damnx509 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +6 -15
  3. data/damnx509.gemspec +8 -8
  4. data/lib/damnx509/version.rb +1 -1
  5. data/lib/damnx509.rb +38 -17
  6. metadata +20 -22
  7. data/CODE_OF_CONDUCT.md +0 -74
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: c930cca3a5c52c5260e694f4971c4c5c7426089b
4
- data.tar.gz: 818f5492500718a1f5cdad67fc759fd61189b58b
2
+ SHA256:
3
+ metadata.gz: 4ade108be7ef2f65fb9a1387a4a8a6175ea99ce0774b65b616f32d330abd8758
4
+ data.tar.gz: 54277c411684be046d557f0875c5d79f7139dcb5955a8e52f32fe92589c3b449
5
5
  SHA512:
6
- metadata.gz: ec8b834cca14409ef2154c539a2e4cb9a91a4453a443abb7a03dff705ac5261ce282a0b8e5f7b925a0a2e1e152730457646e049e247137703422ca1cd9a35d8a
7
- data.tar.gz: a201a8760c74a4aeb2d3f3a355a3406933849aca8ab628cd6b5277f1f8a230b70b43d9759a177c93ef5de2b23685aa64f2d43953c15d715cbcd1f686e28c49a3
6
+ metadata.gz: 0e1c0ba31a8e4e5fdd9184fc3470e69f84b7442cf60ab82836c7c5b504974e2109742799cc52cb470017d91cfb99901b50748d82d976afd414fedf8eda70bb4d
7
+ data.tar.gz: 8867774b8f488e8b8360a7fa2985b1926a2774a765f75eac11802e0ce3b65710ed399e785a675951cf64b7cd8a26b9aafe2f19a025b73b25486c04c375728f4b
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # damnx509 [![Unlicense](https://img.shields.io/badge/un-license-green.svg?style=flat)](http://unlicense.org)
1
+ # damnx509 [![Unlicense](https://img.shields.io/badge/un-license-green.svg?style=flat)](https://unlicense.org)
2
2
 
3
3
  A simple CLI for managing a small X.509 Certificate Authority!
4
4
 
@@ -7,6 +7,7 @@ A simple CLI for managing a small X.509 Certificate Authority!
7
7
  - the extended usage thing (e.g. some WPA2 EAP-TLS clients absolutely require it to be set to `clientAuth`, now you don't have to worry about that)
8
8
  - Subject Alternative Names (the `openssl` binary only sets that *from the openssl config file*, what the hell)
9
9
  - the signature algorithm (RSA 2048/4096 and EC)
10
+ - the digest algorithm (SHA256/384/512, note that WPA3-Enterprise 192-bit mode requires 384)
10
11
  - the URI of the CRL
11
12
  - It also automatically offers default values from the CA (e.g. you want to default to the same country, city and CRL URI, right?)
12
13
  - And automatically builds a PKCS12 (`.p12`) key+cert bundle (useful for browser client certs and WPA2 EAP-TLS).
@@ -15,31 +16,21 @@ A simple CLI for managing a small X.509 Certificate Authority!
15
16
 
16
17
  You can use damnx509 to manage a personal CA to sign things like:
17
18
 
18
- - Your [home router](https://lede-project.org/start)'s admin interface (LuCI)
19
- - Your home router's [WPA2 EAP-TLS network](http://www.blog.10deam.com/2015/01/08/install-freeradius2-on-a-openwrt-router-for-eap-authentication/)
20
- - Your home NAS's web interface
19
+ - Your various HTTPS, MQTT, etc. servers at home
20
+ - Your home [WPA2 EAP-TLS network](http://www.blog.10deam.com/2015/01/08/install-freeradius2-on-a-openwrt-router-for-eap-authentication/)
21
21
  - Your personal OpenVPN network
22
- - Your home server's HTTPS services
23
22
  - Client certificates for accessing admin/monitoring/etc. interfaces on your servers
24
- - An [IndieCert](https://indiecert.net/faq) client certificate for [signing in with your domain](https://indieweb.org/Web_sign-in)
23
+ - ~~An [IndieCert](https://indiecert.net/faq) client certificate for [signing in with your domain](https://indieweb.org/Web_sign-in)~~
25
24
 
26
25
  ## Installation
27
26
 
28
- You need Ruby [older than 2.4 for now](https://github.com/r509/r509/issues/122).
29
-
30
27
  ```bash
31
28
  $ gem install damnx509
32
29
  ```
33
30
 
