RubyGems - certificate_generator - Versions diffs - 0.0.1 → 0.0.2 - Mend

certificate_generator 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/certificate_generator.gemspec +2 -0
data/lib/certificate_generator.rb +3 -4
data/lib/certificate_generator/base.rb +36 -0
data/lib/certificate_generator/ca_certificate_generator.rb +36 -0
data/lib/certificate_generator/self_signed_certificate_generator.rb +52 -0
data/lib/certificate_generator/version.rb +1 -1
data/spec/certificate_generator_spec.rb +50 -0
data/spec/self_signed_certificate_generator_spec.rb +101 -0
data/spec/spec_helper.rb +3 -0
metadata +29 -4

data/certificate_generator.gemspec CHANGED Viewed

@@ -14,4 +14,6 @@ Gem::Specification.new do |gem|
   gem.name          = "certificate_generator"
   gem.require_paths = ["lib"]
   gem.version       = CertificateGenerator::VERSION
+  gem.add_development_dependency("rspec")
 end

data/lib/certificate_generator.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 require "certificate_generator/version"
-module CertificateGenerator
-  # Your code goes here...
-end
+require "certificate_generator/base"
+require "certificate_generator/ca_certificate_generator"
+require "certificate_generator/self_signed_certificate_generator"

data/lib/certificate_generator/base.rb ADDED Viewed

@@ -0,0 +1,36 @@
+require 'openssl'
+module CertificateGenerator
+  class Base
+    def generate_core_cert (cname, serial)
+      key = OpenSSL::PKey::RSA.new(2048)
+      cert = OpenSSL::X509::Certificate.new
+      subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=#{cname}/emailAddress=ngsmrk@gmail.com"
+      parsed_subject = OpenSSL::X509::Name.parse(subject)
+      cert.subject = parsed_subject
+      cert.not_before = Time.now
+      cert.not_after = Time.now + (3600*24*365) # add a year
+      cert.public_key = key.public_key
+      cert.serial = serial
+      cert.version = 2
+      return cert, key
+    end
+    def save_cert_and_key (cert, key, output_dir, prefix = '')
+      FileUtils.mkdir_p("#{output_dir}")
+      File.open("#{output_dir}/cert.pem", "w") { |f| f.write(cert.to_pem) }
+      File.open("#{output_dir}/key.pem", "w") { |f| f.write(key.to_pem) }
+    end
+  end
+end

data/lib/certificate_generator/ca_certificate_generator.rb ADDED Viewed

@@ -0,0 +1,36 @@
+module CertificateGenerator
+  class CACertificateGenerator < Base
+    def generate_ca_cert (subject, output_dir)
+      key = OpenSSL::PKey::RSA.new(2048)
+      cert = OpenSSL::X509::Certificate.new
+      cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
+      cert.not_before = Time.now
+      cert.not_after = Time.now + (3600*24*365) # add a year
+      cert.public_key = key.public_key
+      cert.serial = 0
+      cert.version = 2
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = ef.issuer_certificate = cert
+      cert.extensions = [
+        ef.create_extension("basicConstraints","CA:TRUE"),
+        ef.create_extension("keyUsage","Certificate Sign, CRL Sign"),
+      ]
+      cert.sign key, OpenSSL::Digest::SHA1.new
+      save_cert_and_key cert, key, output_dir, 'ca'
+      return cert, key
+    end
+  end
+end

data/lib/certificate_generator/self_signed_certificate_generator.rb ADDED Viewed

@@ -0,0 +1,52 @@
+module CertificateGenerator
+  class SelfSignedCertificateGenerator < Base
+    def generate_client_cert (cname, output_dir, ca_cert, ca_key)
+      return generate_cert cname, output_dir, ca_cert, ca_key, true
+    end
+    def generate_server_cert (cname, output_dir, ca_cert, ca_key)
+      return generate_cert cname, output_dir, ca_cert, ca_key, false
+    end
+    private
+    def generate_cert (cname, output_dir, ca_cert, ca_key, is_client)
+      cert, key = generate_core_cert cname, Random.rand(1000000)
+      cert.issuer = ca_cert.subject
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = cert
+      ef.issuer_certificate = ca_cert
+      cert.extensions = is_client ? client_extensions(ef) : server_extensions(ef)
+      cert.sign ca_key, OpenSSL::Digest::SHA1.new
+      save_cert_and_key cert, key, output_dir
+      return cert, key
+    end
+    def server_extensions ef
+      [
+        ef.create_extension("basicConstraints","CA:FALSE"),
+        ef.create_extension("keyUsage","Key Encipherment"),
+        ef.create_extension("extendedKeyUsage","1.3.6.1.5.5.7.3.1"),   #means 'TLS Web Server Authentication'
+      ]
+    end
+    def client_extensions ef
+      [
+        ef.create_extension("basicConstraints","CA:FALSE"),
+        ef.create_extension("keyUsage","digitalSignature"),
+        ef.create_extension("extendedKeyUsage","1.3.6.1.5.5.7.3.2"),   #means 'TLS Web Client Authentication'
+      ]
+    end
+  end
+end

data/lib/certificate_generator/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module CertificateGenerator
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/spec/certificate_generator_spec.rb ADDED Viewed

