certificate_generator 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/certificate_generator.gemspec +2 -0
- data/lib/certificate_generator.rb +3 -4
- data/lib/certificate_generator/base.rb +36 -0
- data/lib/certificate_generator/ca_certificate_generator.rb +36 -0
- data/lib/certificate_generator/self_signed_certificate_generator.rb +52 -0
- data/lib/certificate_generator/version.rb +1 -1
- data/spec/certificate_generator_spec.rb +50 -0
- data/spec/self_signed_certificate_generator_spec.rb +101 -0
- data/spec/spec_helper.rb +3 -0
- metadata +29 -4
@@ -1,5 +1,4 @@
|
|
1
1
|
require "certificate_generator/version"
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
end
|
2
|
+
require "certificate_generator/base"
|
3
|
+
require "certificate_generator/ca_certificate_generator"
|
4
|
+
require "certificate_generator/self_signed_certificate_generator"
|
@@ -0,0 +1,36 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
|
3
|
+
module CertificateGenerator
|
4
|
+
|
5
|
+
class Base
|
6
|
+
|
7
|
+
def generate_core_cert (cname, serial)
|
8
|
+
|
9
|
+
key = OpenSSL::PKey::RSA.new(2048)
|
10
|
+
|
11
|
+
cert = OpenSSL::X509::Certificate.new
|
12
|
+
subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=#{cname}/emailAddress=ngsmrk@gmail.com"
|
13
|
+
parsed_subject = OpenSSL::X509::Name.parse(subject)
|
14
|
+
cert.subject = parsed_subject
|
15
|
+
|
16
|
+
cert.not_before = Time.now
|
17
|
+
cert.not_after = Time.now + (3600*24*365) # add a year
|
18
|
+
cert.public_key = key.public_key
|
19
|
+
cert.serial = serial
|
20
|
+
cert.version = 2
|
21
|
+
|
22
|
+
return cert, key
|
23
|
+
|
24
|
+
end
|
25
|
+
|
26
|
+
def save_cert_and_key (cert, key, output_dir, prefix = '')
|
27
|
+
|
28
|
+
FileUtils.mkdir_p("#{output_dir}")
|
29
|
+
File.open("#{output_dir}/cert.pem", "w") { |f| f.write(cert.to_pem) }
|
30
|
+
File.open("#{output_dir}/key.pem", "w") { |f| f.write(key.to_pem) }
|
31
|
+
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
|
36
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module CertificateGenerator
|
2
|
+
|
3
|
+
class CACertificateGenerator < Base
|
4
|
+
|
5
|
+
def generate_ca_cert (subject, output_dir)
|
6
|
+
|
7
|
+
key = OpenSSL::PKey::RSA.new(2048)
|
8
|
+
|
9
|
+
cert = OpenSSL::X509::Certificate.new
|
10
|
+
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
|
11
|
+
|
12
|
+
cert.not_before = Time.now
|
13
|
+
cert.not_after = Time.now + (3600*24*365) # add a year
|
14
|
+
cert.public_key = key.public_key
|
15
|
+
cert.serial = 0
|
16
|
+
cert.version = 2
|
17
|
+
|
18
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
19
|
+
ef.subject_certificate = ef.issuer_certificate = cert
|
20
|
+
|
21
|
+
cert.extensions = [
|
22
|
+
ef.create_extension("basicConstraints","CA:TRUE"),
|
23
|
+
ef.create_extension("keyUsage","Certificate Sign, CRL Sign"),
|
24
|
+
]
|
25
|
+
|
26
|
+
cert.sign key, OpenSSL::Digest::SHA1.new
|
27
|
+
|
28
|
+
save_cert_and_key cert, key, output_dir, 'ca'
|
29
|
+
|
30
|
+
return cert, key
|
31
|
+
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
|
36
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module CertificateGenerator
|
2
|
+
|
3
|
+
class SelfSignedCertificateGenerator < Base
|
4
|
+
|
5
|
+
def generate_client_cert (cname, output_dir, ca_cert, ca_key)
|
6
|
+
return generate_cert cname, output_dir, ca_cert, ca_key, true
|
7
|
+
end
|
8
|
+
|
9
|
+
def generate_server_cert (cname, output_dir, ca_cert, ca_key)
|
10
|
+
return generate_cert cname, output_dir, ca_cert, ca_key, false
|
11
|
+
end
|
12
|
+
|
13
|
+
private
|
14
|
+
|
15
|
+
def generate_cert (cname, output_dir, ca_cert, ca_key, is_client)
|
16
|
+
|
17
|
+
cert, key = generate_core_cert cname, Random.rand(1000000)
|
18
|
+
cert.issuer = ca_cert.subject
|
19
|
+
|
20
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
21
|
+
ef.subject_certificate = cert
|
22
|
+
ef.issuer_certificate = ca_cert
|
23
|
+
|
24
|
+
