certify 0.0.2

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,3 @@
+= Certify
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,55 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Certify'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "uniquify"
+    gemspec.summary = "Generate a unique token with Active Record."
+    gemspec.description = "Generate a unique token with Active Record."
+    gemspec.email = "ryan@railscasts.com"
+    gemspec.homepage = "http://github.com/ryanb/uniquify"
+    gemspec.authors = ["Ryan Bates"]
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install jeweler -s http://gemcutter.org"
+end

data/app/assets/javascripts/certify/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/app/assets/javascripts/certify/authorities.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/javascripts/certify/certificates.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/stylesheets/certify/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+*/

data/app/assets/stylesheets/certify/authorities.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/certify/certificates.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/scaffold.css

@@ -0,0 +1,56 @@
+body { background-color: #fff; color: #333; }
+
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size:   13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a { color: #000; }
+a:visited { color: #666; }
+a:hover { color: #fff; background-color:#000; }
+
+div.field, div.actions {
+  margin-bottom: 10px;
+}
+
+#notice {
+  color: green;
+}
+
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px;
+  padding-bottom: 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+
+#error_explanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px;
+  margin-bottom: 0px;
+  background-color: #c00;
+  color: #fff;
+}
+
+#error_explanation ul li {
+  font-size: 12px;
+  list-style: square;
+}

data/app/controllers/certify/application_controller.rb

@@ -0,0 +1,4 @@
+module Certify
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/certify/authorities_controller.rb

@@ -0,0 +1,64 @@
+module Certify
+  class AuthoritiesController < ApplicationController
+    # GET /authorities
+    # GET /authorities.json
+    def index
+      @authorities = Authority.all
+  
+      respond_to do |format|
+        format.html # _certificate_overview.html.erb
+        format.json { render json: @authorities }
+      end
+    end
+  
+    # GET /authorities/1
+    # GET /authorities/1.json
+    def show
+      @authority = Authority.find(params[:id])
+  
+      respond_to do |format|
+        format.html # show.html.erb
+        format.json { render json: @authority }
+      end
+    end
+  
+    # GET /authorities/new
+    # GET /authorities/new.json
+    def new
+      @authority = Authority.new
+  
+      respond_to do |format|
+        format.html # new.html.erb
+        format.json { render json: @authority }
+      end
+    end
+
+    # POST /authorities
+    # POST /authorities.json
+    def create
+      @authority = Authority.new(params[:authority])
+  
+      respond_to do |format|
+        if @authority.save
+          format.html { redirect_to @authority, notice: 'Authority was successfully created.' }
+          format.json { render json: @authority, status: :created, location: @authority }
+        else
+          format.html { render action: "new" }
+          format.json { render json: @authority.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # DELETE /authorities/1
+    # DELETE /authorities/1.json
+    def destroy
+      @authority = Authority.find(params[:id])
+      @authority.destroy
+  
+      respond_to do |format|
+        format.html { redirect_to authorities_url }
+        format.json { head :no_content }
+      end
+    end
+  end
+end

data/app/controllers/certify/certificates_controller.rb

@@ -0,0 +1,70 @@
+module Certify
+  class CertificatesController < ApplicationController
+
+    # GET /certificates/1
+    # GET /certificates/1.json
+    def show
+      @certificate = Certificate.find(params[:id])
+  
+      respond_to do |format|
+        format.html # show.html.erb
+        format.json { render json: @certificate }
+      end
+    end
+  
+    # GET /certificates/new
+    # GET /certificates/new.json
+    def new
+      # get the authority
+      @authority = Authority.find(params[:certify_authority_id])
+
+      # generate a new one
+      @certificate = Certificate.new()
+
+      respond_to do |format|
+        format.html # new.html.erb
+        format.json { render json: @certificate }
+      end
+    end
+
+    # POST /certificates
+    # POST /certificates.json
+    def create
+      # get the ca
+      @authority = Authority.find(params[:certify_authority_id])
+
+      # create the cert
+      @certificate = @authority.certificates.build()
+
+      # apply the csr
+      @certificate.csr=params[:csr]
+
+      # format
+      respond_to do |format|
+        if @certificate.save
+          format.html { redirect_to authority_path(@authority), notice: 'Certificate was successfully created.' }
+          format.json { render json: @certificate, status: :created, location: @certificate }
+        else
+          format.html { render action: "new" }
+          format.json { render json: @certificate.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # DELETE /certificates/1
+    # DELETE /certificates/1.json
+    def destroy
+      # get the ca
+      @authority = Authority.find(params[:certify_authority_id])
+
+      # get the certificate
+      @certificate = Certificate.find(params[:id])
+      @certificate.destroy
+  
+      respond_to do |format|
+        format.html { redirect_to authority_path(@authority), notice: 'Certificate removed' }
+        format.json { head :no_content }
+      end
+    end
+  end
+end

