certificate-transparency 0.4.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/certificate-transparency.rb +1 -0
  3. data/lib/certificate-transparency/certificate_chain.rb +53 -0
  4. data/lib/certificate-transparency/log_entry.rb +47 -17
  5. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9d4d276d39e865c024a5ceada2a373fa28a6e000
4
- data.tar.gz: d4fdbbbbb5370044a45e0b142a3b53bbe6f0bf71
3
+ metadata.gz: a79a012d5182f45a32441f36a7d01853babefce5
4
+ data.tar.gz: 52007f0dd5ee5ae0f695709ab333e146525aaaf3
5
5
  SHA512:
6
- metadata.gz: bdc16768f058da4261e5847c0d7eaffd0b2fd239184bd213cb4f5d22f095f3a98b7adc4039beb373b80aecf064857820c323141929872f133aae73c6464f1841
7
- data.tar.gz: c436c791481f67c184359634609d89c9a9989d529fda9c21487dd4033a889b022549d58bd3c550a4e5d4e53e57f793b1731844d2ac311b53207e7bbca4fc7da3
6
+ metadata.gz: 6deb537a51d4c064214b2017dbfacfd93ba430836bcaf1adb78d0f1bb28dd5c40233adc8d7591534189a394b8f7194129323640a3068bbbc2cf15386a446c184
7
+ data.tar.gz: 2e0805987f1c1a2f69fc8cbda8cce94d0685bcf8339210fe4e38f6cb5d6d3a4c4aee4ef23c37a763f98168cbb2bdf51d738dcf556d94a9343ac354cb72f780c2
data/lib/certificate-transparency.rb CHANGED
@@ -31,6 +31,7 @@ end
31
31
  require_relative 'certificate-transparency/extensions/string'
32
32
  require_relative 'certificate-transparency/extensions/time'
33
33
 
34
+ require_relative 'certificate-transparency/certificate_chain'
34
35
  require_relative 'certificate-transparency/log_entry'
35
36
  require_relative 'certificate-transparency/merkle_tree_leaf'
36
37
  require_relative 'certificate-transparency/pre_cert'
data/lib/certificate-transparency/certificate_chain.rb ADDED
@@ -0,0 +1,53 @@
1
+ # A chain of certificates, from an end-entity certificate to a root certificate
2
+ # presumably trusted by the log.
3
+ #
4
+ # This is a fairly thin wrapper around an `Array`, with methods for serialization
5
+ # and deserialization.
6
+ #
7
+ class CertificateTransparency::CertificateChain
8
+ extend Forwardable
9
+
10
+ def_delegators :@chain, :length, :<<, :each
11
+
12
+ include Enumerable
13
+
14
+ # Create a {CT::CertificateChain} instance from a binary blob.
15
+ #
16
+ # You have to be slightly careful with this; for different types of `MerkleTreeLeaf`,
17
+ # the serialized data that comes out of `/get-entries` is different.
18
+ #
19
+ # @param blob [String]
20
+ #
21
+ # @return [CT::CertificateChain}
22
+ #
23
+ def self.from_blob(blob)
24
+ new.tap do |cc|
25
+ chain, rest = TLS::Opaque.from_blob(blob, 2**24-1)
26
+
27
+ unless rest.empty?
28
+ raise ArgumentError,
29
+ "Malformed CertificateChain blob: " +
30
+ "unexpected additional data: #{rest.inspect}"
31
+ end
32
+
33
+ chain = chain.value
34
+ until chain.empty?
35
+ cert_blob, chain = TLS::Opaque.from_blob(chain, 2**24-1)
36
+
37
+ cc << OpenSSL::X509::Certificate.new(cert_blob.value)
38
+ end
39
+ end
40
+ end
41
+
42
+ def initialize
43
+ @chain = []
44
+ end
45
+
46
+ # Generate an encoded blob of this certificate chain.
47
+ #
48
+ # @return [String]
49
+ #
50
+ def to_blob
51
+ TLS::Opaque.new(@chain.map { |c| TLS::Opaque.new(c.to_der, 2**24-1).to_blob }.join, 2**24-1).to_blob
52
+ end
53
+ end
data/lib/certificate-transparency/log_entry.rb CHANGED
@@ -1,13 +1,32 @@
1
1
  require 'json'
2
2
  require 'tls'
3
3
 
