cert-to-cwt 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/cert-to-cwt.rb +45 -6
- data/cert-to-cwt.gemspec +3 -3
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 599594ac004acd8a7fdf29c302d566bf6253f5d6
|
|
4
|
+
data.tar.gz: 53de4844c860c9eb8f498f0dcc639631dec2b55f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2f45ef0d8dafd166e4f6c9ed03605ce0f41aa0715684836124bc3b262cc23526c98adc16d7c95008b802476c76e1b1815c31f03b4b4ea6076a732ef63522bc9f
|
|
7
|
+
data.tar.gz: 213f1f078d04f38865e663f6985b0510eabd3d9c43487dc358f4f0a8a2913f48cb03b7cf12d0508459041a0316182db8f519e91b9f0b06717e46d28ef9cfadc7
|
data/bin/cert-to-cwt.rb
CHANGED
|
@@ -50,7 +50,14 @@ def bitstringtobytes(s)
|
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
def datetimeasn1(s)
|
|
53
|
-
|
|
53
|
+
case s.keys
|
|
54
|
+
when [:t]
|
|
55
|
+
Time.iso8601(s.fetch(:t).sub(/\A(..)(..)(..)(..)(..)(..)Z\z/){"20#$1-#$2-#$3T#$4:#$5:#$6Z"}).to_i
|
|
56
|
+
when [:gt]
|
|
57
|
+
Time.iso8601(s.fetch(:gt).sub(/\A(....)(..)(..)(..)(..)(..(?:[.]\d*)?)Z\z/){"#$1-#$2-#$3T#$4:#$5:#$6Z"}).to_i
|
|
58
|
+
else
|
|
59
|
+
fail ["unknown date/time type", s.keys].inspect
|
|
60
|
+
end
|
|
54
61
|
end
|
|
55
62
|
|
|
56
63
|
OIDLOOKUP = Hash.new {|h, k| k}
|
|
@@ -93,7 +100,13 @@ ALGLOOKUP = Hash.new {|h, k| k}
|
|
|
93
100
|
%w(
|
|
94
101
|
1.2.840.113549.1.1.11 sha256WithRSAEncryption
|
|
95
102
|
1.2.840.113549.1.1.1 rsaEncryption
|
|
103
|
+
1.2.840.10045.2.1 ecPublicKey
|
|
104
|
+
|
|
105
|
+
1.2.840.10045.3.1.7 secp256r1
|
|
106
|
+
1.2.840.10045.3.1.34 secp384r1
|
|
107
|
+
1.2.840.10045.3.1.35 secp521r1
|
|
96
108
|
).each_slice(2).map{ |x, y| ALGLOOKUP[x] = y.intern}
|
|
109
|
+
# prime192v1(1) prime192v2(2) prime192v3(3) prime239v1(4) prime239v2(5) prime239v3(6) prime256v1(7)
|
|
97
110
|
|
|
98
111
|
SYMLOOKUP = Hash.new {|h, k| warn "label unknown for key :#{k}"; k}
|
|
99
112
|
%w(
|
|
@@ -110,7 +123,10 @@ kty 1
|
|
|
110
123
|
n -1
|
|
111
124
|
e -2
|
|
112
125
|
|
|
113
|
-
|
|
126
|
+
crv -1
|
|
127
|
+
x -2
|
|
128
|
+
y -3
|
|
129
|
+
|
|
114
130
|
pk -100001
|
|
115
131
|
).each_slice(2).map{ |x, y| SYMLOOKUP[x.intern] = y.to_i}
|
|
116
132
|
|
|
@@ -139,13 +155,13 @@ tbs, sigalg, sigval = cert.fetch(:seq)
|
|
|
139
155
|
ver, ser, sigalg1, iss, validity, sub, spki, *rest = tbs.fetch(:seq)
|
|
140
156
|
fail [:ver, ver].inspect unless ver == {exp0: [2]}
|
|
141
157
|
fail [:ser, set].inspect unless Integer === ser
|
|
142
|
-
claimset[:
|
|
158
|
+
claimset[:cti] = numbertobytes(ser)
|
|
143
159
|
fail [:alg, sigalg, sigalg1].inspect unless sigalg == sigalg1
|
|
144
160
|
|
|
145
161
|
decoded_sigalg = ALGLOOKUP[sigalg.fetch(:seq).first]
|
|
146
162
|
# p decoded_sigalg
|
|
147
163
|
|
|
148
|
-
notbefore, notafter = validity.fetch(:seq).map{|x| datetimeasn1(x
|
|
164
|
+
notbefore, notafter = validity.fetch(:seq).map{|x| datetimeasn1(x)}
|
|
149
165
|
# p [notbefore, notafter]
|
|
150
166
|
claimset[:nbf] = notbefore
|
|
151
167
|
claimset[:exp] = notafter
|
|
@@ -154,7 +170,9 @@ claimset[:iss] = dntostring(iss)
|
|
|
154
170
|
claimset[:sub] = dntostring(sub)
|
|
155
171
|
|
|
156
172
|
pkalg, pkbits = spki.fetch(:seq)
|
|
157
|
-
|
|
173
|
+
pkalgseq1, pkalgseq2 = pkalg.fetch(:seq)