34
31
  Run the command to see how to use it.
35
32
 
36
- ## Contributing
37
-
38
- Please feel free to submit pull requests!
39
-
40
- By participating in this project you agree to follow the [Contributor Code of Conduct](http://contributor-covenant.org/version/1/4/).
41
-
42
33
  ## License
43
34
 
44
35
  This is free and unencumbered software released into the public domain.
45
- For more information, please refer to the `UNLICENSE` file or [unlicense.org](http://unlicense.org).
36
+ For more information, please refer to the `UNLICENSE` file or [unlicense.org](https://unlicense.org).
data/damnx509.gemspec CHANGED
@@ -6,11 +6,11 @@ require 'damnx509/version'
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "damnx509"
8
8
  spec.version = Damnx509::VERSION
9
- spec.authors = ["Greg V"]
10
- spec.email = ["greg@unrelenting.technology"]
9
+ spec.authors = ["unrelentingtech"]
10
+ spec.email = ["hello@unrelenting.technology"]
11
11
 
12
12
  spec.summary = %q{Easy interactive CLI for managing a small X.509 (TLS) Certificate Authority}
13
- spec.homepage = "https://github.com/myfreeweb/damnx509"
13
+ spec.homepage = "https://codeberg.org/unrelentingtech/damnx509"
14
14
  spec.license = "Unlicense"
15
15
 
16
16
  spec.files = `git ls-files -z`.split("\x0").reject do |f|
@@ -20,10 +20,10 @@ Gem::Specification.new do |spec|
20
20
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
21
21
  spec.require_paths = ["lib"]
22
22
 
23
- spec.add_dependency "thor", "~> 0.19"
24
- spec.add_dependency "highline", "~> 1.7"
23
+ spec.add_dependency "thor", "~> 1.2"
24
+ spec.add_dependency "highline", "~> 2.0"
25
25
  spec.add_dependency "chronic_duration", "~> 0.10"
26
- spec.add_dependency "r509", "~> 1.0"
27
- spec.add_development_dependency "bundler", "~> 1.14"
28
- spec.add_development_dependency "rake", "~> 10.0"
26
+ spec.add_dependency "r509", "~> 1.0.1"
27
+ spec.add_development_dependency "bundler", "~> 2.3"
28
+ spec.add_development_dependency "rake", "~> 13.0"
29
29
  end
data/lib/damnx509/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Damnx509
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.1"
3
3
  end
data/lib/damnx509.rb CHANGED
@@ -17,21 +17,28 @@ module Damnx509
17
17
  return false
18
18
  end
19
19
  Dir.mkdir(name)
20
+ cert_type, bit_length, digest_alg = _ask_algo
20
21
  subject = _ask_subject
21
22
  csr = R509::CSR.new(
22
- type: 'RSA',
23
- bit_length: 4096,
23
+ type: cert_type,
24
+ bit_length: bit_length,
24
25
  subject: subject,
25
26
  san_names: _to_san(subject) + _ask_san
26
27
  )
27
28
  key_filename = "#{name}/root.key.pem"
28
29
  _write_with_password(key_filename, csr.key)
29
30
  cert_filename = "#{name}/root.cert.pem"
30
- ext = []
31
+ ext = [
32
+ R509::Cert::Extensions::BasicConstraints.new(critical: true, ca: true),
33
+ R509::Cert::Extensions::KeyUsage.new(critical: true, value: ['keyCertSign', 'cRLSign']),
34
+ R509::Cert::Extensions::SubjectKeyIdentifier.new(public_key: csr.public_key),
35
+ R509::Cert::Extensions::AuthorityKeyIdentifier.new(public_key: csr.public_key)
36
+ ]
31
37
  crl_uri = CLI.ask('CRL URI?')
32
38
  ext << R509::Cert::Extensions::CRLDistributionPoints.new(value: [{type: 'URI', value: crl_uri}]) unless crl_uri.empty?
33
39
  cert = R509::CertificateAuthority::Signer.selfsign(
34
40
  csr: csr,
41
+ message_digest: digest_alg,
35
42
  extensions: ext,
36
43
  not_before: Time.now.to_i,
37
44
  not_after: Time.now.to_i + _ask_duration
@@ -63,9 +70,10 @@ module Damnx509
63
70
  return false
64
71
  end
65
72
  subj_defaults = Hash[ca_config.ca_cert.cert.subject.to_a.map { |e| [e[0], e[1]] }]
66
- ext = []
73
+ ext = [
74
+ R509::Cert::Extensions::BasicConstraints.new(critical: true, ca: false)
75
+ ]
67
76
 
