certmeister 2.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +3 -11
  3. data/README.md +7 -12
  4. data/certmeister.gemspec +1 -1
  5. data/lib/certmeister/base.rb +4 -0
  6. data/lib/certmeister/version.rb +1 -1
  7. data/spec/certmeister/base_spec.rb +9 -0
  8. metadata +4 -12
  9. data/certmeister-rack.gemspec +0 -24
  10. data/contrib/.ruby-gemset +0 -1
  11. data/contrib/.ruby-version +0 -1
  12. data/contrib/Gemfile +0 -6
  13. data/contrib/certmeister-client +0 -111
  14. data/contrib/config.ru +0 -45
  15. data/contrib/hosts +0 -3
  16. data/contrib/redis.yml +0 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 083750255abf59b0e78a0c68f3b3aca6fd57d790
4
- data.tar.gz: 5438388c4400a77bfa580dbb86d11560104a246a
3
+ metadata.gz: 6cc20cbf2bb5c2b4b721280da39d1f83ca04ac0a
4
+ data.tar.gz: aa0e73207c9f71d79ee4ebdf69df41c65dd47829
5
5
  SHA512:
6
- metadata.gz: 437fd1f9d23f2e5355bb70453bbaa06d9195ab037b23eeda614eccc109e7027900de0ae1b7637d346a887775173bc5761d6d3b7e50220a7cc007327e6599a5c4
7
- data.tar.gz: 9d4b7cfef3c402a6547df3cee80301a00bdc4eda57a8f86c04f572f85eaba7760d55bacfa6fb6a23b15560cfa82fe0871f11f283875ac608934e1f799eda49bf
6
+ metadata.gz: 68c617c0234008b6900ddedc66a6ac08a2a5d296e46a8bf1583c5f5aa059b5c827c3f6060908920a7c9862de8b02faa2f924b7693ea6e820266784340b2e4248
7
+ data.tar.gz: 37bd6723f00a8defd6121d50bcb77c01e881e54c543abe408cbdc2f2fb561863160d9c472ea666cb01fb7bded26ba049392ba96d55e9a2769dbc2e754c3aaf07
data/Gemfile.lock CHANGED
@@ -1,19 +1,13 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- certmeister (2.0.0)
5
- certmeister-rack (2.0.0)
6
- certmeister (= 2.0.0)
7
- rack (~> 1.5)
4
+ certmeister (2.1.0)
8
5
 
9
6
  GEM
10
7
  remote: http://rubygems.org/
11
8
  specs:
12
9
  diff-lcs (1.2.5)
13
- rack (1.5.2)
14
- rack-test (0.6.2)
15
- rack (>= 1.0)
16
- rake (0.9.6)
10
+ rake (10.4.2)
17
11
  rspec (3.1.0)
18
12
  rspec-core (~> 3.1.0)
19
13
  rspec-expectations (~> 3.1.0)
@@ -33,7 +27,5 @@ PLATFORMS
33
27
  DEPENDENCIES
34
28
  bundler (~> 1.5)
35
29
  certmeister!
36
- certmeister-rack!
37
- rack-test (~> 0.6)
38
- rake (~> 0)
30
+ rake (~> 10.4.2)
39
31
  rspec (~> 3.1)
data/README.md CHANGED
@@ -15,10 +15,13 @@ The reference access policy in use by Hetzner PTY Ltd is:
15
15
 
16
16
  This allows us the convenience of Puppet's autosign feature, without the horrendous security implications.
17
17
 
18
- This repository currently builds two gems:
18
+ This repository currently builds one gem:
19
19
 
20
20
  * _certmeister_ - the CA, some off-the-shelf policy modules and an in-memory cert store
21
- * _certmeister-rack_ - a rack application to provide an HTTP interface to the CA
21
+
22
+ A rack application to provide an HTTP interface to the CA is available as a separate gem:
23
+
24
+ * [certmeister-rack](https://github.com/sheldonh/certmeister-rack)
22
25
 
23
26
  Only an in-memory store is provided. Others are available as separate gems:
24
27
 
