crl_watchdog 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/.rspec +2 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/Gemfile +4 -0
- data/LICENSE +22 -0
- data/README.md +24 -0
- data/Rakefile +2 -0
- data/bin/crlwatch +69 -0
- data/crl_watchdog.gemspec +20 -0
- data/lib/crl_watchdog.rb +34 -0
- data/spec/crl_watchdog_spec.rb +76 -0
- data/spec/spec_helper.rb +14 -0
- data/spec/support/crl.pem +22 -0
- metadata +90 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 8a5e7d624580cdef687512d2c73199c98449b473
|
4
|
+
data.tar.gz: d7bf23d677f4b4fc60d51ff3a465d75c75d609b5
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: b7b3555e0f95907ec59f531cc0eec5f30337f051c7655974f7571a3b2d74f53aef3fb9ceaf05703f0afc52bf7ef1778a96bbf36f7063c40f96f7eb7cdb00f52a
|
7
|
+
data.tar.gz: efed1a7f13861a6ed648e7d9e4ed51daa051f0445ea6882a31abe67e85a666bd3f95160ddabf745bafbbb451b0044c39b47284b4b2bdb582c7a5dbafc008ed6a
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.ruby-gemset
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
crl_gemset
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.0.0
|
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2013 Carsten Zimmermann
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
# CrlWatchdog
|
2
|
+
|
3
|
+
Checks if an OpenSSl certificate revocation file expires within a given amount of days.
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Install the system executable:
|
8
|
+
|
9
|
+
$ gem install crl_watchdog
|
10
|
+
|
11
|
+
## Usage
|
12
|
+
|
13
|
+
$ crlwatch --file /path/to/crl.pem --days 14
|
14
|
+
|
15
|
+
The CLI returns 0 if the CRL expires after the given amount of days and 1 if
|
16
|
+
the expiration date is within the given period.
|
17
|
+
|
18
|
+
## Contributing
|
19
|
+
|
20
|
+
1. Fork it
|
21
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
22
|
+
3. Commit your changes (`git commit -am 'Added some feature'`)
|
23
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
24
|
+
5. Create new Pull Request
|
data/Rakefile
ADDED
data/bin/crlwatch
ADDED
@@ -0,0 +1,69 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# encoding: utf-8
|
3
|
+
# vim: ft=ruby
|
4
|
+
|
5
|
+
begin
|
6
|
+
require 'crl_watchdog'
|
7
|
+
rescue LoadError
|
8
|
+
require 'rubygems'
|
9
|
+
require 'crl_watchdog'
|
10
|
+
end
|
11
|
+
|
12
|
+
require 'optparse'
|
13
|
+
|
14
|
+
Version = CrlWatchdog::VERSION.dup
|
15
|
+
|
16
|
+
options = {}
|
17
|
+
option_parser = OptionParser.new do |opts|
|
18
|
+
opts.banner = "Usage: crlwatch [options]"
|
19
|
+
|
20
|
+
opts.separator ""
|
21
|
+
opts.on('-f', '--file CRLFILE', 'Path to CRL file') do |crl_file|
|
22
|
+
options[:crl_file] = crl_file
|
23
|
+
end
|
24
|
+
opts.on('-d', '--days DAYS', '') do |days|
|
25
|
+
options[:days] = days
|
26
|
+
end
|
27
|
+
opts.on('-h', '--help', 'Display this help screen') do
|
28
|
+
puts opts
|
29
|
+
exit
|
30
|
+
end
|
31
|
+
opts.on('--debug', 'Display full stack traces') do
|
32
|
+
options[:debug] = true
|
33
|
+
end
|
34
|
+
opts.on_tail('--version', 'Display version and exit') do
|
35
|
+
puts opts.ver
|
36
|
+
puts
|
37
|
+
puts "Checks if an OpenSSl certificate revocation file expires"
|
38
|
+
puts "within a given amount of days."
|
39
|
+
puts
|
40
|
+
puts "© 2013 Absolventa GmbH"
|
41
|
+
puts "This is free software; see the source for copying conditions."
