certificate_authority 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +26 -0
- data/Gemfile.lock +2 -2
- data/lib/certificate_authority/certificate.rb +50 -15
- data/lib/certificate_authority/version.rb +1 -1
- metadata +8 -8
- data/.travis.yml +0 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e7b36863eef01f5f0a6d07681219864193c4b56cd3d8629bcba95bd974928e24
|
|
4
|
+
data.tar.gz: 589aaed317f1daecf32a85c4dbefcdb6aacf21e38d9dbd722fc8a7c556c342c6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 885dda3f5b5735fc7c80f733e731b02a9fcd7f15cd2d777d311c92872c829191632a6044836c76015b727fdc9ce82674ed483a4c0bf86b1f0aab0b9fee1421be
|
|
7
|
+
data.tar.gz: ba21e1934c3211da294a485f5411ffd5713e828d0a85ed7f9b45c99298fb16f0f571428ea87abcb0c2cdcb41420de45d71b9b89f24d43ab3dc7a9b4ce9ee8879
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
name: Tests
|
|
2
|
+
|
|
3
|
+
on: [push, pull_request]
|
|
4
|
+
|
|
5
|
+
jobs:
|
|
6
|
+
test:
|
|
7
|
+
runs-on: ubuntu-latest
|
|
8
|
+
|
|
9
|
+
strategy:
|
|
10
|
+
matrix:
|
|
11
|
+
ruby-version:
|
|
12
|
+
- '3.1'
|
|
13
|
+
- '3.0'
|
|
14
|
+
- '2.7'
|
|
15
|
+
- '2.6'
|
|
16
|
+
- '2.5'
|
|
17
|
+
|
|
18
|
+
steps:
|
|
19
|
+
- uses: actions/checkout@v2
|
|
20
|
+
- name: Set up Ruby ${{ matrix.ruby-version }}
|
|
21
|
+
uses: ruby/setup-ruby@v1
|
|
22
|
+
with:
|
|
23
|
+
ruby-version: ${{ matrix.ruby-version }}
|
|
24
|
+
bundler-cache: true # 'bundle install' and cache
|
|
25
|
+
- name: Run tests
|
|
26
|
+
run: bundle exec rake
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
certificate_authority (1.
|
|
4
|
+
certificate_authority (1.1.0)
|
|
5
5
|
|
|
6
6
|
GEM
|
|
7
7
|
remote: https://rubygems.org/
|
|
@@ -26,7 +26,7 @@ GEM
|
|
|
26
26
|
method_source (~> 1.0)
|
|
27
27
|
rainbow (3.0.0)
|
|
28
28
|
rake (13.0.1)
|
|
29
|
-
rexml (3.2.
|
|
29
|
+
rexml (3.2.5)
|
|
30
30
|
rspec (3.9.0)
|
|
31
31
|
rspec-core (~> 3.9.0)
|
|
32
32
|
rspec-expectations (~> 3.9.0)
|
|
@@ -75,11 +75,6 @@ module CertificateAuthority
|
|
|
75
75
|
openssl_cert.subject = self.distinguished_name.to_x509_name
|
|
76
76
|
openssl_cert.issuer = parent.distinguished_name.to_x509_name
|
|
77
77
|
|
|
78
|
-
require 'tempfile'
|
|
79
|
-
t = Tempfile.new("bullshit_conf")
|
|
80
|
-
## The config requires a file even though we won't use it
|
|
81
|
-
openssl_config = OpenSSL::Config.new(t.path)
|
|
82
|
-
|
|
83
78
|
factory = OpenSSL::X509::ExtensionFactory.new
|
|
84
79
|
factory.subject_certificate = openssl_cert
|
|
85
80
|
|
|
@@ -90,14 +85,7 @@ module CertificateAuthority
|
|
|
90
85
|
factory.issuer_certificate = parent.openssl_body
|
|
91
86
|
end
|
|
92
87
|
|
|
93
|
-
|
|
94
|
-
config_extensions = extensions[k].config_extensions
|
|
95
|
-
openssl_config = merge_options(openssl_config,config_extensions)
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
# p openssl_config.sections
|
|
99
|
-
|
|
100
|
-
factory.config = openssl_config
|
|
88
|
+
factory.config = build_openssl_config
|
|
101
89
|
|
|
102
90
|
# Order matters: e.g. for self-signed, subjectKeyIdentifier must come before authorityKeyIdentifier
|
|
103
91
|
self.extensions.keys.sort{|a,b| b<=>a}.each do |k|
|
|
@@ -114,8 +102,6 @@ module CertificateAuthority
|
|
|
114
102
|
end
|
|
115
103
|
|
|
116
104
|
self.openssl_body = openssl_cert.sign(parent.key_material.private_key, digest)
|
|
117
|
-
ensure
|
|
118
|
-
t.close! if t # We can get rid of the ridiculous temp file
|
|
119
105
|
end
|
|
120
106
|
|
|
121
107
|
def is_signing_entity?