@@ -26,16 +29,8 @@ Only an in-memory store is provided. Others are available as separate gems:
26
29
  * [certmeister-pg](https://github.com/sheldonh/certmeister-pg)
27
30
  * [certmeister-redis](https://github.com/sheldonh/certmeister-redis)
28
31
 
29
- An example, using redis and rack and enforcing Hetzner PTY Ltd's policy, is available in [contrib/config.ru](contrib/config.ru).
30
-
31
- To hit the service:
32
-
33
- ```
34
- $ curl -L \
35
- -d "psk=secretkey" \
36
- -d "csr=$(perl -MURI::Escape -e 'print uri_escape(join("", <STDIN>));' < fixtures/client.csr)" \
37
- http://localhost:9292/ca/certificate/axl.starjuice.net
38
- ```
32
+ An example, using redis and rack and enforcing Hetzner PTY Ltd's policy, is available in the `contrib` subdirectory of the
33
+ [certmeister-rack](https://github.com/sheldonh/certmeister-rack) source.
39
34
 
40
35
  ## Testing
41
36
 
data/certmeister.gemspec CHANGED
@@ -23,6 +23,6 @@ Gem::Specification.new do |spec|
23
23
  spec.require_paths = ["lib"]
24
24
 
25
25
  spec.add_development_dependency "bundler", "~> 1.5"
26
- spec.add_development_dependency "rake", "~> 0"
26
+ spec.add_development_dependency "rake", "~> 10.4.2"
27
27
  spec.add_development_dependency "rspec", "~> 3.1"
28
28
  end
data/lib/certmeister/base.rb CHANGED
@@ -58,6 +58,10 @@ module Certmeister
58
58
  end
59
59
  end
60
60
 
61
+ def ca_cert_pem
62
+ @ca_cert.to_pem
63
+ end
64
+
61
65
  private
62
66
 
63
67
  def subject_to_policy(policy, request, &block)
data/lib/certmeister/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Certmeister
2
2
 
3
- VERSION = '2.0.0' unless defined?(VERSION)
3
+ VERSION = '2.1.0' unless defined?(VERSION)
4
4
 
5
5
  end
data/spec/certmeister/base_spec.rb CHANGED
@@ -201,5 +201,14 @@ describe Certmeister do
201
201
 
