certificate_generator 0.0.1 → 0.0.2

data/certificate_generator.gemspec

@@ -14,4 +14,6 @@ Gem::Specification.new do |gem|
   gem.name          = "certificate_generator"
   gem.require_paths = ["lib"]
   gem.version       = CertificateGenerator::VERSION
+  
+  gem.add_development_dependency("rspec")  
 end

data/lib/certificate_generator.rb

@@ -1,5 +1,4 @@
 require "certificate_generator/version"
-
-module CertificateGenerator
-  # Your code goes here...
-end
+require "certificate_generator/base"
+require "certificate_generator/ca_certificate_generator"
+require "certificate_generator/self_signed_certificate_generator"

data/lib/certificate_generator/base.rb

@@ -0,0 +1,36 @@
+require 'openssl'
+
+module CertificateGenerator
+  
+  class Base
+    
+    def generate_core_cert (cname, serial)
+
+      key = OpenSSL::PKey::RSA.new(2048)
+
+      cert = OpenSSL::X509::Certificate.new
+      subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=#{cname}/emailAddress=ngsmrk@gmail.com"
+      parsed_subject = OpenSSL::X509::Name.parse(subject)
+      cert.subject = parsed_subject
+
+      cert.not_before = Time.now
+      cert.not_after = Time.now + (3600*24*365) # add a year
+      cert.public_key = key.public_key
+      cert.serial = serial
+      cert.version = 2
+
+      return cert, key
+
+    end   
+      
+    def save_cert_and_key (cert, key, output_dir, prefix = '')
+    
+      FileUtils.mkdir_p("#{output_dir}")
+      File.open("#{output_dir}/cert.pem", "w") { |f| f.write(cert.to_pem) }
+      File.open("#{output_dir}/key.pem", "w") { |f| f.write(key.to_pem) }
+    
+    end     
+    
+  end
+  
+end

data/lib/certificate_generator/ca_certificate_generator.rb

@@ -0,0 +1,36 @@
+module CertificateGenerator
+
+  class CACertificateGenerator < Base
+
+    def generate_ca_cert (subject, output_dir)
+
+      key = OpenSSL::PKey::RSA.new(2048)
+
+      cert = OpenSSL::X509::Certificate.new
+      cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
+
+      cert.not_before = Time.now
+      cert.not_after = Time.now + (3600*24*365) # add a year
+      cert.public_key = key.public_key
+      cert.serial = 0
+      cert.version = 2
+
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = ef.issuer_certificate = cert
+
+      cert.extensions = [
+        ef.create_extension("basicConstraints","CA:TRUE"),
+        ef.create_extension("keyUsage","Certificate Sign, CRL Sign"),
+      ]
+
+      cert.sign key, OpenSSL::Digest::SHA1.new
+
+      save_cert_and_key cert, key, output_dir, 'ca'
+
+      return cert, key
+
+    end
+    
+  end
+
+end

data/lib/certificate_generator/self_signed_certificate_generator.rb

@@ -0,0 +1,52 @@
+module CertificateGenerator
+
+  class SelfSignedCertificateGenerator < Base
+
+    def generate_client_cert (cname, output_dir, ca_cert, ca_key)
+      return generate_cert cname, output_dir, ca_cert, ca_key, true
+    end
+
+    def generate_server_cert (cname, output_dir, ca_cert, ca_key)
+      return generate_cert cname, output_dir, ca_cert, ca_key, false
+    end
+
+    private
+
+    def generate_cert (cname, output_dir, ca_cert, ca_key, is_client)
+
+      cert, key = generate_core_cert cname, Random.rand(1000000)
+      cert.issuer = ca_cert.subject
+
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = cert
+      ef.issuer_certificate = ca_cert
+
+      cert.extensions = is_client ? client_extensions(ef) : server_extensions(ef)
+
+      cert.sign ca_key, OpenSSL::Digest::SHA1.new
+
+      save_cert_and_key cert, key, output_dir
+
+      return cert, key
+
+    end
+      
+    def server_extensions ef
+      [
+        ef.create_extension("basicConstraints","CA:FALSE"),
+        ef.create_extension("keyUsage","Key Encipherment"),
+        ef.create_extension("extendedKeyUsage","1.3.6.1.5.5.7.3.1"),   #means 'TLS Web Server Authentication'
+      ]
+    end
+
+    def client_extensions ef
+      [
+        ef.create_extension("basicConstraints","CA:FALSE"),
+        ef.create_extension("keyUsage","digitalSignature"),
+        ef.create_extension("extendedKeyUsage","1.3.6.1.5.5.7.3.2"),   #means 'TLS Web Client Authentication'
+      ]
+    end    
+    
+  end
+
+end

data/lib/certificate_generator/version.rb

@@ -1,3 +1,3 @@
 module CertificateGenerator
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/spec/certificate_generator_spec.rb

