certmeister 2.0.0 → 2.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 083750255abf59b0e78a0c68f3b3aca6fd57d790
4
- data.tar.gz: 5438388c4400a77bfa580dbb86d11560104a246a
3
+ metadata.gz: 6cc20cbf2bb5c2b4b721280da39d1f83ca04ac0a
4
+ data.tar.gz: aa0e73207c9f71d79ee4ebdf69df41c65dd47829
5
5
  SHA512:
6
- metadata.gz: 437fd1f9d23f2e5355bb70453bbaa06d9195ab037b23eeda614eccc109e7027900de0ae1b7637d346a887775173bc5761d6d3b7e50220a7cc007327e6599a5c4
7
- data.tar.gz: 9d4b7cfef3c402a6547df3cee80301a00bdc4eda57a8f86c04f572f85eaba7760d55bacfa6fb6a23b15560cfa82fe0871f11f283875ac608934e1f799eda49bf
6
+ metadata.gz: 68c617c0234008b6900ddedc66a6ac08a2a5d296e46a8bf1583c5f5aa059b5c827c3f6060908920a7c9862de8b02faa2f924b7693ea6e820266784340b2e4248
7
+ data.tar.gz: 37bd6723f00a8defd6121d50bcb77c01e881e54c543abe408cbdc2f2fb561863160d9c472ea666cb01fb7bded26ba049392ba96d55e9a2769dbc2e754c3aaf07
data/Gemfile.lock CHANGED
@@ -1,19 +1,13 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- certmeister (2.0.0)
5
- certmeister-rack (2.0.0)
6
- certmeister (= 2.0.0)
7
- rack (~> 1.5)
4
+ certmeister (2.1.0)
8
5
 
9
6
  GEM
10
7
  remote: http://rubygems.org/
11
8
  specs:
12
9
  diff-lcs (1.2.5)
13
- rack (1.5.2)
14
- rack-test (0.6.2)
15
- rack (>= 1.0)
16
- rake (0.9.6)
10
+ rake (10.4.2)
17
11
  rspec (3.1.0)
18
12
  rspec-core (~> 3.1.0)
19
13
  rspec-expectations (~> 3.1.0)
@@ -33,7 +27,5 @@ PLATFORMS
33
27
  DEPENDENCIES
34
28
  bundler (~> 1.5)
35
29
  certmeister!
36
- certmeister-rack!
37
- rack-test (~> 0.6)
38
- rake (~> 0)
30
+ rake (~> 10.4.2)
39
31
  rspec (~> 3.1)
data/README.md CHANGED
@@ -15,10 +15,13 @@ The reference access policy in use by Hetzner PTY Ltd is:
15
15
 
16
16
  This allows us the convenience of Puppet's autosign feature, without the horrendous security implications.
17
17
 
18
- This repository currently builds two gems:
18
+ This repository currently builds one gem:
19
19
 
20
20
  * _certmeister_ - the CA, some off-the-shelf policy modules and an in-memory cert store
21
- * _certmeister-rack_ - a rack application to provide an HTTP interface to the CA
21
+
22
+ A rack application to provide an HTTP interface to the CA is available as a separate gem:
23
+
24
+ * [certmeister-rack](https://github.com/sheldonh/certmeister-rack)
22
25
 
23
26
  Only an in-memory store is provided. Others are available as separate gems:
24
27
 
@@ -26,16 +29,8 @@ Only an in-memory store is provided. Others are available as separate gems:
26
29
  * [certmeister-pg](https://github.com/sheldonh/certmeister-pg)
27
30
  * [certmeister-redis](https://github.com/sheldonh/certmeister-redis)
28
31
 
