certmeister 2.2.0 → 2.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 799bbad30dae1a1c0f05c7e3ba59dc4b3cc47467
4
- data.tar.gz: 447321524cd2661a7f439d5c19fa056efbc699b5
3
+ metadata.gz: 91d17da8b132ec96406859d320cf1054d92e5023
4
+ data.tar.gz: b7e3ca7db11270296498eb364c9ed4c5a9d201ad
5
5
  SHA512:
6
- metadata.gz: c98b95cad7ff3960438ac4e8f1a4c73d5458f6774a3743a77694f85fbae21ba39be424176961276b243f7c51d703d4bf5c5cb646f3a515881eb5d7c631db1036
7
- data.tar.gz: bd53076b8e6b89f3ea3bcc493a5565698aa399e36cac58aa534e7d777f0f3a7071d99b5ff7e4c5dd2a490348ea973390a524928df420abc9a245da0af1044bf6
6
+ metadata.gz: d5f5509b6e7792ebebf8eec73ea1b5b8da307c4aa8b1c384287dceff34e5b0794a148e93007d378efa1d2369c4caffebe009bdc1aaac4c0b0e756ff5c2cc598d
7
+ data.tar.gz: f14101564b1038b63f3509ea14487d4bc157f8c1df35c03cf941f125fdf93f4fcd9e7edaebbaa4d678ee4c268ab5d44455578e6fc8c66fbd8633640c04a09d76
data/.gitignore CHANGED
@@ -13,7 +13,7 @@ spec/reports
13
13
  test/tmp
14
14
  test/version_tmp
15
15
  tmp
16
- contrib/Gemfile.lock
16
+ Gemfile.lock
17
17
 
18
18
  # YARD artifacts
19
19
  .yardoc
@@ -0,0 +1,28 @@
1
+ Feature: Signature algorithm policy
2
+
3
+ As the operator of a conditionally autosigning certification authority
4
+ When deciding whether to sign a certificate
5
+ I want to reject certificate signing requests with weak signature algorithms
6
+ In order to enforce the use of strong cryptography across our network.
7
+
8
+ Desired rspec output:
9
+
10
+ Certmeister::Policy::SignatureAlgorithm
11
+ may be configured with a set of strong signature algorithms
12
+ defaults to ["sha256"] as the set of strong signature algorithms
13
+ demands a request
14
+ refuses to authenticate a request with a missing pem
15
+ refuses to authenticate an invalid pem
16
+ refuses to authenticate a request with a weak signature algorithm
17
+ authenticates a request with a strong signature algorithm
18
+
19
+ Use spec/certmeister/policy/key_bits_spec.rb as a guide to specifying the behaviour.
20
+
21
+ Use lib/certmeister/policy/key_bits.rb as a guide to implementing the behaviour.
22
+
23
+ You may find these fixtures useful:
24
+
25
+ fixtures/sha1_4096bit.csr
26
+ fixtures/sha256_4096bit.csr
27
+
28
+ The signature algorithm of a CSR is provided by the OpenSSL::X509::Request#signature_algorithm method.
