certmeister 0.4.1 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4a27d8981207e04f484c463efee5eb192b1ac040
4
- data.tar.gz: d3d089cf572cd18dd08997483539fe56b1257f88
3
+ metadata.gz: d599d2605bb65cd2744e7de3d7989ebbb9f5c9ec
4
+ data.tar.gz: 9f0e0e9d87f1c9420c8071e42d365737df0d24b0
5
5
  SHA512:
6
- metadata.gz: 0699466fc8b0eee2e5f68a001138c8a4fa30b64c9fc16830e6e5b5bd64b3d08796e6f348e7c3d2430366890505991173d8857a7e00b252c2923dbf023b0af5c2
7
- data.tar.gz: 76df1686defaeb078155b070dd5b4325bf29a5d565c49bd4d4dacfc5f4754b7607952da5e516651e75edd740fded0e02def5ac2ce3c20032fb725e988629d8c6
6
+ metadata.gz: 364b0d70f2d07ffc8f0c82f12974171b8f7861dad592bf02c5515b9930c85ae933cb1a29efccfca7b4c32b26c1c85e702b9bba6fa3f586709993c68a82b247dc
7
+ data.tar.gz: b8755d5da13d7c2275638218d739dfc4c40cff95da95080402ae2734000fea2bbcec5dd9e2e1f9b4678ede071bd92e9843e260aa473dcd68db70cf7aa2860b98
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- ruby-2.0.0-p247
1
+ ruby-2.1.5
data/Gemfile.lock CHANGED
@@ -1,12 +1,12 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- certmeister (0.4.1)
5
- certmeister-rack (0.4.1)
6
- certmeister (= 0.4.1)
4
+ certmeister (1.0.0)
5
+ certmeister-rack (1.0.0)
6
+ certmeister (= 1.0.0)
7
7
  rack (~> 1.5)
8
- certmeister-redis (0.4.1)
9
- certmeister (= 0.4.1)
8
+ certmeister-redis (1.0.0)
9
+ certmeister (= 1.0.0)
10
10
  redis-sentinel (~> 1.4)
11
11
 
12
12
  GEM
@@ -20,14 +20,18 @@ GEM
20
20
  redis (3.0.7)
21
21
  redis-sentinel (1.4.2)
22
22
  redis
23
- rspec (2.14.1)
24
- rspec-core (~> 2.14.0)
25
- rspec-expectations (~> 2.14.0)
26
- rspec-mocks (~> 2.14.0)
27
- rspec-core (2.14.7)
28
- rspec-expectations (2.14.4)
29
- diff-lcs (>= 1.1.3, < 2.0)
30
- rspec-mocks (2.14.4)
23
+ rspec (3.1.0)
24
+ rspec-core (~> 3.1.0)
25
+ rspec-expectations (~> 3.1.0)
26
+ rspec-mocks (~> 3.1.0)
27
+ rspec-core (3.1.7)
28
+ rspec-support (~> 3.1.0)
29
+ rspec-expectations (3.1.2)
30
+ diff-lcs (>= 1.2.0, < 2.0)
31
+ rspec-support (~> 3.1.0)
32
+ rspec-mocks (3.1.3)
33
+ rspec-support (~> 3.1.0)
34
+ rspec-support (3.1.2)
31
35
 
32
36
  PLATFORMS
33
37
  ruby
@@ -39,4 +43,4 @@ DEPENDENCIES
39
43
  certmeister-redis!