4
- # An element of a CT get-entries array (RFC6962 s4.6). Note that this is
5
- # **not** the `LogEntry` type defined in RFC6962 s3.1, because that type is
6
- # never actually used anywhere, so I stole its name.
4
+ # An element of a CT get-entries array (RFC6962 s4.6).
5
+ #
6
+ # @note This is **not** the `LogEntry` type defined in RFC6962 s3.1, because
7
+ # that type is never actually used anywhere, so I stole its name.
8
+ #
9
+ # @note Unlike most other classes, the instance methods on this type are
10
+ # *not* a 1:1 mapping to the elements of the source data structure. The
11
+ # `extra_data` key in the JSON is a grotty amalgam of several other
12
+ # things. Those pieces are available via {#certificate_chain} and
13
+ # {#precertificate}.
7
14
  #
8
15
  class CertificateTransparency::LogEntry
16
+ # @return [CT::MerkleTreeLeaf]
17
+ #
9
18
  attr_accessor :leaf_input
10
- attr_accessor :extra_data
19
+
20
+ # @return [CT::CertificateChain]
21
+ #
22
+ attr_accessor :certificate_chain
23
+
24
+ # The precertificate if this log entry is for a precert, or `nil`
25
+ # otherwise.
26
+ #
27
+ # @return [OpenSSL::X509::Certificate]
28
+ #
29
+ attr_accessor :precertificate
11
30
 
12
31
  # Create a new LogEntry instance from a single member of the
13
32
  # `"entries"` array returned by `/ct/v1/get-entries`.
@@ -19,25 +38,36 @@ class CertificateTransparency::LogEntry
19
38
  le_blob = doc["leaf_input"].unpack("m").first
20
39
  sth.leaf_input = CT::MerkleTreeLeaf.from_blob(le_blob)
21
40
 
22
- sth.extra_data = []
23
41
  ed_blob = doc["extra_data"].unpack("m").first
42
+
24
43
  if sth.leaf_input.timestamped_entry.entry_type == :precert_entry
25
- pre_cert_blob, ed_blob = TLS::Opaque.from_blob(ed_blob, 2**24-1)
44
+ precert_blob, ed_blob = TLS::Opaque.from_blob(ed_blob, 2**24-1)
26
45
 
27
- sth.extra_data << OpenSSL::X509::Certificate.new(pre_cert_blob.value)
46
+ sth.precertificate = OpenSSL::X509::Certificate.new(precert_blob.value)
28
47
  end
29
48
 
30
- ed_blob, rest = TLS::Opaque.from_blob(ed_blob, 2**24-1)
31
- unless rest.empty?
32
- raise ArgumentError,
33
- "Unexpected garbage after certificate_chain: #{rest.inspect}"
34
- end
49
+ sth.certificate_chain = CT::CertificateChain.from_blob(ed_blob)
50
+ end
51
+ end
35
52
 
36
- ed_blob = ed_blob.value
37
- until ed_blob.empty?
38
- cert_blob, ed_blob = TLS::Opaque.from_blob(ed_blob, 2**24-1)
39
- sth.extra_data << OpenSSL::X509::Certificate.new(cert_blob.value)
40
- end
53
+ # Return a JSON string that represents this log entry, as it would
54
+ # exist in a response from `/get-entries`.
55
+ #
56
+ # @return [String]
57
+ #
58
+ def to_json
59
+ json = { :leaf_input => [leaf_input.to_blob].pack("m0") }
60
+
61
+ ed_blob = ""
62
+
63
+ if leaf_input.timestamped_entry.entry_type == :precert_entry
64
+ ed_blob += TLS::Opaque.new(precertificate.to_der, 2**24-1).to_blob
41
65
  end
66
+
67
+ ed_blob += certificate_chain.to_blob
68
+
69
+ json[:extra_data] = [ed_blob].pack("m0")
70
+
71
+ json.to_json
42
72
  end
43
73
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: certificate-transparency
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Palmer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-06-11 00:00:00.000000000 Z
11
+ date: 2015-06-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -157,6 +157,7 @@ files:
157
157
  - lib/.gitkeep
158
158
  - lib/certificate-transparency-client.rb
159
159
  - lib/certificate-transparency.rb
160
+ - lib/certificate-transparency/certificate_chain.rb
160
161
  - lib/certificate-transparency/extensions/string.rb
161
162
  - lib/certificate-transparency/extensions/time.rb
162
163
  - lib/certificate-transparency/log_entry.rb