data/certmeister.gemspec CHANGED
@@ -23,6 +23,6 @@ Gem::Specification.new do |spec|
23
23
  spec.require_paths = ["lib"]
24
24
 
25
25
  spec.add_development_dependency "bundler", "~> 1.5"
26
- spec.add_development_dependency "rake", "~> 10.4.2"
26
+ spec.add_development_dependency "rake", "~> 10.4"
27
27
  spec.add_development_dependency "rspec", "~> 3.1"
28
28
  end
@@ -0,0 +1,10 @@
1
+ -----BEGIN CERTIFICATE REQUEST-----
2
+ MIIBZzCB7gIBADBvMQswCQYDVQQGEwJaQTEVMBMGA1UECAwMV2VzdGVybiBDYXBl
3
+ MRIwEAYDVQQHDAlDYXBlIFRvd24xGDAWBgNVBAoMD0hldHpuZXIgUFRZIEx0ZDEb
4
+ MBkGA1UEAwwSYXhsLmhldHpuZXIuYWZyaWNhMHYwEAYHKoZIzj0CAQYFK4EEACID
5
+ YgAEKxZhR5/G3bds3LOkA1dL88O0zyyk6zMlQ2KTf6Cl/rE6cCLAq3vI53cM4FDc
6
+ DHCq8ZQwt+e6GUC/CXizCEx9sNg2Sdx1YvpPhMhNyAYd0WjTenAkUmpG+Mdx1q+m
7
+ 5OMfoAAwCgYIKoZIzj0EAwMDaAAwZQIxAPxLD6+F1Eu2onDYfyguJ1DOz600NBJ5
8
+ IoY0PgsMYDtu+sJn+7XmjBsw4WYhJHwb+QIwWxt2M0uJP/+BexmH4eOufc9Iw/bk
9
+ PArUpgT3hwfJS8lUB/D9PN0K95BU6AvzG/iG
10
+ -----END CERTIFICATE REQUEST-----
@@ -0,0 +1,12 @@
1
+ -----BEGIN CERTIFICATE REQUEST-----
2
+ MIIBrzCCARgCAQAwbzELMAkGA1UEBhMCWkExFTATBgNVBAgMDFdlc3Rlcm4gQ2Fw
3
+ ZTESMBAGA1UEBwwJQ2FwZSBUb3duMRgwFgYDVQQKDA9IZXR6bmVyIFBUWSBMdGQx
4
+ GzAZBgNVBAMMEmF4bC5oZXR6bmVyLmFmcmljYTCBnzANBgkqhkiG9w0BAQEFAAOB
5
+ jQAwgYkCgYEA0SMKeQYOacF+wQ4GfsyEf8r5PdBW51MHf9kJS0TU0jfHxP4y6epA
6
+ HPxsZUSNLsGuHCKar4oXiEjKePsMpRBcuIF8MQyernrFwFFuT5PigHlwiqvcAGZj
7
+ pOsR2zg0sOHRDyaYwnOtA1PtMHpcy0V4g7p06t1bRrP3KfeAUD/+VPMCAwEAAaAA
8
+ MA0GCSqGSIb3DQEBBQUAA4GBAMyBS386mKoS9DkyK2x37sxmFTqrzZrW1HOAbUz3
9
+ mAWIF6w29ddtjiPijjPO/uM9C3L3/AuxttYRwNqQ8K7js1O6y1ZO8eWOPgGLUo77
10
+ AIznjobOrZGRn4rvLgY1pE+xuQx6S5YeC3SMcIXogL+58Pzwg7SQtFQwB45ErDWW
11
+ eNnz
12
+ -----END CERTIFICATE REQUEST-----
@@ -0,0 +1,28 @@
1
+ -----BEGIN CERTIFICATE REQUEST-----
2
+ MIIEtDCCApwCAQAwbzELMAkGA1UEBhMCWkExFTATBgNVBAgMDFdlc3Rlcm4gQ2Fw
3
+ ZTESMBAGA1UEBwwJQ2FwZSBUb3duMRgwFgYDVQQKDA9IZXR6bmVyIFBUWSBMdGQx
4
+ GzAZBgNVBAMMEmF4bC5oZXR6bmVyLmFmcmljYTCCAiIwDQYJKoZIhvcNAQEBBQAD
5
+ ggIPADCCAgoCggIBAPAQvQSgOxZuxZV++QDINS2i0L7KDW84WZOPHGzdtGbUaQl4
6
+ 3LpltYOFR3eSySq0iCaE9dIp7c+H4MtLSiKH82Nfbk9qdiwSKfAk6J9I/iTudRO8
7
+ M2HQUNO2M9cyg3E8Ivu/GC1AXbTV9wBgdBwZwLyS1JMYofuizeEaB/yz1pDdko2e
8
+ shgXDbDz0rjA32m0LvY9mNERn7s5Ad/p46WC1UvWWYBAHClCk1dC2R+mA8fO7z++
9
+ oRiTlgMkW+bwVI8NsNXqSULJAd6rL65pn5FHGAnodr4BWPNl8fh/kKl3O02M08Th
10
+ ATRwnU3n1nKaEAgHxYRKq8IbwtosUBkJlzSu8NLII/T6G8KQWad2xmqf5SZCGoOt
11
+ /sCUiPSlaPoN2jCfgsZyidZy/LGlrwMFIVUjvEjCtCsxVIpFcfNbFB1oOSH2uhcj
12
+ bbitrUwbcuv4e0495j30d7ajgfcwMyzRZoCMCzxpEsnPI5Ld7rUyAh6uBprnDP30
13
+ ZjIxp7vumTWhaYSxCdOBRCPDKvUR3xNugD/HBC202bbvkNIHq0RVCRud9Hi6qxJs
14
+ JLseE696ee3gKzYAU3z96rN16/DAxYjq9dy1upEa3sGM3UwYVHR9kjSHF2yrY17A
15
+ gqh13rOLmB3QKdBjAjf6PGA+AnMIlSbFHIra7QjKfbRwCv5ZfoFU/kMjhQg7AgMB
16
+ AAGgADANBgkqhkiG9w0BAQUFAAOCAgEA4GeMExrX4kNhzqgXR1+q9Wp/izDHHC6a
17
+ xTkVEHPfT8+jsd9bfwF3HPZB3VhGzsic6dUiQAcRxUC6Yv6CI/Z67lyJNyxiaeKf
18
