RubyGems - certificate_authority - Versions diffs - 0.1.3 → 0.1.4 - Mend

certificate_authority 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

data/README.rdoc +92 -86
data/VERSION.yml +2 -2
data/certificate_authority.gemspec +9 -7
data/lib/certificate_authority.rb +1 -1
data/lib/certificate_authority/certificate.rb +60 -38
data/lib/certificate_authority/certificate_revocation_list.rb +12 -12
data/lib/certificate_authority/distinguished_name.rb +33 -14
data/lib/certificate_authority/extensions.rb +77 -63
data/lib/certificate_authority/key_material.rb +48 -15
data/lib/certificate_authority/ocsp_handler.rb +24 -24
data/lib/certificate_authority/pkcs11_key_material.rb +13 -13
data/lib/certificate_authority/serial_number.rb +3 -3
data/lib/certificate_authority/signing_entity.rb +5 -7
data/spec/units/certificate_revocation_list_spec.rb +16 -16
data/spec/units/certificate_spec.rb +149 -84
data/spec/units/distinguished_name_spec.rb +26 -5
data/spec/units/extensions_spec.rb +72 -10
data/spec/units/key_material_spec.rb +69 -65
data/spec/units/ocsp_handler_spec.rb +20 -20
data/spec/units/pkcs11_key_material_spec.rb +41 -0
data/spec/units/serial_number_spec.rb +4 -4
metadata +50 -53

data/lib/certificate_authority/certificate_revocation_list.rb CHANGED Viewed

@@ -1,31 +1,31 @@
 module CertificateAuthority
   class CertificateRevocationList
     include ActiveModel::Validations
     attr_accessor :certificates
     attr_accessor :parent
     attr_accessor :crl_body
     attr_accessor :next_update
     validate do |crl|
       errors.add :next_update, "Next update must be a positive value" if crl.next_update < 0
       errors.add :parent, "A parent entity must be set" if crl.parent.nil?
     end
     def initialize
       self.certificates = []
       self.next_update = 60 * 60 * 4 # 4 hour default
     end
     def <<(cert)
       raise "Only revoked certificates can be added to a CRL" unless cert.revoked?
       self.certificates << cert
     end
     def sign!
       raise "No parent entity has been set!" if self.parent.nil?
       raise "Invalid CRL" unless self.valid?
       revocations = self.certificates.collect do |certificate|
         revocation = OpenSSL::X509::Revoked.new
         x509_cert = OpenSSL::X509::Certificate.new(certificate.to_pem)
@@ -33,27 +33,27 @@ module CertificateAuthority
         revocation.time = certificate.revoked_at
         revocation
       end
       crl = OpenSSL::X509::CRL.new
       revocations.each do |revocation|
         crl.add_revoked(revocation)
       end
       crl.version = 1
       crl.last_update = Time.now
       crl.next_update = Time.now + self.next_update
       signing_cert = OpenSSL::X509::Certificate.new(self.parent.to_pem)
       digest = OpenSSL::Digest::Digest.new("SHA512")
       crl.issuer = signing_cert.subject
       self.crl_body = crl.sign(self.parent.key_material.private_key, digest)
       self.crl_body
     end
     def to_pem
       raise "No signed CRL body" if self.crl_body.nil?
       self.crl_body.to_pem
     end
   end#CertificateRevocationList
-end
+end

data/lib/certificate_authority/distinguished_name.rb CHANGED Viewed

@@ -1,39 +1,58 @@
 module CertificateAuthority
   class DistinguishedName
     include ActiveModel::Validations
     validates_presence_of :common_name
     attr_accessor :common_name
     alias :cn :common_name
     attr_accessor :locality
     alias :l :locality
     attr_accessor :state
     alias :s :state
     attr_accessor :country
     alias :c :country
     attr_accessor :organization
     alias :o :organization
     attr_accessor :organizational_unit
     alias :ou :organizational_unit
     def to_x509_name
       raise "Invalid Distinguished Name" unless valid?
       # NB: the capitalization in the strings counts
       name = OpenSSL::X509::Name.new
       name.add_entry("CN", common_name)
       name.add_entry("O", organization) unless organization.blank?
-      name.add_entry("OU", common_name) unless organizational_unit.blank?
-      name.add_entry("S", common_name) unless state.blank?
-      name.add_entry("L", common_name) unless locality.blank?
+      name.add_entry("OU", organizational_unit) unless organizational_unit.blank?
+      name.add_entry("ST", state) unless state.blank?
+      name.add_entry("L", locality) unless locality.blank?
+      name.add_entry("C", country) unless country.blank?
+      name
+    end
+    def self.from_openssl openssl_name
+      unless openssl_name.is_a? OpenSSL::X509::Name
+        raise "Argument must be a OpenSSL::X509::Name"
+      end
+      name = DistinguishedName.new
+      openssl_name.to_a.each do |k,v|
+        case k
+        when "CN" then name.common_name = v
+        when "L" then name.locality = v
+        when "ST" then name.state = v
+        when "C" then name.country = v
+        when "O" then name.organization = v
+        when "OU" then name.organizational_unit = v
+        end
+      end
       name
     end
   end
-end
+end