68
- ext << R509::Cert::Extensions::BasicConstraints.new(:ca => false)
69
77
  CLI.choose do |menu|
70
78
  menu.prompt = 'Certificate usage?'
71
79
  menu.choice('TLS (HTTPS/SMTPS/IMAPS/OpenVPN/WPA2 EAP-TLS/etc.) Server') {
@@ -82,18 +90,7 @@ module Damnx509
82
90
  }
83
91
  end
84
92
 
85
- cert_type = 'RSA'
86
- CLI.choose do |menu|
87
- menu.prompt = 'Signature algorithm?'
88
- menu.choice('RSA') {}
89
- menu.choice('EC') { cert_type = 'EC' }
90
- end
91
- bit_length = nil
92
- CLI.choose do |menu|
93
- menu.prompt = 'Key length?'
94
- menu.choice('2048') { bit_length = 2048 }
95
- menu.choice('4096') { bit_length = 4096 }
96
- end if cert_type == 'RSA'
93
+ cert_type, bit_length, digest_alg = _ask_algo
97
94
 
98
95
  crl_ext_p = (ca_config.ca_cert.cert.extensions || []).find { |e| e.oid == 'crlDistributionPoints' }
99
96
  crl_uri = CLI.ask('CRL URI?') { |q| q.default = crl_ext_p && crl_ext_p.value.gsub(/\n[^:]+:/, '').strip }
@@ -113,6 +110,7 @@ module Damnx509
113
110
  signer = R509::CertificateAuthority::Signer.new(ca_config)
114
111
  cert = signer.sign(
115
112
  csr: csr,
113
+ message_digest: digest_alg,
116
114
  extensions: ext,
117
115
  not_before: Time.now.to_i,
118
116
  not_after: Time.now.to_i + _ask_duration
@@ -157,6 +155,29 @@ module Damnx509
157
155
  nil
158
156
  end
159
157
 
