crl_watchdog 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8a5e7d624580cdef687512d2c73199c98449b473
+  data.tar.gz: d7bf23d677f4b4fc60d51ff3a465d75c75d609b5
+SHA512:
+  metadata.gz: b7b3555e0f95907ec59f531cc0eec5f30337f051c7655974f7571a3b2d74f53aef3fb9ceaf05703f0afc52bf7ef1778a96bbf36f7063c40f96f7eb7cdb00f52a
+  data.tar.gz: efed1a7f13861a6ed648e7d9e4ed51daa051f0445ea6882a31abe67e85a666bd3f95160ddabf745bafbbb451b0044c39b47284b4b2bdb582c7a5dbafc008ed6a

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/.ruby-gemset

@@ -0,0 +1 @@
+crl_gemset

data/.ruby-version

@@ -0,0 +1 @@
+2.0.0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in crl_watchdog.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Carsten Zimmermann
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,24 @@
+# CrlWatchdog
+
+Checks if an OpenSSl certificate revocation file expires within a given amount of days.
+
+## Installation
+
+Install the system executable:
+
+    $ gem install crl_watchdog
+
+## Usage
+
+    $ crlwatch --file /path/to/crl.pem --days 14
+
+The CLI returns 0 if the CRL expires after the given amount of days and 1 if
+the expiration date is within the given period.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"

data/bin/crlwatch

@@ -0,0 +1,69 @@
+#!/usr/bin/env ruby
+# encoding: utf-8
+# vim: ft=ruby
+
+begin
+  require 'crl_watchdog'
+rescue LoadError
+  require 'rubygems'
+  require 'crl_watchdog'
+end
+
+require 'optparse'
+
+Version = CrlWatchdog::VERSION.dup
+
+options = {}
+option_parser = OptionParser.new do |opts|
+  opts.banner = "Usage: crlwatch [options]"
+
+  opts.separator ""
+  opts.on('-f', '--file CRLFILE', 'Path to CRL file') do |crl_file|
+    options[:crl_file] = crl_file
+  end
+  opts.on('-d', '--days DAYS', '') do |days|
+    options[:days] = days
+  end
+  opts.on('-h', '--help', 'Display this help screen') do
+    puts opts
+    exit
+  end
+  opts.on('--debug', 'Display full stack traces') do
+    options[:debug] = true
+  end
+  opts.on_tail('--version', 'Display version and exit') do
+    puts opts.ver
+    puts
+    puts "Checks if an OpenSSl certificate revocation file expires"
+    puts "within a given amount of days."
+    puts
+    puts "© 2013 Absolventa GmbH"
+    puts "This is free software; see the source for copying conditions."
+    puts "There is NO warranty; not even for MERCHANTABILITY or FITNESS"
+    puts "FOR A PARTICULAR PURPOSE. Licensed under the MIT license."
+    exit
+  end
+end
+
+option_parser.parse!
+
+unless options[:days] && options[:crl_file]
+  puts "E: Not enough arguments"
+  exit 22 # invalid argument
+end
+
+begin
+  watchdog = CrlWatchdog.new(options[:crl_file])
+  expiration =  "CRL expires #{watchdog.next_update}"
+  if watchdog.expires_within_days? options[:days]
+    $stdout.puts "OK - #{expiration}"
+    exit 0
+  else
+    $stderr.puts "NOK - #{expiration}"
+    exit 1
+  end
+rescue => e
+  puts "E: #{e.message}"
+  puts e.backtrace if options[:debug]
+  exit 1
+end

data/crl_watchdog.gemspec

@@ -0,0 +1,20 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/crl_watchdog', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Carsten Zimmermann"]
+  gem.email         = ["carp@hacksocke.de"]
+  gem.description   = %q{Checks if an OpenSSl certificate revocation file expires within a given amount of days}
+  gem.summary       = %q{Checks if a CRL expires within a given amount of days}
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "crl_watchdog"
+  gem.require_paths = ["lib"]
+  gem.version       = CrlWatchdog::VERSION
+
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'activesupport'
+end

data/lib/crl_watchdog.rb

@@ -0,0 +1,34 @@
+require 'openssl'
+
+class CrlWatchdog
+
+  VERSION = '1.0.0'
+
+  attr_reader :crl
+
+  def initialize crl_file
+    ensure_file_exists! crl_file
+    @crl = OpenSSL::X509::CRL.new File.read(crl_file)
+  end
+
+  def next_update
+    crl.next_update
+  end
+
+  def expires_within_days? days
+    days = days.to_i
+    ensure_positive_day_count! days
+    next_update >= (Time.now + 86000 * days)
+  end
+
+  private
+
+  def ensure_file_exists! file
+    raise ArgumentError.new("File not found: #{file}") unless File.exists?(file)
+  end
+
+  def ensure_positive_day_count! days
+    raise ArgumentError.new('Must pass positive integer for days count') if days <= 0
+  end
+
+end