29
- An example, using redis and rack and enforcing Hetzner PTY Ltd's policy, is available in [contrib/config.ru](contrib/config.ru).
30
-
31
- To hit the service:
32
-
33
- ```
34
- $ curl -L \
35
- -d "psk=secretkey" \
36
- -d "csr=$(perl -MURI::Escape -e 'print uri_escape(join("", <STDIN>));' < fixtures/client.csr)" \
37
- http://localhost:9292/ca/certificate/axl.starjuice.net
38
- ```
32
+ An example, using redis and rack and enforcing Hetzner PTY Ltd's policy, is available in the `contrib` subdirectory of the
33
+ [certmeister-rack](https://github.com/sheldonh/certmeister-rack) source.
39
34
 
40
35
  ## Testing
41
36
 
data/certmeister.gemspec CHANGED
@@ -23,6 +23,6 @@ Gem::Specification.new do |spec|
23
23
  spec.require_paths = ["lib"]
24
24
 
25
25
  spec.add_development_dependency "bundler", "~> 1.5"
26
- spec.add_development_dependency "rake", "~> 0"
26
+ spec.add_development_dependency "rake", "~> 10.4.2"
27
27
  spec.add_development_dependency "rspec", "~> 3.1"
28
28
  end
@@ -58,6 +58,10 @@ module Certmeister
58
58
  end
59
59
  end
60
60
 
61
+ def ca_cert_pem
62
+ @ca_cert.to_pem
63
+ end
64
+
61
65
  private
62
66
 
63
67
  def subject_to_policy(policy, request, &block)
@@ -1,5 +1,5 @@
1
1
  module Certmeister
2
2
 
3
- VERSION = '2.0.0' unless defined?(VERSION)
3
+ VERSION = '2.1.0' unless defined?(VERSION)
4
4
 