+ 9RH3NNm6paNPtRK0TW33nTpTuYDtHqgCInvZt1JfXXoP6t0uqqj6WgM/o57D16JN
19
+ BWFf2E6MZGt0WJs+aUff+R7y5ZJA9XHs2ZWvU/TYR+YjJ8kTzbw2+QKdbTJzQjcw
20
+ 4YBWtj9nBwvWwIOQkzIWokRS8h5PgR4EIevkkFjbq6zU+ue1IzTEAD8G6a2YTzrW
21
+ qqwDlB4YtaQsGhEn600lrl33IGqpEABB32l8oKQtlJVxlZ8TcIVRkXLVXps1skIU
22
+ f7HeVN8OlgD85rhCoikTXGvBQXiFww1y/2CT8sfX7w3Z8F/0kPHavdo/goe5316f
23
+ l0jwJbpO5dNpL/kPxLxjJjXx6s0Ky8ZCKrk7vYpBhlLgCTCl9cLCfac4xD6kcANn
24
+ 68PNJ03jn0nVzds7gs3ad8v8T85l7lypQf77fd2Zci7MXtJ3NA59/51a+1jXEf/0
25
+ vJAB1ktx31CKWip8c7iBErI+oV8T8Y8kGBsmGl2Ey/iqFz0xo7CqV7Lt/glzNg+w
26
+ Rir40w7f5XAZIIEtONHnrqJEfNGa+KesQe776YlwzUQ30/kar1peD5vsMgwS14V1
27
+ kr0+IF2eEro=
28
+ -----END CERTIFICATE REQUEST-----
@@ -0,0 +1,12 @@
1
+ -----BEGIN CERTIFICATE REQUEST-----
2
+ MIIBrzCCARgCAQAwbzELMAkGA1UEBhMCWkExFTATBgNVBAgMDFdlc3Rlcm4gQ2Fw
3
+ ZTESMBAGA1UEBwwJQ2FwZSBUb3duMRgwFgYDVQQKDA9IZXR6bmVyIFBUWSBMdGQx
4
+ GzAZBgNVBAMMEmF4bC5oZXR6bmVyLmFmcmljYTCBnzANBgkqhkiG9w0BAQEFAAOB
5
+ jQAwgYkCgYEA0SMKeQYOacF+wQ4GfsyEf8r5PdBW51MHf9kJS0TU0jfHxP4y6epA
6
+ HPxsZUSNLsGuHCKar4oXiEjKePsMpRBcuIF8MQyernrFwFFuT5PigHlwiqvcAGZj
7
+ pOsR2zg0sOHRDyaYwnOtA1PtMHpcy0V4g7p06t1bRrP3KfeAUD/+VPMCAwEAAaAA
8
+ MA0GCSqGSIb3DQEBCwUAA4GBAIHXr0IMku2vkQtgqYCdkfpba0SG2lDLrXX47Oec
9
+ bVy2s97y7ujJdAQgH7jExvYMsIa1sVOTG1kCczmLuMb8A8PowmJ4QQi35aE9O36f
10
+ 1WaaG89HOepP4WkkiPYX8W62f43vYY2psmOtsJ3XrkZUMPE69QgzILqNC+hU6rnG
11
+ uToc
12
+ -----END CERTIFICATE REQUEST-----
@@ -0,0 +1,28 @@
1
+ -----BEGIN CERTIFICATE REQUEST-----
2
+ MIIEtDCCApwCAQAwbzELMAkGA1UEBhMCWkExFTATBgNVBAgMDFdlc3Rlcm4gQ2Fw
3
+ ZTESMBAGA1UEBwwJQ2FwZSBUb3duMRgwFgYDVQQKDA9IZXR6bmVyIFBUWSBMdGQx
4
+ GzAZBgNVBAMMEmF4bC5oZXR6bmVyLmFmcmljYTCCAiIwDQYJKoZIhvcNAQEBBQAD
5
+ ggIPADCCAgoCggIBAPAQvQSgOxZuxZV++QDINS2i0L7KDW84WZOPHGzdtGbUaQl4
6
+ 3LpltYOFR3eSySq0iCaE9dIp7c+H4MtLSiKH82Nfbk9qdiwSKfAk6J9I/iTudRO8
7
+ M2HQUNO2M9cyg3E8Ivu/GC1AXbTV9wBgdBwZwLyS1JMYofuizeEaB/yz1pDdko2e
8
+ shgXDbDz0rjA32m0LvY9mNERn7s5Ad/p46WC1UvWWYBAHClCk1dC2R+mA8fO7z++
9
+ oRiTlgMkW+bwVI8NsNXqSULJAd6rL65pn5FHGAnodr4BWPNl8fh/kKl3O02M08Th
10
+ ATRwnU3n1nKaEAgHxYRKq8IbwtosUBkJlzSu8NLII/T6G8KQWad2xmqf5SZCGoOt
11
+ /sCUiPSlaPoN2jCfgsZyidZy/LGlrwMFIVUjvEjCtCsxVIpFcfNbFB1oOSH2uhcj
12
+ bbitrUwbcuv4e0495j30d7ajgfcwMyzRZoCMCzxpEsnPI5Ld7rUyAh6uBprnDP30
13
+ ZjIxp7vumTWhaYSxCdOBRCPDKvUR3xNugD/HBC202bbvkNIHq0RVCRud9Hi6qxJs
14
+ JLseE696ee3gKzYAU3z96rN16/DAxYjq9dy1upEa3sGM3UwYVHR9kjSHF2yrY17A
15
+ gqh13rOLmB3QKdBjAjf6PGA+AnMIlSbFHIra7QjKfbRwCv5ZfoFU/kMjhQg7AgMB
16
+ AAGgADANBgkqhkiG9w0BAQsFAAOCAgEAXJO7tsgW4CJ+cwRFJ3slEEaLYl0jsHiZ
17
+ 91dCtAmqs6BWAfrpNeLJIvmRqhugnL97nWnxhSLQP0/ssRdqOv1U91Mw9KsLQAMe
18
+ MkXQ14TraKwRV2UlL56deDBzl4HBTLtCf1Arlj4FucUysqndzFfWMhsDF2/QONyl
19
+ YGz4pKX1OQ4eb+UeZ7k7gmiJT0Xq1PQr7YP/hgr+euIZtwzgdMujqgQo/y8XoHXk
20
+ ISvfXgotowP3WrOqbrjo4k/+PSOxMGG497SG8q2crSXIQrThd/EpsIOpcyeqh5rb
21
+ wCpGqb0i33Bbk63grHE3J+BH5lNr2txBtxFaYYywHhz/RsI9m+o9DNPfR7ABvFtt
22
+ wzDYKNLGj8hsK/GbVNfY+25FnLZetnuKZHWGVQaltzLrn+qRWt1zEkUcQz1ir89g
