bullion 0.2.0 → 0.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.roxanne.yml +14 -0
- data/.rspec +0 -1
- data/.rubocop.yml +25 -6
- data/.ruby-version +1 -0
- data/Dockerfile +6 -16
- data/Gemfile +1 -1
- data/Gemfile.lock +133 -91
- data/README.md +1 -1
- data/Rakefile +57 -39
- data/bin/console +3 -3
- data/bullion.gemspec +39 -36
- data/config/puma.rb +1 -1
- data/config.ru +5 -5
- data/db/migrate/20210104060422_create_certificates.rb +1 -1
- data/db/migrate/20210105060406_create_orders.rb +1 -1
- data/db/migrate/20210106052306_create_authorizations.rb +1 -1
- data/db/schema.rb +20 -21
- data/lib/bullion/acme/error.rb +9 -9
- data/lib/bullion/challenge_client.rb +4 -4
- data/lib/bullion/challenge_clients/dns.rb +21 -18
- data/lib/bullion/challenge_clients/http.rb +12 -8
- data/lib/bullion/helpers/acme.rb +30 -40
- data/lib/bullion/helpers/service.rb +2 -2
- data/lib/bullion/helpers/ssl.rb +50 -42
- data/lib/bullion/models/account.rb +3 -3
- data/lib/bullion/models/authorization.rb +1 -1
- data/lib/bullion/models/certificate.rb +3 -3
- data/lib/bullion/models/challenge.rb +12 -5
- data/lib/bullion/models/nonce.rb +1 -1
- data/lib/bullion/models/order.rb +1 -1
- data/lib/bullion/models.rb +6 -6
- data/lib/bullion/rspec/challenge_clients/dns.rb +22 -0
- data/lib/bullion/rspec/challenge_clients/http.rb +16 -0
- data/lib/bullion/service.rb +3 -2
- data/lib/bullion/services/ca.rb +107 -91
- data/lib/bullion/services/ping.rb +6 -6
- data/lib/bullion/version.rb +3 -3
- data/lib/bullion.rb +58 -45
- data/scripts/build.sh +3 -0
- data/scripts/release.sh +9 -0
- data/scripts/test.sh +6 -0
- metadata +79 -31
- data/.travis.yml +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0627a65ca775cb70236a641f2192b7c82c7a5f558de349ab60a8c99f34148989
|
4
|
+
data.tar.gz: cbf48fc60fda06c1f399d34e834416effc02e2ef699b706498350830190a4fe1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1a63b00fd8d7d87e31b1c218f23da93ae98a79f90898355f94b2066abf1fb95396ed1634af7f8020c2bfc106928c01a0cd80a6ba253294d4fdfcc919f2fd34bf
|
7
|
+
data.tar.gz: f9ebb294647518eba29860d1304401cdc4561ced78682966fb438025361898e3e3803b6e86001cdf9f26545608080dbae75ebaa20a5f6e435ac863861d1d3d55
|
data/.roxanne.yml
ADDED
data/.rspec
CHANGED
data/.rubocop.yml
CHANGED
@@ -3,18 +3,18 @@ Layout/LineLength:
|
|
3
3
|
|
4
4
|
AllCops:
|
5
5
|
Exclude:
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
TargetRubyVersion: 2.6
|
6
|
+
- 'db/schema.rb'
|
7
|
+
- 'vendor/**/*'
|
8
|
+
TargetRubyVersion: 3.1
|
10
9
|
NewCops: enable
|
11
10
|
|
12
11
|
Metrics/AbcSize:
|
13
12
|
Max: 21
|
14
13
|
|
15
14
|
Metrics/BlockLength:
|
16
|
-
Max:
|
15
|
+
Max: 35
|
17
16
|
Exclude:
|
17
|
+
- 'spec/**/*_spec.rb'
|
18
18
|
- 'Rakefile'
|
19
19
|
- '*.gemspec'
|
20
20
|
|
@@ -22,10 +22,29 @@ Metrics/MethodLength:
|
|
22
22
|
Max: 20
|
23
23
|
|