5
5
  end
@@ -201,5 +201,14 @@ describe Certmeister do
201
201
 
202
202
  end
203
203
 
204
+ describe "#ca_cert_pem" do
205
+
206
+ it "exposes the CA certificate in PEM format" do
207
+ ca = Certmeister.new(CertmeisterConfigHelper::valid_config)
208
+ expect(ca.ca_cert_pem).to match(/-----BEGIN CERTIFICATE-----/)
209
+ end
210
+
211
+ end
212
+
204
213
  end
205
214
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: certmeister
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sheldon Hearn
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-02-11 00:00:00.000000000 Z
11
+ date: 2015-04-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0'
33
+ version: 10.4.2
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0'
40
+ version: 10.4.2
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -71,15 +71,7 @@ files:
71
71
  - LICENSE
72
72
  - README.md
73
73
  - Rakefile
74
- - certmeister-rack.gemspec
75
74
  - certmeister.gemspec
76
- - contrib/.ruby-gemset
77
- - contrib/.ruby-version
78
- - contrib/Gemfile
79
- - contrib/certmeister-client
80
- - contrib/config.ru
81
- - contrib/hosts
82
- - contrib/redis.yml
83
75
  - fixtures/ca.crt
84
76
  - fixtures/ca.csr
85
77
  - fixtures/ca.key
@@ -1,24 +0,0 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'certmeister/version'
5
-
6
- Gem::Specification.new do |spec|
7
- spec.name = "certmeister-rack"
8
- spec.version = Certmeister::VERSION
9
- spec.authors = ["Sheldon Hearn"]
10
- spec.email = ["sheldonh@starjuice.net"]
11
- spec.summary = %q{Rack application for certmeister}
12
- spec.description = %q{This gem provides a rack application to offer an HTTP service around certmeister, the conditional autosigning certificate authority.}
13
- spec.homepage = "https://github.com/sheldonh/certmeister"
14
- spec.license = "MIT"
15
-
16
- spec.files = `git ls-files -z lib/certmeister spec/certmeister`.split("\x0").grep(/rack/)
17
- spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
- spec.require_paths = ["lib"]
19
-
20
- spec.add_dependency "certmeister", Certmeister::VERSION
21
- spec.add_dependency "rack", "~> 1.5"
22
-
23
- spec.add_development_dependency "rack-test", "~> 0.6"
24
- end
data/contrib/.ruby-gemset DELETED
@@ -1 +0,0 @@
1
- certmeister-contrib
@@ -1 +0,0 @@
1
- ruby-2.1.5
data/contrib/Gemfile DELETED
@@ -1,6 +0,0 @@
1
- source "https://rubygems.org/"
2
-
3
- gem "certmeister", path: '..'
4
- gem "certmeister-redis"
5
- gem "redis"
6
- gem "rack"
@@ -1,111 +0,0 @@
1
- #!/bin/sh -e
2
-
3
- DEFAULT_SERVICE=http://certmeister.hetzner.co.za/certificate
4
-
5
- usage() {
6
- echo "usage: certmeister-client create /path/to/save/key.pem /path/to/save/crt.pem"
7
- echo " certmeister-client fetch /path/to/save/crt.pem"
8
- echo " certmeister-client remove"
9
- echo
10
- echo "Environmental overrides:"
11
- echo
12
- echo " CERTMEISTER_HOSTNAME name to use as CN in CSR"
13
- echo " (default: hostname --fqdn)"
14
- echo " CERTMEISTER_SERVICE the URI prefix of certmeister service"
15
- echo " (default: $DEFAULT_SERVICE)"
16
- exit 1
17
- }
18
-
19
- install_preserving_permissions() {
20
- src_file=$1
21
- dst_file=$2
22
-
23
- if [ -e "$dst_file" ]; then
24
- cat "$src_file" > "$dst_file"
25
- else
26
- cp "$src_file" "$dst_file"
27
- fi
28
- }
29
-
30
- tmp=
31
- cleanup() {
32
- if [ -e "$tmp" ]; then
33
- rm -rf "$tmp"
34
- fi
35
- }
36
-
37
- umask 0077
38
-
39
- type -p curl >/dev/null
40
- type -p openssl >/dev/null
41
- perl -MURI::Escape -e 'print uri_escape(" ")' >/dev/null
42
- hostname=${CERTMEISTER_HOSTNAME:=$(hostname --fqdn)}
43
- uri=${CERTMEISTER_SERVICE:=$DEFAULT_SERVICE}/$hostname
44
-
45
- [ $# -gt 0 ] || usage
46
- command="$1"
47
- shift
48
-
49
- case "$command" in
50
- create)
51
- [ $# = 2 ] || usage
52
- key_file=$1
53
- crt_file=$2
54
- tmp=$(mktemp -d -t certmeister.XXXXXX)
55
- trap cleanup EXIT
56