23
+ Dn75kK2mpxJTK/tI/65eQRfpWGviepTItmof8SmnXE22qguU2hzAf+GMGBmvUU8b
24
+ 1jctN8wOwt+EK47YCC9PtbgVAPlzGV+RTlO5K0nUPcRUjL5FXCJB5FLhAJ3hYR4H
25
+ dqMEYhoHdgTT65wrF3Mfw7z26qhDmN8eIp0T3qKE/A0hGUWBdyHtnF96Z2ymzTHQ
26
+ MA8TdHUoLmEW6DN9BgOATi0BzUAL2e6VTIqNFx6deRrm0kSGPQ0haR2shWfDHjMS
27
+ +DgHYI3c0do=
28
+ -----END CERTIFICATE REQUEST-----
@@ -29,6 +29,8 @@ module Certmeister
29
29
  Certmeister::Policy::Response.new(true, nil)
30
30
  end
31
31
  end
32
+ rescue OpenSSL::X509::RequestError => e
33
+ Certmeister::Policy::Response.new(false, "invalid pem (#{e.message})")
32
34
  end
33
35
 
34
36
  private
@@ -0,0 +1,67 @@
1
+ require 'certmeister/policy/response'
2
+ require 'openssl'
3
+
4
+ module Certmeister
5
+
6
+ module Policy
7
+
8
+ class SignatureAlgorithm
9
+
10
+ DEFAULT_SIGNATURE_ALGORITHMS = ["sha256", "sha384", "sha512"]
11
+
12
+ attr_reader :signature_algorithms
13
+
14
+ def initialize(signature_algorithms = DEFAULT_SIGNATURE_ALGORITHMS)
15
+ validate_signature_algorithms(signature_algorithms)
16
+ @signature_algorithms = signature_algorithms
17
+ end
18
+
19
+ def authenticate(request)
20
+ if not request[:pem]
21
+ return Certmeister::Policy::Response.new(false, "missing pem")
22
+ else
23
+ cert = OpenSSL::X509::Request.new(request[:pem])
24
+ signature_algorithm = cert.signature_algorithm
25
+ if signature_algorithm = check_for_supported_signature_algorithm(signature_algorithm)
26
+ check_signature_algorithm_strength(signature_algorithm)
27
+ else
28
+ return Certmeister::Policy::Response.new(false, "unknown/unsupported signature algorithm (#{cert.signature_algorithm})")
29
+ end
30
+ end
31
+ rescue OpenSSL::X509::RequestError => e
32
+ return Certmeister::Policy::Response.new(false, "invalid pem (#{e.message})")
33
+ end
34
+
35
+ private
36
+
37
+ def validate_signature_algorithms(signature_algorithms)
38
+ unless signature_algorithms.kind_of?(Array)
39
+ raise ArgumentError.new("invalid set of signature algorithms")
40
+ end
41
+ signature_algorithms.each do |element|
42
+ unless element.kind_of?(String)
43
+ raise ArgumentError.new("invalid set of signature algorithms")
44
+ end
45
+ end
46
+ end
47
+
48
+ def check_for_supported_signature_algorithm(signature_algorithm)
49
+ if signature_algorithm.include? "WithRSAEncryption"
50
+ return signature_algorithm = signature_algorithm.sub("WithRSAEncryption", "")
51
+ end
52
+
53
+ end
54
+
55
+ def check_signature_algorithm_strength(signature_algorithm)
56
+ if @signature_algorithms.include? signature_algorithm
57
+ return Certmeister::Policy::Response.new(true, nil)
58
+ else
59
+ return Certmeister::Policy::Response.new(false, "weak signature algorithm")
60
+ end
61
+ end
62
+
63
+ end
64
+
65
+ end
66
+
67
+ end
@@ -1,5 +1,5 @@
1
1
  module Certmeister
2
2
 
3
- VERSION = '2.2.0' unless defined?(VERSION)
3
+ VERSION = '2.3.0' unless defined?(VERSION)
4
4
 
5
5
  end
