cert-to-cwt 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/cert-to-cwt.rb +45 -6
- data/cert-to-cwt.gemspec +3 -3
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 599594ac004acd8a7fdf29c302d566bf6253f5d6
|
|
4
|
+
data.tar.gz: 53de4844c860c9eb8f498f0dcc639631dec2b55f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2f45ef0d8dafd166e4f6c9ed03605ce0f41aa0715684836124bc3b262cc23526c98adc16d7c95008b802476c76e1b1815c31f03b4b4ea6076a732ef63522bc9f
|
|
7
|
+
data.tar.gz: 213f1f078d04f38865e663f6985b0510eabd3d9c43487dc358f4f0a8a2913f48cb03b7cf12d0508459041a0316182db8f519e91b9f0b06717e46d28ef9cfadc7
|
data/bin/cert-to-cwt.rb
CHANGED
|
@@ -50,7 +50,14 @@ def bitstringtobytes(s)
|
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
def datetimeasn1(s)
|
|
53
|
-
|
|
53
|
+
case s.keys
|
|
54
|
+
when [:t]
|
|
55
|
+
Time.iso8601(s.fetch(:t).sub(/\A(..)(..)(..)(..)(..)(..)Z\z/){"20#$1-#$2-#$3T#$4:#$5:#$6Z"}).to_i
|
|
56
|
+
when [:gt]
|
|
57
|
+
Time.iso8601(s.fetch(:gt).sub(/\A(....)(..)(..)(..)(..)(..(?:[.]\d*)?)Z\z/){"#$1-#$2-#$3T#$4:#$5:#$6Z"}).to_i
|
|
58
|
+
else
|
|
59
|
+
fail ["unknown date/time type", s.keys].inspect
|
|
60
|
+
end
|
|
54
61
|
end
|
|
55
62
|
|
|
56
63
|
OIDLOOKUP = Hash.new {|h, k| k}
|
|
@@ -93,7 +100,13 @@ ALGLOOKUP = Hash.new {|h, k| k}
|
|
|
93
100
|
%w(
|
|
94
101
|
1.2.840.113549.1.1.11 sha256WithRSAEncryption
|
|
95
102
|
1.2.840.113549.1.1.1 rsaEncryption
|
|
103
|
+
1.2.840.10045.2.1 ecPublicKey
|
|
104
|
+
|
|
105
|
+
1.2.840.10045.3.1.7 secp256r1
|
|
106
|
+
1.2.840.10045.3.1.34 secp384r1
|
|
107
|
+
1.2.840.10045.3.1.35 secp521r1
|
|
96
108
|
).each_slice(2).map{ |x, y| ALGLOOKUP[x] = y.intern}
|
|
109
|
+
# prime192v1(1) prime192v2(2) prime192v3(3) prime239v1(4) prime239v2(5) prime239v3(6) prime256v1(7)
|
|
97
110
|
|
|
98
111
|
SYMLOOKUP = Hash.new {|h, k| warn "label unknown for key :#{k}"; k}
|
|
99
112
|
%w(
|
|
@@ -110,7 +123,10 @@ kty 1
|
|
|
110
123
|
n -1
|
|
111
124
|
e -2
|
|
112
125
|
|
|
113
|
-
|
|
126
|
+
crv -1
|
|
127
|
+
x -2
|
|
128
|
+
y -3
|
|
129
|
+
|
|
114
130
|
pk -100001
|
|
115
131
|
).each_slice(2).map{ |x, y| SYMLOOKUP[x.intern] = y.to_i}
|
|
116
132
|
|
|
@@ -139,13 +155,13 @@ tbs, sigalg, sigval = cert.fetch(:seq)
|
|
|
139
155
|
ver, ser, sigalg1, iss, validity, sub, spki, *rest = tbs.fetch(:seq)
|
|
140
156
|
fail [:ver, ver].inspect unless ver == {exp0: [2]}
|
|
141
157
|
fail [:ser, set].inspect unless Integer === ser
|
|
142
|
-
claimset[:
|
|
158
|
+
claimset[:cti] = numbertobytes(ser)
|
|
143
159
|
fail [:alg, sigalg, sigalg1].inspect unless sigalg == sigalg1
|
|
144
160
|
|
|
145
161
|
decoded_sigalg = ALGLOOKUP[sigalg.fetch(:seq).first]
|
|
146
162
|
# p decoded_sigalg
|
|
147
163
|
|
|
148
|
-
notbefore, notafter = validity.fetch(:seq).map{|x| datetimeasn1(x
|
|
164
|
+
notbefore, notafter = validity.fetch(:seq).map{|x| datetimeasn1(x)}
|
|
149
165
|
# p [notbefore, notafter]
|
|
150
166
|
claimset[:nbf] = notbefore
|
|
151
167
|
claimset[:exp] = notafter
|
|
@@ -154,7 +170,9 @@ claimset[:iss] = dntostring(iss)
|
|
|
154
170
|
claimset[:sub] = dntostring(sub)
|
|
155
171
|
|
|
156
172
|
pkalg, pkbits = spki.fetch(:seq)
|
|
157
|
-
|
|
173
|
+
pkalgseq1, pkalgseq2 = pkalg.fetch(:seq)
