certificate_authority 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/Gemfile.lock +2 -2
- data/lib/certificate_authority/certificate.rb +50 -15
- data/lib/certificate_authority/version.rb +1 -1
- metadata +8 -8
- data/.travis.yml +0 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e7b36863eef01f5f0a6d07681219864193c4b56cd3d8629bcba95bd974928e24
|
|
4
|
+
data.tar.gz: 589aaed317f1daecf32a85c4dbefcdb6aacf21e38d9dbd722fc8a7c556c342c6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 885dda3f5b5735fc7c80f733e731b02a9fcd7f15cd2d777d311c92872c829191632a6044836c76015b727fdc9ce82674ed483a4c0bf86b1f0aab0b9fee1421be
|
|
7
|
+
data.tar.gz: ba21e1934c3211da294a485f5411ffd5713e828d0a85ed7f9b45c99298fb16f0f571428ea87abcb0c2cdcb41420de45d71b9b89f24d43ab3dc7a9b4ce9ee8879
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
name: Tests
|
|
2
|
+
|
|
3
|
+
on: [push, pull_request]
|
|
4
|
+
|
|
5
|
+
jobs:
|
|
6
|
+
test:
|
|
7
|
+
runs-on: ubuntu-latest
|
|
8
|
+
|
|
9
|
+
strategy:
|
|
10
|
+
matrix:
|
|
11
|
+
ruby-version:
|
|
12
|
+
- '3.1'
|
|
13
|
+
- '3.0'
|
|
14
|
+
- '2.7'
|
|
15
|
+
- '2.6'
|
|
16
|
+
- '2.5'
|
|
17
|
+
|
|
18
|
+
steps:
|
|
19
|
+
- uses: actions/checkout@v2
|
|
20
|
+
- name: Set up Ruby ${{ matrix.ruby-version }}
|
|
21
|
+
uses: ruby/setup-ruby@v1
|
|
22
|
+
with:
|
|
23
|
+
ruby-version: ${{ matrix.ruby-version }}
|
|
24
|
+
bundler-cache: true # 'bundle install' and cache
|
|
25
|
+
- name: Run tests
|
|
26
|
+
run: bundle exec rake
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
certificate_authority (1.
|
|
4
|
+
certificate_authority (1.1.0)
|
|
5
5
|
|
|
6
6
|
GEM
|
|
7
7
|
remote: https://rubygems.org/
|
|
@@ -26,7 +26,7 @@ GEM
|
|
|
26
26
|
method_source (~> 1.0)
|
|
27
27
|
rainbow (3.0.0)
|
|
28
28
|
rake (13.0.1)
|
|
29
|
-
rexml (3.2.
|
|
29
|
+
rexml (3.2.5)
|
|
30
30
|
rspec (3.9.0)
|
|
31
31
|
rspec-core (~> 3.9.0)
|
|
32
32
|
rspec-expectations (~> 3.9.0)
|
|
@@ -75,11 +75,6 @@ module CertificateAuthority
|
|
|
75
75
|
openssl_cert.subject = self.distinguished_name.to_x509_name
|
|
76
76
|
openssl_cert.issuer = parent.distinguished_name.to_x509_name
|
|
77
77
|
|
|
78
|
-
require 'tempfile'
|
|
79
|
-
t = Tempfile.new("bullshit_conf")
|
|
80
|
-
## The config requires a file even though we won't use it
|
|
81
|
-
openssl_config = OpenSSL::Config.new(t.path)
|
|
82
|
-
|
|
83
78
|
factory = OpenSSL::X509::ExtensionFactory.new
|
|
84
79
|
factory.subject_certificate = openssl_cert
|
|
85
80
|
|
|
@@ -90,14 +85,7 @@ module CertificateAuthority
|
|
|
90
85
|
factory.issuer_certificate = parent.openssl_body
|
|
91
86
|
end
|
|
92
87
|
|
|
93
|
-
|
|
94
|
-
config_extensions = extensions[k].config_extensions
|
|
95
|
-
openssl_config = merge_options(openssl_config,config_extensions)
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
# p openssl_config.sections
|
|
99
|
-
|
|
100
|
-
factory.config = openssl_config
|
|
88
|
+
factory.config = build_openssl_config
|
|
101
89
|
|
|
102
90
|
# Order matters: e.g. for self-signed, subjectKeyIdentifier must come before authorityKeyIdentifier
|
|
103
91
|
self.extensions.keys.sort{|a,b| b<=>a}.each do |k|
|
|
@@ -114,8 +102,6 @@ module CertificateAuthority
|
|
|
114
102
|
end
|
|
115
103
|
|
|
116
104
|
self.openssl_body = openssl_cert.sign(parent.key_material.private_key, digest)
|
|
117
|
-
ensure
|
|
118
|
-
t.close! if t # We can get rid of the ridiculous temp file
|
|
119
105
|
end
|
|
120
106
|
|
|
121
107
|
def is_signing_entity?
