certificate-transparency 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 11f886387e3fe45724a6bfba907989cf2a947511
|
|
4
|
+
data.tar.gz: 2cd7d9db7a182db68e07ebb2b6eae5de0a002e14
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a686b0ea5debd3874535bbd71041b4e03ac57407ac2e8c6c19ae027b48e04f67520a13668468b7b6293bd1707df75669447858eb26d341061e6ea26703543bf0
|
|
7
|
+
data.tar.gz: e687144e67b46d75ffe422f0b3693f061f65a00958746eee335d041be5ec4d28db077e33238e49cb23659de8e9bad50d53759ac9af5bed7a31c29d12915919d5
|
|
@@ -32,5 +32,6 @@ require_relative 'certificate-transparency/extensions/string'
|
|
|
32
32
|
require_relative 'certificate-transparency/extensions/time'
|
|
33
33
|
|
|
34
34
|
require_relative 'certificate-transparency/merkle_tree_leaf'
|
|
35
|
+
require_relative 'certificate-transparency/pre_cert'
|
|
35
36
|
require_relative 'certificate-transparency/signed_tree_head'
|
|
36
37
|
require_relative 'certificate-transparency/timestamped_entry'
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
# An RFC6962 `PreCert` structure.
|
|
2
|
+
#
|
|
3
|
+
class CertificateTransparency::PreCert
|
|
4
|
+
attr_accessor :issuer_key_hash, :tbs_certificate
|
|
5
|
+
|
|
6
|
+
# Parse a binary blob into a PreCert structure.
|
|
7
|
+
#
|
|
8
|
+
# It is uncommon to call this directly. Because of the way that the
|
|
9
|
+
# PreCert is encoded, you have to parse the component parts out of the
|
|
10
|
+
# `TimestampedEntry`; however, this method is here if you need it.
|
|
11
|
+
#
|
|
12
|
+
# @param blob [String]
|
|
13
|
+
#
|
|
14
|
+
# @return [CertificateTransparency::PreCert]
|
|
15
|
+
#
|
|
16
|
+
def self.from_blob(blob)
|
|
17
|
+
new.tap do |pc|
|
|
18
|
+
pc.issuer_key_hash, tbs_blob = blob.unpack("a32a*")
|
|
19
|
+
tbs_opaque, rest = TLS::Opaque.from_blob(tbs_blob, 2**24-1)
|
|
20
|
+
unless rest == ""
|
|
21
|
+
raise ArgumentError,
|
|
22
|
+
"Invalid blob (extra data after end of structure: #{rest.inspect}"
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
pc.tbs_certificate = tbs_opaque.value
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
# Turn this structure into an encoded binary blob.
|
|
30
|
+
#
|
|
31
|
+
# @return [String]
|
|
32
|
+
#
|
|
33
|
+
# @raise [RuntimeError] if some of the fields in the structure aren't
|
|
34
|
+
# filled out.
|
|
35
|
+
#
|
|
36
|
+
def to_blob
|
|
37
|
+
if @issuer_key_hash.nil?
|
|
38
|
+
raise RuntimeError,
|
|
39
|
+
"issuer_key_hash is not set"
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
if @tbs_certificate.nil?
|
|
43
|
+
raise RuntimeError,
|
|
44
|
+
"tbs_certificate is not set"
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
[
|
|
48
|
+
@issuer_key_hash,
|
|
49
|
+
TLS::Opaque.new(@tbs_certificate, 2**24-1).to_blob
|
|
50
|
+
].pack("a32a*")
|
|
51
|
+
end
|
|
52
|
+
end
|
|
@@ -65,7 +65,7 @@ class CertificateTransparency::TimestampedEntry
|
|
|
65
65
|
ikh, tbsc_len_hi, tbsc_len_lo, rest = rest.unpack("a32nCa*")
|
|
66
66
|
tbsc_len = tbsc_len_hi * 256 + tbsc_len_lo
|
|
67
67
|
tbsc, rest = rest.unpack("a#{tbsc_len}a*")
|
|
68
|
-
te.precert_entry = ::CertificateTransparency::PreCert.new do |ctpc|
|
|
68
|
+
te.precert_entry = ::CertificateTransparency::PreCert.new.tap do |ctpc|
|
|
69
69
|
ctpc.issuer_key_hash = ikh
|
|
70
70
|
ctpc.tbs_certificate = tbsc
|
|
71
71
|
end
|
data/lib/tls/opaque.rb
CHANGED
|
@@ -48,6 +48,7 @@ class TLS::Opaque
|
|
|
48
48
|
# larger than `maxlen`.
|
|
49
49
|
#
|
|
50
50
|
def self.from_blob(blob, maxlen)
|
|
51
|
+
blob = blob.dup.force_encoding("BINARY")
|
|
51
52
|
len_bytes = lenlen(maxlen)
|
|
52
53
|
|
|
53
54
|
len = blob[0..len_bytes-1].split('').inject(0) do |total, c|
|
|
@@ -59,7 +60,7 @@ class TLS::Opaque
|
|
|
59
60
|
"Encoded length (#{len}) is greater than maxlen (#{maxlen})"
|
|
60
61
|
end
|
|
61
62
|
|
|
62
|
-
if len > blob[len_bytes..-1].
|
|
63
|
+
if len > blob[len_bytes..-1].bytesize
|
|
63
64
|
raise ArgumentError,
|
|
64
65
|
"Encoded length (#{len}) is greater than the number of bytes available"
|
|
65
66
|
end
|
|
@@ -70,12 +71,14 @@ class TLS::Opaque
|
|
|
70
71
|
end
|
|
71
72
|
|
|
72
73
|
def initialize(str, maxlen)
|
|
74
|
+
str = str.dup.force_encoding("BINARY")
|
|
75
|
+
|
|
73
76
|
unless maxlen.is_a? Integer
|
|
74
77
|
raise ArgumentError,
|
|
75
78
|
"maxlen must be an Integer"
|
|
76
79
|
end
|
|
77
80
|
|
|
78
|
-
if str.
|
|
81
|
+
if str.bytesize > maxlen
|
|
79
82
|
raise ArgumentError,
|
|
80
83
|
"value given is longer than maxlen (#{maxlen})"
|
|
81
84
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: certificate-transparency
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matt Palmer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-06-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -160,6 +160,7 @@ files:
|
|
|
160
160
|
- lib/certificate-transparency/extensions/string.rb
|
|
161
161
|
- lib/certificate-transparency/extensions/time.rb
|
|
162
162
|
- lib/certificate-transparency/merkle_tree_leaf.rb
|
|
163
|
+
- lib/certificate-transparency/pre_cert.rb
|
|
163
164
|
- lib/certificate-transparency/signed_tree_head.rb
|
|
164
165
|
- lib/certificate-transparency/timestamped_entry.rb
|
|
165
166
|
- lib/tls.rb
|