|
42
|
+
puts "There is NO warranty; not even for MERCHANTABILITY or FITNESS"
|
43
|
+
puts "FOR A PARTICULAR PURPOSE. Licensed under the MIT license."
|
44
|
+
exit
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
option_parser.parse!
|
49
|
+
|
50
|
+
unless options[:days] && options[:crl_file]
|
51
|
+
puts "E: Not enough arguments"
|
52
|
+
exit 22 # invalid argument
|
53
|
+
end
|
54
|
+
|
55
|
+
begin
|
56
|
+
watchdog = CrlWatchdog.new(options[:crl_file])
|
57
|
+
expiration = "CRL expires #{watchdog.next_update}"
|
58
|
+
if watchdog.expires_within_days? options[:days]
|
59
|
+
$stdout.puts "OK - #{expiration}"
|
60
|
+
exit 0
|
61
|
+
else
|
62
|
+
$stderr.puts "NOK - #{expiration}"
|
63
|
+
exit 1
|
64
|
+
end
|
65
|
+
rescue => e
|
66
|
+
puts "E: #{e.message}"
|
67
|
+
puts e.backtrace if options[:debug]
|
68
|
+
exit 1
|
69
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
require File.expand_path('../lib/crl_watchdog', __FILE__)
|
3
|
+
|
4
|
+
Gem::Specification.new do |gem|
|
5
|
+
gem.authors = ["Carsten Zimmermann"]
|
6
|
+
gem.email = ["carp@hacksocke.de"]
|
7
|
+
gem.description = %q{Checks if an OpenSSl certificate revocation file expires within a given amount of days}
|
8
|
+
gem.summary = %q{Checks if a CRL expires within a given amount of days}
|
9
|
+
gem.homepage = ""
|
10
|
+
|
11
|
+
gem.files = `git ls-files`.split($\)
|
12
|
+
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
13
|
+
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
14
|
+
gem.name = "crl_watchdog"
|
15
|
+
gem.require_paths = ["lib"]
|
16
|
+
gem.version = CrlWatchdog::VERSION
|
17
|
+
|
18
|
+
gem.add_development_dependency 'rspec'
|
19
|
+
gem.add_development_dependency 'activesupport'
|
20
|
+
end
|
data/lib/crl_watchdog.rb
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
|
3
|
+
class CrlWatchdog
|
4
|
+
|
5
|
+
VERSION = '1.0.0'
|
6
|
+
|
7
|
+
attr_reader :crl
|
8
|
+
|
9
|
+
def initialize crl_file
|
10
|
+
ensure_file_exists! crl_file
|
11
|
+
@crl = OpenSSL::X509::CRL.new File.read(crl_file)
|
12
|
+
end
|
13
|
+
|
14
|
+
def next_update
|
15
|
+
crl.next_update
|
16
|
+
end
|
17
|
+
|
18
|
+
def expires_within_days? days
|
19
|
+
days = days.to_i
|
20
|
+
ensure_positive_day_count! days
|
21
|
+
next_update >= (Time.now + 86000 * days)
|
22
|
+
end
|
23
|
+
|
24
|
+
private
|
25
|
+
|
26
|
+
def ensure_file_exists! file
|
27
|
+
raise ArgumentError.new("File not found: #{file}") unless File.exists?(file)
|
28
|
+
end
|
29
|
+
|
30
|
+
def ensure_positive_day_count! days
|
31
|
+
raise ArgumentError.new('Must pass positive integer for days count') if days <= 0
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
@@ -0,0 +1,76 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe CrlWatchdog do
|
4
|
+
let(:crl_file) { File.expand_path("../support/crl.pem", __FILE__) }
|
5
|
+
|
6
|
+
subject { described_class.new crl_file }
|
7
|
+
|
8
|
+
context 'with file input' do
|
9
|
+
it 'requires an existing file' do
|
10
|
+
expect do
|
11
|
+
described_class.new '/does/not/exist.pem'