24
24
|
Metrics/ModuleLength:
|
25
|
-
Max:
|
25
|
+
Max: 160
|
26
|
+
Exclude:
|
27
|
+
- 'spec/**/*_spec.rb'
|
26
28
|
|
27
29
|
Metrics/ClassLength:
|
28
30
|
Max: 300
|
31
|
+
Exclude:
|
32
|
+
- 'spec/**/*_spec.rb'
|
33
|
+
|
34
|
+
Gemspec/RequireMFA:
|
35
|
+
Enabled: false
|
36
|
+
|
37
|
+
Style/MixinUsage:
|
38
|
+
Exclude:
|
39
|
+
- "bin/console"
|
40
|
+
|
41
|
+
Style/StringLiterals:
|
42
|
+
Enabled: true
|
43
|
+
EnforcedStyle: double_quotes
|
44
|
+
|
45
|
+
Style/StringLiteralsInInterpolation:
|
46
|
+
Enabled: true
|
47
|
+
EnforcedStyle: double_quotes
|
29
48
|
|
30
49
|
Style/StringConcatenation:
|
31
50
|
Exclude:
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
3.1.2
|
data/Dockerfile
CHANGED
@@ -1,34 +1,25 @@
|
|
1
|
-
FROM ruby:
|
1
|
+
FROM ruby:3.1 AS build
|
2
2
|
|
3
3
|
ENV RACK_ENV=development
|
4
4
|
|
5
5
|
COPY . /build
|
6
6
|
|
7
|
-
RUN
|
8
|
-
&& apk --no-cache add git mariadb-client mariadb-connector-c \
|
9
|
-
runit sqlite-dev \
|
10
|
-
&& apk --no-cache add --virtual build-dependencies \
|
11
|
-
build-base mariadb-dev
|
7
|
+
RUN apt-get update && apt-get upgrade -y && apt-get install -y libsqlite3-dev sqlite3 curl libsodium-dev
|
12
8
|
|
13
|
-
RUN
|
14
|
-
&& cd /build \
|
9
|
+
RUN cd /build \
|
15
10
|
&& gem build bullion.gemspec \
|
16
11
|
&& mv bullion*.gem /bullion.gem
|
17
12
|
|
18
13
|
WORKDIR /build
|
19
14
|
|
20
|
-
FROM ruby:
|
15
|
+
FROM ruby:3.1
|
21
16
|
LABEL maintainer="Jonathan Gnagy <jonathan.gnagy@gmail.com>"
|
22
17
|
|
23
18
|
ENV BULLION_PORT=9292
|
24
19
|
ENV BULLION_ENVIRONMENT=development
|
25
20
|
ENV DATABASE_URL=sqlite3:///tmp/bullion.db
|
26
21
|
|
27
|
-
RUN
|
28
|
-
&& apk --no-cache add git mariadb-client mariadb-connector-c \
|
29
|
-
runit sqlite-dev \
|
30
|
-
&& apk --no-cache add --virtual build-dependencies \
|
31
|
-
build-base mariadb-dev
|
22
|
+
RUN apt-get update && apt-get upgrade -y && apt-get -y install libsqlite3-dev sqlite3 curl libsodium-dev
|
32
23
|
|
33
24
|
RUN mkdir /app
|
34
25
|
|
@@ -47,8 +38,7 @@ RUN chmod +x /entrypoint.sh \
|
|
47
38
|
|
48
39
|
WORKDIR /app
|
49
40
|
|
50
|
-
RUN gem install bullion.gem
|
51
|
-
&& apk del build-dependencies
|
41
|
+
RUN gem install bullion.gem
|
52
42
|
|
53
43
|
USER nobody
|
54
44
|
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,132 +1,171 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
bullion (0.2
|
4
|
+
bullion (0.3.2)
|
5
5
|
httparty (~> 0.18)
|
6
|
-
json (~> 2.
|
7
|
-
jwt (~>
|
6
|
+
json (~> 2.6)
|
7
|
+
jwt (~> 2.4)
|
8
8
|
mysql2 (~> 0.5)
|
9
|
-
openssl (~>
|
10
|
-
prometheus-client (~>
|
11
|
-
puma (~>
|
12
|
-
sinatra (~> 2.
|
9
|
+
openssl (~> 3.0)
|
10
|
+
prometheus-client (~> 4.0)
|
11
|
+
puma (~> 5.6)
|
12
|
+
sinatra (~> 2.2)
|
13
13
|
sinatra-activerecord (~> 2.0)
|
14
|
-
sinatra-contrib (~> 2.