|
|
174
|
+
decoded_pkalg = ALGLOOKUP[pkalgseq1]
|
|
175
|
+
decoded_pkalgparm = ALGLOOKUP[pkalgseq2]
|
|
158
176
|
kk = bitstringtobytes(pkbits.fetch(:bits))
|
|
159
177
|
case decoded_pkalg
|
|
160
178
|
when :rsaEncryption
|
|
@@ -162,8 +180,29 @@ when :rsaEncryption
|
|
|
162
180
|
n, e = kk.fetch(:seq)
|
|
163
181
|
u = CBOR.encode(n)
|
|
164
182
|
claimset[:pk] = {kty: 3, n: numbertobytes(n), e: numbertobytes(e)}
|
|
183
|
+
when :ecPublicKey
|
|
184
|
+
case decoded_pkalgparm
|
|
185
|
+
when :secp256r1
|
|
186
|
+
case kk.getbyte(0)
|
|
187
|
+
# XXX: check lengths
|
|
188
|
+
when 4
|
|
189
|
+
fail "Weird EC key #{kk.hexi}" unless kk.size == 65
|
|
190
|
+
y = kk[33..64]
|
|
191
|
+
when 2
|
|
192
|
+
fail "Weird EC key #{kk.hexi}" unless kk.size == 33
|
|
193
|
+
y = false
|
|
194
|
+
when 3
|
|
195
|
+
fail "Weird EC key #{kk.hexi}" unless kk.size == 33
|
|
196
|
+
y = true
|
|
197
|
+
else
|
|
198
|
+
fail "Weird EC key #{kk.hexi}"
|
|
199
|
+
end
|
|
200
|
+
claimset[:pk] = {kty: 2, crv: 1, x: kk[1..32], y: y}
|
|
201
|
+
else
|
|
202
|
+
claimset[:pk] = ["ecPublicKey", pkalgseq2, kk] # TODO convert to COSE key
|
|
203
|
+
end
|
|
165
204
|
else
|
|
166
|
-
claimset[:pk] = [decoded_pkalg, kk] # TODO convert to COSE key
|
|
205
|
+
claimset[:pk] = [decoded_pkalg, pkalgseq2, kk] # TODO convert to COSE key
|
|
167
206
|
end
|
|
168
207
|
|
|
169
208
|
rest1 = rest.reduce({}, :merge)
|
data/cert-to-cwt.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = "cert-to-cwt"
|
|
3
|
-
s.version = "0.0.
|
|
3
|
+
s.version = "0.0.2"
|
|
4
4
|
s.summary = "Convert an X.509 cert into a CWT claim set"
|
|
5
5
|
s.description = %q{cert-to-cwt is a highly experimental converter for X.509 certificates into CWT claim sets.}
|
|
6
6
|
s.author = "Carsten Bormann"
|
|
@@ -9,11 +9,11 @@ Gem::Specification.new do |s|
|
|
|
9
9
|
s.has_rdoc = false
|
|
10
10
|
s.files = Dir['lib/**/*.rb'] + %w(cert-to-cwt.gemspec) + Dir['bin/**/*.rb']
|
|
11
11
|
s.executables = Dir['bin/**/*.rb'].map {|x| File.basename(x)}
|
|
12
|
-
s.required_ruby_version = '>= 2.
|
|
12
|
+
s.required_ruby_version = '>= 2.3.1'
|
|
13
13
|
|
|
14
14
|
s.require_paths = ["lib"]
|
|
15
15
|
|
|
16
16
|
s.add_development_dependency 'bundler', '~>1'
|
|
17
17
|
s.add_dependency 'cbor-diag'
|
|
18
|
-
s.add_dependency 'asn1-diag'
|
|
18
|
+
s.add_dependency 'asn1-diag', ">= 0.0.2"
|
|
19
19
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cert-to-cwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Carsten Bormann
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-08-
|
|
11
|
+
date: 2017-08-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
47
|
+
version: 0.0.2
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
54
|
+
version: 0.0.2
|
|
55
55
|
description: cert-to-cwt is a highly experimental converter for X.509 certificates
|
|
56
56
|
into CWT claim sets.
|
|
57
57
|
email: cabo@tzi.org
|
|
@@ -74,7 +74,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
74
74
|
requirements:
|
|
75
75
|
- - ">="
|
|
76
76
|
- !ruby/object:Gem::Version
|
|
77
|
-
version: 2.
|
|
77
|
+
version: 2.3.1
|
|
78
78
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - ">="
|