devcert 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 793a477e3f93c1fee0c6f0ba7e5ae1f0259fc162
+  data.tar.gz: 84d588c31894cc0e1749b044907f88f3dbec542f
+SHA512:
+  metadata.gz: 314254b2fbd1d4d6033e8def3419a7388d336b6e0eb332a2bd8dbb33bba47b64170bce0b4da5ffca86ecd7873b01953ecaed0c609869bb4598bf0bbcba7a3268
+  data.tar.gz: 8f25a98c9c67265fb78367c4da903b140880c04b7098f559d48a9960dcd422e8620317d0f06d375d23eee36dc5146aa0a6a137703a8eba1207c9d2df2eba6718

data/bin/devcert

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require 'devcert'
+::DevCert::CLI.start ARGV

data/lib/devcert/cli.rb

@@ -0,0 +1,98 @@
+require 'devcert/cli'
+require 'thor'
+require 'devcert/genca'
+require 'devcert/export'
+require 'devcert/issue'
+
+module DevCert
+  class CLI < ::Thor
+    desc 'genca CA_NAME', 'Generate certification authority CA_NAME'
+    method_option(
+      :output,
+      type: :string,
+      default: ::Dir.pwd,
+      aliases: '-o',
+      desc: 'Output directory'
+    )
+    method_option(
+      :key_size,
+      type: :numeric,
+      default: 2048,
+      desc: 'RSA key size in bits'
+    )
+    method_option(
+      :validity,
+      type: :numeric,
+      default: 90,
+      desc: 'CA certificate validity in days'
+    )
+    def genca(ca_name)
+      ::DevCert::GenCA.generate_ca(
+        ca_name,
+        options[:output],
+        options[:key_size],
+        options[:validity]
+      )
+    end
+
+    desc 'export BUNDLE_PATH', 'Export private_key or certificate from bundle'
+    method_option(
+      :output,
+      type: :string,
+      default: ::Dir.pwd,
+      aliases: '-o',
+      desc: 'Output directory'
+    )
+    method_option(
+      :type,
+      enum: ['certificate', 'private_key'],
+      required: true,
+      aliases: '-t',
+      desc: 'Export type'
+    )
+    def export(bundle_path)
+      ::DevCert::Export.export(
+        ::File.absolute_path(bundle_path, ::Dir.pwd),
+        options[:type],
+        options[:output]
+      )
+    end
+
+    desc 'issue CA_BUNDLE_PATH', 'Issue certificates'
+    method_option(
+      :output,
+      type: :string,
+      default: ::Dir.pwd,
+      aliases: '-o',
+      desc: 'Output directory'
+    )
+    method_option(
+      :domains,
+      type: :array,
+      required: true,
+      aliases: '-d',
+      desc: 'Domain list'
+    )
+    method_option(
+      :key_size,
+      type: :numeric,
+      default: 2048,
+      desc: 'RSA key size in bits'
+    )
+    method_option(
+      :validity,
+      type: :numeric,
+      default: 90,
+      desc: 'Certificate validity in days'
+    )
+    def issue(ca_bundle_path)
+      ::DevCert::Issue.issue(
+        ::File.absolute_path(ca_bundle_path, ::Dir.pwd),
+        options[:domains],
+        options[:output],
+        options[:key_size],
+        options[:validity]
+      )
+    end
+  end
+end

data/lib/devcert/export.rb

@@ -0,0 +1,25 @@
+require 'devcert/util'
+
+module DevCert
+  module Export
+    def self.export(bundle_path, type, output_dir)
+      bundle = ::DevCert::Util.load_bundle bundle_path
+      case type
+      when 'private_key'
+        private_key_path = ::File.join(
+          output_dir,
+          "#{::DevCert::Util.normalize_name(bundle[:common_name])}_key.pem"
+        )
+        ::DevCert::Util.export(private_key_path, bundle[:private_key])
+        puts "file: #{private_key_path}"
+      when 'certificate'
+        certificate_path = ::File.join(
+          output_dir,
+          "#{::DevCert::Util.normalize_name(bundle[:common_name])}.crt"
+        )
+        ::DevCert::Util.export(certificate_path, bundle[:certificate])
+        puts "file: #{certificate_path}"
+      end
+    end
+  end
+end

