca.add_extension(
|
53
|
-
ef.create_extension(
|
54
|
+
ef.create_extension("keyUsage", "keyCertSign, cRLSign", true)
|
54
55
|
)
|
55
56
|
root_ca.add_extension(
|
56
|
-
ef.create_extension(
|
57
|
+
ef.create_extension("subjectKeyIdentifier", "hash", false)
|
57
58
|
)
|
58
59
|
root_ca.add_extension(
|
59
|
-
ef.create_extension(
|
60
|
+
ef.create_extension("authorityKeyIdentifier", "keyid:always", false)
|
60
61
|
)
|
61
|
-
root_ca.sign(key, OpenSSL::Digest.new(
|
62
|
-
File.
|
63
|
-
f.write root_ca.to_pem
|
64
|
-
end
|
62
|
+
root_ca.sign(key, OpenSSL::Digest.new("SHA256"))
|
63
|
+
File.write(File.join(File.expand_path("."), "tmp", "tls.crt"), root_ca.to_pem)
|
65
64
|
end
|
66
65
|
|
67
66
|
task :demo do
|
68
|
-
system("rackup -D -P #{File.expand_path(
|
67
|
+
system("rackup -D -P #{File.expand_path(".")}/tmp/daemon.pid")
|
69
68
|
end
|
70
69
|
|
71
70
|
task :foreground_demo do
|
72
|
-
system("rackup -P #{File.expand_path(
|
71
|
+
system("rackup -P #{File.expand_path(".")}/tmp/daemon.pid")
|
73
72
|
end
|
74
73
|
|
75
74
|
task :cleanup do
|
76
75
|
at_exit do
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
FileUtils.
|
81
|
-
|
82
|
-
|
83
|
-
ENV[
|
76
|
+
if File.exist?("#{File.expand_path(".")}/tmp/daemon.pid")
|
77
|
+
system("kill $(cat #{File.expand_path(".")}/tmp/daemon.pid)")
|
78
|
+
end
|
79
|
+
FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.crt"))
|
80
|
+
FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.key"))
|
81
|
+
FileUtils.rm_rf(File.join(File.expand_path("."), "tmp", "db"))
|
82
|
+
ENV["CA_DIR"] = nil
|
83
|
+
ENV["CA_SECRET"] = nil
|
84
|
+
ENV["CA_DOMAINS"] = nil
|
84
85
|
end
|
85
86
|
end
|
86
87
|
|
87
|
-
Rake::Task[
|
88
|
+
Rake::Task["spec"].enhance(["cleanup"])
|
88
89
|
|
89
90
|
task default: %i[prep db:migrate demo spec rubocop]
|
90
91
|
|
92
|
+
task test: %i[prep db:migrate demo spec]
|
93
|
+
|
91
94
|
task local_demo: %i[prep db:migrate foreground_demo]
|
data/bin/console
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require
|
5
|
-
require
|
4
|
+
require "bundler/setup"
|
5
|
+
require "bullion"
|
6
6
|
|
7
7
|
# You can add fixtures and/or initialization code here to make experimenting
|
8
8
|
# with your gem easier. You can also use a different console, if you like.
|
@@ -11,5 +11,5 @@ require 'bullion'
|
|
11
11
|
# require "pry"
|
12
12
|
# Pry.start
|
13
13
|
|
14
|
-
require
|
14
|
+
require "irb"
|
15
15
|
IRB.start(__FILE__)
|
data/bullion.gemspec
CHANGED
@@ -1,51 +1,53 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require_relative
|
3
|
+
require_relative "lib/bullion/version"
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
|
-
spec.name =
|
6
|
+
spec.name = "bullion"
|
7
7
|
spec.version = Bullion::VERSION
|
8
|
-
spec.authors = [
|
9
|
-
spec.email = [
|
8
|
+
spec.authors = ["Jonathan Gnagy"]
|
9
|
+
spec.email = ["jonathan.gnagy@gmail.com"]
|
10
10
|
|
11
|
-
spec.summary =
|
12
|
-
spec.homepage =
|
13
|
-
spec.license =
|
11
|
+
spec.summary = "Ruby ACME v2 Certificate Authority"
|
12
|
+
spec.homepage = "https://github.com/jgnagy/bullion"
|
13
|
+
spec.license = "MIT"
|
14
14
|
|
15
|
-
spec.metadata[
|
16
|
-
spec.metadata[
|
15
|
+
spec.metadata["homepage_uri"] = spec.homepage
|
16
|
+
spec.metadata["source_code_uri"] = "https://github.com/jgnagy/bullion"