158
+ def _ask_algo
159
+ cert_type = 'RSA'
160
+ CLI.choose do |menu|
161
+ menu.prompt = 'Signature algorithm?'
162
+ menu.choice('RSA') {}
163
+ menu.choice('EC') { cert_type = 'EC' }
164
+ end
165
+ bit_length = nil
166
+ CLI.choose do |menu|
167
+ menu.prompt = 'Key length?'
168
+ menu.choice('2048') { bit_length = 2048 }
169
+ menu.choice('4096') { bit_length = 4096 }
170
+ end if cert_type == 'RSA'
171
+ digest_alg = 'SHA384'
172
+ CLI.choose do |menu|
173
+ menu.prompt = 'Digest algorithm?'
174
+ menu.choice('SHA384') {}
175
+ menu.choice('SHA256') { digest_alg = 'SHA256' }
176
+ menu.choice('SHA512') { digest_alg = 'SHA512' }
177
+ end
178
+ [cert_type, bit_length, digest_alg]
179
+ end
180
+
160
181
  def _ask_subject(defaults=nil)
161
182
  [
162
183
  ['C', CLI.ask('C - Country (2 letter code):') { |q| q.default = defaults && defaults['C'] }],
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: damnx509
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
- - Greg V
8
- autorequire:
7
+ - unrelentingtech
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-03-06 00:00:00.000000000 Z
11
+ date: 2022-08-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '0.19'
19
+ version: '1.2'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '0.19'
26
+ version: '1.2'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: highline
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '1.7'
33
+ version: '2.0'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.7'
40
+ version: '2.0'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: chronic_duration
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -58,52 +58,51 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '1.0'
61
+ version: 1.0.1
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '1.0'
68
+ version: 1.0.1
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: bundler
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: '1.14'
75
+ version: '2.3'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: '1.14'
82
+ version: '2.3'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rake
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '10.0'
89
+ version: '13.0'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '10.0'
97
- description:
96
+ version: '13.0'
97
+ description:
98
98
  email:
99
- - greg@unrelenting.technology
99
+ - hello@unrelenting.technology
100
100
  executables:
101
101
  - damnx509
102
102
  extensions: []
103
103
  extra_rdoc_files: []
104
104
  files:
105
105
  - ".gitignore"
106
- - CODE_OF_CONDUCT.md
107
106
  - Gemfile
108
107
  - README.md
109
108
  - Rakefile
@@ -112,11 +111,11 @@ files:
112
111
  - exe/damnx509
113
112
  - lib/damnx509.rb
114
113
  - lib/damnx509/version.rb
115
- homepage: https://github.com/myfreeweb/damnx509
114
+ homepage: https://codeberg.org/unrelentingtech/damnx509
116
115
  licenses:
117
116
  - Unlicense
118
117
  metadata: {}
119
- post_install_message:
118
+ post_install_message:
120
119
  rdoc_options: []
121
120
  require_paths:
122
121
  - lib
@@ -131,9 +130,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
131
130
  - !ruby/object:Gem::Version
132
131
  version: '0'
133
132
  requirements: []
134
- rubyforge_project:
135
- rubygems_version: 2.6.10
136
- signing_key:
133
+ rubygems_version: 3.0.8
134
+ signing_key:
137
135
  specification_version: 4
138
136
  summary: Easy interactive CLI for managing a small X.509 (TLS) Certificate Authority
139
137
  test_files: []
data/CODE_OF_CONDUCT.md DELETED
@@ -1,74 +0,0 @@
1
- # Contributor Covenant Code of Conduct
2
-
3
- ## Our Pledge
4
-
5
- In the interest of fostering an open and welcoming environment, we as
6
- contributors and maintainers pledge to making participation in our project and
7
- our community a harassment-free experience for everyone, regardless of age, body
8
- size, disability, ethnicity, gender identity and expression, level of experience,
9
- nationality, personal appearance, race, religion, or sexual identity and
10
- orientation.
11
-
12
- ## Our Standards
13
-
14
- Examples of behavior that contributes to creating a positive environment
15
- include:
16
-
17
- * Using welcoming and inclusive language
18
- * Being respectful of differing viewpoints and experiences
19
- * Gracefully accepting constructive criticism
20
- * Focusing on what is best for the community
21
- * Showing empathy towards other community members
22
-
23
- Examples of unacceptable behavior by participants include:
24
-
25
- * The use of sexualized language or imagery and unwelcome sexual attention or
26
- advances
27
- * Trolling, insulting/derogatory comments, and personal or political attacks
28
- * Public or private harassment
29
- * Publishing others' private information, such as a physical or electronic
30
- address, without explicit permission
31
- * Other conduct which could reasonably be considered inappropriate in a
32
- professional setting
33
-
34
- ## Our Responsibilities
35
-
36
- Project maintainers are responsible for clarifying the standards of acceptable
37
- behavior and are expected to take appropriate and fair corrective action in
38
- response to any instances of unacceptable behavior.
39
-
40
- Project maintainers have the right and responsibility to remove, edit, or
41
- reject comments, commits, code, wiki edits, issues, and other contributions
42
- that are not aligned to this Code of Conduct, or to ban temporarily or
43
- permanently any contributor for other behaviors that they deem inappropriate,
44
- threatening, offensive, or harmful.
45
-
46
- ## Scope
47
-
48
- This Code of Conduct applies both within project spaces and in public spaces
49
- when an individual is representing the project or its community. Examples of
50
- representing a project or community include using an official project e-mail
51
- address, posting via an official social media account, or acting as an appointed
52
- representative at an online or offline event. Representation of a project may be
53
- further defined and clarified by project maintainers.
54
-
55
- ## Enforcement
56
-
57
- Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
- reported by contacting the project owner at greg@unrelenting.technology. All
59
- complaints will be reviewed and investigated and will result in a response that
60
- is deemed necessary and appropriate to the circumstances. The project owner is
61
- obligated to maintain confidentiality with regard to the reporter of an incident.
62
- Further details of specific enforcement policies may be posted separately.
63
-
64
- Project maintainers who do not follow or enforce the Code of Conduct in good
65
- faith may face temporary or permanent repercussions as determined by other
66
- members of the project's leadership.
67
-
68
- ## Attribution
69
-
70
- This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
- available at [http://contributor-covenant.org/version/1/4][version]
72
-
73
- [homepage]: http://contributor-covenant.org
74
- [version]: http://contributor-covenant.org/version/1/4/