bullion 0.7.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3e9ebdfc8744eadaf021a1f19f79c12e39b63e87896d21896c546ef875e15955
4
- data.tar.gz: a6dd92c1c76bdd65a0e2a58ae90e3db912590d6f2e2e0a522adfeda5bc287e2e
3
+ metadata.gz: ed105e14e1c8f595a9ea2479fad064e056c5fb72ef0b4f6ca55dadd14358ffa8
4
+ data.tar.gz: ac71877a3a20db90848ae7077ac7046261a23235a1b41b672d03779fe389255d
5
5
  SHA512:
6
- metadata.gz: a6eaf7ae8d958d3adef49a95fe9d3c53b1610fed2ebdfcee0f13b7b71aacd07ded25e7652b0f1c0f8168d812df8ecbb83642c0679c3c8d26a75cf50207f21c35
7
- data.tar.gz: ce2065af090c95f31ed8bfbcc23f4c12f452d3d52fca7f9715877c975e8a0dcb10a6670759277a218edb8b6988cadb9a3f45941f6cda4f71f77ecf084c51db54
6
+ metadata.gz: 3555e2e3ec0c4fbfaba6b11cae8b9698cdc2a5ca39cef058adf07e1cf3b3a12ee77808548c0dddffac8cca9c4a5e3e77bb7ac49244488dc1f0940869f0d5fd5f
7
+ data.tar.gz: 780e372c5013f0ceda8ac8a171c8f37ebc288d2b9d9d502cf3c64aa7d34f66f3c7b89dc1776dd175923c718d8e6ddc4e9bc807cacc73320f526b5b48767afedd
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- bullion (0.7.1)
4
+ bullion (0.7.2)
5
5
  dry-configurable (~> 1.1)
6
6
  httparty (~> 0.21)
7
7
  json (~> 2.6)
data/Rakefile CHANGED
@@ -40,9 +40,9 @@ task :prep do
40
40
  ENV["CA_SECRET"] = "SomeS3cret"
41
41
  ENV["CA_DOMAINS"] = "test.domain"
42
42
 
43
- key = OpenSSL::PKey::RSA.new(4096)
44
- File.write(File.join(File.expand_path("."), "tmp", "tls.key"),
45
- key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET", nil)))
43
+ root_key = OpenSSL::PKey::RSA.new(4096)
44
+ File.write(File.join(File.expand_path("."), "tmp", "root_tls.key"),
45
+ root_key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET", nil)))
46
46
 
47
47
  root_ca = OpenSSL::X509::Certificate.new
48
48
  root_ca.version = 2
@@ -51,7 +51,7 @@ task :prep do
51
51
  %w[test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
52
52
  )
53
53
  root_ca.issuer = root_ca.subject # root CA's are "self-signed"
54
- root_ca.public_key = key.public_key
54
+ root_ca.public_key = root_key.public_key
55
55
  root_ca.not_before = Time.now
56
56
  root_ca.not_after = root_ca.not_before + (5 * 365 * 24 * 60 * 60) # 5 years validity
57
57
  ef = OpenSSL::X509::ExtensionFactory.new
@@ -69,8 +69,43 @@ task :prep do
69
69
  root_ca.add_extension(
70
70
  ef.create_extension("authorityKeyIdentifier", "keyid:always", false)
71
71
  )
72
- root_ca.sign(key, OpenSSL::Digest.new("SHA256"))
73
- File.write(File.join(File.expand_path("."), "tmp", "tls.crt"), root_ca.to_pem)
72
+ root_ca.sign(root_key, OpenSSL::Digest.new("SHA256"))
73
+ File.write(File.join(File.expand_path("."), "tmp", "root_tls.crt"), root_ca.to_pem)
74
+
75
+ intermediate_key = OpenSSL::PKey::RSA.new(4096)
76
+ File.write(File.join(File.expand_path("."), "tmp", "tls.key"),
77
+ intermediate_key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET")))
78
+
79
+ int_ca = OpenSSL::X509::Certificate.new
80
+ int_ca.version = 2
81
+ int_ca.serial = (2**rand(10..20)) - 1
82
+ int_ca.subject = OpenSSL::X509::Name.parse(
83
+ %w[intermediate test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
84
+ )
85
+ int_ca.issuer = root_ca.subject
86
+ int_ca.public_key = intermediate_key.public_key
87
+ int_ca.not_before = Time.now
88
+ int_ca.not_after = int_ca.not_before + (2 * 365 * 24 * 60 * 60) # 2 years validity
89
+ ef = OpenSSL::X509::ExtensionFactory.new
90
+ ef.subject_certificate = int_ca
91
+ ef.issuer_certificate = root_ca
92
+ int_ca.add_extension(
93
+ ef.create_extension("basicConstraints", "CA:TRUE", true)
94
+ )
95
+ int_ca.add_extension(
96
+ ef.create_extension("keyUsage", "keyCertSign, cRLSign", true)
97
+ )
98
+ int_ca.add_extension(
99
+ ef.create_extension("subjectKeyIdentifier", "hash", false)
100
+ )
101
+ int_ca.add_extension(
102
+ ef.create_extension("authorityKeyIdentifier", "keyid:always", false)
103
+ )
104
+ int_ca.sign(root_key, OpenSSL::Digest.new("SHA256"))
105
+ File.write(
106
+ File.join(File.expand_path("."), "tmp", "tls.crt"),
107
+ int_ca.to_pem + root_ca.to_pem
108
+ )
74
109
  end
75
110
 
76
111
  desc "Runs a backgrounded demo environment"
@@ -98,6 +133,8 @@ task :cleanup do
98
133
  end
99
134
  FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.crt"))
100
135
  FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.key"))
136
+ FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.crt"))
137
+ FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.key"))
101
138
  FileUtils.rm_rf(File.join(File.expand_path("."), "tmp", "db"))
102
139
  ENV["CA_DIR"] = nil
103
140
  ENV["CA_SECRET"] = nil
@@ -95,7 +95,7 @@ module Bullion
95
95
  content_type "application/x-pem-file"
96
96
 
97
97
  attachment "cabundle.pem"
98
- Bullion.ca_cert.to_pem
98
+ Bullion.ca_cert_file
99
99
  end
100
100
 
101
101
  # Retrieves a Nonce via a HEAD request
@@ -383,7 +383,7 @@ module Bullion
383
383
 
384
384
  cert = Models::Certificate.find(params[:id])
385
385
 
386
- cert.data + Bullion.ca_cert.to_pem
386
+ cert.data + Bullion.ca_cert_file
387
387
  else
388
388
  halt(422, { error: "Order not valid" }.to_json)
389
389
  end
@@ -4,6 +4,6 @@ module Bullion
4
4
  VERSION = [
5
5
  0, # major
6
6
  7, # minor
7
- 1 # patch
7
+ 2 # patch
8
8
  ].join(".")
9
9
  end
data/lib/bullion.rb CHANGED
@@ -70,8 +70,12 @@ module Bullion
70
70
  @ca_key ||= OpenSSL::PKey::RSA.new(File.read(config.ca.key_path), config.ca.secret)
71
71
  end
72
72
 
73
+ def self.ca_cert_file
74
+ @ca_cert_file ||= File.read(config.ca.cert_path)
75
+ end
76
+
73
77
  def self.ca_cert
74
- @ca_cert ||= OpenSSL::X509::Certificate.new(File.read(config.ca.cert_path))
78
+ @ca_cert ||= OpenSSL::X509::Certificate.new(ca_cert_file)
75
79
  end
76
80
 
77
81
  def self.rotate_keys!
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bullion
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.1
4
+ version: 0.7.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Gnagy