@@ -25,22 +25,22 @@ describe Certmeister::Policy::KeyBits do
25
25
  expect(response.error).to eql "missing pem"
26
26
  end
27
27
 
28
- it "refuses to authenticate an invalid request" do
29
- pem = File.read('fixtures/kbits_1024.csr')
28
+ it "refuses to authenticate an invalid pem" do
29
+ pem = "bad input"
30
30
  response = subject.authenticate({pem: pem})
31
31
  expect(response).to_not be_authenticated
32
- expect(response.error).to eql "weak key"
32
+ expect(response.error).to eql "invalid pem (not enough data)"
33
33
  end
34
34
 
35
35
  it "refuses to authenticate a request for a key with too few bits" do
36
- pem = File.read('fixtures/kbits_1024.csr')
36
+ pem = File.read('fixtures/sha256_1024bit.csr')
37
37
  response = subject.authenticate({pem: pem})
38
38
  expect(response).to_not be_authenticated
39
39
  expect(response.error).to eql "weak key"
40
40
  end
41
41
 
42
42
  it "authenticates a request for a key with sufficient bits" do
43
- pem = File.read('fixtures/kbits_4096.csr')
43
+ pem = File.read('fixtures/sha256_4096bit.csr')
44
44
  response = subject.authenticate({pem: pem})
45
45
  expect(response).to be_authenticated
46
46
  end
@@ -0,0 +1,55 @@
1
+ require 'spec_helper'
2
+
3
+ require 'certmeister/policy/signature_algorithm'
4
+
5
+ describe Certmeister::Policy::SignatureAlgorithm do
6
+
7
+ subject { Certmeister::Policy::SignatureAlgorithm.new(["sha256", "sha384", "sha512"]) }
8
+
9
+ it "may be configured with a set of strong signature algorithms" do
10
+ expect { Certmeister::Policy::SignatureAlgorithm.new([1,2])}.to raise_error(ArgumentError, "invalid set of signature algorithms")
11
+ expect { Certmeister::Policy::SignatureAlgorithm.new(["one", "two", "three"]) }.to_not raise_error
12
+ end
13
+
14
+ it "defaults to #{Certmeister::Policy::SignatureAlgorithm::DEFAULT_SIGNATURE_ALGORITHMS} as the set of strong signature algorithms" do
15
+ expect(described_class.new.signature_algorithms).to eql Certmeister::Policy::SignatureAlgorithm::DEFAULT_SIGNATURE_ALGORITHMS
16
+ end
17
+
18
+ it "demands a request" do
19
+ expect { subject.authenticate }.to raise_error(ArgumentError)
20
+ end
21
+
22
+ it "refuses to authenticate a request with a missing pem" do
23
+ response = subject.authenticate({anything: 'something'})
24
+ expect(response).to_not be_authenticated
25
+ expect(response.error).to eql "missing pem"
26
+ end
27
+
28
+ it "refuses to authenticate an invalid pem" do
29
+ pem = "bad input"
30
+ response = subject.authenticate({pem: pem})
31
+ expect(response).to_not be_authenticated
32
+ expect(response.error).to eql "invalid pem (not enough data)"
33
+ end
34
+
35
+ it "refuses to authenticate a request with a weak signature algorithm" do
36
+ pem = File.read('fixtures/sha1_4096bit.csr')
37
+ response = subject.authenticate({pem: pem})
38
+ expect(response).to_not be_authenticated
39
+ expect(response.error).to eql "weak signature algorithm"