|
14
|
+
sinatra-contrib (~> 2.2)
|
15
15
|
sqlite3 (~> 1.4)
|
16
16
|
|
17
17
|
GEM
|
18
18
|
remote: https://rubygems.org/
|
19
19
|
specs:
|
20
|
-
acme-client (2.0.
|
21
|
-
faraday (>= 0
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
20
|
+
acme-client (2.0.11)
|
21
|
+
faraday (>= 1.0, < 3.0.0)
|
22
|
+
faraday-retry (~> 1.0)
|
23
|
+
activemodel (7.0.3.1)
|
24
|
+
activesupport (= 7.0.3.1)
|
25
|
+
activerecord (7.0.3.1)
|
26
|
+
activemodel (= 7.0.3.1)
|
27
|
+
activesupport (= 7.0.3.1)
|
28
|
+
activesupport (7.0.3.1)
|
28
29
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
29
30
|
i18n (>= 1.6, < 2)
|
30
31
|
minitest (>= 5.1)
|
31
32
|
tzinfo (~> 2.0)
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
33
|
+
ast (2.4.2)
|
34
|
+
backport (1.2.0)
|
35
|
+
benchmark (0.2.0)
|
36
|
+
byebug (11.1.3)
|
37
|
+
concurrent-ruby (1.1.10)
|
38
|
+
diff-lcs (1.5.0)
|
39
|
+
docile (1.4.0)
|
40
|
+
e2mmap (0.1.0)
|
41
|
+
faraday (2.3.0)
|
42
|
+
faraday-net_http (~> 2.0)
|
43
|
+
ruby2_keywords (>= 0.0.4)
|
44
|
+
faraday-net_http (2.0.3)
|
45
|
+
faraday-retry (1.0.3)
|
46
|
+
httparty (0.20.0)
|
44
47
|
mime-types (~> 3.0)
|
45
48
|
multi_xml (>= 0.5.2)
|
46
|
-
i18n (1.
|
49
|
+
i18n (1.12.0)
|
47
50
|
concurrent-ruby (~> 1.0)
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
+
jaro_winkler (1.5.4)
|
52
|
+
json (2.6.2)
|
53
|
+
jwt (2.4.1)
|
54
|
+
kramdown (2.4.0)
|
55
|
+
rexml
|
56
|
+
kramdown-parser-gfm (1.1.0)
|
57
|
+
kramdown (~> 2.0)
|
58
|
+
mime-types (3.4.1)
|
51
59
|
mime-types-data (~> 3.2015)
|
52
|
-
mime-types-data (3.
|
53
|
-
|
60
|
+
mime-types-data (3.2022.0105)
|
61
|
+
mini_portile2 (2.8.0)
|
62
|
+
minitest (5.16.2)
|
54
63
|
multi_json (1.15.0)
|
55
64
|
multi_xml (0.6.0)
|
56
|
-
|
57
|
-
mustermann (1.1.1)
|
65
|
+
mustermann (1.1.2)
|
58
66
|
ruby2_keywords (~> 0.0.1)
|
59
|
-
mysql2 (0.5.
|
60
|
-
|
61
|
-
|
62
|
-
|
67
|
+
mysql2 (0.5.4)
|
68
|
+
nio4r (2.5.8)
|
69
|
+
nokogiri (1.13.7)
|
70
|
+
mini_portile2 (~> 2.8.0)
|
71
|
+
racc (~> 1.4)
|
72
|
+
openssl (3.0.0)
|
73
|
+
parallel (1.22.1)
|
74
|
+
parser (3.1.2.0)
|
63
75
|
ast (~> 2.4.1)
|
64
|
-
prometheus-client (
|
65
|
-
puma (
|
66
|
-
|
67
|
-
|
76
|
+
prometheus-client (4.0.0)
|
77
|
+
puma (5.6.4)
|
78
|
+
nio4r (~> 2.0)
|
79
|
+
racc (1.6.0)
|
80
|
+
rack (2.2.4)
|
81
|
+
rack-protection (2.2.1)
|
68
82
|
rack
|
69
|
-
rack-test (0.
|
70
|
-
rack (>= 1.
|
71
|
-
rainbow (3.
