certificate-transparency 0.2.1 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 11f886387e3fe45724a6bfba907989cf2a947511
|
4
|
+
data.tar.gz: 2cd7d9db7a182db68e07ebb2b6eae5de0a002e14
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a686b0ea5debd3874535bbd71041b4e03ac57407ac2e8c6c19ae027b48e04f67520a13668468b7b6293bd1707df75669447858eb26d341061e6ea26703543bf0
|
7
|
+
data.tar.gz: e687144e67b46d75ffe422f0b3693f061f65a00958746eee335d041be5ec4d28db077e33238e49cb23659de8e9bad50d53759ac9af5bed7a31c29d12915919d5
|
@@ -32,5 +32,6 @@ require_relative 'certificate-transparency/extensions/string'
|
|
32
32
|
require_relative 'certificate-transparency/extensions/time'
|
33
33
|
|
34
34
|
require_relative 'certificate-transparency/merkle_tree_leaf'
|
35
|
+
require_relative 'certificate-transparency/pre_cert'
|
35
36
|
require_relative 'certificate-transparency/signed_tree_head'
|
36
37
|
require_relative 'certificate-transparency/timestamped_entry'
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# An RFC6962 `PreCert` structure.
|
2
|
+
#
|
3
|
+
class CertificateTransparency::PreCert
|
4
|
+
attr_accessor :issuer_key_hash, :tbs_certificate
|
5
|
+
|
6
|
+
# Parse a binary blob into a PreCert structure.
|
7
|
+
#
|
8
|
+
# It is uncommon to call this directly. Because of the way that the
|
9
|
+
# PreCert is encoded, you have to parse the component parts out of the
|
10
|
+
# `TimestampedEntry`; however, this method is here if you need it.
|
11
|
+
#
|
12
|
+
# @param blob [String]
|
13
|
+
#
|
14
|
+
# @return [CertificateTransparency::PreCert]
|
15
|
+
#
|
16
|
+
def self.from_blob(blob)
|
17
|
+
new.tap do |pc|
|
18
|
+
pc.issuer_key_hash, tbs_blob = blob.unpack("a32a*")
|
19
|
+
tbs_opaque, rest = TLS::Opaque.from_blob(tbs_blob, 2**24-1)
|
20
|
+
unless rest == ""
|
21
|
+
raise ArgumentError,
|
22
|
+
"Invalid blob (extra data after end of structure: #{rest.inspect}"
|
23
|
+
end
|
24
|
+
|
25
|
+
pc.tbs_certificate = tbs_opaque.value
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
# Turn this structure into an encoded binary blob.
|
30
|
+
#
|
31
|
+
# @return [String]
|
32
|
+
#
|
33
|
+
# @raise [RuntimeError] if some of the fields in the structure aren't
|
34
|
+
# filled out.
|
35
|
+
#
|
36
|
+
def to_blob
|
37
|
+
if @issuer_key_hash.nil?
|
38
|
+
raise RuntimeError,
|
39
|
+
"issuer_key_hash is not set"
|
40
|
+
end
|
41
|
+
|
42
|
+
if @tbs_certificate.nil?
|
43
|
+
raise RuntimeError,
|
44
|
+
"tbs_certificate is not set"
|
45
|
+
end
|
46
|
+
|
47
|
+
[
|
48
|
+
@issuer_key_hash,
|
49
|
+
TLS::Opaque.new(@tbs_certificate, 2**24-1).to_blob
|
50
|
+
].pack("a32a*")
|
51
|
+
end
|
52
|
+
end
|
@@ -65,7 +65,7 @@ class CertificateTransparency::TimestampedEntry
|
|
65
65
|
ikh, tbsc_len_hi, tbsc_len_lo, rest = rest.unpack("a32nCa*")
|
66
66
|
tbsc_len = tbsc_len_hi * 256 + tbsc_len_lo
|
67
67
|
tbsc, rest = rest.unpack("a#{tbsc_len}a*")
|
68
|
-
te.precert_entry = ::CertificateTransparency::PreCert.new do |ctpc|
|
68
|
+
te.precert_entry = ::CertificateTransparency::PreCert.new.tap do |ctpc|
|
69
69
|
ctpc.issuer_key_hash = ikh
|
70
70
|
ctpc.tbs_certificate = tbsc
|
71
71
|
end
|
data/lib/tls/opaque.rb
CHANGED
@@ -48,6 +48,7 @@ class TLS::Opaque
|
|
48
48
|
# larger than `maxlen`.
|
49
49
|
#
|
50
50
|
def self.from_blob(blob, maxlen)
|
51
|
+
blob = blob.dup.force_encoding("BINARY")
|
51
52
|
len_bytes = lenlen(maxlen)
|
52
53
|
|
53
54
|
len = blob[0..len_bytes-1].split('').inject(0) do |total, c|
|
@@ -59,7 +60,7 @@ class TLS::Opaque
|
|
59
60
|
"Encoded length (#{len}) is greater than maxlen (#{maxlen})"
|
60
61
|
end
|
61
62
|
|
62
|
-
if len > blob[len_bytes..-1].
|
63
|
+
if len > blob[len_bytes..-1].bytesize
|
63
64
|
raise ArgumentError,
|
64
65
|
"Encoded length (#{len}) is greater than the number of bytes available"
|
65
66
|
end
|
@@ -70,12 +71,14 @@ class TLS::Opaque
|
|
70
71
|
end
|
71
72
|
|
72
73
|
def initialize(str, maxlen)
|
74
|
+
str = str.dup.force_encoding("BINARY")
|
75
|
+
|
73
76
|
unless maxlen.is_a? Integer
|
74
77
|
raise ArgumentError,
|
75
78
|
"maxlen must be an Integer"
|
76
79
|
end
|
77
80
|
|
78
|
-
if str.
|
81
|
+
if str.bytesize > maxlen
|
79
82
|
raise ArgumentError,
|
80
83
|
"value given is longer than maxlen (#{maxlen})"
|
81
84
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: certificate-transparency
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matt Palmer
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-06-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -160,6 +160,7 @@ files:
|
|
160
160
|
- lib/certificate-transparency/extensions/string.rb
|
161
161
|
- lib/certificate-transparency/extensions/time.rb
|
162
162
|
- lib/certificate-transparency/merkle_tree_leaf.rb
|
163
|
+
- lib/certificate-transparency/pre_cert.rb
|
163
164
|
- lib/certificate-transparency/signed_tree_head.rb
|
164
165
|
- lib/certificate-transparency/timestamped_entry.rb
|
165
166
|
- lib/tls.rb
|