cert.extensions = is_client ? client_extensions(ef) : server_extensions(ef)
|
25
|
+
|
26
|
+
cert.sign ca_key, OpenSSL::Digest::SHA1.new
|
27
|
+
|
28
|
+
save_cert_and_key cert, key, output_dir
|
29
|
+
|
30
|
+
return cert, key
|
31
|
+
|
32
|
+
end
|
33
|
+
|
34
|
+
def server_extensions ef
|
35
|
+
[
|
36
|
+
ef.create_extension("basicConstraints","CA:FALSE"),
|
37
|
+
ef.create_extension("keyUsage","Key Encipherment"),
|
38
|
+
ef.create_extension("extendedKeyUsage","1.3.6.1.5.5.7.3.1"), #means 'TLS Web Server Authentication'
|
39
|
+
]
|
40
|
+
end
|
41
|
+
|
42
|
+
def client_extensions ef
|
43
|
+
[
|
44
|
+
ef.create_extension("basicConstraints","CA:FALSE"),
|
45
|
+
ef.create_extension("keyUsage","digitalSignature"),
|
46
|
+
ef.create_extension("extendedKeyUsage","1.3.6.1.5.5.7.3.2"), #means 'TLS Web Client Authentication'
|
47
|
+
]
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
require 'rspec/autorun'
|
2
|
+
require 'certificate_generator'
|
3
|
+
require 'date'
|
4
|
+
|
5
|
+
describe CertificateGenerator::CACertificateGenerator do
|
6
|
+
|
7
|
+
context 'when generating a Certificate Authority certificate' do
|
8
|
+
|
9
|
+
before :each do
|
10
|
+
|
11
|
+
generator = CertificateGenerator::CACertificateGenerator.new
|
12
|
+
|
13
|
+
output_path = '/tmp'
|
14
|
+
@expected_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=CA/emailAddress=ngsmrk@gmail.com"
|
15
|
+
@ca_cert, @key = generator.generate_ca_cert @expected_subject, output_path
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
it 'the subject is set correctly' do
|
20
|
+
@ca_cert.subject.to_s.should == @expected_subject
|
21
|
+
end
|
22
|
+
|
23
|
+
it 'the issuer is set correctly' do
|
24
|
+
@ca_cert.issuer.to_s.should == @expected_subject
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'the serial is set correctly' do
|
28
|
+
@ca_cert.serial.should == 0
|
29
|
+
end
|
30
|
+
|
31
|
+
it 'the version is set correctly' do
|
32
|
+
@ca_cert.version.should == 2
|
33
|
+
end
|
34
|
+
|
35
|
+
it 'the expiry date is set correctly' do
|
36
|
+
@ca_cert.not_after.should < (DateTime.now + 365).to_time
|
37
|
+
@ca_cert.not_after.should > (DateTime.now + 364).to_time
|
38
|
+
end
|
39
|
+
|
40
|
+
it 'the start date is set correctly' do
|
41
|
+
@ca_cert.not_before.should < Time.now
|
42
|
+
end
|
43
|
+
|
44
|
+
it 'the extensions are set correctly' do
|
45
|
+
@ca_cert.extensions.to_s.should == "[basicConstraints = CA:TRUE, keyUsage = Certificate Sign, CRL Sign]"
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
@@ -0,0 +1,101 @@
|
|
1
|
+
require 'rspec/autorun'
|
2
|
+
require 'certificate_generator'
|
3
|
+
require 'date'
|
4
|
+
|
5
|
+
describe CertificateGenerator::SelfSignedCertificateGenerator do
|
6
|
+
|
7
|
+
context 'when generating a self-signed server certificate' do
|
8
|
+
|
9
|
+
before :each do
|
10
|
+
|
11
|
+
output_path = '/tmp'
|
12
|
+
|
13
|
+
@expected_ca_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=CA/emailAddress=ngsmrk@gmail.com"
|
14
|
+
ca_cert, ca_key = CertificateGenerator::CACertificateGenerator.new.generate_ca_cert @expected_ca_subject, output_path
|
15
|
+
|
16
|
+
@cname = "my.server"
|
17
|
+
output_path = '/tmp'
|
18
|
+
@cert, @key = CertificateGenerator::SelfSignedCertificateGenerator.new.generate_server_cert @cname, output_path, ca_cert, ca_key
|
19
|
+
|
20
|
+
end
|
21
|
+
|
22
|
+
it 'the subject is set correctly' do
|
23
|
+
expected_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=#{@cname}/emailAddress=ngsmrk@gmail.com"
|
24
|
+
@cert.subject.to_s.should == expected_subject
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'the issuer is set correctly' do
|
28
|
+
@cert.issuer.to_s.should == @expected_ca_subject
|
29
|
+
end
|
30
|
+
|
31
|
+
it 'the serial is set correctly' do
|
32
|
+
@cert.serial.should_not be_nil
|
33
|
+
end
|
34
|
+
|
35
|
+
it 'the version is set correctly' do
|
36
|
+
@cert.version.should == 2