|
83
|
+
rack-test (2.0.2)
|
84
|
+
rack (>= 1.3)
|
85
|
+
rainbow (3.1.1)
|
72
86
|
rake (12.3.3)
|
73
|
-
regexp_parser (2.0
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
rspec-
|
79
|
-
|
80
|
-
rspec-
|
81
|
-
rspec-
|
87
|
+
regexp_parser (2.5.0)
|
88
|
+
reverse_markdown (2.1.1)
|
89
|
+
nokogiri
|
90
|
+
rexml (3.2.5)
|
91
|
+
rspec (3.11.0)
|
92
|
+
rspec-core (~> 3.11.0)
|
93
|
+
rspec-expectations (~> 3.11.0)
|
94
|
+
rspec-mocks (~> 3.11.0)
|
95
|
+
rspec-core (3.11.0)
|
96
|
+
rspec-support (~> 3.11.0)
|
97
|
+
rspec-expectations (3.11.0)
|
82
98
|
diff-lcs (>= 1.2.0, < 2.0)
|
83
|
-
rspec-support (~> 3.
|
84
|
-
rspec-mocks (3.
|
99
|
+
rspec-support (~> 3.11.0)
|
100
|
+
rspec-mocks (3.11.1)
|
85
101
|
diff-lcs (>= 1.2.0, < 2.0)
|
86
|
-
rspec-support (~> 3.
|
87
|
-
rspec-support (3.
|
88
|
-
rubocop (
|
102
|
+
rspec-support (~> 3.11.0)
|
103
|
+
rspec-support (3.11.0)
|
104
|
+
rubocop (1.32.0)
|
105
|
+
json (~> 2.3)
|
89
106
|
parallel (~> 1.10)
|
90
|
-
parser (>=
|
107
|
+
parser (>= 3.1.0.0)
|
91
108
|
rainbow (>= 2.2.2, < 4.0)
|
92
|
-
regexp_parser (>= 1.8)
|
93
|
-
rexml
|
94
|
-
rubocop-ast (>=
|
109
|
+
regexp_parser (>= 1.8, < 3.0)
|
110
|
+
rexml (>= 3.2.5, < 4.0)
|
111
|
+
rubocop-ast (>= 1.19.1, < 2.0)
|
95
112
|
ruby-progressbar (~> 1.7)
|
96
|
-
unicode-display_width (>= 1.4.0, <
|
97
|
-
rubocop-ast (1.
|
98
|
-
parser (>=
|
113
|
+
unicode-display_width (>= 1.4.0, < 3.0)
|
114
|
+
rubocop-ast (1.19.1)
|
115
|
+
parser (>= 3.1.1.0)
|
116
|
+
rubocop-rake (0.6.0)
|
117
|
+
rubocop (~> 1.0)
|
118
|
+
rubocop-rspec (2.12.1)
|
119
|
+
rubocop (~> 1.31)
|
99
120
|
ruby-progressbar (1.11.0)
|
100
|
-
ruby2_keywords (0.0.
|
121
|
+
ruby2_keywords (0.0.5)
|
101
122
|
simplecov (0.21.2)
|
102
123
|
docile (~> 1.1)
|
103
124
|
simplecov-html (~> 0.11)
|
104
125
|
simplecov_json_formatter (~> 0.1)
|
105
|
-
simplecov-cobertura (1.
|
106
|
-
|
126
|
+
simplecov-cobertura (2.1.0)
|
127
|
+
rexml
|
128
|
+
simplecov (~> 0.19)
|
107
129
|
simplecov-html (0.12.3)
|
108
|
-
simplecov_json_formatter (0.1.
|
109
|
-
sinatra (2.1
|
130
|
+
simplecov_json_formatter (0.1.4)
|
131
|
+
sinatra (2.2.1)
|
110
132
|
mustermann (~> 1.0)
|
111
133
|
rack (~> 2.2)
|
112
|
-
rack-protection (= 2.1
|
134
|
+
rack-protection (= 2.2.1)
|
113
135
|
tilt (~> 2.0)
|
114
|
-
sinatra-activerecord (2.0.