data/lib/devcert/genca.rb

@@ -0,0 +1,72 @@
+require 'openssl'
+require 'devcert/util'
+
+module DevCert
+  module GenCA
+    def self.generate_ca(common_name, output_dir, key_size, validity)
+      defaults = ::DevCert::Util.get_defaults
+
+      ca_key = ::OpenSSL::PKey::RSA.new key_size
+
+      ca_name = ::OpenSSL::X509::Name.new(
+        [
+          ['CN', common_name],
+          ['O', defaults[:organization]],
+          ['C', defaults[:country]],
+          ['ST', defaults[:state_name]],
+          ['L', defaults[:locality]]
+        ]
+      )
+
+      ca_cert = ::OpenSSL::X509::Certificate.new
+      ca_cert.serial = ::DevCert::Util.generate_serial
+      ca_cert.version = 2
+      ca_cert.not_before = ::Time.now
+      ca_cert.not_after = ::Time.now + 60 * 60 * 24 * validity
+
+      ca_cert.public_key = ca_key.public_key
+      ca_cert.subject = ca_name
+      ca_cert.issuer = ca_name
+
+      extension_factory = ::OpenSSL::X509::ExtensionFactory.new
+      extension_factory.subject_certificate = ca_cert
+      extension_factory.issuer_certificate = ca_cert
+
+      ca_cert.add_extension(
+        extension_factory.create_extension(
+          'subjectKeyIdentifier',
+          'hash'
+        )
+      )
+      ca_cert.add_extension(
+        extension_factory.create_extension(
+          'basicConstraints',
+          'CA:TRUE,pathlen:0',
+          true
+        )
+      )
+      ca_cert.add_extension(
+        extension_factory.create_extension(
+          'keyUsage',
+          'digitalSignature,cRLSign,keyCertSign',
+          true
+        )
+      )
+      ca_cert.add_extension(
+        extension_factory.create_extension(
+          'extendedKeyUsage',
+          'serverAuth,clientAuth'
+        )
+      )
+
+      ca_cert.sign(ca_key, ::OpenSSL::Digest::SHA256.new)
+
+      bundle_path = ::File.join(
+        output_dir,
+        "#{::DevCert::Util.normalize_name(common_name)}.devcert"
+      )
+      ::DevCert::Util.save_bundle bundle_path, common_name, ca_key, ca_cert
+      puts "devcert bundle: #{bundle_path}"
+    end
+  end
+end

data/lib/devcert/issue.rb

@@ -0,0 +1,83 @@
+require 'openssl'
+require 'devcert/util'
+
+module DevCert
+  module Issue
+    def self.issue(ca_bundle_path, domains, output_dir, key_size, validity)
+      ca_bundle = ::DevCert::Util.load_bundle ca_bundle_path
+      defaults = ::DevCert::Util.get_defaults
+      common_name = domains[0]
+
+      server_key = OpenSSL::PKey::RSA.new key_size
+
+      server_name = OpenSSL::X509::Name.new [
+        ['CN', common_name],
+        ['O', defaults[:organization]],
+        ['C', defaults[:country]],
+        ['ST', defaults[:state_name]],
+        ['L', defaults[:locality]]
+      ]
+
+      server_cert = OpenSSL::X509::Certificate.new
+      server_cert.serial = ::DevCert::Util.generate_serial
+      server_cert.version = 2
+      server_cert.not_before = Time.now
+      server_cert.not_after = Time.now + 60 * 60 * 24 * validity
+
+      server_cert.subject = server_name
+      server_cert.public_key = server_key.public_key
+      server_cert.issuer = ca_bundle[:certificate].subject
+
+      extension_factory = OpenSSL::X509::ExtensionFactory.new
+      extension_factory.subject_certificate = server_cert
+      extension_factory.issuer_certificate = ca_bundle[:certificate]
+
+      server_cert.add_extension(
+        extension_factory.create_extension(
+          'basicConstraints',
+          'CA:FALSE',
+          true
+        )
+      )
+      server_cert.add_extension(
+        extension_factory.create_extension(
+          'keyUsage',
+          'keyEncipherment,digitalSignature',
+          true
+        )
+      )
+      server_cert.add_extension(
+        extension_factory.create_extension(
+          'extendedKeyUsage',
+          'serverAuth,clientAuth'
+        )
+      )
+      server_cert.add_extension(
+        extension_factory.create_extension(
+          'subjectKeyIdentifier',
+          'hash'
+        )
+      )
+      server_cert.add_extension(
+        extension_factory.create_extension(
+          'subjectAltName',
+          domains.map { |d| "DNS:#{d}" }.join(',')
+        )
+      )
+
+      server_cert.sign ca_bundle[:private_key], OpenSSL::Digest::SHA256.new
+
+      bundle_path = ::File.join(
+        output_dir,
+        "#{::DevCert::Util.normalize_name(common_name)}.devcert"
+      )
+      ::DevCert::Util.save_bundle(
+        bundle_path,
+        common_name,
+        server_key,
+        server_cert
+      )
+      puts "devcert bundle: #{bundle_path}"
+    end
+  end
+end