40
+ end
41
+
42
+ it "authenticates a request with a strong signature algorithm" do
43
+ pem = File.read('fixtures/sha256_4096bit.csr')
44
+ response = subject.authenticate({pem: pem})
45
+ expect(response).to be_authenticated
46
+ end
47
+
48
+ it "refuses to authenticate a request with an unknown/unsupported signature algorithm" do
49
+ pem = File.read('fixtures/ecdsa.csr')
50
+ response = subject.authenticate({pem: pem})
51
+ expect(response).to_not be_authenticated
52
+ expect(response.error).to eql "unknown/unsupported signature algorithm (ecdsa-with-SHA384)"
53
+ end
54
+
55
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: certmeister
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.0
4
+ version: 2.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sheldon Hearn
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-01-05 00:00:00.000000000 Z
11
+ date: 2016-01-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 10.4.2
33
+ version: '10.4'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 10.4.2
40
+ version: '10.4'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -67,10 +67,10 @@ files:
67
67
  - ".ruby-gemset"
68
68
  - ".ruby-version"
69
69
  - Gemfile
70
- - Gemfile.lock
71
70
  - LICENSE
72
71
  - README.md
73
72
  - Rakefile
73
+ - SignatureAlgorithm.txt
74
74
  - certmeister.gemspec
75
75
  - fixtures/ca.crt
76
76
  - fixtures/ca.csr
@@ -78,8 +78,11 @@ files:
78
78
  - fixtures/client.crt
79
79
  - fixtures/client.csr
80
80
  - fixtures/client.key
81
- - fixtures/kbits_1024.csr
82
- - fixtures/kbits_4096.csr
81
+ - fixtures/ecdsa.csr
82
+ - fixtures/sha1_1024bit.csr
83
+ - fixtures/sha1_4096bit.csr
84
+ - fixtures/sha256_1024bit.csr
85
+ - fixtures/sha256_4096bit.csr
83
86
  - lib/certmeister.rb
84
87
  - lib/certmeister/base.rb
85
88
  - lib/certmeister/config.rb
@@ -96,6 +99,7 @@ files:
96
99
  - lib/certmeister/policy/noop.rb
97
100
  - lib/certmeister/policy/psk.rb
98
101
  - lib/certmeister/policy/response.rb
102
+ - lib/certmeister/policy/signature_algorithm.rb
99
103
  - lib/certmeister/response.rb
100
104
  - lib/certmeister/self_test.rb
101
105
  - lib/certmeister/store_error.rb
@@ -115,6 +119,7 @@ files:
115
119
  - spec/certmeister/policy/noop_spec.rb
116
120
  - spec/certmeister/policy/psk_spec.rb
117
121
  - spec/certmeister/policy/response_spec.rb
122
+ - spec/certmeister/policy/signature_algorithm_spec.rb
118
123
  - spec/certmeister/response_spec.rb
119
124
  - spec/certmeister/self_test_spec.rb
120
125
  - spec/helpers/certmeister_config_helper.rb
@@ -143,7 +148,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
143
148
  version: '0'
144
149
  requirements: []
145
150
  rubyforge_project:
146
- rubygems_version: 2.5.1
151
+ rubygems_version: 2.4.5.1
147
152
  signing_key:
148
153
  specification_version: 4
149
154
  summary: Conditionally autosigning certificate authority.