|
136
|
+
sinatra-activerecord (2.0.25)
|
115
137
|
activerecord (>= 4.1)
|
116
138
|
sinatra (>= 1.0)
|
117
|
-
sinatra-contrib (2.1
|
139
|
+
sinatra-contrib (2.2.1)
|
118
140
|
multi_json
|
119
141
|
mustermann (~> 1.0)
|
120
|
-
rack-protection (= 2.1
|
121
|
-
sinatra (= 2.1
|
142
|
+
rack-protection (= 2.2.1)
|
143
|
+
sinatra (= 2.2.1)
|
144
|
+
tilt (~> 2.0)
|
145
|
+
solargraph (0.45.0)
|
146
|
+
backport (~> 1.2)
|
147
|
+
benchmark
|
148
|
+
bundler (>= 1.17.2)
|
149
|
+
diff-lcs (~> 1.4)
|
150
|
+
e2mmap
|
151
|
+
jaro_winkler (~> 1.5)
|
152
|
+
kramdown (~> 2.3)
|
153
|
+
kramdown-parser-gfm (~> 1.1)
|
154
|
+
parser (~> 3.0)
|
155
|
+
reverse_markdown (>= 1.0.5, < 3)
|
156
|
+
rubocop (>= 0.52)
|
157
|
+
thor (~> 1.0)
|
122
158
|
tilt (~> 2.0)
|
123
|
-
|
124
|
-
|
125
|
-
|
159
|
+
yard (~> 0.9, >= 0.9.24)
|
160
|
+
sqlite3 (1.4.4)
|
161
|
+
thor (1.2.1)
|
162
|
+
tilt (2.0.11)
|
163
|
+
tzinfo (2.0.5)
|
126
164
|
concurrent-ruby (~> 1.0)
|
127
|
-
unicode-display_width (
|
128
|
-
|
129
|
-
|
165
|
+
unicode-display_width (2.2.0)
|
166
|
+
webrick (1.7.0)
|
167
|
+
yard (0.9.28)
|
168
|
+
webrick (~> 1.7.0)
|
130
169
|
|
131
170
|
PLATFORMS
|
132
171
|
ruby
|
@@ -134,15 +173,18 @@ PLATFORMS
|
|
134
173
|
DEPENDENCIES
|
135
174
|
acme-client (~> 2.0)
|
136
175
|
bullion!
|
137
|
-
bundler (~> 2.
|
138
|
-
byebug (~>
|
139
|
-
rack-test (~> 0
|
176
|
+
bundler (~> 2.3)
|
177
|
+
byebug (~> 11)
|
178
|
+
rack-test (~> 2.0)
|
140
179
|
rake (~> 12.3)
|
141
180
|
rspec (~> 3.10)
|
142
|
-
rubocop (~>
|
143
|
-
|
144
|
-
|
181
|
+
rubocop (~> 1.31)
|
182
|
+
rubocop-rake (~> 0.6)
|
183
|
+
rubocop-rspec (~> 2.11)
|
184
|
+
simplecov (~> 0.21)
|
185
|
+
simplecov-cobertura (~> 2.1)
|
186
|
+
solargraph (~> 0.45)
|
145
187
|
yard (~> 0.9)
|
146
188
|
|
147
189
|
BUNDLED WITH
|
148
|
-
2.