202
202
  end
203
203
 
204
+ describe "#ca_cert_pem" do
205
+
206
+ it "exposes the CA certificate in PEM format" do
207
+ ca = Certmeister.new(CertmeisterConfigHelper::valid_config)
208
+ expect(ca.ca_cert_pem).to match(/-----BEGIN CERTIFICATE-----/)
209
+ end
210
+
211
+ end
212
+
204
213
  end
205
214
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: certmeister
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sheldon Hearn
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-02-11 00:00:00.000000000 Z
11
+ date: 2015-04-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '0'
33
+ version: 10.4.2
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '0'
40
+ version: 10.4.2
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -71,15 +71,7 @@ files:
71
71
  - LICENSE
72
72
  - README.md
73
73
  - Rakefile
74
- - certmeister-rack.gemspec
75
74
  - certmeister.gemspec
76
- - contrib/.ruby-gemset
77
- - contrib/.ruby-version
78
- - contrib/Gemfile
79
- - contrib/certmeister-client
80
- - contrib/config.ru
81
- - contrib/hosts
82
- - contrib/redis.yml
83
75
  - fixtures/ca.crt
84
76
  - fixtures/ca.csr
85
77
  - fixtures/ca.key
data/certmeister-rack.gemspec DELETED
@@ -1,24 +0,0 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'certmeister/version'
5
-
6
- Gem::Specification.new do |spec|
7
- spec.name = "certmeister-rack"
8
- spec.version = Certmeister::VERSION
9
- spec.authors = ["Sheldon Hearn"]
10
- spec.email = ["sheldonh@starjuice.net"]
11
- spec.summary = %q{Rack application for certmeister}
12
- spec.description = %q{This gem provides a rack application to offer an HTTP service around certmeister, the conditional autosigning certificate authority.}
13
- spec.homepage = "https://github.com/sheldonh/certmeister"
14
- spec.license = "MIT"
15
-
16
- spec.files = `git ls-files -z lib/certmeister spec/certmeister`.split("\x0").grep(/rack/)
17
- spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
- spec.require_paths = ["lib"]
19
-
20
- spec.add_dependency "certmeister", Certmeister::VERSION
21
- spec.add_dependency "rack", "~> 1.5"
22
-
23
- spec.add_development_dependency "rack-test", "~> 0.6"
24
- end
data/contrib/.ruby-gemset DELETED
@@ -1 +0,0 @@
1
- certmeister-contrib
data/contrib/.ruby-version DELETED
@@ -1 +0,0 @@
1
- ruby-2.1.5
data/contrib/Gemfile DELETED
@@ -1,6 +0,0 @@
1
- source "https://rubygems.org/"
2
-
3
- gem "certmeister", path: '..'
4
- gem "certmeister-redis"
5
- gem "redis"
6
- gem "rack"
data/contrib/certmeister-client DELETED
@@ -1,111 +0,0 @@
1
- #!/bin/sh -e
2
-
3
- DEFAULT_SERVICE=http://certmeister.hetzner.co.za/certificate
4
-
5
- usage() {
6
- echo "usage: certmeister-client create /path/to/save/key.pem /path/to/save/crt.pem"
7
- echo " certmeister-client fetch /path/to/save/crt.pem"
8
- echo " certmeister-client remove"
9
- echo
10
- echo "Environmental overrides:"
11
- echo
12
- echo " CERTMEISTER_HOSTNAME name to use as CN in CSR"
13
- echo " (default: hostname --fqdn)"
14
- echo " CERTMEISTER_SERVICE the URI prefix of certmeister service"
15
- echo " (default: $DEFAULT_SERVICE)"
16
- exit 1
17
- }
18
-
19
- install_preserving_permissions() {
20
- src_file=$1
21
- dst_file=$2
22
-
23
- if [ -e "$dst_file" ]; then
24
- cat "$src_file" > "$dst_file"
25
- else
26
- cp "$src_file" "$dst_file"
27
- fi
28
- }
29
-
30
- tmp=
31
- cleanup() {
32
- if [ -e "$tmp" ]; then
33
- rm -rf "$tmp"
34
- fi
35
- }
36
-
37
- umask 0077
38
-
39
- type -p curl >/dev/null
40
- type -p openssl >/dev/null
41
- perl -MURI::Escape -e 'print uri_escape(" ")' >/dev/null
42
- hostname=${CERTMEISTER_HOSTNAME:=$(hostname --fqdn)}
43
- uri=${CERTMEISTER_SERVICE:=$DEFAULT_SERVICE}/$hostname
44
-
45
- [ $# -gt 0 ] || usage
46
- command="$1"
47
- shift
48
-
49
- case "$command" in
50
- create)
51
- [ $# = 2 ] || usage
52
- key_file=$1
53
- crt_file=$2
54
- tmp=$(mktemp -d -t certmeister.XXXXXX)
55
