certificate-transparency 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/certificate-transparency.rb +1 -0
  3. data/lib/certificate-transparency/certificate_chain.rb +53 -0
  4. data/lib/certificate-transparency/log_entry.rb +47 -17
  5. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9d4d276d39e865c024a5ceada2a373fa28a6e000
4
- data.tar.gz: d4fdbbbbb5370044a45e0b142a3b53bbe6f0bf71
3
+ metadata.gz: a79a012d5182f45a32441f36a7d01853babefce5
4
+ data.tar.gz: 52007f0dd5ee5ae0f695709ab333e146525aaaf3
5
5
  SHA512:
6
- metadata.gz: bdc16768f058da4261e5847c0d7eaffd0b2fd239184bd213cb4f5d22f095f3a98b7adc4039beb373b80aecf064857820c323141929872f133aae73c6464f1841
7
- data.tar.gz: c436c791481f67c184359634609d89c9a9989d529fda9c21487dd4033a889b022549d58bd3c550a4e5d4e53e57f793b1731844d2ac311b53207e7bbca4fc7da3
6
+ metadata.gz: 6deb537a51d4c064214b2017dbfacfd93ba430836bcaf1adb78d0f1bb28dd5c40233adc8d7591534189a394b8f7194129323640a3068bbbc2cf15386a446c184
7
+ data.tar.gz: 2e0805987f1c1a2f69fc8cbda8cce94d0685bcf8339210fe4e38f6cb5d6d3a4c4aee4ef23c37a763f98168cbb2bdf51d738dcf556d94a9343ac354cb72f780c2
data/lib/certificate-transparency.rb CHANGED
@@ -31,6 +31,7 @@ end
31
31
  require_relative 'certificate-transparency/extensions/string'
32
32
  require_relative 'certificate-transparency/extensions/time'
33
33
 
34
+ require_relative 'certificate-transparency/certificate_chain'
34
35
  require_relative 'certificate-transparency/log_entry'
35
36
  require_relative 'certificate-transparency/merkle_tree_leaf'
36
37
  require_relative 'certificate-transparency/pre_cert'
data/lib/certificate-transparency/certificate_chain.rb ADDED
@@ -0,0 +1,53 @@
1
+ # A chain of certificates, from an end-entity certificate to a root certificate
2
+ # presumably trusted by the log.
3
+ #
4
+ # This is a fairly thin wrapper around an `Array`, with methods for serialization
5
+ # and deserialization.
6
+ #
7
+ class CertificateTransparency::CertificateChain
8
+ extend Forwardable
9
+
10
+ def_delegators :@chain, :length, :<<, :each
11
+
12
+ include Enumerable
13
+
14
+ # Create a {CT::CertificateChain} instance from a binary blob.
15
+ #
16
+ # You have to be slightly careful with this; for different types of `MerkleTreeLeaf`,
17
+ # the serialized data that comes out of `/get-entries` is different.
18
+ #
19
+ # @param blob [String]
20
+ #
21
+ # @return [CT::CertificateChain}
22
+ #
23
+ def self.from_blob(blob)
24
+ new.tap do |cc|
25
+ chain, rest = TLS::Opaque.from_blob(blob, 2**24-1)
26
+
27
+ unless rest.empty?
28
+ raise ArgumentError,
29
+ "Malformed CertificateChain blob: " +
30
+ "unexpected additional data: #{rest.inspect}"
31
+ end
32
+
33
+ chain = chain.value
34
+ until chain.empty?
35
+ cert_blob, chain = TLS::Opaque.from_blob(chain, 2**24-1)
36
+
37
+ cc << OpenSSL::X509::Certificate.new(cert_blob.value)
38
+ end
39
+ end
40
+ end
41
+
42
+ def initialize
43
+ @chain = []
44
+ end
45
+
46
+ # Generate an encoded blob of this certificate chain.
47
+ #
48
+ # @return [String]
49
+ #
50
+ def to_blob
51
+ TLS::Opaque.new(@chain.map { |c| TLS::Opaque.new(c.to_der, 2**24-1).to_blob }.join, 2**24-1).to_blob
52
+ end
53
+ end
data/lib/certificate-transparency/log_entry.rb CHANGED
@@ -1,13 +1,32 @@
1
1
  require 'json'
2
2
  require 'tls'
3
3
 
