RubyGems - bullion - Versions diffs - 0.7.1 → 0.7.2 - Mend

bullion 0.7.1 → 0.7.2

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e9ebdfc8744eadaf021a1f19f79c12e39b63e87896d21896c546ef875e15955
-  data.tar.gz: a6dd92c1c76bdd65a0e2a58ae90e3db912590d6f2e2e0a522adfeda5bc287e2e
+  metadata.gz: ed105e14e1c8f595a9ea2479fad064e056c5fb72ef0b4f6ca55dadd14358ffa8
+  data.tar.gz: ac71877a3a20db90848ae7077ac7046261a23235a1b41b672d03779fe389255d
 SHA512:
-  metadata.gz: a6eaf7ae8d958d3adef49a95fe9d3c53b1610fed2ebdfcee0f13b7b71aacd07ded25e7652b0f1c0f8168d812df8ecbb83642c0679c3c8d26a75cf50207f21c35
-  data.tar.gz: ce2065af090c95f31ed8bfbcc23f4c12f452d3d52fca7f9715877c975e8a0dcb10a6670759277a218edb8b6988cadb9a3f45941f6cda4f71f77ecf084c51db54
+  metadata.gz: 3555e2e3ec0c4fbfaba6b11cae8b9698cdc2a5ca39cef058adf07e1cf3b3a12ee77808548c0dddffac8cca9c4a5e3e77bb7ac49244488dc1f0940869f0d5fd5f
+  data.tar.gz: 780e372c5013f0ceda8ac8a171c8f37ebc288d2b9d9d502cf3c64aa7d34f66f3c7b89dc1776dd175923c718d8e6ddc4e9bc807cacc73320f526b5b48767afedd

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    bullion (0.7.1)
+    bullion (0.7.2)
       dry-configurable (~> 1.1)
       httparty (~> 0.21)
       json (~> 2.6)

data/Rakefile CHANGED Viewed

@@ -40,9 +40,9 @@ task :prep do
   ENV["CA_SECRET"] = "SomeS3cret"
   ENV["CA_DOMAINS"] = "test.domain"
-  key = OpenSSL::PKey::RSA.new(4096)
-  File.write(File.join(File.expand_path("."), "tmp", "tls.key"),
-             key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET", nil)))
+  root_key = OpenSSL::PKey::RSA.new(4096)
+  File.write(File.join(File.expand_path("."), "tmp", "root_tls.key"),
+             root_key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET", nil)))
   root_ca = OpenSSL::X509::Certificate.new
   root_ca.version = 2
@@ -51,7 +51,7 @@ task :prep do
     %w[test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
   )
   root_ca.issuer = root_ca.subject # root CA's are "self-signed"
-  root_ca.public_key = key.public_key
+  root_ca.public_key = root_key.public_key
   root_ca.not_before = Time.now
   root_ca.not_after = root_ca.not_before + (5 * 365 * 24 * 60 * 60) # 5 years validity
   ef = OpenSSL::X509::ExtensionFactory.new
@@ -69,8 +69,43 @@ task :prep do
   root_ca.add_extension(
     ef.create_extension("authorityKeyIdentifier", "keyid:always", false)
   )
-  root_ca.sign(key, OpenSSL::Digest.new("SHA256"))
-  File.write(File.join(File.expand_path("."), "tmp", "tls.crt"), root_ca.to_pem)
+  root_ca.sign(root_key, OpenSSL::Digest.new("SHA256"))
+  File.write(File.join(File.expand_path("."), "tmp", "root_tls.crt"), root_ca.to_pem)
+  intermediate_key = OpenSSL::PKey::RSA.new(4096)
+  File.write(File.join(File.expand_path("."), "tmp", "tls.key"),
+             intermediate_key.to_pem(OpenSSL::Cipher.new("aes-128-cbc"), ENV.fetch("CA_SECRET")))
+  int_ca = OpenSSL::X509::Certificate.new
+  int_ca.version = 2
+  int_ca.serial = (2**rand(10..20)) - 1
+  int_ca.subject = OpenSSL::X509::Name.parse(
+    %w[intermediate test domain].reverse.map { |piece| "DC=#{piece}" }.join("/") + "/CN=bullion"
+  )
+  int_ca.issuer = root_ca.subject
+  int_ca.public_key = intermediate_key.public_key
+  int_ca.not_before = Time.now
+  int_ca.not_after = int_ca.not_before + (2 * 365 * 24 * 60 * 60) # 2 years validity
+  ef = OpenSSL::X509::ExtensionFactory.new
+  ef.subject_certificate = int_ca
+  ef.issuer_certificate = root_ca
+  int_ca.add_extension(
+    ef.create_extension("basicConstraints", "CA:TRUE", true)
+  )
+  int_ca.add_extension(
+    ef.create_extension("keyUsage", "keyCertSign, cRLSign", true)
+  )
+  int_ca.add_extension(
+    ef.create_extension("subjectKeyIdentifier", "hash", false)
+  )
+  int_ca.add_extension(
+    ef.create_extension("authorityKeyIdentifier", "keyid:always", false)
+  )
+  int_ca.sign(root_key, OpenSSL::Digest.new("SHA256"))
+  File.write(
+    File.join(File.expand_path("."), "tmp", "tls.crt"),
+    int_ca.to_pem + root_ca.to_pem
+  )
 end
 desc "Runs a backgrounded demo environment"
@@ -98,6 +133,8 @@ task :cleanup do
     end
     FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.crt"))
     FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "tls.key"))
+    FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.crt"))
+    FileUtils.rm_f(File.join(File.expand_path("."), "tmp", "root_tls.key"))
     FileUtils.rm_rf(File.join(File.expand_path("."), "tmp", "db"))
     ENV["CA_DIR"] = nil
     ENV["CA_SECRET"] = nil

data/lib/bullion/services/ca.rb CHANGED Viewed

@@ -95,7 +95,7 @@ module Bullion
         content_type "application/x-pem-file"
         attachment "cabundle.pem"
-        Bullion.ca_cert.to_pem
+        Bullion.ca_cert_file
       end
       # Retrieves a Nonce via a HEAD request
@@ -383,7 +383,7 @@ module Bullion
           cert = Models::Certificate.find(params[:id])
-          cert.data + Bullion.ca_cert.to_pem
+          cert.data + Bullion.ca_cert_file
         else
           halt(422, { error: "Order not valid" }.to_json)
         end

data/lib/bullion/version.rb CHANGED Viewed

@@ -4,6 +4,6 @@ module Bullion
   VERSION = [
     0, # major
     7, # minor
-    1 # patch
+    2 # patch
   ].join(".")
 end

data/lib/bullion.rb CHANGED Viewed

@@ -70,8 +70,12 @@ module Bullion
     @ca_key ||= OpenSSL::PKey::RSA.new(File.read(config.ca.key_path), config.ca.secret)
   end
+  def self.ca_cert_file
+    @ca_cert_file ||= File.read(config.ca.cert_path)
+  end
   def self.ca_cert
-    @ca_cert ||= OpenSSL::X509::Certificate.new(File.read(config.ca.cert_path))
+    @ca_cert ||= OpenSSL::X509::Certificate.new(ca_cert_file)
   end
   def self.rotate_keys!

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bullion
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.7.2
 platform: ruby
 authors:
 - Jonathan Gnagy