|
12
|
+
end.to raise_error ArgumentError
|
13
|
+
end
|
14
|
+
|
15
|
+
it 'requires a valid certificate revokation list' do
|
16
|
+
expect do
|
17
|
+
described_class.new __FILE__
|
18
|
+
end.to raise_error OpenSSL::X509::CRLError
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'does not complain about a valid crl file' do
|
22
|
+
expect do
|
23
|
+
described_class.new crl_file
|
24
|
+
end.not_to raise_error
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'assigns OpenSSL::X509::CRL object to #crl' do
|
28
|
+
expect(subject.crl).to be_instance_of OpenSSL::X509::CRL
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
describe '#next_update' do
|
33
|
+
it 'forwards to crl instance' do
|
34
|
+
expect(subject.next_update).to be_instance_of Time
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
describe '#expires_within_days?' do
|
39
|
+
context 'with input sanitizing' do
|
40
|
+
it 'accepts one argument' do
|
41
|
+
expect(subject.method(:expires_within_days?).arity).to eql 1
|
42
|
+
end
|
43
|
+
|
44
|
+
it 'does not allow 0 days' do
|
45
|
+
expect { subject.expires_within_days?(0) }.to raise_error ArgumentError
|
46
|
+
end
|
47
|
+
|
48
|
+
it 'does not allow negative values' do
|
49
|
+
expect { subject.expires_within_days?(-1) }.to raise_error ArgumentError
|
50
|
+
end
|
51
|
+
|
52
|
+
it 'coerces input to integer' do
|
53
|
+
expect { subject.expires_within_days?('14.5') }.not_to raise_error
|
54
|
+
end
|
55
|
+
|
56
|
+
it 'complains about failed coersion' do
|
57
|
+
expect { subject.expires_within_days?('hello world') }.to raise_error ArgumentError
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
context 'verifying next_update' do
|
62
|
+
before do
|
63
|
+
subject.stub(next_update: 10.days.from_now)
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'return true if next_update is within requested time period' do
|
67
|
+
expect(subject.expires_within_days?(9)).to eql true
|
68
|
+
end
|
69
|
+
|
70
|
+
it 'returns false if next_update is after requested time period' do
|
71
|
+
expect(subject.expires_within_days?(11)).to eql false
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'active_support/core_ext'
|
2
|
+
require 'crl_watchdog'
|
3
|
+
|
4
|
+
RSpec.configure do |config|
|
5
|
+
config.treat_symbols_as_metadata_keys_with_true_values = true
|
6
|
+
config.run_all_when_everything_filtered = true
|
7
|
+
config.filter_run :focus
|
8
|
+
|
9
|
+
# Run specs in random order to surface order dependencies. If you find an
|
10
|
+
# order dependency and want to debug it, you can fix the order by providing
|
11
|
+
# the seed, which is printed after each run.
|
12
|
+
# --seed 1234
|
13
|
+
config.order = 'random'
|
14
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
-----BEGIN X509 CRL-----
|
2
|
+
MIIDoTCCAokCAQEwDQYJKoZIhvcNAQEFBQAwgcgxCzAJBgNVBAYTAkRFMQ8wDQYD
|
3
|
+
VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEYMBYGA1UEChMPQWJzb2x2ZW50
|
4
|
+
YSBHbWJIMSIwIAYDVQQLExlOZXR3b3JrIE9wZXJhdGlvbnMgQ2VudGVyMTcwNQYD