4
- # An element of a CT get-entries array (RFC6962 s4.6). Note that this is
5
- # **not** the `LogEntry` type defined in RFC6962 s3.1, because that type is
6
- # never actually used anywhere, so I stole its name.
4
+ # An element of a CT get-entries array (RFC6962 s4.6).
5
+ #
6
+ # @note This is **not** the `LogEntry` type defined in RFC6962 s3.1, because
7
+ # that type is never actually used anywhere, so I stole its name.
8
+ #
9
+ # @note Unlike most other classes, the instance methods on this type are
10
+ # *not* a 1:1 mapping to the elements of the source data structure. The
11
+ # `extra_data` key in the JSON is a grotty amalgam of several other
12
+ # things. Those pieces are available via {#certificate_chain} and
13
+ # {#precertificate}.
7
14
  #
8
15
  class CertificateTransparency::LogEntry
16
+ # @return [CT::MerkleTreeLeaf]
17
+ #
9
18
  attr_accessor :leaf_input
10
- attr_accessor :extra_data
19
+
20
+ # @return [CT::CertificateChain]
21
+ #
22
+ attr_accessor :certificate_chain
23
+
24
+ # The precertificate if this log entry is for a precert, or `nil`
25
+ # otherwise.
26
+ #
27
+ # @return [OpenSSL::X509::Certificate]
28
+ #
29
+ attr_accessor :precertificate
11
30
 
12
31
  # Create a new LogEntry instance from a single member of the
13
32
  # `"entries"` array returned by `/ct/v1/get-entries`.
@@ -19,25 +38,36 @@ class CertificateTransparency::LogEntry
19
38
  le_blob = doc["leaf_input"].unpack("m").first
20
39
  sth.leaf_input = CT::MerkleTreeLeaf.from_blob(le_blob)
21
40
 
22
- sth.extra_data = []
23
41
  ed_blob = doc["extra_data"].unpack("m").first
42
+
24
43
  if sth.leaf_input.timestamped_entry.entry_type == :precert_entry
25
- pre_cert_blob, ed_blob = TLS::Opaque.from_blob(ed_blob, 2**24-1)
44
+ precert_blob, ed_blob = TLS::Opaque.from_blob(ed_blob, 2**24-1)
26
45
 
27
- sth.extra_data << OpenSSL::X509::Certificate.new(pre_cert_blob.value)
46
+ sth.precertificate = OpenSSL::X509::Certificate.new(precert_blob.value)
28
47
  end
29
48
 
30
- ed_blob, rest = TLS::Opaque.from_blob(ed_blob, 2**24-1)
31
- unless rest.empty?
32
- raise ArgumentError,
33
- "Unexpected garbage after certificate_chain: #{rest.inspect}"
34
- end
49
+ sth.certificate_chain = CT::CertificateChain.from_blob(ed_blob)
50
+ end
51
+ end
35
52
 
36
- ed_blob = ed_blob.value
37
- until ed_blob.empty?
38
- cert_blob, ed_blob = TLS::Opaque.from_blob(ed_blob, 2**24-1)
39
- sth.extra_data << OpenSSL::X509::Certificate.new(cert_blob.value)
40
- end
53
+ # Return a JSON string that represents this log entry, as it would
54
+ # exist in a response from `/get-entries`.
55
+ #
56
+ # @return [String]
57
+ #
58
+ def to_json
59
+ json = { :leaf_input => [leaf_input.to_blob].pack("m0") }
60
+
61
+ ed_blob = ""
62
+
63
+ if leaf_input.timestamped_entry.entry_type == :precert_entry
64
+ ed_blob += TLS::Opaque.new(precertificate.to_der, 2**24-1).to_blob
41
65
  end
66
+
67
+ ed_blob += certificate_chain.to_blob
68
+
69
+ json[:extra_data] = [ed_blob].pack("m0")
70
+
71
+ json.to_json
42
72
  end
43
73
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: certificate-transparency
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Palmer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-06-11 00:00:00.000000000 Z
11
+ date: 2015-06-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -157,6 +157,7 @@ files:
157
157
  - lib/.gitkeep
158
158
  - lib/certificate-transparency-client.rb
159
159
  - lib/certificate-transparency.rb
160
+ - lib/certificate-transparency/certificate_chain.rb
160
161
  - lib/certificate-transparency/extensions/string.rb
161
162
  - lib/certificate-transparency/extensions/time.rb
162
163
  - lib/certificate-transparency/log_entry.rb