data/spec/crl_watchdog_spec.rb

@@ -0,0 +1,76 @@
+require 'spec_helper'
+
+describe CrlWatchdog do
+  let(:crl_file) { File.expand_path("../support/crl.pem", __FILE__) }
+
+  subject { described_class.new crl_file }
+
+  context 'with file input' do
+    it 'requires an existing file' do
+      expect do
+        described_class.new '/does/not/exist.pem'
+      end.to raise_error ArgumentError
+    end
+
+    it 'requires a valid certificate revokation list' do
+      expect do
+        described_class.new __FILE__
+      end.to raise_error OpenSSL::X509::CRLError
+    end
+
+    it 'does not complain about a valid crl file' do
+      expect do
+        described_class.new crl_file
+      end.not_to raise_error
+    end
+
+    it 'assigns OpenSSL::X509::CRL object to #crl' do
+      expect(subject.crl).to be_instance_of OpenSSL::X509::CRL
+    end
+  end
+
+  describe '#next_update' do
+    it 'forwards to crl instance' do
+      expect(subject.next_update).to be_instance_of Time
+    end
+  end
+
+  describe '#expires_within_days?' do
+    context 'with input sanitizing' do
+      it 'accepts one argument' do
+        expect(subject.method(:expires_within_days?).arity).to eql 1
+      end
+
+      it 'does not allow 0 days' do
+        expect { subject.expires_within_days?(0) }.to raise_error ArgumentError
+      end
+
+      it 'does not allow negative values' do
+        expect { subject.expires_within_days?(-1) }.to raise_error ArgumentError
+      end
+
+      it 'coerces input to integer' do
+        expect { subject.expires_within_days?('14.5') }.not_to raise_error
+      end
+
+      it 'complains about failed coersion' do
+        expect { subject.expires_within_days?('hello world') }.to raise_error ArgumentError
+      end
+    end
+
+    context 'verifying next_update' do
+      before do
+        subject.stub(next_update: 10.days.from_now)
+      end
+
+      it 'return true if next_update is within requested time period' do
+        expect(subject.expires_within_days?(9)).to eql true
+      end
+
+      it 'returns false if next_update is after requested time period' do
+        expect(subject.expires_within_days?(11)).to eql false
+      end
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,14 @@
+require 'active_support/core_ext'
+require 'crl_watchdog'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

data/spec/support/crl.pem

@@ -0,0 +1,22 @@
+-----BEGIN X509 CRL-----
+MIIDoTCCAokCAQEwDQYJKoZIhvcNAQEFBQAwgcgxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEYMBYGA1UEChMPQWJzb2x2ZW50
+YSBHbWJIMSIwIAYDVQQLExlOZXR3b3JrIE9wZXJhdGlvbnMgQ2VudGVyMTcwNQYD
+VQQDEy5BYnNvbHZlbnRhIEdtYkggSW50ZXJuYWwgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MSAwHgYJKoZIhvcNAQkBFhFkZXZAYWJzb2x2ZW50YS5kZRcNMTMxMDI4MDcy
+MDQ5WhcNMTQwMjA1MDcyMDQ5WjCCAXowEwICEAQXDTEzMDIyNjA5MzMxMFowEwIC
+EAkXDTEzMDIxMzE2MTk1N1owEwICEAsXDTEzMDIxNTA4NTQ1OVowEwICEBYXDTEz
+MDMyMDA5NTYzNFowEwICEBcXDTEzMDIyMDE1MzY0N1owEwICEBgXDTEzMDcxODA4
+MTcxMVowEwICEBoXDTEzMDYxMDEwMDcxMlowEwICEBsXDTEzMDIyMTE0MzAyNFow
+EwICEB4XDTEzMDMyODEwNDMxMlowEwICECAXDTEzMDIyNjE3MDk1NVowEwICECIX
+DTEzMDYxMDEwMDc1NVowEwICEDoXDTEzMDMyMDA5NTQxNVowEwICEEYXDTEzMDIy
+NzE1NDkwOVowEwICEFUXDTEzMTAyODA3MjA0NlowEwICEFYXDTEzMTAyODA3MjAw
+M1owEwICEF0XDTEzMDUxMzA3NDAyOVowEwICEGgXDTEzMTAyODA3MTM0NVowEwIC
+EGwXDTEzMTAyODA3MDQwNVqgDjAMMAoGA1UdFAQDAgEgMA0GCSqGSIb3DQEBBQUA
+A4IBAQA2B4lJHU2V7RssIHUt4hYl/xrtc997TzvJDy/fdhjsSNFpZ2WdbiEAihSB
+D9aukF58sZuFuLxws7fg8GABANp4h+5z235j8/xnPA4feKr9KUREC97/JqSJMfnV
+NNw8Uo01d3scwEwtzxsSvsGx/ihWCN1Nhy7KVc/g6AFwSap2YnxT1Gx8PU3WxkXw
+1K2VFsUlQSDAG+7T1eI9KO1Pr3Qlx88KNpkN6jYDKUhBhFG7/Qaztqy9ZbUCeWCy
+CnC9ywT4yvVYBcZEE0fFeDn8LkGVwOXNpuXP4oJAg0ZvGBADrS4/vAdu4rFjOYQQ
+ocmlhr5YnnfzWuoJhTddBRLC9uNd
+-----END X509 CRL-----

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: crl_watchdog
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Carsten Zimmermann
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-10-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Checks if an OpenSSl certificate revocation file expires within a given
+  amount of days
+email:
+- carp@hacksocke.de
+executables:
+- crlwatch
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .ruby-gemset
+- .ruby-version
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/crlwatch
+- crl_watchdog.gemspec
+- lib/crl_watchdog.rb
+- spec/crl_watchdog_spec.rb
+- spec/spec_helper.rb
+- spec/support/crl.pem
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.1.9
+signing_key: 
+specification_version: 4
+summary: Checks if a CRL expires within a given amount of days
+test_files:
+- spec/crl_watchdog_spec.rb
+- spec/spec_helper.rb
+- spec/support/crl.pem