certie 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/certie +19 -0
- data/lib/certie.rb +100 -0
- metadata +58 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: d6e1cb8a0e33e9293d80d691f0e8823c67810b388212569e45afcbcd926bfbc9
|
4
|
+
data.tar.gz: 3efbdc54c10c9f838d62a257d4427813d24f3f6546531e97a88f3c6a52341d20
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 2463d49a316393ad773e4101bf8307d9db69783f4efecaacb84568bbc0a2a993c527356cc95991edb2c3f9cd56d56aa2fe0f4608745da6c6a5d0ac0697cf6f32
|
7
|
+
data.tar.gz: 223456217cfc468be901fe28fb161e09ed923cbfaf76905b3681e5d64c0e7bf8bd30e5753cf57eeeec344ea2fe99ddfb731ae60c4158093c4fcaeb8a8b31e0f8
|
data/bin/certie
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'certie'
|
3
|
+
|
4
|
+
def show_usage
|
5
|
+
puts "Usage: #{$0} <common_name>"
|
6
|
+
puts "Example: #{$0} example.com"
|
7
|
+
end
|
8
|
+
|
9
|
+
ARGV.each do |iterarg|
|
10
|
+
if iterarg=='--help'
|
11
|
+
show_usage ; exit
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
if ARGV.length == 0
|
16
|
+
show_usage ; exit
|
17
|
+
end
|
18
|
+
|
19
|
+
CertificateWrapper.build ARGV[0]
|
data/lib/certie.rb
ADDED
@@ -0,0 +1,100 @@
|
|
1
|
+
|
2
|
+
require 'openssl'
|
3
|
+
|
4
|
+
class CertificateWrapper
|
5
|
+
@@subject_prefix = '/C=AE/ST=Dubai/L=Dubai/O=KNR/OU=Software'
|
6
|
+
|
7
|
+
def self.get_counter_next
|
8
|
+
serial = 0
|
9
|
+
if File.exists?('serial.txt')
|
10
|
+
File.open 'serial.txt', 'r' do |myfile|
|
11
|
+
strSerial = myfile.readline
|
12
|
+
strSerial.chomp!
|
13
|
+
serial = strSerial.to_i
|
14
|
+
end
|
15
|
+
else
|
16
|
+
serial = 0
|
17
|
+
end
|
18
|
+
|
19
|
+
serial += 1
|
20
|
+
|
21
|
+
File.open 'serial.txt', 'w' do |myfile|
|
22
|
+
myfile.print serial.to_s
|
23
|
+
end
|
24
|
+
|
25
|
+
serial
|
26
|
+
end
|
27
|
+
|
28
|
+
def self.create_certificate(cn=nil)
|
29
|
+
if cn.nil?
|
30
|
+
cn = "ca"
|
31
|
+
end
|
32
|
+
|
33
|
+
subject = @@subject_prefix + '/CN=' + cn
|
34
|
+
serial = get_counter_next
|
35
|
+
|
36
|
+
key = OpenSSL::PKey::RSA.new 2048
|
37
|
+
File.open "#{cn}.rsa", 'wb' do |myfile|
|
38
|
+
myfile.print key.to_pem
|
39
|
+
end
|
40
|
+
|
41
|
+
cert = OpenSSL::X509::Certificate.new
|
42
|
+
cert.version = 2 #This is v3
|
43
|
+
|
44
|
+
cert.serial = serial
|
45
|
+
|
46
|
+
cert.subject = OpenSSL::X509::Name.parse subject
|
47
|
+
cert.public_key = key.public_key
|
48
|
+
cert.not_before = Time.now
|
49
|
+
cert.not_after = cert.not_before + (60 * 60 * 24 * 365)
|
50
|
+
|
51
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
52
|
+
|
53
|
+
|
54
|
+
if cn == "ca"
|
55
|
+
cert.issuer = OpenSSL::X509::Name.parse subject
|
56
|
+
ef.subject_certificate = cert
|
57
|
+
ef.issuer_certificate = cert
|
58
|
+
cert.add_extension ef.create_extension('basicConstraints', 'CA:TRUE', true)
|
59
|
+
cert.add_extension ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true)
|
60
|
+
cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash', false )
|
61
|
+
cert.add_extension ef.create_extension('authorityKeyIdentifier', 'keyid:always', false)
|
62
|
+
|
63
|
+
cert.sign key, OpenSSL::Digest.new('SHA256')
|
64
|
+
|
65
|
+
File.open "#{cn}.cert", 'wb' do |myfile|
|
66
|
+
myfile.print cert.to_pem
|
67
|
+
end
|
68
|
+
else
|
69
|
+
rootCert = OpenSSL::X509::Certificate.new File.read 'ca.cert'
|
70
|
+
rootKey = OpenSSL::PKey::RSA.new File.read 'ca.rsa'
|
71
|
+
|
72
|
+
cert.issuer = OpenSSL::X509::Name.parse(@@subject_prefix + '/CN=' + 'ca')
|
73
|
+
ef.subject_certificate = cert
|
74
|
+
ef.issuer_certificate = rootCert
|
75
|
+
# cert.add_extension ef.create_extension('keyUsage', 'digitalSignature', true) # TODO: check if we can set webServer and webClient
|
76
|
+
cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash', false )
|
77
|
+
|
78
|
+
cert.sign rootKey, OpenSSL::Digest.new('SHA256')
|
79
|
+
|
80
|
+
File.open "#{cn}.cert", 'wb' do |myfile|
|
81
|
+
myfile.print cert.to_pem
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
`openssl pkcs8 -topk8 -inform pem -in "#{cn}.rsa" -out "#{cn}.key" -nocrypt`
|
86
|
+
`cat "#{cn}.cert" "#{cn}.key" > "#{cn}.pem"`
|
87
|
+
end
|
88
|
+
|
89
|
+
|
90
|
+
def self.build(cn)
|
91
|
+
doWeHaveARootCertificate = File.exists? 'ca.cert'
|
92
|
+
doWeHaveARootKey = File.exists? 'ca.rsa'
|
93
|
+
|
94
|
+
if not (doWeHaveARootCertificate and doWeHaveARootKey)
|
95
|
+
create_certificate
|
96
|
+
end
|
97
|
+
|
98
|
+
create_certificate cn
|
99
|
+
end
|
100
|
+
end
|
metadata
ADDED
@@ -0,0 +1,58 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: certie
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.2
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Katkam Nitin Reddy
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-08-22 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: openssl
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
description:
|
28
|
+
email:
|
29
|
+
executables:
|
30
|
+
- certie
|
31
|
+
extensions: []
|
32
|
+
extra_rdoc_files: []
|
33
|
+
files:
|
34
|
+
- bin/certie
|
35
|
+
- lib/certie.rb
|
36
|
+
homepage:
|
37
|
+
licenses: []
|
38
|
+
metadata: {}
|
39
|
+
post_install_message:
|
40
|
+
rdoc_options: []
|
41
|
+
require_paths:
|
42
|
+
- lib
|
43
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
49
|
+
requirements:
|
50
|
+
- - ">="
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: '0'
|
53
|
+
requirements: []
|
54
|
+
rubygems_version: 3.0.6
|
55
|
+
signing_key:
|
56
|
+
specification_version: 4
|
57
|
+
summary: A utility for generating certificates
|
58
|
+
test_files: []
|