40
44
  rack-test (~> 0.6)
41
45
  rake (~> 0)
42
- rspec (~> 2.14)
46
+ rspec (~> 3.1)
data/README.md CHANGED
@@ -61,5 +61,5 @@ bundle
61
61
  git commit \
62
62
  -m "Bump version to v$(bundle exec ruby -Ilib -rcertmeister -e 'puts Certmeister::VERSION')" \
63
63
  Gemfile.lock lib/certmeister/version.rb
64
- bundle exec release
64
+ bundle exec rake release
65
65
  ```
data/certmeister.gemspec CHANGED
@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
24
24
 
25
25
  spec.add_development_dependency "bundler", "~> 1.5"
26
26
  spec.add_development_dependency "rake", "~> 0"
27
- spec.add_development_dependency "rspec", "~> 2.14"
27
+ spec.add_development_dependency "rspec", "~> 3.1"
28
28
  end
@@ -0,0 +1,111 @@
1
+ #!/bin/sh -e
2
+
3
+ DEFAULT_SERVICE=http://certmeister.hetzner.co.za/certificate
4
+
5
+ usage() {
6
+ echo "usage: certmeister-client create /path/to/save/key.pem /path/to/save/crt.pem"
7
+ echo " certmeister-client fetch /path/to/save/crt.pem"
8
+ echo " certmeister-client remove"
9
+ echo
10
+ echo "Environmental overrides:"
11
+ echo
12
+ echo " CERTMEISTER_HOSTNAME name to use as CN in CSR"
13
+ echo " (default: hostname --fqdn)"
14
+ echo " CERTMEISTER_SERVICE the URI prefix of certmeister service"
15
+ echo " (default: $DEFAULT_SERVICE)"
16
+ exit 1
17
+ }
18
+
19
+ install_preserving_permissions() {
20
+ src_file=$1
21
+ dst_file=$2
22
+
23
+ if [ -e "$dst_file" ]; then
24
+ cat "$src_file" > "$dst_file"
25
+ else
26
+ cp "$src_file" "$dst_file"
27
+ fi
28
+ }
29
+
30
+ tmp=
31
+ cleanup() {
32
+ if [ -e "$tmp" ]; then
33
+ rm -rf "$tmp"
34
+ fi
35
+ }
36
+
37
+ umask 0077
38
+
39
+ type -p curl >/dev/null
40
+ type -p openssl >/dev/null
41
+ perl -MURI::Escape -e 'print uri_escape(" ")' >/dev/null
42
+ hostname=${CERTMEISTER_HOSTNAME:=$(hostname --fqdn)}
43
+ uri=${CERTMEISTER_SERVICE:=$DEFAULT_SERVICE}/$hostname
44
+
45
+ [ $# -gt 0 ] || usage
46
+ command="$1"
47
+ shift
48
+
49
+ case "$command" in
50
+ create)
51
+ [ $# = 2 ] || usage
52
+ key_file=$1
53
+ crt_file=$2
54
+ tmp=$(mktemp -d -t certmeister.XXXXXX)
55
+ trap cleanup EXIT
56
+ echo Creating secret key for $hostname...
57
+ openssl genrsa -out $tmp/key.pem 4096
58
+ echo Creating certificate signing request for $hostname...
59
+ openssl req -new -subj "/C=ZA/ST=Western Cape/L=Cape Town/O=Hetzner PTY Ltd/CN=$hostname" -key $tmp/key.pem -out $tmp/csr.pem
60
+ csr=$(perl -MURI::Escape -e 'print uri_escape(join("", <STDIN>));' < $tmp/csr.pem)
61
+ echo Sending signing request to $uri...
62
+ curl -s -S -L -d "csr=$csr" $uri > $tmp/crt.pem
63
+ if ! openssl x509 -subject -noout -in $tmp/crt.pem >/dev/null 2>&1; then
64
+ cat $tmp/crt.pem 1>&2
65
+ echo 1>&2
66
+ exit 1
67
+ fi
68
+ echo Installing certificate and key...
69
+ chmod 644 $tmp/crt.pem
70
+ install_preserving_permissions $tmp/key.pem $key_file
71
+ install_preserving_permissions $tmp/crt.pem $crt_file
72
+ cd /
73
+ rm -rf $tmp
74
+ echo Done.
75
+ ;;
76
+ fetch)
77
+ [ $# = 1 ] || usage
78
+ crt_file=$1
79
+ tmp=$(mktemp -d -t certmeister.XXXXXX)
80
+ trap cleanup EXIT
81
+ echo Requesting certificate from $uri...
82
+ curl -s -S $uri > $tmp/crt.pem
83
+ if ! openssl x509 -subject -noout -in $tmp/crt.pem >/dev/null 2>&1; then
84
+ cat $tmp/crt.pem 1>&2
85
+ echo 1>&2
86
+ exit 1
87
+ fi
88
+ echo Installing certificate...
89
+ chmod 644 $tmp/crt.pem
90
+ install_preserving_permissions $tmp/crt.pem $crt_file
91
+ cd /
92
+ rm -rf $tmp
93
+ echo Done.
94
+ ;;
95
+ remove)
96
+ [ $# = 0 ] || usage
97
+ echo Sending delete request to $uri...