@@ -162,6 +167,7 @@ test_files:
162
167
  - spec/certmeister/policy/noop_spec.rb
163
168
  - spec/certmeister/policy/psk_spec.rb
164
169
  - spec/certmeister/policy/response_spec.rb
170
+ - spec/certmeister/policy/signature_algorithm_spec.rb
165
171
  - spec/certmeister/response_spec.rb
166
172
  - spec/certmeister/self_test_spec.rb
167
173
  - spec/helpers/certmeister_config_helper.rb
data/Gemfile.lock DELETED
@@ -1,31 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- certmeister (2.1.0)
5
-
6
- GEM
7
- remote: http://rubygems.org/
8
- specs:
9
- diff-lcs (1.2.5)
10
- rake (10.4.2)
11
- rspec (3.1.0)
12
- rspec-core (~> 3.1.0)
13
- rspec-expectations (~> 3.1.0)
14
- rspec-mocks (~> 3.1.0)
15
- rspec-core (3.1.7)
16
- rspec-support (~> 3.1.0)
17
- rspec-expectations (3.1.2)
18
- diff-lcs (>= 1.2.0, < 2.0)
19
- rspec-support (~> 3.1.0)
20
- rspec-mocks (3.1.3)
21
- rspec-support (~> 3.1.0)
22
- rspec-support (3.1.2)
23
-
24
- PLATFORMS
25
- ruby
26
-
27
- DEPENDENCIES
28
- bundler (~> 1.5)
29
- certmeister!
30
- rake (~> 10.4.2)
31
- rspec (~> 3.1)
@@ -1,12 +0,0 @@
1
- -----BEGIN CERTIFICATE REQUEST-----
2
- MIIBrzCCARgCAQAwbzELMAkGA1UEBhMCWkExFTATBgNVBAgMDFdlc3Rlcm4gQ2Fw
3
- ZTESMBAGA1UEBwwJQ2FwZSBUb3duMRgwFgYDVQQKDA9IZXR6bmVyIFBUWSBMdGQx
4
- GzAZBgNVBAMMEmF4bC5oZXR6bmVyLmFmcmljYTCBnzANBgkqhkiG9w0BAQEFAAOB
5
- jQAwgYkCgYEAq14FktEw9Zilzj5DUKTI2Mix66A0Za5lTAeRmP1Ms9Hmjc+RnnCm
6
- u5L6zPoHY8s6/8tbxewtu86L7v2SfKkJjLSKxZQLFxBEzMHOgzziHTyZ1zU5SPWv
7
- Co8AQdlbZI8Wmai7dkxwdaA2xaWR4elHlgT78xDdYZXwRL75wfmkF/kCAwEAAaAA
8
- MA0GCSqGSIb3DQEBBQUAA4GBAKHHpelQzMYFBXYa0VOWFiqRd1HXJfnUbo8D5xup
9
- RzveAVlGTj83slgKvGigUupWdfk1S4KiUG1HsAyLcwl8lgOCO77CrdNPZC0qjB4+
10
- pK3Xp2FMsK4+lp24FNR0tM31FA03DU8uhL8v5cvExHBn4idBEwO2W4OWPKVYKrtm
11
- w9ne
12
- -----END CERTIFICATE REQUEST-----
@@ -1,28 +0,0 @@
1