data/app/helpers/certify/application_helper.rb

@@ -0,0 +1,4 @@
+module Certify
+  module ApplicationHelper
+  end
+end

data/app/helpers/certify/authorities_helper.rb

@@ -0,0 +1,4 @@
+module Certify
+  module AuthoritiesHelper
+  end
+end

data/app/helpers/certify/certificates_helper.rb

@@ -0,0 +1,4 @@
+module Certify
+  module CertificatesHelper
+  end
+end

data/app/models/certify/authority.rb

@@ -0,0 +1,133 @@
+module Certify
+  class Authority < ActiveRecord::Base
+    # make this attributes accessable in forms and so on
+    attr_accessible :commonname, :organization, :city, :state, :country, :email
+
+    # virtual attributes
+    attr_writer :commonname, :organization, :city, :state, :country, :email
+
+    # associations
+    has_many :certificates, :dependent => :destroy, :inverse_of => :authority
+
+    # validates
+    validates :uniqueid, :uniqueness => true
+    validates :commonname, :city, :state, :country, :organization, :email, :presence => true
+    validates_format_of :commonname, :with => /^[\w\-@]*$/, :message => "Only letters or numbers allowed"
+    validates_length_of :country, :maximum => 2
+    validates_format_of :country, :with => /^[a-zA-Z]*$/, :message => "Only letters allowed"
+    validates_email_format_of :email
+
+    # handler
+    after_initialize :generate_unique_id
+    before_create :generate_new_ca
+
+    # property accessors
+    def private_key
+      OpenSSL::PKey::RSA.new(self.rsakey) if self.rsakey
+    end
+
+    def root_certificate
+      OpenSSL::X509::Certificate.new(self.sslcert) if self.sslcert
+    end
+
+    def commonname
+      if root_certificate
+        subject_hash["CN"]
+      else
+        @commonname
+      end
+    end
+
+    def organization
+      if root_certificate
+        subject_hash["O"]
+      else
+        @organization
+      end
+    end
+
+    def city
+      if root_certificate
+        subject_hash["L"]
+      else
+        @city
+      end
+    end
+
+    def state
+      if root_certificate
+        subject_hash["ST"]
+      else
+        @state
+      end
+    end
+
+    def country
+      if root_certificate
+        subject_hash["C"]
+      else
+        @country
+      end
+    end
+
+    def email
+      if root_certificate
+        subject_hash["emailAddress"]
+      else
+        @email
+      end
+    end
+
+    #
+    # This method builds the subject hash from the x509 name
+    def subject_hash
+      # get the array from the name
+      dataArray = self.root_certificate.subject.to_a
+
+      # create the result hash
+      dataHash = Hash.new()
+
+      # go through
+      dataArray.each do |item|
+        dataHash[item[0]] = item[1]
+      end
+
+      # emit
+      dataHash
+    end
+
+    # builds a new CA
+    def generate_new_ca()
+      # generate the root key pair
+      root_key = OpenSSL::PKey::RSA.new 2048 # the CA's public/private key
+      self.rsakey = root_key.to_pem
+
+      # generate the CA name
+      ca_name_str = "/C=#{country}/ST=#{state}/O=#{organization}/L=#{city}/CN=#{commonname}/emailAddress=#{email}"
+
+      # parse the name
+      ca_name = OpenSSL::X509::Name.parse  ca_name_str
+
+      # generate the root certificate
+      root_ca = OpenSSL::X509::Certificate.new
+      root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
+      root_ca.serial = 1
+      root_ca.subject = ca_name
+      root_ca.issuer = root_ca.subject # root CA's are "self-signed"
+      root_ca.public_key = root_key.public_key
+      root_ca.not_before = Time.now
+      root_ca.not_after = root_ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = root_ca
+      ef.issuer_certificate = root_ca
+      root_ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true))
+      root_ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
+      root_ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
+      root_ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false))
+      root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
+
+      # store the root ca
+      self.sslcert = root_ca.to_pem
+    end
+  end
+end

data/app/models/certify/certificate.rb

@@ -0,0 +1,51 @@
+module Certify
+  class Certificate < ActiveRecord::Base
+    # accessor
+    attr_accessible :certify_authority, :ssldata, :uniqueid
+
+    # associations
+    belongs_to :authority, :inverse_of => :certificates
+
+    # validates
+    validates :uniqueid, :uniqueness => true
+    validates :uniqueid, :ssldata, :presence => true
+
+    # handler
+    after_initialize :generate_unique_id
+
+    # set the csr where you want to generate a certificate from
+    def csr=(csrpem)
+      # read the csr
+      csr = OpenSSL::X509::Request.new(csrpem)
+
+      # get the ca_cert
+      ca = self.authority
+      ca_cert = ca.root_certificate
+      ca_key = ca.private_key
+
+      # generate a new cert
+      csr_cert = OpenSSL::X509::Certificate.new
+      csr_cert.serial = 0
+      csr_cert.version = 2
+      csr_cert.not_before = Time.now
+      csr_cert.not_after = Time.now + 600
+
+      csr_cert.subject = csr.subject
+      csr_cert.public_key = csr.public_key
+      csr_cert.issuer = ca_cert.subject
+
+      extension_factory = OpenSSL::X509::ExtensionFactory.new
+      extension_factory.subject_certificate = csr_cert
+      extension_factory.issuer_certificate = ca_cert
+
+      extension_factory.create_extension 'basicConstraints', 'CA:FALSE'
+      extension_factory.create_extension 'keyUsage',
+                                         'keyEncipherment,dataEncipherment,digitalSignature'
+      extension_factory.create_extension 'subjectKeyIdentifier', 'hash'
+
+      csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new
+
+      self.ssldata = csr_cert.to_pem
+    end
+  end
+end