|
17
17
|
|
18
18
|
# Specify which files should be added to the gem when it is released.
|
19
19
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
20
20
|
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
21
21
|
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
22
22
|
end
|
23
|
-
spec.bindir =
|
23
|
+
spec.bindir = "exe"
|
24
24
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
25
|
-
spec.require_paths = [
|
26
|
-
|
27
|
-
spec.required_ruby_version =
|
28
|
-
|
29
|
-
spec.add_runtime_dependency
|
30
|
-
spec.add_runtime_dependency
|
31
|
-
spec.add_runtime_dependency
|
32
|
-
spec.add_runtime_dependency
|
33
|
-
spec.add_runtime_dependency
|
34
|
-
spec.add_runtime_dependency
|
35
|
-
spec.add_runtime_dependency
|
36
|
-
spec.add_runtime_dependency
|
37
|
-
spec.add_runtime_dependency
|
38
|
-
spec.add_runtime_dependency
|
39
|
-
spec.add_runtime_dependency
|
40
|
-
|
41
|
-
spec.add_development_dependency
|
42
|
-
spec.add_development_dependency
|
43
|
-
spec.add_development_dependency
|
44
|
-
spec.add_development_dependency
|
45
|
-
spec.add_development_dependency
|
46
|
-
spec.add_development_dependency
|
47
|
-
spec.add_development_dependency
|
48
|
-
spec.add_development_dependency
|
49
|
-
spec.add_development_dependency
|
50
|
-
spec.add_development_dependency
|
25
|
+
spec.require_paths = ["lib"]
|
26
|
+
|
27
|
+
spec.required_ruby_version = "~> 3.1"
|
28
|
+
|
29
|
+
spec.add_runtime_dependency "httparty", "~> 0.18"
|
30
|
+
spec.add_runtime_dependency "json", "~> 2.6"
|
31
|
+
spec.add_runtime_dependency "jwt", "~> 2.4"
|
32
|
+
spec.add_runtime_dependency "mysql2", "~> 0.5"
|
33
|
+
spec.add_runtime_dependency "openssl", "~> 3.0"
|
34
|
+
spec.add_runtime_dependency "prometheus-client", "~> 4.0"
|
35
|
+
spec.add_runtime_dependency "puma", "~> 5.6"
|
36
|
+
spec.add_runtime_dependency "sinatra", "~> 2.2"
|
37
|
+
spec.add_runtime_dependency "sinatra-activerecord", "~> 2.0"
|
38
|
+
spec.add_runtime_dependency "sinatra-contrib", "~> 2.2"
|
39
|
+
spec.add_runtime_dependency "sqlite3", "~> 1.4"
|
40
|
+
|
41
|
+
spec.add_development_dependency "acme-client", "~> 2.0"
|
42
|
+
spec.add_development_dependency "bundler", "~> 2.3"
|
43
|
+
spec.add_development_dependency "byebug", "~> 11"
|
44
|
+
spec.add_development_dependency "rack-test", "~> 2.0"
|
45
|
+
spec.add_development_dependency "rake", "~> 12.3"
|
46
|
+
spec.add_development_dependency "rspec", "~> 3.10"
|
47
|
+
spec.add_development_dependency "rubocop", "~> 1.31"
|
48
|
+
spec.add_development_dependency "rubocop-rake", "~> 0.6"
|
49
|
+
spec.add_development_dependency "rubocop-rspec", "~> 2.11"
|
50
|
+
spec.add_development_dependency "simplecov", "~> 0.21"
|
51
|
+
spec.add_development_dependency "simplecov-cobertura", "~> 2.1"
|
52
|
+
spec.add_development_dependency "yard", "~> 0.9"
|
51
53
|
end
|
data/config/puma.rb
CHANGED