|
|
174
|
+
decoded_pkalg = ALGLOOKUP[pkalgseq1]
|
|
175
|
+
decoded_pkalgparm = ALGLOOKUP[pkalgseq2]
|
|
158
176
|
kk = bitstringtobytes(pkbits.fetch(:bits))
|
|
159
177
|
case decoded_pkalg
|
|
160
178
|
when :rsaEncryption
|
|
@@ -162,8 +180,29 @@ when :rsaEncryption
|
|
|
162
180
|
n, e = kk.fetch(:seq)
|
|
163
181
|
u = CBOR.encode(n)
|
|
164
182
|
claimset[:pk] = {kty: 3, n: numbertobytes(n), e: numbertobytes(e)}
|
|
183
|
+
when :ecPublicKey
|
|
184
|
+
case decoded_pkalgparm
|
|
185
|
+
when :secp256r1
|
|
186
|
+
case kk.getbyte(0)
|
|
187
|
+
# XXX: check lengths
|
|
188
|
+
when 4
|
|
189
|
+
fail "Weird EC key #{kk.hexi}" unless kk.size == 65
|
|
190
|
+
y = kk[33..64]
|
|
191
|
+
when 2
|
|
192
|
+
fail "Weird EC key #{kk.hexi}" unless kk.size == 33
|
|
193
|
+
y = false
|
|
194
|
+
when 3
|
|
195
|
+
fail "Weird EC key #{kk.hexi}" unless kk.size == 33
|
|
196
|
+
y = true
|
|
197
|
+
else
|
|
198
|
+
fail "Weird EC key #{kk.hexi}"
|
|
199
|
+
end
|
|
200
|
+
claimset[:pk] = {kty: 2, crv: 1, x: kk[1..32], y: y}
|
|
201
|
+
else
|
|
202
|
+
claimset[:pk] = ["ecPublicKey", pkalgseq2, kk] # TODO convert to COSE key
|
|
203
|
+
end
|
|
165
204
|
else
|
|
166
|
-
claimset[:pk] = [decoded_pkalg, kk] # TODO convert to COSE key
|
|
205
|
+
claimset[:pk] = [decoded_pkalg, pkalgseq2, kk] # TODO convert to COSE key
|
|
167
206
|
end
|
|
168
207
|
|
|
169
208
|
rest1 = rest.reduce({}, :merge)
|
data/cert-to-cwt.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = "cert-to-cwt"
|
|
3
|
-
s.version = "0.0.
|
|
3
|
+
s.version = "0.0.2"
|
|
4
4
|
s.summary = "Convert an X.509 cert into a CWT claim set"
|
|
5
5
|
s.description = %q{cert-to-cwt is a highly experimental converter for X.509 certificates into CWT claim sets.}
|
|
6
6
|
s.author = "Carsten Bormann"
|
|
@@ -9,11 +9,11 @@ Gem::Specification.new do |s|
|
|
|
9
9
|
s.has_rdoc = false
|
|
10
10
|
s.files = Dir['lib/**/*.rb'] + %w(cert-to-cwt.gemspec) + Dir['bin/**/*.rb']
|
|
11
11
|
s.executables = Dir['bin/**/*.rb'].map {|x| File.basename(x)}
|
|
12
|
-
s.required_ruby_version = '>= 2.
|
|
12
|
+
s.required_ruby_version = '>= 2.3.1'
|
|
13
13
|
|
|
14
14
|
s.require_paths = ["lib"]
|
|
15
15
|
|
|
16
16
|
s.add_development_dependency 'bundler', '~>1'
|
|
17
17
|
s.add_dependency 'cbor-diag'
|
|
18
|
-
s.add_dependency 'asn1-diag'
|
|
18
|
+
s.add_dependency 'asn1-diag', ">= 0.0.2"
|
|
19
19
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cert-to-cwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Carsten Bormann
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-08-
|
|
11
|
+
date: 2017-08-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
47
|
+
version: 0.0.2
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
54
|
+
version: 0.0.2
|
|
55
55
|
description: cert-to-cwt is a highly experimental converter for X.509 certificates
|
|
56
56
|
into CWT claim sets.
|
|
57
57
|
email: cabo@tzi.org
|
|
@@ -74,7 +74,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
74
74
|
requirements:
|
|
75
75
|
- - ">="
|
|
76
76
|
- !ruby/object:Gem::Version
|
|
77
|
-
version: 2.
|
|
77
|
+
version: 2.3.1
|
|
78
78
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - ">="
|