98
+ response=$(curl -s -S -X DELETE $uri 2>&1)
99
+ if ! echo "$response" | grep -q '^200 OK'; then
100
+ echo error: $response 1>&2
101
+ echo 1>&2
102
+ exit 1
103
+ fi
104
+ echo Done.
105
+ ;;
106
+ *)
107
+ usage
108
+ ;;
109
+ esac
110
+
111
+ exit 0
data/contrib/config.ru CHANGED
@@ -8,14 +8,21 @@ require 'redis'
8
8
 
9
9
  store = Certmeister::Redis::Store.new(Redis.new, "development")
10
10
 
11
- sign_policy =
11
+ sign_policy = Certmeister::Policy::ChainAny.new([
12
12
  Certmeister::Policy::ChainAll.new([
13
+ Certmeister::Policy::Existing.new(store),
13
14
  Certmeister::Policy::Domain.new(['host-h.net']),
14
15
  Certmeister::Policy::Fcrdns.new,
16
+ ]),
17
+ Certmeister::Policy::ChainAll.new([
15
18
  Certmeister::Policy::Existing.new(store),
16
- ])
19
+ Certmeister::Policy::Domain.new(['example.com']),
20
+ Certmeister::Policy::IP.new(['192.168.0.0/23']),
21
+ ]),
22
+ Certmeister::Policy::IP.new(['127.0.0.1/32']),
23
+ ])
17
24
  fetch_policy = Certmeister::Policy::Noop.new
18
- remove_policy = Certmeister::Policy::IP.new(['127.0.0.0/8'])
25
+ remove_policy = Certmeister::Policy::IP.new(['192.168.0.0/23', '127.0.0.1/32'])
19
26
 
20
27
  ca = Certmeister.new(
21
28
  Certmeister::Config.new(
@@ -28,21 +28,21 @@ module Certmeister
28
28
 
29
29
  it "deletes certificates by CN (common name)" do
30
30
  subject.store('axl.hetzner.africa', "cert")
31
- expect(subject.remove('axl.hetzner.africa')).to be_true
31
+ expect(subject.remove('axl.hetzner.africa')).to be true
32
32
  expect(subject.fetch('axl.hetzner.africa')).to be_nil
33
33
  end
34
34
 
35
35
  it "returns false when removing a non-existent CN" do
36
- expect(subject.remove('axl.hetzner.africa')).to be_false
36
+ expect(subject.remove('axl.hetzner.africa')).to be false
37
37
  end
38
38
 
39
39
  it "returns true from health_check when healthy" do
40
- expect(subject.health_check).to be_true
40
+ expect(subject.health_check).to be true
41
41
  end
42
42
 
43
43
  it "returns false from health_check when not healthy" do
44
44
  subject.send(:break!)
45
- expect(subject.health_check).to be_false
45
+ expect(subject.health_check).to be false
46
46
  end
47
47
 
48
48
  end
@@ -1,5 +1,5 @@
1
1
  module Certmeister
2
2
 
3
- VERSION = '0.4.1' unless defined?(VERSION)
3
+ VERSION = '1.0.0' unless defined?(VERSION)
4
4
 
5
5
  end
@@ -34,7 +34,7 @@ describe Certmeister::Policy::Fcrdns do
34
34
  describe "error handling" do
35
35
 
36
36
  it "refuses to authenticate a request when a DNS failure occurs" do
37
- Resolv::DNS.any_instance.stub(:getnames).with('nonsense').and_raise(Resolv::ResolvError.new("cannot interpret as address: nonsense"))
37
+ allow_any_instance_of(Resolv::DNS).to receive(:getnames).with('nonsense').and_raise(Resolv::ResolvError.new("cannot interpret as address: nonsense"))
38
38
  response = subject.authenticate({cn: 'localhost', ip: 'nonsense'})
39
39
  expect(response).to_not be_authenticated
40
40
  expect(response.error).to eql "DNS error (cannot interpret as address: nonsense)"
@@ -23,10 +23,10 @@ describe Certmeister::Response do
23
23
  end
24
24
 
25
25
  it "offers appropriate boolean flags" do
26
- expect(subject.hit?).to be_false
27
- expect(subject.miss?).to be_false
28
- expect(subject.denied?).to be_false
29
- expect(subject.error?).to be_true
26
+ expect(subject.hit?).to be false
27
+ expect(subject.miss?).to be false
28
+ expect(subject.denied?).to be false
29
+ expect(subject.error?).to be true
30
30
  end
31
31
 
32
32
  end
@@ -44,10 +44,10 @@ describe Certmeister::Response do
44
44
  end
45
45
 
46
46
  it "offers appropriate boolean flags" do
47
- expect(subject.hit?).to be_false
48
- expect(subject.miss?).to be_false
49
- expect(subject.denied?).to be_true
50
- expect(subject.error?).to be_false
47
+ expect(subject.hit?).to be false
48