data/lib/devcert/util.rb

@@ -0,0 +1,67 @@
+require 'yaml'
+require 'openssl'
+require 'securerandom'
+
+module DevCert
+  module Util
+    def self.get_defaults
+      path = ::File.absolute_path 'defaults.yaml', ::Dir.pwd
+      data = \
+        if ::File.exist? path
+          ::YAML.load(::File.open(path)).fetch('devcert', {})
+        else
+          {}
+        end
+
+      {
+        organization: data.fetch('organization', 'Acme Ltd.'),
+        country: data.fetch('country', 'US'),
+        state_name: data.fetch('state_name', 'California'),
+        locality: data.fetch('locality', 'San Francisco')
+      }
+    end
+
+    def self.normalize_name(name)
+      name.gsub(/[ .-]/, '_')
+    end
+
+    def self.save_bundle(path, common_name, key, cert)
+      bundle = {
+        common_name: common_name,
+        private_key: key.to_der,
+        certificate: cert.to_der
+      }
+
+      open path, 'w' do |io|
+        io.write bundle.to_yaml
+      end
+    end
+
+    def self.export(path, entity)
+      open path, 'w' do |io|
+        io.write entity.to_pem
+      end
+    end
+
+    def self.load_bundle(path)
+      full_path = ::File.absolute_path path, __dir__
+      if ::File.exist? full_path
+        data = ::YAML.load ::File.open full_path
+        {
+          common_name: data[:common_name],
+          private_key: ::OpenSSL::PKey::RSA.new(data[:private_key]),
+          certificate: ::OpenSSL::X509::Certificate.new(data[:certificate])
+        }
+      else
+        raise "No bundle at #{full_path} exists!"
+      end
+    end
+
+    def self.generate_serial
+      machine_bytes = ['foo'].pack('p').size
+      machine_bits = machine_bytes * 8
+      machine_max_signed = 2**(machine_bits - 1) - 1
+      ::SecureRandom.random_number machine_max_signed
+    end
+  end
+end

data/lib/devcert/version.rb

@@ -0,0 +1,3 @@
+module DevCert
+  VERSION = '1.0.0'
+end

data/lib/devcert.rb

@@ -0,0 +1 @@
+require 'devcert/cli'

metadata

@@ -0,0 +1,94 @@
+--- !ruby/object:Gem::Specification
+name: devcert
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Alexander Pyatkin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-09-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.19.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Create development SSL/TLS certificates without a hassle
+email: aspyatkin@gmail.com
+executables:
+- devcert
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/devcert
+- lib/devcert.rb
+- lib/devcert/cli.rb
+- lib/devcert/export.rb
+- lib/devcert/genca.rb
+- lib/devcert/issue.rb
+- lib/devcert/util.rb
+- lib/devcert/version.rb
+homepage: https://github.com/aspyatkin/devcert
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.3'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Create development SSL/TLS certificates without a hassle
+test_files: []