data/lib/certificate_authority/extensions.rb CHANGED Viewed

@@ -4,40 +4,40 @@ module CertificateAuthority
       def to_s
         raise "Implementation required"
       end
       def config_extensions
         {}
       end
       def openssl_identifier
         raise "Implementation required"
       end
     end
     class BasicContraints
       include ExtensionAPI
       include ActiveModel::Validations
       attr_accessor :ca
       attr_accessor :path_len
       validates :ca, :inclusion => [true,false]
       def initialize
         self.ca = false
       end
       def is_ca?
         self.ca
       end
       def path_len=(value)
         raise "path_len must be a non-negative integer" if value < 0 or !value.is_a?(Fixnum)
         @path_len = value
       end
       def openssl_identifier
         "basicConstraints"
       end
       def to_s
         result = ""
         result += "CA:#{self.ca}"
@@ -45,20 +45,20 @@ module CertificateAuthority
         result
       end
     end
     class CrlDistributionPoints
       include ExtensionAPI
       attr_accessor :uri
       def initialize
-        self.uri = "http://moo.crlendPoint.example.com/something.crl"
+        # self.uri = "http://moo.crlendPoint.example.com/something.crl"
       end
       def openssl_identifier
         "crlDistributionPoints"
       end
       ## NB: At this time it seems OpenSSL's extension handlers don't support
       ## any of the config options the docs claim to support... everything comes back
       ## "missing value" on GENERAL NAME. Even if copied verbatim
@@ -68,141 +68,155 @@ module CertificateAuthority
           # "issuer_sect" => {"CN" => "crlissuer.com", "C" => "US", "O" => "shudder"}
         }
       end
       def to_s
+        return "" if self.uri.nil?
         "URI:#{self.uri}"
       end
     end
     class SubjectKeyIdentifier
       include ExtensionAPI
       def openssl_identifier
         "subjectKeyIdentifier"
       end
       def to_s
         "hash"
       end
     end
     class AuthorityKeyIdentifier
       include ExtensionAPI
       def openssl_identifier
         "authorityKeyIdentifier"
       end
       def to_s
         "keyid,issuer"
       end
     end
     class AuthorityInfoAccess
       include ExtensionAPI
       attr_accessor :ocsp
       def initialize
         self.ocsp = []
       end
       def openssl_identifier
         "authorityInfoAccess"
       end
       def to_s
         return "" if self.ocsp.empty?
         "OCSP;URI:#{self.ocsp}"
       end
     end
     class KeyUsage
       include ExtensionAPI
       attr_accessor :usage
       def initialize
         self.usage = ["digitalSignature", "nonRepudiation"]
       end
       def openssl_identifier
         "keyUsage"
       end
       def to_s
         "#{self.usage.join(',')}"
       end
     end
     class ExtendedKeyUsage
       include ExtensionAPI
       attr_accessor :usage
       def initialize
         self.usage = ["serverAuth","clientAuth"]
       end
       def openssl_identifier
         "extendedKeyUsage"
       end
       def to_s
         "#{self.usage.join(',')}"
       end
     end
     class SubjectAlternativeName
       include ExtensionAPI
-      attr_accessor :uris
+      attr_accessor :uris, :dns_names, :ips
       def initialize
         self.uris = []
+        self.dns_names = []
+        self.ips = []
       end
       def uris=(value)
         raise "URIs must be an array" unless value.is_a?(Array)
         @uris = value
       end
+      def dns_names=(value)
+        raise "DNS names must be an array" unless value.is_a?(Array)
+        @dns_names = value
+      end
+      def ips=(value)
+        raise "IPs must be an array" unless value.is_a?(Array)
+        @ips = value
+      end
       def openssl_identifier
         "subjectAltName"
       end
       def to_s
-        if self.uris.empty?
-          return ""
-        end
-        "URI:#{self.uris.join(',URI:')}"
+        res =  self.uris.map {|u| "URI:#{u}" }
+        res += self.dns_names.map {|d| "DNS:#{d}" }
+        res += self.ips.map {|i| "IP:#{i}" }
+        return res.join(',')
       end
     end
     class CertificatePolicies
       include ExtensionAPI
       attr_accessor :policy_identifier
       attr_accessor :cps_uris
       ##User notice
       attr_accessor :explicit_text
       attr_accessor :organization
       attr_accessor :notice_numbers
       def initialize
         @contains_data = false
       end
       def openssl_identifier
         "certificatePolicies"
       end
       def user_notice=(value={})
         value.keys.each do |key|
           self.send("#{key}=".to_sym, value[key])
         end
       end
       def config_extensions
         config_extension = {}
         custom_policies = {}
@@ -210,43 +224,43 @@ module CertificateAuthority
         unless self.policy_identifier.nil?
           custom_policies["policyIdentifier"] = self.policy_identifier
         end
         if !self.cps_uris.nil? and self.cps_uris.is_a?(Array)
           self.cps_uris.each_with_index do |cps_uri,i|
             custom_policies["CPS.#{i}"] = cps_uri
           end
         end
         unless self.explicit_text.nil?
           notice["explicitText"] = self.explicit_text
         end
         unless self.organization.nil?
           notice["organization"] = self.organization
         end
         unless self.notice_numbers.nil?
           notice["noticeNumbers"] = self.notice_numbers
         end
         if notice.keys.size > 0
           custom_policies["userNotice.1"] = "@notice"
           config_extension["notice"] = notice
         end
         if custom_policies.keys.size > 0
           config_extension["custom_policies"] = custom_policies
           @contains_data = true
         end
         config_extension
       end
       def to_s
         return "" unless @contains_data
         "ia5org,@custom_policies"
       end
     end
   end
-end
+end