- echo Creating secret key for $hostname...
57
- openssl genrsa -out $tmp/key.pem 4096
58
- echo Creating certificate signing request for $hostname...
59
- openssl req -new -subj "/C=ZA/ST=Western Cape/L=Cape Town/O=Hetzner PTY Ltd/CN=$hostname" -key $tmp/key.pem -out $tmp/csr.pem
60
- csr=$(perl -MURI::Escape -e 'print uri_escape(join("", <STDIN>));' < $tmp/csr.pem)
61
- echo Sending signing request to $uri...
62
- curl -s -S -L -d "csr=$csr" $uri > $tmp/crt.pem
63
- if ! openssl x509 -subject -noout -in $tmp/crt.pem >/dev/null 2>&1; then
64
- cat $tmp/crt.pem 1>&2
65
- echo 1>&2
66
- exit 1
67
- fi
68
- echo Installing certificate and key...
69
- chmod 644 $tmp/crt.pem
70
- install_preserving_permissions $tmp/key.pem $key_file
71
- install_preserving_permissions $tmp/crt.pem $crt_file
72
- cd /
73
- rm -rf $tmp
74
- echo Done.
75
- ;;
76
- fetch)
77
- [ $# = 1 ] || usage
78
- crt_file=$1
79
- tmp=$(mktemp -d -t certmeister.XXXXXX)
80
- trap cleanup EXIT
81
- echo Requesting certificate from $uri...
82
- curl -s -S $uri > $tmp/crt.pem
83
- if ! openssl x509 -subject -noout -in $tmp/crt.pem >/dev/null 2>&1; then
84
- cat $tmp/crt.pem 1>&2
85
- echo 1>&2
86
- exit 1
87
- fi
88
- echo Installing certificate...
89
- chmod 644 $tmp/crt.pem
90
- install_preserving_permissions $tmp/crt.pem $crt_file
91
- cd /
92
- rm -rf $tmp
93
- echo Done.
94
- ;;
95
- remove)
96
- [ $# = 0 ] || usage
97
- echo Sending delete request to $uri...
98
- response=$(curl -s -S -X DELETE $uri 2>&1)
99
- if ! echo "$response" | grep -q '^200 OK'; then
100
- echo error: $response 1>&2
101
- echo 1>&2
102
- exit 1
103
- fi
104
- echo Done.
105
- ;;
106
- *)
107
- usage
108
- ;;
109
- esac
110
-
111
- exit 0
data/contrib/config.ru DELETED
@@ -1,45 +0,0 @@
1
- require 'rubygems'
2
- require 'rack'
3
-
4
- require 'certmeister'
5
- require 'certmeister/redis/store'
6
- require 'certmeister/rack/app'
7
- require 'redis'
8
-
9
- store = Certmeister::Redis::Store.new(Redis.new, "development")
10
-
11
- sign_policy = Certmeister::Policy::ChainAny.new([
12
- Certmeister::Policy::ChainAll.new([
13
- Certmeister::Policy::Existing.new(store),
14
- Certmeister::Policy::Domain.new(['host-h.net']),
15
- Certmeister::Policy::Fcrdns.new,
16
- ]),
17
- Certmeister::Policy::ChainAll.new([
18
- Certmeister::Policy::Existing.new(store),
19
- Certmeister::Policy::Domain.new(['example.com']),
20
- Certmeister::Policy::IP.new(['192.168.0.0/23']),
21
- ]),
22
- Certmeister::Policy::IP.new(['127.0.0.1/32']),
23
- ])
24
- fetch_policy = Certmeister::Policy::Noop.new
25
- remove_policy = Certmeister::Policy::IP.new(['192.168.0.0/23', '127.0.0.1/32'])
26
-
27
- ca = Certmeister.new(
28
- Certmeister::Config.new(
29
- sign_policy: sign_policy,
30
- fetch_policy: fetch_policy,
31
- remove_policy: remove_policy,
32
- store: store,
33
- ca_cert: File.read("../fixtures/ca.crt"),
34
- ca_key: File.read("../fixtures/ca.key"),
35
- )
36
- )
37
- certmeister = Certmeister::Rack::App.new(ca)
38
-
39
- app = Rack::Builder.new do
40
- map "/ca" do
41
- run certmeister
42
- end
43
- end
44
-
45
- run app
data/contrib/hosts DELETED
@@ -1,3 +0,0 @@
1
- [local]
2
- localhost
3
-
data/contrib/redis.yml DELETED
@@ -1,14 +0,0 @@
1
- ---
2
- - hosts: local
3
- connection: local
4
- vars:
5
- version: 2.8.4
6
- tasks:
7
- - name: Download redis source
8
- get_url: dest=/usr/src/redis-{{version}}.tar.gz url=http://download.redis.io/releases/redis-{{version}}.tar.gz
9
- - name: Unpack redis source
10
- command: tar -C /usr/src -xzf /usr/src/redis-{{version}}.tar.gz creates=/usr/src/redis-{{version}}
11
- - name: Build redis from source
12
- command: chdir=/usr/src/redis-{{version}} make creates=/usr/src/redis-{{version}}/src/redis-server
13
- - name: Install redis from source
14
- command: chdir=/usr/src/redis-{{version}} make install creates=/usr/local/bin/redis-server