bullion 0.7.0 → 0.7.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 36ed2c3c1d482d903b483d03c4295a9ad784763f34becf488e55775b2d248594
4
- data.tar.gz: dea3a389dd9aa344d8f2e570af7913e00be67d5ec47bc5e6eb6f31f5dce4e356
3
+ metadata.gz: ed105e14e1c8f595a9ea2479fad064e056c5fb72ef0b4f6ca55dadd14358ffa8
4
+ data.tar.gz: ac71877a3a20db90848ae7077ac7046261a23235a1b41b672d03779fe389255d
5
5
  SHA512:
6
- metadata.gz: ced33b6e567f3e9fd3529e08172b7f7e40a64042868f75589cbeda8db5a20067ff8e7851be257e2d1b9c8ae9ffd6c017a4e275671a8b50fc52732e5c0e1493d9
7
- data.tar.gz: e6c3371fbb984eccb6e32ccc5d719372f3faf313ac0ed3f938eb7d6f339b2a88d8fa2a4be8231a820f24c61dcfb4ef3dcf3c877c53805e29ace1fa69b30d766f
6
+ metadata.gz: 3555e2e3ec0c4fbfaba6b11cae8b9698cdc2a5ca39cef058adf07e1cf3b3a12ee77808548c0dddffac8cca9c4a5e3e77bb7ac49244488dc1f0940869f0d5fd5f
7
+ data.tar.gz: 780e372c5013f0ceda8ac8a171c8f37ebc288d2b9d9d502cf3c64aa7d34f66f3c7b89dc1776dd175923c718d8e6ddc4e9bc807cacc73320f526b5b48767afedd
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- bullion (0.7.0)
4
+ bullion (0.7.2)
5
5
  dry-configurable (~> 1.1)
6
6
  httparty (~> 0.21)
7
7
  json (~> 2.6)
data/Rakefile CHANGED
@@ -40,9 +40,9 @@ task :prep do
40
40
  ENV["CA_SECRET"] = "SomeS3cret"
41
41
  ENV["CA_DOMAINS"] = "test.domain"
42
42
 
43
- key = OpenSSL::PKey::RSA.new(4096)
44
- File.write(File.join(File.expand_path("."), "tmp", "tls.key"),
45
- key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET", nil)))
43
+ root_key = OpenSSL::PKey::RSA.new(4096)
44
+ File.write(File.join(File.expand_path("."), "tmp", "root_tls.key"),
45
+ root_key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET", nil)))
46
46
 
47
47
  root_ca = OpenSSL::X509::Certificate.new
48
48
  root_ca.version = 2
@@ -51,7 +51,7 @@ task :prep do
51
51
  %w[test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
52
52
  )
53
53
  root_ca.issuer = root_ca.subject # root CA's are "self-signed"
54
- root_ca.public_key = key.public_key
54
+ root_ca.public_key = root_key.public_key
55
55
  root_ca.not_before = Time.now
56
56
  root_ca.not_after = root_ca.not_before + (5 * 365 * 24 * 60 * 60) # 5 years validity
57
57
  ef = OpenSSL::X509::ExtensionFactory.new
@@ -69,8 +69,43 @@ task :prep do
69
69
  root_ca.add_extension(
70
70
  ef.create_extension("authorityKeyIdentifier", "keyid:always", false)
71
71
  )
72
- root_ca.sign(key, OpenSSL::Digest.new("SHA256"))
73
- File.write(File.join(File.expand_path("."), "tmp", "tls.crt"), root_ca.to_pem)
72
+ root_ca.sign(root_key, OpenSSL::Digest.new("SHA256"))
73
+ File.write(File.join(File.expand_path("."), "tmp", "root_tls.crt"), root_ca.to_pem)
74
+
75
+ intermediate_key = OpenSSL::PKey::RSA.new(4096)
76
+ File.write(File.join(File.expand_path("."), "tmp", "tls.key"),
77
+ intermediate_key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET")))
78
+
79
+ int_ca = OpenSSL::X509::Certificate.new
80
+ int_ca.version = 2
81
+ int_ca.serial = (2**rand(10..20)) - 1
82
+ int_ca.subject = OpenSSL::X509::Name.parse(
83
+ %w[intermediate test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
84
+ )
85
+ int_ca.issuer = root_ca.subject
86
+ int_ca.public_key = intermediate_key.public_key
87
+ int_ca.not_before = Time.now
88
+ int_ca.not_after = int_ca.not_before + (2 * 365 * 24 * 60 * 60) # 2 years validity
89
+ ef = OpenSSL::X509::ExtensionFactory.new
90
+ ef.subject_certificate = int_ca
91
+ ef.issuer_certificate = root_ca
92
+ int_ca.add_extension(
93
+ ef.create_extension("basicConstraints", "CA:TRUE", true)
94
+ )
95
+ int_ca.add_extension(
96
+ ef.create_extension("keyUsage", "keyCertSign, cRLSign", true)
97
+ )
98
+ int_ca.add_extension(
99
+ ef.create_extension("subjectKeyIdentifier", "hash", false)
100
+ )
101
+ int_ca.add_extension(
102
+ ef.create_extension("authorityKeyIdentifier", "keyid:always", false)
103
+ )
104
+ int_ca.sign(root_key, OpenSSL::Digest.new("SHA256"))
105
+ File.write(
106
+ File.join(File.expand_path("."), "tmp", "tls.crt"),
107
+ int_ca.to_pem + root_ca.to_pem
108
+ )
74
109
  end
75
110
 
