cert-to-cwt 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3f30a9c6e0631d3daaca07bac5a27a9dc34bd4cb
4
- data.tar.gz: e78ff0859be82052447ac491c072d78b5f217919
3
+ metadata.gz: 599594ac004acd8a7fdf29c302d566bf6253f5d6
4
+ data.tar.gz: 53de4844c860c9eb8f498f0dcc639631dec2b55f
5
5
  SHA512:
6
- metadata.gz: 9ff25fea72d4b4ae22172b72ccf3f739d2607d221ac855a498a24dabb00f2f8900cd7b8f33a49217a102ddb091b781f9f93c8d25d83e6600372059729f432a86
7
- data.tar.gz: e1626c35abfbca01ad4d00157ce149add3330414ac5dee2ce532d6ed65709a3244f15f6814df534ad0fd18e23f08252887dba1da1df6f262e3a89b7c94b71f87
6
+ metadata.gz: 2f45ef0d8dafd166e4f6c9ed03605ce0f41aa0715684836124bc3b262cc23526c98adc16d7c95008b802476c76e1b1815c31f03b4b4ea6076a732ef63522bc9f
7
+ data.tar.gz: 213f1f078d04f38865e663f6985b0510eabd3d9c43487dc358f4f0a8a2913f48cb03b7cf12d0508459041a0316182db8f519e91b9f0b06717e46d28ef9cfadc7
data/bin/cert-to-cwt.rb CHANGED
@@ -50,7 +50,14 @@ def bitstringtobytes(s)
50
50
  end
51
51
 
52
52
  def datetimeasn1(s)
53
- Time.iso8601(s.sub(/\A(..)(..)(..)(..)(..)(..)Z\z/){"20#$1-#$2-#$3T#$4:#$5:#$6Z"}).to_i
53
+ case s.keys
54
+ when [:t]
55
+ Time.iso8601(s.fetch(:t).sub(/\A(..)(..)(..)(..)(..)(..)Z\z/){"20#$1-#$2-#$3T#$4:#$5:#$6Z"}).to_i
56
+ when [:gt]
57
+ Time.iso8601(s.fetch(:gt).sub(/\A(....)(..)(..)(..)(..)(..(?:[.]\d*)?)Z\z/){"#$1-#$2-#$3T#$4:#$5:#$6Z"}).to_i
58
+ else
59
+ fail ["unknown date/time type", s.keys].inspect
60
+ end
54
61
  end
55
62
 
56
63
  OIDLOOKUP = Hash.new {|h, k| k}
@@ -93,7 +100,13 @@ ALGLOOKUP = Hash.new {|h, k| k}
93
100
  %w(
94
101
  1.2.840.113549.1.1.11 sha256WithRSAEncryption
95
102
  1.2.840.113549.1.1.1 rsaEncryption
103
+ 1.2.840.10045.2.1 ecPublicKey
104
+
105
+ 1.2.840.10045.3.1.7 secp256r1
106
+ 1.2.840.10045.3.1.34 secp384r1
107
+ 1.2.840.10045.3.1.35 secp521r1
96
108
  ).each_slice(2).map{ |x, y| ALGLOOKUP[x] = y.intern}
109
+ # prime192v1(1) prime192v2(2) prime192v3(3) prime239v1(4) prime239v2(5) prime239v3(6) prime256v1(7)
97
110
 
98
111
  SYMLOOKUP = Hash.new {|h, k| warn "label unknown for key :#{k}"; k}
99
112
  %w(
@@ -110,7 +123,10 @@ kty 1
110
123
  n -1
111
124
  e -2
112
125
 
113
- serial -100000
126
+ crv -1
127
+ x -2
128
+ y -3
129
+
114
130
  pk -100001
115
131
  ).each_slice(2).map{ |x, y| SYMLOOKUP[x.intern] = y.to_i}
116
132
 
@@ -139,13 +155,13 @@ tbs, sigalg, sigval = cert.fetch(:seq)
139
155
  ver, ser, sigalg1, iss, validity, sub, spki, *rest = tbs.fetch(:seq)
140
156
  fail [:ver, ver].inspect unless ver == {exp0: [2]}
141
157
  fail [:ser, set].inspect unless Integer === ser
142
- claimset[:serial] = ser
158
+ claimset[:cti] = numbertobytes(ser)
143
159
  fail [:alg, sigalg, sigalg1].inspect unless sigalg == sigalg1
144
160
 
145
161
  decoded_sigalg = ALGLOOKUP[sigalg.fetch(:seq).first]
146
162
  # p decoded_sigalg
147
163
 