|
5
|
+
VQQDEy5BYnNvbHZlbnRhIEdtYkggSW50ZXJuYWwgQ2VydGlmaWNhdGUgQXV0aG9y
|
6
|
+
aXR5MSAwHgYJKoZIhvcNAQkBFhFkZXZAYWJzb2x2ZW50YS5kZRcNMTMxMDI4MDcy
|
7
|
+
MDQ5WhcNMTQwMjA1MDcyMDQ5WjCCAXowEwICEAQXDTEzMDIyNjA5MzMxMFowEwIC
|
8
|
+
EAkXDTEzMDIxMzE2MTk1N1owEwICEAsXDTEzMDIxNTA4NTQ1OVowEwICEBYXDTEz
|
9
|
+
MDMyMDA5NTYzNFowEwICEBcXDTEzMDIyMDE1MzY0N1owEwICEBgXDTEzMDcxODA4
|
10
|
+
MTcxMVowEwICEBoXDTEzMDYxMDEwMDcxMlowEwICEBsXDTEzMDIyMTE0MzAyNFow
|
11
|
+
EwICEB4XDTEzMDMyODEwNDMxMlowEwICECAXDTEzMDIyNjE3MDk1NVowEwICECIX
|
12
|
+
DTEzMDYxMDEwMDc1NVowEwICEDoXDTEzMDMyMDA5NTQxNVowEwICEEYXDTEzMDIy
|
13
|
+
NzE1NDkwOVowEwICEFUXDTEzMTAyODA3MjA0NlowEwICEFYXDTEzMTAyODA3MjAw
|
14
|
+
M1owEwICEF0XDTEzMDUxMzA3NDAyOVowEwICEGgXDTEzMTAyODA3MTM0NVowEwIC
|
15
|
+
EGwXDTEzMTAyODA3MDQwNVqgDjAMMAoGA1UdFAQDAgEgMA0GCSqGSIb3DQEBBQUA
|
16
|
+
A4IBAQA2B4lJHU2V7RssIHUt4hYl/xrtc997TzvJDy/fdhjsSNFpZ2WdbiEAihSB
|
17
|
+
D9aukF58sZuFuLxws7fg8GABANp4h+5z235j8/xnPA4feKr9KUREC97/JqSJMfnV
|
18
|
+
NNw8Uo01d3scwEwtzxsSvsGx/ihWCN1Nhy7KVc/g6AFwSap2YnxT1Gx8PU3WxkXw
|
19
|
+
1K2VFsUlQSDAG+7T1eI9KO1Pr3Qlx88KNpkN6jYDKUhBhFG7/Qaztqy9ZbUCeWCy
|
20
|
+
CnC9ywT4yvVYBcZEE0fFeDn8LkGVwOXNpuXP4oJAg0ZvGBADrS4/vAdu4rFjOYQQ
|
21
|
+
ocmlhr5YnnfzWuoJhTddBRLC9uNd
|
22
|
+
-----END X509 CRL-----
|
metadata
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: crl_watchdog
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Carsten Zimmermann
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2013-10-28 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rspec
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '>='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: activesupport
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
description: Checks if an OpenSSl certificate revocation file expires within a given
|
42
|
+
amount of days
|
43
|
+
email:
|
44
|
+
- carp@hacksocke.de
|
45
|
+
executables:
|
46
|
+
- crlwatch
|
47
|
+
extensions: []
|
48
|
+
extra_rdoc_files: []
|
49
|
+
files:
|
50
|
+
- .gitignore
|
51
|
+
- .rspec
|
52
|
+
- .ruby-gemset
|
53
|
+
- .ruby-version
|
54
|
+
- Gemfile
|
55
|
+
- LICENSE
|
56
|
+
- README.md
|
57
|
+
- Rakefile
|
58
|
+
- bin/crlwatch
|
59
|
+
- crl_watchdog.gemspec
|
60
|
+
- lib/crl_watchdog.rb
|
61
|
+
- spec/crl_watchdog_spec.rb
|
62
|
+
- spec/spec_helper.rb
|
63
|
+
- spec/support/crl.pem
|
64
|
+
homepage: ''
|
65
|
+
licenses: []
|
66
|
+
metadata: {}
|
67
|
+
post_install_message:
|
68
|
+
rdoc_options: []
|
69
|
+
require_paths:
|
70
|
+
- lib
|
71
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - '>='
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
77
|
+
requirements:
|
78
|
+
- - '>='
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: '0'
|
81
|
+
requirements: []
|
82
|
+
rubyforge_project:
|
83
|
+
rubygems_version: 2.1.9
|
84
|
+
signing_key:
|
85
|
+
specification_version: 4
|
86
|
+
summary: Checks if a CRL expires within a given amount of days
|
87
|
+
test_files:
|
88
|
+
- spec/crl_watchdog_spec.rb
|
89
|
+
- spec/spec_helper.rb
|
90
|
+
- spec/support/crl.pem
|