76
111
  desc "Runs a backgrounded demo environment"
@@ -98,6 +133,8 @@ task :cleanup do
98
133
  end
99
134
  FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.crt"))
100
135
  FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.key"))
136
+ FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.crt"))
137
+ FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.key"))
101
138
  FileUtils.rm_rf(File.join(File.expand_path("."), "tmp", "db"))
102
139
  ENV["CA_DIR"] = nil
103
140
  ENV["CA_SECRET"] = nil
@@ -216,7 +216,7 @@ module Bullion
216
216
  csr_cert.subject = simple_subject(cert.subject.to_s)
217
217
 
218
218
  csr_cert.public_key = csr.public_key
219
- csr_cert.issuer = Bullion.ca_cert.issuer
219
+ csr_cert.issuer = Bullion.ca_cert.subject
220
220
 
221
221
  csr_cert, sans = manage_csr_extensions(csr, csr_cert)
222
222
 
@@ -95,7 +95,7 @@ module Bullion
95
95
  content_type "application/x-pem-file"
96
96
 
97
97
  attachment "cabundle.pem"
98
- Bullion.ca_cert.to_pem
98
+ Bullion.ca_cert_file
99
99
  end
100
100
 
101
101
  # Retrieves a Nonce via a HEAD request
@@ -383,7 +383,7 @@ module Bullion
383
383
 
384
384
  cert = Models::Certificate.find(params[:id])
385
385
 
386
- cert.data + Bullion.ca_cert.to_pem
386
+ cert.data + Bullion.ca_cert_file
387
387
  else
388
388
  halt(422, { error: "Order not valid" }.to_json)
389
389
  end
@@ -4,6 +4,6 @@ module Bullion
4
4
  VERSION = [
5
5
  0, # major
6
6
  7, # minor
7
- 0 # patch
7
+ 2 # patch
8
8
  ].join(".")
9
9
  end
data/lib/bullion.rb CHANGED
@@ -70,8 +70,12 @@ module Bullion
70
70
  @ca_key ||= OpenSSL::PKey::RSA.new(File.read(config.ca.key_path), config.ca.secret)
71
71
  end
72
72
 
73
+ def self.ca_cert_file
74
+ @ca_cert_file ||= File.read(config.ca.cert_path)
75
+ end
76
+
73
77
  def self.ca_cert
74
- @ca_cert ||= OpenSSL::X509::Certificate.new(File.read(config.ca.cert_path))
78
+ @ca_cert ||= OpenSSL::X509::Certificate.new(ca_cert_file)
75
79
  end
76
80
 
77
81
  def self.rotate_keys!
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bullion
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.7.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Gnagy
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-01-30 00:00:00.000000000 Z
11
+ date: 2024-01-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dry-configurable