- trap cleanup EXIT
56
- echo Creating secret key for $hostname...
57
- openssl genrsa -out $tmp/key.pem 4096
58
- echo Creating certificate signing request for $hostname...
59
- openssl req -new -subj "/C=ZA/ST=Western Cape/L=Cape Town/O=Hetzner PTY Ltd/CN=$hostname" -key $tmp/key.pem -out $tmp/csr.pem
60
- csr=$(perl -MURI::Escape -e 'print uri_escape(join("", <STDIN>));' < $tmp/csr.pem)
61
- echo Sending signing request to $uri...
62
- curl -s -S -L -d "csr=$csr" $uri > $tmp/crt.pem
63
- if ! openssl x509 -subject -noout -in $tmp/crt.pem >/dev/null 2>&1; then
64
- cat $tmp/crt.pem 1>&2
65
- echo 1>&2
66
- exit 1
67
- fi
68
- echo Installing certificate and key...
69
- chmod 644 $tmp/crt.pem
70
- install_preserving_permissions $tmp/key.pem $key_file
71
- install_preserving_permissions $tmp/crt.pem $crt_file
72
- cd /
73
- rm -rf $tmp
74
- echo Done.
75
- ;;
76
- fetch)
77
- [ $# = 1 ] || usage
78
- crt_file=$1
79
- tmp=$(mktemp -d -t certmeister.XXXXXX)
80
- trap cleanup EXIT
81
- echo Requesting certificate from $uri...
82
- curl -s -S $uri > $tmp/crt.pem
83
- if ! openssl x509 -subject -noout -in $tmp/crt.pem >/dev/null 2>&1; then
84
- cat $tmp/crt.pem 1>&2
85
- echo 1>&2
86
- exit 1
87
- fi
88
- echo Installing certificate...
89
- chmod 644 $tmp/crt.pem
90
- install_preserving_permissions $tmp/crt.pem $crt_file
91
- cd /
92
- rm -rf $tmp
93
- echo Done.
94
- ;;
95
- remove)
96
- [ $# = 0 ] || usage
97
- echo Sending delete request to $uri...
98
- response=$(curl -s -S -X DELETE $uri 2>&1)
99
- if ! echo "$response" | grep -q '^200 OK'; then
100
- echo error: $response 1>&2
101
- echo 1>&2
102
- exit 1
103
- fi
104
- echo Done.
105
- ;;
106
- *)
107
- usage
108
- ;;
109
- esac
110
-
111
- exit 0
data/contrib/config.ru DELETED
@@ -1,45 +0,0 @@
1
- require 'rubygems'
2
- require 'rack'
3
-
4
- require 'certmeister'
5
- require 'certmeister/redis/store'
6
- require 'certmeister/rack/app'
7
- require 'redis'
8
-
9
- store = Certmeister::Redis::Store.new(Redis.new, "development")
10
-
11
- sign_policy = Certmeister::Policy::ChainAny.new([
12
- Certmeister::Policy::ChainAll.new([
13
- Certmeister::Policy::Existing.new(store),
14
- Certmeister::Policy::Domain.new(['host-h.net']),
15
- Certmeister::Policy::Fcrdns.new,
16
- ]),
17
- Certmeister::Policy::ChainAll.new([
18
- Certmeister::Policy::Existing.new(store),
19
- Certmeister::Policy::Domain.new(['example.com']),
20
- Certmeister::Policy::IP.new(['192.168.0.0/23']),
21
- ]),
22
- Certmeister::Policy::IP.new(['127.0.0.1/32']),
23
- ])
24
- fetch_policy = Certmeister::Policy::Noop.new
25
- remove_policy = Certmeister::Policy::IP.new(['192.168.0.0/23', '127.0.0.1/32'])
26
-
27
- ca = Certmeister.new(
28
- Certmeister::Config.new(
29
- sign_policy: sign_policy,
30
- fetch_policy: fetch_policy,
31
- remove_policy: remove_policy,
32
- store: store,
33
- ca_cert: File.read("../fixtures/ca.crt"),
34
- ca_key: File.read("../fixtures/ca.key"),
35
- )
36
- )
37
- certmeister = Certmeister::Rack::App.new(ca)
38
-
39
- app = Rack::Builder.new do
40
- map "/ca" do
41
- run certmeister
42
- end
43
- end
44
-
45
- run app
data/contrib/hosts DELETED
@@ -1,3 +0,0 @@
1
- [local]
2
- localhost
3
-
data/contrib/redis.yml DELETED
@@ -1,14 +0,0 @@
1
- ---
2
- - hosts: local
3
- connection: local
4
- vars:
5
- version: 2.8.4
6
- tasks:
7
- - name: Download redis source
8
- get_url: dest=/usr/src/redis-{{version}}.tar.gz url=http://download.redis.io/releases/redis-{{version}}.tar.gz
9
- - name: Unpack redis source
10
- command: tar -C /usr/src -xzf /usr/src/redis-{{version}}.tar.gz creates=/usr/src/redis-{{version}}
11
- - name: Build redis from source
12
- command: chdir=/usr/src/redis-{{version}} make creates=/usr/src/redis-{{version}}/src/redis-server
13
- - name: Install redis from source
14
- command: chdir=/usr/src/redis-{{version}} make install creates=/usr/local/bin/redis-server