|
|
@@ -224,6 +210,55 @@ module CertificateAuthority
|
|
|
224
210
|
extension_hash
|
|
225
211
|
end
|
|
226
212
|
|
|
213
|
+
def build_openssl_config
|
|
214
|
+
OpenSSL::Config.parse(openssl_config_string)
|
|
215
|
+
end
|
|
216
|
+
|
|
217
|
+
def openssl_config_string
|
|
218
|
+
lines = openssl_config_without_multi_value + openssl_config_with_multi_value
|
|
219
|
+
return '' if lines.empty?
|
|
220
|
+
(["[extensions]" ]+ lines).join("\n")
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
def openssl_config_without_multi_value
|
|
224
|
+
no_multi_value_keys = self.extensions.keys.select { |k| extensions[k].config_extensions.empty? }
|
|
225
|
+
|
|
226
|
+
lines = no_multi_value_keys.map do |k|
|
|
227
|
+
value = extensions[k].to_s
|
|
228
|
+
value.empty? ? '' : "#{k} = #{value}"
|
|
229
|
+
end.reject(&:empty?)
|
|
230
|
+
lines
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
def openssl_config_with_multi_value
|
|
234
|
+
multi_value_keys = self.extensions.keys.reject { |k| extensions[k].config_extensions.empty? }
|
|
235
|
+
sections = {}
|
|
236
|
+
|
|
237
|
+
entries = multi_value_keys.map do |k|
|
|
238
|
+
sections.merge!(extensions[k].config_extensions)
|
|
239
|
+
value = comma_terminate(extensions[k]) + section_ref_str(extensions[k].config_extensions.keys)
|
|
240
|
+
"#{k} = #{value}"
|
|
241
|
+
end.reject(&:empty?)
|
|
242
|
+
|
|
243
|
+
section_lines = sections.keys.flat_map do |k|
|
|
244
|
+
section_lines(k, sections[k])
|
|
245
|
+
end
|
|
246
|
+
entries + [''] + section_lines
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
def comma_terminate(val)
|
|
250
|
+
s = val.to_s
|
|
251
|
+
s.empty? ? s : "#{s},"
|
|
252
|
+
end
|
|
253
|
+
|
|
254
|
+
def section_ref_str(section_names)
|
|
255
|
+
section_names.map { |n| "@#{n}"}.join(',')
|
|
256
|
+
end
|
|
257
|
+
|
|
258
|
+
def section_lines(section_name, value_hash)
|
|
259
|
+
["[#{section_name}]"] + value_hash.keys.map { |k| "#{k} = #{value_hash[k]}"} + ['']
|
|
260
|
+
end
|
|
261
|
+
|
|
227
262
|
def merge_options(config,hash)
|
|
228
263
|
hash.keys.each do |k|
|
|
229
264
|
config[k] = hash[k]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: certificate_authority
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Chandler
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-06-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: coveralls
|
|
@@ -80,16 +80,16 @@ dependencies:
|
|
|
80
80
|
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
|
-
description:
|
|
83
|
+
description:
|
|
84
84
|
email:
|
|
85
85
|
- squanderingtime@gmail.com
|
|
86
86
|
executables: []
|
|
87
87
|
extensions: []
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
|
+
- ".github/workflows/ci.yml"
|
|
90
91
|
- ".gitignore"
|
|
91
92
|
- ".rspec"
|
|
92
|
-
- ".travis.yml"
|
|
93
93
|
- Gemfile
|
|
94
94
|
- Gemfile.lock
|
|
95
95
|
- README.rdoc
|
|
@@ -117,7 +117,7 @@ licenses:
|
|
|
117
117
|
metadata:
|
|
118
118
|
homepage_uri: https://github.com/cchandler/certificate_authority
|
|
119
119
|
source_code_uri: https://github.com/cchandler/certificate_authority
|
|
120
|
-
post_install_message:
|
|
120
|
+
post_install_message:
|
|
121
121
|
rdoc_options: []
|
|
122
122
|
require_paths:
|
|
123
123
|
- lib
|
|
@@ -132,8 +132,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
132
132
|
- !ruby/object:Gem::Version
|
|
133
133
|
version: '0'
|
|
134
134
|
requirements: []
|
|
135
|
-
rubygems_version: 3.
|
|
136
|
-
signing_key:
|
|
135
|
+
rubygems_version: 3.3.7
|
|
136
|
+
signing_key:
|
|
137
137
|
specification_version: 4
|
|
138
138
|
summary: Ruby gem for managing the core functions outlined in RFC-3280 for PKI
|
|
139
139
|
test_files: []
|