certificate_authority 0.1.2 → 1.0.0

data/lib/certificate_authority/signing_request.rb

@@ -0,0 +1,91 @@
+module CertificateAuthority
+  class SigningRequest
+    attr_accessor :distinguished_name
+    attr_accessor :key_material
+    attr_accessor :raw_body
+    attr_accessor :openssl_csr
+    attr_accessor :digest
+    attr_accessor :attributes
+
+    def initialize()
+      @attributes = []
+    end
+
+    # Fake attribute for convenience because adding
+    # alternative names on a CSR is remarkably non-trivial.
+    def subject_alternative_names=(alt_names)
+      raise "alt_names must be an Array" unless alt_names.is_a?(Array)
+
+      factory = OpenSSL::X509::ExtensionFactory.new
+      name_list = alt_names.map{|m| "DNS:#{m}"}.join(",")
+      ext = factory.create_ext("subjectAltName",name_list,false)
+      ext_set = OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence([ext])])
+      attr = OpenSSL::X509::Attribute.new("extReq", ext_set)
+      @attributes << attr
+    end
+
+    def read_attributes_by_oid(*oids)
+      attributes.detect { |a| oids.include?(a.oid) }
+    end
+    protected :read_attributes_by_oid
+
+    def to_cert
+      cert = Certificate.new
+      if !@distinguished_name.nil?
+        cert.distinguished_name = @distinguished_name
+      end
+      cert.key_material = @key_material
+      if attribute = read_attributes_by_oid('extReq', 'msExtReq')
+        set = OpenSSL::ASN1.decode(attribute.value)
+        seq = set.value.first
+        seq.value.collect { |asn1ext| OpenSSL::X509::Extension.new(asn1ext).to_a }.each do |o, v, c|
+         Certificate::EXTENSIONS.each do |klass|
+            cert.extensions[klass::OPENSSL_IDENTIFIER] = klass.parse(v, c) if v && klass::OPENSSL_IDENTIFIER == o
+          end
+        end
+      end
+      cert
+    end
+
+    def to_pem
+      to_x509_csr.to_pem
+    end
+
+    def to_x509_csr
+      raise "Must specify a DN/subject on csr" if @distinguished_name.nil?
+      raise "Invalid DN in request" unless @distinguished_name.valid?
+      raise "CSR must have key material" if @key_material.nil?
+      raise "CSR must include a public key on key material" if @key_material.public_key.nil?
+      raise "Need a private key on key material for CSR generation" if @key_material.private_key.nil?
+
+      opensslcsr = OpenSSL::X509::Request.new
+      opensslcsr.subject = @distinguished_name.to_x509_name
+      opensslcsr.public_key = @key_material.public_key
+      opensslcsr.attributes = @attributes unless @attributes.nil?
+      opensslcsr.sign @key_material.private_key, OpenSSL::Digest.new(@digest || "SHA512")
+      opensslcsr
+    end
+
+    def self.from_x509_csr(raw_csr)
+      csr = SigningRequest.new
+      openssl_csr = OpenSSL::X509::Request.new(raw_csr)
+      csr.distinguished_name = DistinguishedName.from_openssl openssl_csr.subject
+      csr.raw_body = raw_csr
+      csr.openssl_csr = openssl_csr
+      csr.attributes = openssl_csr.attributes
+      key_material = SigningRequestKeyMaterial.new
+      key_material.public_key = openssl_csr.public_key
+      csr.key_material = key_material
+      csr
+    end
+
+    def self.from_netscape_spkac(raw_spkac)
+      openssl_spkac = OpenSSL::Netscape::SPKI.new raw_spkac
+      csr = SigningRequest.new
+      csr.raw_body = raw_spkac
+      key_material = SigningRequestKeyMaterial.new
+      key_material.public_key = openssl_spkac.public_key
+      csr
+    end
+  end
+end

data/lib/certificate_authority/validations.rb

@@ -0,0 +1,31 @@
+#
+# This is a super simple replacement for ActiveSupport::Validations
+#
+
+module CertificateAuthority
+  class Errors < Array
+    def add(symbol, msg)
+      self.push([symbol, msg])
+    end
+    def full_messages
+      self.map {|i| i[0].to_s + ": " + i[1]}.join("\n")
+    end
+  end
+
+  module Validations
+    def valid?
+      @errors = Errors.new
+      validate
+      errors.empty?
+    end
+
+    # must be overridden
+    def validate
+      raise NotImplementedError
+    end
+
+    def errors
+      @errors ||= Errors.new
+    end
+  end
+end