148
- notbefore, notafter = validity.fetch(:seq).map{|x| datetimeasn1(x.fetch(:t))}
164
+ notbefore, notafter = validity.fetch(:seq).map{|x| datetimeasn1(x)}
149
165
  # p [notbefore, notafter]
150
166
  claimset[:nbf] = notbefore
151
167
  claimset[:exp] = notafter
@@ -154,7 +170,9 @@ claimset[:iss] = dntostring(iss)
154
170
  claimset[:sub] = dntostring(sub)
155
171
 
156
172
  pkalg, pkbits = spki.fetch(:seq)
157
- decoded_pkalg = ALGLOOKUP[pkalg.fetch(:seq).first]
173
+ pkalgseq1, pkalgseq2 = pkalg.fetch(:seq)
174
+ decoded_pkalg = ALGLOOKUP[pkalgseq1]
175
+ decoded_pkalgparm = ALGLOOKUP[pkalgseq2]
158
176
  kk = bitstringtobytes(pkbits.fetch(:bits))
159
177
  case decoded_pkalg
160
178
  when :rsaEncryption
@@ -162,8 +180,29 @@ when :rsaEncryption
162
180
  n, e = kk.fetch(:seq)
163
181
  u = CBOR.encode(n)
164
182
  claimset[:pk] = {kty: 3, n: numbertobytes(n), e: numbertobytes(e)}
183
+ when :ecPublicKey
184
+ case decoded_pkalgparm
185
+ when :secp256r1
186
+ case kk.getbyte(0)
187
+ # XXX: check lengths
188
+ when 4
189
+ fail "Weird EC key #{kk.hexi}" unless kk.size == 65
190
+ y = kk[33..64]
191
+ when 2
192
+ fail "Weird EC key #{kk.hexi}" unless kk.size == 33
193
+ y = false
194
+ when 3
195
+ fail "Weird EC key #{kk.hexi}" unless kk.size == 33
196
+ y = true
197
+ else
198
+ fail "Weird EC key #{kk.hexi}"
199
+ end
200
+ claimset[:pk] = {kty: 2, crv: 1, x: kk[1..32], y: y}
201
+ else
202
+ claimset[:pk] = ["ecPublicKey", pkalgseq2, kk] # TODO convert to COSE key
203
+ end
165
204
  else
166
- claimset[:pk] = [decoded_pkalg, kk] # TODO convert to COSE key
205
+ claimset[:pk] = [decoded_pkalg, pkalgseq2, kk] # TODO convert to COSE key
167
206
  end
168
207
 
169
208
  rest1 = rest.reduce({}, :merge)
data/cert-to-cwt.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = "cert-to-cwt"
3
- s.version = "0.0.1"
3
+ s.version = "0.0.2"
4
4
  s.summary = "Convert an X.509 cert into a CWT claim set"
5
5
  s.description = %q{cert-to-cwt is a highly experimental converter for X.509 certificates into CWT claim sets.}
6
6
  s.author = "Carsten Bormann"
@@ -9,11 +9,11 @@ Gem::Specification.new do |s|
9
9
  s.has_rdoc = false
10
10
  s.files = Dir['lib/**/*.rb'] + %w(cert-to-cwt.gemspec) + Dir['bin/**/*.rb']
11
11
  s.executables = Dir['bin/**/*.rb'].map {|x| File.basename(x)}
12
- s.required_ruby_version = '>= 2.4.1'
12
+ s.required_ruby_version = '>= 2.3.1'
13
13
 
14
14
  s.require_paths = ["lib"]
15
15
 
16
16
  s.add_development_dependency 'bundler', '~>1'
17
17
  s.add_dependency 'cbor-diag'
18
- s.add_dependency 'asn1-diag'
18
+ s.add_dependency 'asn1-diag', ">= 0.0.2"
19
19
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cert-to-cwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Carsten Bormann
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-08-21 00:00:00.000000000 Z
11
+ date: 2017-08-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: '0'
47
+ version: 0.0.2
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
- version: '0'
54
+ version: 0.0.2
55
55
  description: cert-to-cwt is a highly experimental converter for X.509 certificates
56
56
  into CWT claim sets.
57
57
  email: cabo@tzi.org
@@ -74,7 +74,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
74
74
  requirements:
75
75
  - - ">="
76
76
  - !ruby/object:Gem::Version
77
- version: 2.4.1
77
+ version: 2.3.1
78
78
  required_rubygems_version: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - ">="