data/app/views/certify/authorities/_form.html.erb

@@ -0,0 +1,45 @@
+<%= form_for(@authority) do |f| %>
+    <% if @authority.errors.any? %>
+        <div id="error_explanation">
+          <h2><%= pluralize(@authority.errors.count, "error") %> prohibited this certificate_authority from being saved:</h2>
+
+          <ul>
+            <% @authority.errors.full_messages.each do |msg| %>
+                <li><%= msg %></li>
+            <% end %>
+          </ul>
+        </div>
+    <% end %>
+
+    <div class="field">
+      <%= f.label :uniqueid %><br />
+      <%= f.text_field :uniqueid, :disabled => true %>
+    </div>
+    <div class="field">
+      <%= f.label :commonname %><br />
+      <%= f.text_field :commonname %>
+    </div>
+    <div class="field">
+      <%= f.label :organization %><br />
+      <%= f.text_field :organization %>
+    </div>
+    <div class="field">
+      <%= f.label :city %><br />
+      <%= f.text_field :city %>
+    </div>
+    <div class="field">
+      <%= f.label :state %><br />
+      <%= f.text_field :state %>
+    </div>
+    <div class="field">
+      <%= f.label :country %><br />
+      <%= f.text_field :country %>
+    </div>
+    <div class="field">
+      <%= f.label :email %><br />
+      <%= f.text_field :email %>
+    </div>
+    <div class="actions">
+      <%= f.submit %>
+    </div>
+<% end %>

data/app/views/certify/authorities/index.html.erb

@@ -0,0 +1,24 @@
+<h1>Existing Certificate Authorities</h1>
+
+<table>
+  <tr>
+    <th>Commonname</th>
+    <th>Organization</th>
+    <th>Email</th>
+    <th></th>
+    <th></th>
+  </tr>
+
+  <% @authorities.each do |authority| %>
+      <tr>
+        <td><%= link_to authority.commonname , authority %></td>
+        <td><%= authority.organization %></td>
+        <td><%= authority.email %></td>
+        <td><%= link_to 'Destroy', authority, confirm: 'Are you sure?', method: :delete %></td>
+      </tr>
+  <% end %>
+</table>
+
+<br />
+
+<%= link_to 'New Certificate authority', new_authority_path %>

data/app/views/certify/authorities/new.html.erb

@@ -0,0 +1,5 @@
+<h1>New Certificate Authority</h1>
+
+<%= render 'form' %>
+
+<%= link_to 'Back', authorities_path %>

data/app/views/certify/authorities/show.html.erb

@@ -0,0 +1,61 @@
+<h1><%= @authority.organization %> (<%= @authority.commonname %>)</h1>
+<p id="notice"><%= notice %></p>
+
+<p>
+  <b>Unique:</b>
+  <%= @authority.uniqueid %>
+</p>
+
+<p>
+  <b>City:</b>
+  <%= @authority.city %>
+</p>
+
+<p>
+  <b>State:</b>
+  <%= @authority.state %>
+</p>
+
+<p>
+  <b>Country:</b>
+  <%= @authority.country %>
+</p>
+
+<p>
+  <b>Email:</b>
+  <%= @authority.email %>
+</p>
+
+<p>
+  <b>Private-Key:</b>
+  <%= @authority.private_key.to_pem %>
+</p>
+
+<p>
+  <b>Root-Certificate:</b>
+  <%= @authority.root_certificate.to_pem %>
+</p>
+
+<h1>Listing certificates</h1>
+
+<table>
+  <tr>
+    <th>Uniqueid</th>
+    <th>Ssldata</th>
+    <th></th>
+    <th></th>
+  </tr>
+
+  <% @authority.certificates.each do |certificate| %>
+      <tr>
+        <td><%= certificate.uniqueid %></td>
+        <td><%= certificate.ssldata %></td>
+        <td><%= link_to 'Show', certificate_path(certificate, :certify_authority_id => certificate.authority)%></td>
+        <td><%= link_to 'Destroy', certificate_path(certificate, :certify_authority_id => certificate.authority), confirm: 'Are you sure?', method: :delete %></td>
+      </tr>
+  <% end %>
+</table>
+<BR/>
+
+<%= link_to 'Add Certificate', new_certificate_path(@authority) %> |
+<%= link_to 'Back', authorities_path %>