data/lib/certificate_authority/version.rb

@@ -0,0 +1,3 @@
+module CertificateAuthority
+  VERSION = '1.0.0'.freeze
+end

metadata

@@ -1,137 +1,139 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: certificate_authority
-version: !ruby/object:Gem::Version 
-  prerelease: 
-  version: 0.1.2
+version: !ruby/object:Gem::Version
+  version: 1.0.0
 platform: ruby
-authors: 
+authors:
 - Chris Chandler
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-04-21 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
-  name: activemodel
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        version: 3.0.6
-  type: :runtime
+date: 2020-05-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
   prerelease: false
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: rspec
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: jeweler
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        version: 1.5.2
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: rcov
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
   prerelease: false
-  version_requirements: *id004
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
-email: chris@flatterline.com
+email:
+- squanderingtime@gmail.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
-- README.rdoc
-files: 
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Gemfile
 - Gemfile.lock
 - README.rdoc
 - Rakefile
-- VERSION.yml
 - certificate_authority.gemspec
 - lib/certificate_authority.rb
 - lib/certificate_authority/certificate.rb
 - lib/certificate_authority/certificate_revocation_list.rb
+- lib/certificate_authority/core_extensions.rb
 - lib/certificate_authority/distinguished_name.rb
 - lib/certificate_authority/extensions.rb
 - lib/certificate_authority/key_material.rb
 - lib/certificate_authority/ocsp_handler.rb
 - lib/certificate_authority/pkcs11_key_material.rb
+- lib/certificate_authority/revocable.rb
 - lib/certificate_authority/serial_number.rb
 - lib/certificate_authority/signing_entity.rb
+- lib/certificate_authority/signing_request.rb
+- lib/certificate_authority/validations.rb
+- lib/certificate_authority/version.rb
 - lib/tasks/certificate_authority.rake
-- spec/spec_helper.rb
-- spec/units/certificate_authority_spec.rb
-- spec/units/certificate_revocation_list_spec.rb
-- spec/units/certificate_spec.rb
-- spec/units/distinguished_name_spec.rb
-- spec/units/extensions_spec.rb
-- spec/units/key_material_spec.rb
-- spec/units/ocsp_handler_spec.rb
-- spec/units/serial_number_spec.rb
-- spec/units/signing_entity_spec.rb
-- spec/units/units_helper.rb
-homepage: http://github.com/cchandler/certificate_authority
-licenses: 
+homepage: https://github.com/cchandler/certificate_authority
+licenses:
 - MIT
+metadata:
+  homepage_uri: https://github.com/cchandler/certificate_authority
+  source_code_uri: https://github.com/cchandler/certificate_authority
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: -4291817206657186993
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+    - !ruby/object:Gem::Version
+      version: '2.4'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
-rubyforge_project: 
-rubygems_version: 1.7.2
+rubygems_version: 3.1.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Ruby gem for managing the core functions outlined in RFC-3280 for PKI
-test_files: 
-- spec/spec_helper.rb
-- spec/units/certificate_authority_spec.rb
-- spec/units/certificate_revocation_list_spec.rb
-- spec/units/certificate_spec.rb
-- spec/units/distinguished_name_spec.rb
-- spec/units/extensions_spec.rb
-- spec/units/key_material_spec.rb
-- spec/units/ocsp_handler_spec.rb
-- spec/units/serial_number_spec.rb
-- spec/units/signing_entity_spec.rb
-- spec/units/units_helper.rb
+test_files: []

data/VERSION.yml

@@ -1,5 +0,0 @@
---- 
-:major: 0
-:minor: 1
-:patch: 2
-:build: 

data/spec/spec_helper.rb

@@ -1,4 +0,0 @@
-require 'rubygems'
-require 'rspec'
-
-require File.dirname(__FILE__) + '/../lib/certificate_authority'

data/spec/units/certificate_authority_spec.rb

@@ -1,4 +0,0 @@
-require File.dirname(__FILE__) + '/units_helper'
-
-describe CertificateAuthority do
-end

data/spec/units/certificate_revocation_list_spec.rb

@@ -1,68 +0,0 @@
-require File.dirname(__FILE__) + '/units_helper'
-
-describe CertificateAuthority::CertificateRevocationList do
-  before(:each) do
-    @crl = CertificateAuthority::CertificateRevocationList.new
-    
-    @root_certificate = CertificateAuthority::Certificate.new
-    @root_certificate.signing_entity = true
-    @root_certificate.subject.common_name = "CRL Root"
-    @root_certificate.key_material.generate_key
-    @root_certificate.serial_number.number = 1
-    @root_certificate.sign!
-    
-    @certificate = CertificateAuthority::Certificate.new
-    @certificate.key_material.generate_key
-    @certificate.subject.common_name = "http://bogusSite.com"
-    @certificate.parent = @root_certificate
-    @certificate.serial_number.number = 2
-    @certificate.sign!
-    
-    @crl.parent = @root_certificate
-    @certificate.revoked_at = Time.now
-  end
-  
-  it "should accept a list of certificates" do
-    @crl << @certificate
-  end
-  
-  it "should complain if you add a certificate without a revocation time" do
-    @certificate.revoked_at = nil
-    lambda{ @crl << @certificate}.should raise_error
-  end
-  
-  it "should have a 'parent' that will be responsible for signing" do
-    @crl.parent = @root_certificate
-    @crl.parent.should_not be_nil
-  end
-  
-  it "should raise an error if you try and sign a CRL without attaching a parent" do
-    @crl.parent = nil
-    lambda { @crl.sign! }.should raise_error
-  end
-  
-  it "should be able to generate a proper CRL" do
-    @crl << @certificate
-    lambda {@crl.to_pem}.should raise_error
-    @crl.parent = @root_certificate
-    @crl.sign!
-    @crl.to_pem.should_not be_nil
-    OpenSSL::X509::CRL.new(@crl.to_pem).should_not be_nil
-  end
-  
-  describe "Next update" do
-    it "should be able to set a 'next_update' value" do
-      @crl.next_update = (60 * 60 * 10) # 10 Hours
-      @crl.next_update.should_not be_nil
-    end
-    
-    it "should throw an error if we try and sign up with a negative next_update" do
-      @crl.sign!
-      @crl.next_update = - (60 * 60 * 10)
-      lambda{@crl.sign!}.should raise_error
-    end
-    
-  end
-  
-  
-end