|
37
|
+
end
|
38
|
+
|
39
|
+
it 'the expiry date is set correctly' do
|
40
|
+
@cert.not_after.should < (DateTime.now + 365).to_time
|
41
|
+
@cert.not_after.should > (DateTime.now + 364).to_time
|
42
|
+
end
|
43
|
+
|
44
|
+
it 'the start date is set correctly' do
|
45
|
+
@cert.not_before.should < Time.now
|
46
|
+
end
|
47
|
+
|
48
|
+
it 'the extensions are set correctly' do
|
49
|
+
@cert.extensions.to_s.should == "[basicConstraints = CA:FALSE, keyUsage = Key Encipherment, extendedKeyUsage = TLS Web Server Authentication]"
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
53
|
+
|
54
|
+
context 'when generating a self-signed client certificate' do
|
55
|
+
|
56
|
+
before :each do
|
57
|
+
|
58
|
+
output_path = '/tmp'
|
59
|
+
|
60
|
+
@expected_ca_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=CA/emailAddress=ngsmrk@gmail.com"
|
61
|
+
ca_cert, ca_key = CertificateGenerator::CACertificateGenerator.new.generate_ca_cert @expected_ca_subject, output_path
|
62
|
+
|
63
|
+
@cname = "my.server"
|
64
|
+
output_path = '/tmp'
|
65
|
+
@cert, @key = CertificateGenerator::SelfSignedCertificateGenerator.new.generate_client_cert @cname, output_path, ca_cert, ca_key
|
66
|
+
|
67
|
+
end
|
68
|
+
|
69
|
+
it 'the subject is set correctly' do
|
70
|
+
expected_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=#{@cname}/emailAddress=ngsmrk@gmail.com"
|
71
|
+
@cert.subject.to_s.should == expected_subject
|
72
|
+
end
|
73
|
+
|
74
|
+
it 'the issuer is set correctly' do
|
75
|
+
@cert.issuer.to_s.should == @expected_ca_subject
|
76
|
+
end
|
77
|
+
|
78
|
+
it 'the serial is set correctly' do
|
79
|
+
@cert.serial.should_not be_nil
|
80
|
+
end
|
81
|
+
|
82
|
+
it 'the version is set correctly' do
|
83
|
+
@cert.version.should == 2
|
84
|
+
end
|
85
|
+
|
86
|
+
it 'the expiry date is set correctly' do
|
87
|
+
@cert.not_after.should < (DateTime.now + 365).to_time
|
88
|
+
@cert.not_after.should > (DateTime.now + 364).to_time
|
89
|
+
end
|
90
|
+
|
91
|
+
it 'the start date is set correctly' do
|
92
|
+
@cert.not_before.should < Time.now
|
93
|
+
end
|
94
|
+
|
95
|
+
it 'the extensions are set correctly' do
|
96
|
+
@cert.extensions.to_s.should == "[basicConstraints = CA:FALSE, keyUsage = Digital Signature, extendedKeyUsage = TLS Web Client Authentication]"
|
97
|
+
end
|
98
|
+
|
99
|
+
end
|
100
|
+
|
101
|
+
end
|
data/spec/spec_helper.rb
ADDED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: certificate_generator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,8 +9,24 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-07-
|
13
|
-
dependencies:
|
12
|
+
date: 2012-07-23 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: rspec
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ! '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '0'
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0'
|
14
30
|
description: See summary
|
15
31
|
email:
|
16
32
|
- ngsmrk@gmail.com
|
@@ -25,7 +41,13 @@ files:
|
|
25
41
|
- Rakefile
|
26
42
|
- certificate_generator.gemspec
|
27
43
|
- lib/certificate_generator.rb
|
44
|
+
- lib/certificate_generator/base.rb
|
45
|
+
- lib/certificate_generator/ca_certificate_generator.rb
|
46
|
+
- lib/certificate_generator/self_signed_certificate_generator.rb
|
28
47
|
- lib/certificate_generator/version.rb
|
48
|
+
- spec/certificate_generator_spec.rb
|
49
|
+
- spec/self_signed_certificate_generator_spec.rb
|
50
|
+
- spec/spec_helper.rb
|
29
51
|
homepage: http://github.com/ngsmrk/certificate_generator
|
30
52
|
licenses: []
|
31
53
|
post_install_message:
|
@@ -50,4 +72,7 @@ rubygems_version: 1.8.24
|
|
50
72
|
signing_key:
|
51
73
|
specification_version: 3
|
52
74
|
summary: Gem that handles generation of self-signed SSL certs
|
53
|
-
test_files:
|
75
|
+
test_files:
|
76
|
+
- spec/certificate_generator_spec.rb
|
77
|
+
- spec/self_signed_certificate_generator_spec.rb
|
78
|
+
- spec/spec_helper.rb
|