- -----BEGIN CERTIFICATE REQUEST-----
2
- MIIEtDCCApwCAQAwbzELMAkGA1UEBhMCWkExFTATBgNVBAgMDFdlc3Rlcm4gQ2Fw
3
- ZTESMBAGA1UEBwwJQ2FwZSBUb3duMRgwFgYDVQQKDA9IZXR6bmVyIFBUWSBMdGQx
4
- GzAZBgNVBAMMEmF4bC5oZXR6bmVyLmFmcmljYTCCAiIwDQYJKoZIhvcNAQEBBQAD
5
- ggIPADCCAgoCggIBALVi/dpNu31zZ+Wvxf4DXEaxLwsUbzsaLCxt770RkzEo8OdU
6
- DElf1WM7X+rdOJC3BDZ499Bigw5efpEhg2m2BmDl8DG1XmTvVKxIY6fvx9NWqTEt
7
- KcvOni7g/OFzmUXHoesoc6gz2flwD4lmdSR+S1N2RwwlOG2ZpBKy35mtmDdq/MJG
8
- Xj4rUafT4n9Pnmwzo9PPn54hjg7c7yQwUFWk0lOrsl7uhK1LMtQORME23oG0gK3N
9
- zhtY9f0+6YJAbzJ3EI2/i7Oso4XiW9eHpujKhaMYO8ezm3KuYgdEoOTaH4mruSjE
10
- 34kmsTNonktiUdGMn/HqARgQKyVTyHmP+ocVcY8POzlJDcxMRVTYxQ4I9U1bz/eG
11
- ugHiCw0YnxrXpClXT3RVfydV/B7+srw+Tw8ff+m7WSzYeDjDLVotlnGrXLKLHm6d
12
- IA7n+fwBhliSSDNTu3ZVA5Vp72AEDqmfbRIcO4twIfkyu3TB3f2lf3g4LLebLDj3
13
- b3NwNwu0p/uq47eEYOKdILxXsZQRVKr8OZfhjPHIEw7d/6EpCCxG9I9Zj6KFAdga
14
- s8rquCKvb/8aXnL2Zz+QOhUGX9aAIpZJ7lNM95C1yjmRW/HcNonXcxBHqdi9+swO
15
- quagOBimj5BkUMRDWtMmr5bXDBGfxMeh6t1BrfcgtQgZy/FLkhjioObqD+WHAgMB
16
- AAGgADANBgkqhkiG9w0BAQsFAAOCAgEAR1ogHg6V59JwM0+EN4LhN8m7eDiCkYM+
17
- hmko5gTdzOe3Z+n/eVMoyqJ9qnzQEkO0n4aWTiaO2gLKEtXFo3Qu1wjWEJqxD8/b
18
- YdH64Gp8sFKlrM8o8mACG6jPo8ueFxI0o9Brl2Q6pUkOlepXUaLzMw0txm1Nm/9c
19
- O29p1XGAPVEdi9OMqbT+eAnxgSTy/AWR33+1BrZF42zBIaM62yquEPyJ1O1igTio
20
- MV3ZxhX061z02+5B/6cit41pUClZabII6f/tHAPxxxn3zNHkmYn6eQ3DsZT3Stuf
21
- lXw8j0e2sFXpvOSk1otYEOVYUiTp4SpmCjdUV1qUPlbQ94qGP75dv5uYn5pN/hJ5
22
- UO/lGETzK1/ycUcoedDCzr7sQhfXB1Z47/NQ+RL4NVem941ujIfn8MKHyx99zKnT
23
- OI73Pn6Y7n1hZxoV6krRl7C3gzkI7Eo0bFQEwiZbRC7U30WaiFurfKi0puMlU1K3
24
- vdOPTy0rq6zGp3r1J6oITHiD/h+CxRxJTrGu9GbCUQlaoQfPqwXAdI7GQcwsSPto
25
- l1643eqDR3lST821TPE0Ln+Lvs8aQzYNVFaV79nhgncJHyPpP7j9/2k6CtsGAtVv
26
- qPOTJbxnOfwRDfbyDLWBoqHNxmfhq3KtE6ktVxyP9hUyGnAf8yAn3zaDx4V980N6
27
- 9FNkBniZB+Y=
28
- -----END CERTIFICATE REQUEST-----