@@ -0,0 +1,50 @@
+require 'rspec/autorun'
+require 'certificate_generator'
+require 'date'
+describe CertificateGenerator::CACertificateGenerator do
+  context 'when generating a Certificate Authority certificate' do
+    before :each do
+      generator = CertificateGenerator::CACertificateGenerator.new
+      output_path = '/tmp'
+      @expected_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=CA/emailAddress=ngsmrk@gmail.com"
+      @ca_cert, @key = generator.generate_ca_cert @expected_subject, output_path
+    end
+    it 'the subject is set correctly' do
+      @ca_cert.subject.to_s.should == @expected_subject
+    end
+    it 'the issuer is set correctly' do
+      @ca_cert.issuer.to_s.should == @expected_subject
+    end
+    it 'the serial is set correctly' do
+      @ca_cert.serial.should == 0
+    end
+    it 'the version is set correctly' do
+      @ca_cert.version.should == 2
+    end
+    it 'the expiry date is set correctly' do
+      @ca_cert.not_after.should < (DateTime.now + 365).to_time
+      @ca_cert.not_after.should > (DateTime.now + 364).to_time
+    end
+    it 'the start date is set correctly' do
+      @ca_cert.not_before.should < Time.now
+    end
+    it 'the extensions are set correctly' do
+      @ca_cert.extensions.to_s.should == "[basicConstraints = CA:TRUE, keyUsage = Certificate Sign, CRL Sign]"
+    end
+  end
+end

data/spec/self_signed_certificate_generator_spec.rb ADDED Viewed

@@ -0,0 +1,101 @@
+require 'rspec/autorun'
+require 'certificate_generator'
+require 'date'
+describe CertificateGenerator::SelfSignedCertificateGenerator do
+  context 'when generating a self-signed server certificate' do
+    before :each do
+      output_path = '/tmp'
+      @expected_ca_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=CA/emailAddress=ngsmrk@gmail.com"
+      ca_cert, ca_key = CertificateGenerator::CACertificateGenerator.new.generate_ca_cert @expected_ca_subject, output_path
+      @cname = "my.server"
+      output_path = '/tmp'
+      @cert, @key = CertificateGenerator::SelfSignedCertificateGenerator.new.generate_server_cert @cname, output_path, ca_cert, ca_key
+    end
+    it 'the subject is set correctly' do
+      expected_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=#{@cname}/emailAddress=ngsmrk@gmail.com"
+      @cert.subject.to_s.should == expected_subject
+    end
+    it 'the issuer is set correctly' do
+      @cert.issuer.to_s.should == @expected_ca_subject
+    end
+    it 'the serial is set correctly' do
+      @cert.serial.should_not be_nil
+    end
+    it 'the version is set correctly' do
+      @cert.version.should == 2
+    end
+    it 'the expiry date is set correctly' do
+      @cert.not_after.should < (DateTime.now + 365).to_time
+      @cert.not_after.should > (DateTime.now + 364).to_time
+    end
+    it 'the start date is set correctly' do
+      @cert.not_before.should < Time.now
+    end
+    it 'the extensions are set correctly' do
+      @cert.extensions.to_s.should == "[basicConstraints = CA:FALSE, keyUsage = Key Encipherment, extendedKeyUsage = TLS Web Server Authentication]"
+    end
+  end
+  context 'when generating a self-signed client certificate' do
+     before :each do
+       output_path = '/tmp'
+       @expected_ca_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=CA/emailAddress=ngsmrk@gmail.com"
+       ca_cert, ca_key = CertificateGenerator::CACertificateGenerator.new.generate_ca_cert @expected_ca_subject, output_path
+       @cname = "my.server"
+       output_path = '/tmp'
+       @cert, @key = CertificateGenerator::SelfSignedCertificateGenerator.new.generate_client_cert @cname, output_path, ca_cert, ca_key
+     end
+     it 'the subject is set correctly' do
+       expected_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=#{@cname}/emailAddress=ngsmrk@gmail.com"
+       @cert.subject.to_s.should == expected_subject
+     end
+     it 'the issuer is set correctly' do
+       @cert.issuer.to_s.should == @expected_ca_subject
+     end
+     it 'the serial is set correctly' do
+       @cert.serial.should_not be_nil
+     end
+     it 'the version is set correctly' do
+       @cert.version.should == 2
+     end
+     it 'the expiry date is set correctly' do
+       @cert.not_after.should < (DateTime.now + 365).to_time
+       @cert.not_after.should > (DateTime.now + 364).to_time
+     end
+     it 'the start date is set correctly' do
+       @cert.not_before.should < Time.now
+     end
+     it 'the extensions are set correctly' do
+       @cert.extensions.to_s.should == "[basicConstraints = CA:FALSE, keyUsage = Digital Signature, extendedKeyUsage = TLS Web Client Authentication]"
+     end
+   end
+ end

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,3 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'certificate_generator'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: certificate_generator
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease:
 platform: ruby
 authors:
@@ -9,8 +9,24 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-07-18 00:00:00.000000000 Z
-dependencies: []
+date: 2012-07-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: See summary
 email:
 - ngsmrk@gmail.com
@@ -25,7 +41,13 @@ files:
 - Rakefile
 - certificate_generator.gemspec
 - lib/certificate_generator.rb
+- lib/certificate_generator/base.rb
+- lib/certificate_generator/ca_certificate_generator.rb
+- lib/certificate_generator/self_signed_certificate_generator.rb
 - lib/certificate_generator/version.rb
+- spec/certificate_generator_spec.rb
+- spec/self_signed_certificate_generator_spec.rb
+- spec/spec_helper.rb
 homepage: http://github.com/ngsmrk/certificate_generator
 licenses: []
 post_install_message:
@@ -50,4 +72,7 @@ rubygems_version: 1.8.24
 signing_key:
 specification_version: 3
 summary: Gem that handles generation of self-signed SSL certs
-test_files: []
+test_files:
+- spec/certificate_generator_spec.rb
+- spec/self_signed_certificate_generator_spec.rb
+- spec/spec_helper.rb