@@ -0,0 +1,50 @@
+require 'rspec/autorun'
+require 'certificate_generator'
+require 'date'
+
+describe CertificateGenerator::CACertificateGenerator do
+  
+  context 'when generating a Certificate Authority certificate' do
+    
+    before :each do
+      
+      generator = CertificateGenerator::CACertificateGenerator.new
+      
+      output_path = '/tmp'
+      @expected_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=CA/emailAddress=ngsmrk@gmail.com"      
+      @ca_cert, @key = generator.generate_ca_cert @expected_subject, output_path
+      
+    end
+    
+    it 'the subject is set correctly' do
+      @ca_cert.subject.to_s.should == @expected_subject
+    end
+    
+    it 'the issuer is set correctly' do
+      @ca_cert.issuer.to_s.should == @expected_subject
+    end   
+    
+    it 'the serial is set correctly' do
+      @ca_cert.serial.should == 0
+    end
+    
+    it 'the version is set correctly' do
+      @ca_cert.version.should == 2
+    end    
+    
+    it 'the expiry date is set correctly' do
+      @ca_cert.not_after.should < (DateTime.now + 365).to_time      
+      @ca_cert.not_after.should > (DateTime.now + 364).to_time
+    end
+    
+    it 'the start date is set correctly' do
+      @ca_cert.not_before.should < Time.now      
+    end
+    
+    it 'the extensions are set correctly' do
+      @ca_cert.extensions.to_s.should == "[basicConstraints = CA:TRUE, keyUsage = Certificate Sign, CRL Sign]" 
+    end
+    
+  end
+  
+end

data/spec/self_signed_certificate_generator_spec.rb

@@ -0,0 +1,101 @@
+require 'rspec/autorun'
+require 'certificate_generator'
+require 'date'
+
+describe CertificateGenerator::SelfSignedCertificateGenerator do
+  
+  context 'when generating a self-signed server certificate' do
+    
+    before :each do
+      
+      output_path = '/tmp'
+      
+      @expected_ca_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=CA/emailAddress=ngsmrk@gmail.com"
+      ca_cert, ca_key = CertificateGenerator::CACertificateGenerator.new.generate_ca_cert @expected_ca_subject, output_path
+      
+      @cname = "my.server"
+      output_path = '/tmp'
+      @cert, @key = CertificateGenerator::SelfSignedCertificateGenerator.new.generate_server_cert @cname, output_path, ca_cert, ca_key
+      
+    end
+    
+    it 'the subject is set correctly' do
+      expected_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=#{@cname}/emailAddress=ngsmrk@gmail.com"
+      @cert.subject.to_s.should == expected_subject
+    end
+    
+    it 'the issuer is set correctly' do
+      @cert.issuer.to_s.should == @expected_ca_subject
+    end   
+    
+    it 'the serial is set correctly' do
+      @cert.serial.should_not be_nil 
+    end
+    
+    it 'the version is set correctly' do
+      @cert.version.should == 2
+    end    
+    
+    it 'the expiry date is set correctly' do
+      @cert.not_after.should < (DateTime.now + 365).to_time      
+      @cert.not_after.should > (DateTime.now + 364).to_time
+    end
+    
+    it 'the start date is set correctly' do
+      @cert.not_before.should < Time.now      
+    end
+    
+    it 'the extensions are set correctly' do
+      @cert.extensions.to_s.should == "[basicConstraints = CA:FALSE, keyUsage = Key Encipherment, extendedKeyUsage = TLS Web Server Authentication]"
+    end
+    
+  end
+
+  context 'when generating a self-signed client certificate' do
+
+     before :each do
+
+       output_path = '/tmp'
+
+       @expected_ca_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=CA/emailAddress=ngsmrk@gmail.com"
+       ca_cert, ca_key = CertificateGenerator::CACertificateGenerator.new.generate_ca_cert @expected_ca_subject, output_path
+
+       @cname = "my.server"
+       output_path = '/tmp'
+       @cert, @key = CertificateGenerator::SelfSignedCertificateGenerator.new.generate_client_cert @cname, output_path, ca_cert, ca_key
+
+     end
+
+     it 'the subject is set correctly' do
+       expected_subject = "/C=GB/ST=London/L=London/O=Acme Inc/OU=Tech/CN=#{@cname}/emailAddress=ngsmrk@gmail.com"
+       @cert.subject.to_s.should == expected_subject
+     end
+
+     it 'the issuer is set correctly' do
+       @cert.issuer.to_s.should == @expected_ca_subject
+     end
+
+     it 'the serial is set correctly' do
+       @cert.serial.should_not be_nil
+     end
+
+     it 'the version is set correctly' do
+       @cert.version.should == 2
+     end
+
+     it 'the expiry date is set correctly' do
+       @cert.not_after.should < (DateTime.now + 365).to_time
+       @cert.not_after.should > (DateTime.now + 364).to_time
+     end
+
+     it 'the start date is set correctly' do
+       @cert.not_before.should < Time.now
+     end
+
+     it 'the extensions are set correctly' do
+       @cert.extensions.to_s.should == "[basicConstraints = CA:FALSE, keyUsage = Digital Signature, extendedKeyUsage = TLS Web Client Authentication]"
+     end
+
+   end
+   
+ end

data/spec/spec_helper.rb

@@ -0,0 +1,3 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'certificate_generator'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: certificate_generator
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,8 +9,24 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-07-18 00:00:00.000000000 Z
-dependencies: []
+date: 2012-07-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: See summary
 email:
 - ngsmrk@gmail.com
@@ -25,7 +41,13 @@ files:
 - Rakefile
 - certificate_generator.gemspec
 - lib/certificate_generator.rb
+- lib/certificate_generator/base.rb
+- lib/certificate_generator/ca_certificate_generator.rb
+- lib/certificate_generator/self_signed_certificate_generator.rb
 - lib/certificate_generator/version.rb
+- spec/certificate_generator_spec.rb
+- spec/self_signed_certificate_generator_spec.rb
+- spec/spec_helper.rb
 homepage: http://github.com/ngsmrk/certificate_generator
 licenses: []
 post_install_message: 
@@ -50,4 +72,7 @@ rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: Gem that handles generation of self-signed SSL certs
-test_files: []
+test_files:
+- spec/certificate_generator_spec.rb
+- spec/self_signed_certificate_generator_spec.rb
+- spec/spec_helper.rb