+ expect(subject.miss?).to be false
49
+ expect(subject.denied?).to be true
50
+ expect(subject.error?).to be false
51
51
  end
52
52
 
53
53
  end
@@ -65,10 +65,10 @@ describe Certmeister::Response do
65
65
  end
66
66
 
67
67
  it "offers appropriate boolean flags" do
68
- expect(subject.hit?).to be_false
69
- expect(subject.miss?).to be_true
70
- expect(subject.denied?).to be_false
71
- expect(subject.error?).to be_false
68
+ expect(subject.hit?).to be false
69
+ expect(subject.miss?).to be true
70
+ expect(subject.denied?).to be false
71
+ expect(subject.error?).to be false
72
72
  end
73
73
 
74
74
  end
@@ -87,10 +87,10 @@ describe Certmeister::Response do
87
87
  end
88
88
 
89
89
  it "offers appropriate boolean flags" do
90
- expect(subject.hit?).to be_true
91
- expect(subject.miss?).to be_false
92
- expect(subject.denied?).to be_false
93
- expect(subject.error?).to be_false
90
+ expect(subject.hit?).to be true
91
+ expect(subject.miss?).to be false
92
+ expect(subject.denied?).to be false
93
+ expect(subject.error?).to be false
94
94
  end
95
95
 
96
96
  end
data/spec/spec_helper.rb CHANGED
@@ -5,7 +5,6 @@
5
5
  #
6
6
  # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
7
7
  RSpec.configure do |config|
8
- config.treat_symbols_as_metadata_keys_with_true_values = true
9
8
  config.run_all_when_everything_filtered = true
10
9
  config.filter_run :focus
11
10
 
metadata CHANGED
@@ -1,57 +1,57 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: certmeister
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sheldon Hearn
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-02-07 00:00:00.000000000 Z
11
+ date: 2015-01-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - ~>
17
+ - - "~>"
18
18
  - !ruby/object:Gem::Version
19
19
  version: '1.5'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - ~>
24
+ - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: '1.5'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ~>
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
33
  version: '0'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ~>
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ~>
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '2.14'
47
+ version: '3.1'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ~>
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '2.14'
54
+ version: '3.1'
55
55
  description: Certificate authority that can be configured to make decisions about
56
56
  whether to autosign certificate signing requests for clients. This gem provides
57
57
  the protocol-agnostic library, which is expected to be used within something like
@@ -62,10 +62,10 @@ executables: []
62
62
  extensions: []
63
63
  extra_rdoc_files: []
64
64
  files:
65
- - .gitignore
66
- - .rspec
67
- - .ruby-gemset
68
- - .ruby-version
65
+ - ".gitignore"
66
+ - ".rspec"
67
+ - ".ruby-gemset"
68
+ - ".ruby-version"
69
69
  - Gemfile
70
70
  - Gemfile.lock
71
71
  - LICENSE
@@ -77,6 +77,7 @@ files:
77
77
  - contrib/.ruby-gemset
78
78
  - contrib/.ruby-version
79
79
  - contrib/Gemfile
80
+ - contrib/certmeister-client
80
81
  - contrib/config.ru
81
82
  - contrib/hosts
82
83
  - contrib/redis.yml
@@ -135,17 +136,17 @@ require_paths:
135
136
  - lib
136
137
  required_ruby_version: !ruby/object:Gem::Requirement
137
138
  requirements:
138
- - - '>='
139
+ - - ">="
139
140
  - !ruby/object:Gem::Version
140
141
  version: '0'
141
142
  required_rubygems_version: !ruby/object:Gem::Requirement
142
143
  requirements:
143
- - - '>='
144
+ - - ">="
144
145
  - !ruby/object:Gem::Version
145
146
  version: '0'
146
147
  requirements: []
147
148
  rubyforge_project:
148
- rubygems_version: 2.2.1
149
+ rubygems_version: 2.4.5
149
150
  signing_key:
150
151
  specification_version: 4
151
152
  summary: Conditionally autosigning certificate authority.