|
|
@@ -224,6 +210,55 @@ module CertificateAuthority
|
|
|
224
210
|
extension_hash
|
|
225
211
|
end
|
|
226
212
|
|
|
213
|
+
def build_openssl_config
|
|
214
|
+
OpenSSL::Config.parse(openssl_config_string)
|
|
215
|
+
end
|
|
216
|
+
|
|
217
|
+
def openssl_config_string
|
|
218
|
+
lines = openssl_config_without_multi_value + openssl_config_with_multi_value
|
|
219
|
+
return '' if lines.empty?
|
|
220
|
+
(["[extensions]" ]+ lines).join("\n")
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
def openssl_config_without_multi_value
|
|
224
|
+
no_multi_value_keys = self.extensions.keys.select { |k| extensions[k].config_extensions.empty? }
|
|
225
|
+
|
|
226
|
+
lines = no_multi_value_keys.map do |k|
|
|
227
|
+
value = extensions[k].to_s
|
|
228
|
+
value.empty? ? '' : "#{k} = #{value}"
|
|
229
|
+
end.reject(&:empty?)
|
|
230
|
+
lines
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
def openssl_config_with_multi_value
|
|
234
|
+
multi_value_keys = self.extensions.keys.reject { |k| extensions[k].config_extensions.empty? }
|
|
235
|
+
sections = {}
|
|
236
|
+
|
|
237
|
+
entries = multi_value_keys.map do |k|
|
|
238
|
+
sections.merge!(extensions[k].config_extensions)
|
|
239
|
+
value = comma_terminate(extensions[k]) + section_ref_str(extensions[k].config_extensions.keys)
|
|
240
|
+
"#{k} = #{value}"
|
|
241
|
+
end.reject(&:empty?)
|
|
242
|
+
|
|
243
|
+
section_lines = sections.keys.flat_map do |k|
|
|
244
|
+
section_lines(k, sections[k])
|
|
245
|
+
end
|
|
246
|
+
entries + [''] + section_lines
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
def comma_terminate(val)
|
|
250
|
+
s = val.to_s
|
|
251
|
+
s.empty? ? s : "#{s},"
|
|
252
|
+
end
|
|
253
|
+
|
|
254
|
+
def section_ref_str(section_names)
|
|
255
|
+
section_names.map { |n| "@#{n}"}.join(',')
|
|
256
|
+
end
|
|
257
|
+
|
|
258
|
+
def section_lines(section_name, value_hash)
|
|
259
|
+
["[#{section_name}]"] + value_hash.keys.map { |k| "#{k} = #{value_hash[k]}"} + ['']
|
|
260
|
+
end
|
|
261
|
+
|
|
227
262
|
def merge_options(config,hash)
|
|
228
263
|
hash.keys.each do |k|
|
|
229
264
|
config[k] = hash[k]
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: certificate_authority
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Chandler
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-06-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: coveralls
|
|
@@ -80,16 +80,16 @@ dependencies:
|
|
|
80
80
|
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
|
-
description:
|
|
83
|
+
description:
|
|
84
84
|
email:
|
|
85
85
|
- squanderingtime@gmail.com
|
|
86
86
|
executables: []
|
|
87
87
|
extensions: []
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
|
+
- ".github/workflows/ci.yml"
|
|
90
91
|
- ".gitignore"
|
|
91
92
|
- ".rspec"
|
|
92
|
-
- ".travis.yml"
|
|
93
93
|
- Gemfile
|
|
94
94
|
- Gemfile.lock
|
|
95
95
|
- README.rdoc
|
|
@@ -117,7 +117,7 @@ licenses:
|
|
|
117
117
|
metadata:
|
|
118
118
|
homepage_uri: https://github.com/cchandler/certificate_authority
|
|
119
119
|
source_code_uri: https://github.com/cchandler/certificate_authority
|
|
120
|
-
post_install_message:
|
|
120
|
+
post_install_message:
|
|
121
121
|
rdoc_options: []
|
|
122
122
|
require_paths:
|
|
123
123
|
- lib
|
|
@@ -132,8 +132,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
132
132
|
- !ruby/object:Gem::Version
|
|
133
133
|
version: '0'
|
|
134
134
|
requirements: []
|
|
135
|
-
rubygems_version: 3.
|
|
136
|
-
signing_key:
|
|
135
|
+
rubygems_version: 3.3.7
|
|
136
|
+
signing_key:
|
|
137
137
|
specification_version: 4
|
|
138
138
|
summary: Ruby gem for managing the core functions outlined in RFC-3280 for PKI
|
|
139
139
|
test_files: []
|