|
190
|
+
2.3.10
|
data/README.md
CHANGED
@@ -36,7 +36,7 @@ Whether run locally or via Docker, the following environment variables configure
|
|
36
36
|
| `CA_CERT_PATH` | `$CA_DIR/tls.crt` | Public cert for Bullion. If Bullion is an intermediate CA, you'll want to include the root CA's public cert in this file as well the signed cert for Bullion. |
|
37
37
|
| `CA_DOMAINS` | `example.com` | A comma-delimited list of domains for which Bullion will sign certificate requests. Subdomains are automatically allowed. Certificates containing other domains will be rejected. |
|
38
38
|
| `CERT_VALIDITY_DURATION` | `7776000` | How long should issued certs be valid (in seconds)? Default is 90 days. |
|
39
|
-
| `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either
|
39
|
+
| `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either begin with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
|
40
40
|
| `DNS01_NAMESERVERS` | _None_ | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. When not set, it'll use the host's DNS. |
|
41
41
|
| `LOG_LEVEL` | `warn` | Log level for Bullion. Supported levels (starting with the noisiest) are debug, info, warn, error, and fatal. |
|
42
42
|
| `BULLION_PORT` | `9292` | TCP port Bullion will listen on. |
|
data/Rakefile
CHANGED
@@ -1,91 +1,109 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
3
|
+
ENV["RACK_ENV"] ||= "development"
|
4
|
+
|
5
|
+
if %w[development test].include? ENV["RACK_ENV"]
|
6
|
+
ENV["DATABASE_URL"] = "sqlite3:#{File.expand_path(".")}/tmp/db/#{ENV["RACK_ENV"]}.sqlite3"
|
5
7
|
end
|
6
8
|
|
7
|
-
require
|
8
|
-
require
|
9
|
-
require
|
10
|
-
require
|
11
|
-
require
|
12
|
-
require
|
13
|
-
require
|
9
|
+
require "bundler/gem_tasks"
|
10
|
+
require "rspec/core/rake_task"
|
11
|
+
require "rubocop/rake_task"
|
12
|
+
require "yard"
|
13
|
+
require "openssl"
|
14
|
+
require "sqlite3"
|
15
|
+
require "sinatra/activerecord/rake"
|
14
16
|
|
15
17
|
namespace :db do
|
16
18
|
task :load_config do
|
17
|
-
ActiveRecord::Base.establish_connection(ENV
|
19
|
+
ActiveRecord::Base.establish_connection(url: ENV.fetch("DATABASE_URL", nil))
|
18
20
|
end
|
19
21
|
end
|
20
22
|
|
21
|
-
RSpec::Core::RakeTask.new(:spec)
|
23
|
+
RSpec::Core::RakeTask.new(:spec) do |t|
|
24
|
+
t.exclude_pattern = "spec/integration/**{,/*/**}/*_spec.rb"
|
25
|
+
t.rspec_opts = "--require spec_helper"
|
26
|
+
end
|
27
|
+
RSpec::Core::RakeTask.new(:integration_testing) do |t|
|
28
|
+
t.pattern = "spec/integration/**{,/*/**}/*_spec.rb"
|
29
|
+
t.rspec_opts = "--require integration_helper"
|
30
|
+
end
|
22
31
|
RuboCop::RakeTask.new(:rubocop)
|
23
32
|
YARD::Rake::YardocTask.new
|
24
33
|
|
25
34
|
task :prep do
|
26
|
-
FileUtils.mkdir_p(File.join(File.expand_path(
|
27
|
-
ENV[
|
28
|
-
ENV[
|
29
|
-
ENV[
|
35
|
+
FileUtils.mkdir_p(File.join(File.expand_path("."), "tmp"))
|
36
|
+
ENV["CA_DIR"] = File.join(File.expand_path("."), "tmp").to_s
|
37
|
+
ENV["CA_SECRET"] = "SomeS3cret"
|
38
|
+
ENV["CA_DOMAINS"] = "test.domain"
|
30
39
|
|
31
40
|
key = OpenSSL::PKey::RSA.new(4096)
|
32
|
-
File.
|
33
|
-
|
34
|
-
end
|
41
|
+
File.write(File.join(File.expand_path("."), "tmp", "tls.key"),
|
42
|
+
key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET", nil)))
|
35
43
|
|
36
44
|
root_ca = OpenSSL::X509::Certificate.new
|
37
45
|
root_ca.version = 2
|
38
46
|
root_ca.serial = (2**rand(10..20)) - 1
|
39
47
|
root_ca.subject = OpenSSL::X509::Name.parse(
|
40
|
-
%w[test domain].reverse.map { |piece| "DC=#{piece}" }.join(
|
48
|
+
%w[test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
|
41
49
|
)
|
42
50
|
root_ca.issuer = root_ca.subject # root CA's are "self-signed"
|
43
51
|
root_ca.public_key = key.public_key
|
44
52
|
root_ca.not_before = Time.now
|
45
|
-
root_ca.not_after = root_ca.not_before + 5 * 365 * 24 * 60 * 60 # 5 years validity
|
53
|
+
root_ca.not_after = root_ca.not_before + (5 * 365 * 24 * 60 * 60) # 5 years validity
|
46
54
|
ef = OpenSSL::X509::ExtensionFactory.new
|
47
55
|
ef.subject_certificate = root_ca
|
48
56
|
ef.issuer_certificate = root_ca
|
49
57
|
root_ca.add_extension(
|
50
|
-
ef.create_extension(
|
58
|
+
ef.create_extension("basicConstraints", "CA:TRUE", true)
|
51
59
|
)
|
52
60
|
root_ca.add_extension(
|
53
|
-
ef.create_extension(
|
61
|
+
ef.create_extension("keyUsage", "keyCertSign, cRLSign", true)
|
54
62
|
)
|
55
63
|
root_ca.add_extension(
|
56
|
-
ef.create_extension(
|
64
|
+
ef.create_extension("subjectKeyIdentifier", "hash", false)
|
57
65
|
)
|
58
66
|
root_ca.add_extension(
|
59
|
-
ef.create_extension(
|
67
|
+
ef.create_extension("authorityKeyIdentifier", "keyid:always", false)
|
60
68
|
)
|
61
|
-
root_ca.sign(key, OpenSSL::Digest.new(
|
62
|
-
File.
|
63
|
-
f.write root_ca.to_pem
|
64
|
-
end
|
69
|
+
root_ca.sign(key, OpenSSL::Digest.new("SHA256"))
|
70
|
+
File.write(File.join(File.expand_path("."), "tmp", "tls.crt"), root_ca.to_pem)
|
65
71
|
end
|
66
72
|
|
67
73
|
task :demo do
|
68
|
-
|
74
|
+
rack_env = "test"
|
75
|
+
database_url = "sqlite3:#{File.expand_path(".")}/tmp/db/#{rack_env}.sqlite3"
|
76
|
+
system("RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" bundle exec rake db:migrate")
|
77
|
+
system(
|
78
|
+
"RACK_ENV=\"#{rack_env}\" DATABASE_URL=\"#{database_url}\" " \
|
79
|
+
"LOG_LEVEL='#{ENV.fetch("LOG_LEVEL", "info")}' " \
|
80
|
+
"rackup -D -P #{File.expand_path(".")}/tmp/daemon.pid"
|
81
|
+
)
|
69
82
|
end
|
70
83
|
|
71
84
|
task :foreground_demo do
|
72
|
-
system("rackup -P #{File.expand_path(
|
85
|
+
system("rackup -P #{File.expand_path(".")}/tmp/daemon.pid")
|
73
86
|
end
|
74
87
|
|
75
88
|
task :cleanup do
|
76
89
|
at_exit do
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
FileUtils.
|
81
|
-
|
82
|
-
|
83
|
-
ENV[
|
90
|
+
if File.exist?("#{File.expand_path(".")}/tmp/daemon.pid")
|
91
|
+
system("kill $(cat #{File.expand_path(".")}/tmp/daemon.pid)")
|
92
|
+
end
|
93
|
+
FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.crt"))
|
94
|
+
FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.key"))
|
95
|
+
FileUtils.rm_rf(File.join(File.expand_path("."), "tmp", "db"))
|
96
|
+
ENV["CA_DIR"] = nil
|
97
|
+
ENV["CA_SECRET"] = nil
|
98
|
+
ENV["CA_DOMAINS"] = nil
|
84
99
|
end
|
85
100
|
end
|
86
101
|
|
87
|
-
Rake::Task[
|
102
|
+
Rake::Task["integration_testing"].enhance(["cleanup"])
|
103
|
+
|
104
|
+
task test: %i[prep db:migrate spec demo integration_testing]
|
105
|
+
task unit: %i[prep db:migrate spec]
|
88
106
|
|
89
|
-
task default: %i[
|
107
|
+
task default: %i[test rubocop yard]
|
90
108
|
|
91
109
|
task local_demo: %i[prep db:migrate foreground_demo]
|
data/bin/console
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require
|
5
|
-
require
|
4
|
+
require "bundler/setup"
|
5
|
+
require "bullion"
|
6
6
|
|
7
7
|
# You can add fixtures and/or initialization code here to make experimenting
|
8
8
|
# with your gem easier. You can also use a different console, if you like.
|
@@ -11,5 +11,5 @@ require 'bullion'
|
|
11
11
|
# require "pry"
|
12
12
|
# Pry.start
|
13
13
|
|
14
|
-
require
|
14
|
+
require "irb"
|
15
15
|
IRB.start(__FILE__)
|