devcert 1.0.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/devcert/cli.rb +34 -6
- data/lib/devcert/export.rb +1 -1
- data/lib/devcert/genca.rb +13 -4
- data/lib/devcert/issue.rb +16 -5
- data/lib/devcert/util.rb +34 -9
- data/lib/devcert/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 524bdedd2d34226aadd340479748ed1db37d4467
|
4
|
+
data.tar.gz: 2e26e8060d094d6b33adc0ceba90844e50e915d2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f10dfa18dc5a94131ddfccdaab39901bc0036e3df02e365b2aed76eef0c912391c619a4a6ef2a746726e10cd9ab0a13d1f06a8142d10b13bfaf2ceba5f983860
|
7
|
+
data.tar.gz: 1a519f09de81ed0927f0a697f1ced2c6a64b8e83b36d598f08a404d1481d826469dbdbcaa353e2bde41d1ffbdf4133f3392194efdb88ea10b35221c56a152fe8
|
data/lib/devcert/cli.rb
CHANGED
@@ -15,22 +15,36 @@ module DevCert
|
|
15
15
|
desc: 'Output directory'
|
16
16
|
)
|
17
17
|
method_option(
|
18
|
-
:
|
18
|
+
:key_type,
|
19
|
+
enum: ['rsa', 'ec'],
|
20
|
+
default: 'rsa',
|
21
|
+
desc: 'Key type'
|
22
|
+
)
|
23
|
+
method_option(
|
24
|
+
:rsa_key_size,
|
19
25
|
type: :numeric,
|
20
26
|
default: 2048,
|
21
27
|
desc: 'RSA key size in bits'
|
22
28
|
)
|
29
|
+
method_option(
|
30
|
+
:ec_key_size,
|
31
|
+
enum: ['256', '384'],
|
32
|
+
default: '256',
|
33
|
+
desc: 'EC key size in bits'
|
34
|
+
)
|
23
35
|
method_option(
|
24
36
|
:validity,
|
25
37
|
type: :numeric,
|
26
|
-
default:
|
38
|
+
default: 180,
|
27
39
|
desc: 'CA certificate validity in days'
|
28
40
|
)
|
29
41
|
def genca(ca_name)
|
30
42
|
::DevCert::GenCA.generate_ca(
|
31
43
|
ca_name,
|
32
44
|
options[:output],
|
33
|
-
options[:
|
45
|
+
options[:key_type],
|
46
|
+
options[:rsa_key_size],
|
47
|
+
options[:ec_key_size],
|
34
48
|
options[:validity]
|
35
49
|
)
|
36
50
|
end
|
@@ -74,15 +88,27 @@ module DevCert
|
|
74
88
|
desc: 'Domain list'
|
75
89
|
)
|
76
90
|
method_option(
|
77
|
-
:
|
91
|
+
:key_type,
|
92
|
+
enum: ['rsa', 'ec'],
|
93
|
+
default: 'rsa',
|
94
|
+
desc: 'Key type'
|
95
|
+
)
|
96
|
+
method_option(
|
97
|
+
:rsa_key_size,
|
78
98
|
type: :numeric,
|
79
99
|
default: 2048,
|
80
100
|
desc: 'RSA key size in bits'
|
81
101
|
)
|
102
|
+
method_option(
|
103
|
+
:ec_key_size,
|
104
|
+
enum: ['256', '384'],
|
105
|
+
default: '256',
|
106
|
+
desc: 'EC key size in bits'
|
107
|
+
)
|
82
108
|
method_option(
|
83
109
|
:validity,
|
84
110
|
type: :numeric,
|
85
|
-
default:
|
111
|
+
default: 180,
|
86
112
|
desc: 'Certificate validity in days'
|
87
113
|
)
|
88
114
|
def issue(ca_bundle_path)
|
@@ -90,7 +116,9 @@ module DevCert
|
|
90
116
|
::File.absolute_path(ca_bundle_path, ::Dir.pwd),
|
91
117
|
options[:domains],
|
92
118
|
options[:output],
|
93
|
-
options[:
|
119
|
+
options[:key_type],
|
120
|
+
options[:rsa_key_size],
|
121
|
+
options[:ec_key_size],
|
94
122
|
options[:validity]
|
95
123
|
)
|
96
124
|
end
|
data/lib/devcert/export.rb
CHANGED
@@ -3,7 +3,7 @@ require 'devcert/util'
|
|
3
3
|
module DevCert
|
4
4
|
module Export
|
5
5
|
def self.export(bundle_path, type, output_dir)
|
6
|
-
bundle = ::DevCert::Util.load_bundle
|
6
|
+
bundle = ::DevCert::Util.load_bundle(bundle_path)
|
7
7
|
case type
|
8
8
|
when 'private_key'
|
9
9
|
private_key_path = ::File.join(
|
data/lib/devcert/genca.rb
CHANGED
@@ -3,10 +3,19 @@ require 'devcert/util'
|
|
3
3
|
|
4
4
|
module DevCert
|
5
5
|
module GenCA
|
6
|
-
def self.generate_ca(common_name, output_dir,
|
6
|
+
def self.generate_ca(common_name, output_dir, key_type, rsa_key_size,
|
7
|
+
ec_key_size, validity)
|
7
8
|
defaults = ::DevCert::Util.get_defaults
|
8
9
|
|
9
|
-
ca_key =
|
10
|
+
ca_key = nil
|
11
|
+
public_key = nil
|
12
|
+
if key_type == 'rsa'
|
13
|
+
ca_key, public_key = ::DevCert::Util.generate_rsa_key(rsa_key_size)
|
14
|
+
elsif key_type == 'ec'
|
15
|
+
ca_key, public_key = ::DevCert::Util.generate_ec_key(ec_key_size.to_i)
|
16
|
+
else
|
17
|
+
raise 'Unsupported key type/size'
|
18
|
+
end
|
10
19
|
|
11
20
|
ca_name = ::OpenSSL::X509::Name.new(
|
12
21
|
[
|
@@ -24,7 +33,7 @@ module DevCert
|
|
24
33
|
ca_cert.not_before = ::Time.now
|
25
34
|
ca_cert.not_after = ::Time.now + 60 * 60 * 24 * validity
|
26
35
|
|
27
|
-
ca_cert.public_key =
|
36
|
+
ca_cert.public_key = public_key
|
28
37
|
ca_cert.subject = ca_name
|
29
38
|
ca_cert.issuer = ca_name
|
30
39
|
|
@@ -65,7 +74,7 @@ module DevCert
|
|
65
74
|
output_dir,
|
66
75
|
"#{::DevCert::Util.normalize_name(common_name)}.devcert"
|
67
76
|
)
|
68
|
-
::DevCert::Util.save_bundle
|
77
|
+
::DevCert::Util.save_bundle(bundle_path, common_name, ca_key, ca_cert)
|
69
78
|
puts "devcert bundle: #{bundle_path}"
|
70
79
|
end
|
71
80
|
end
|
data/lib/devcert/issue.rb
CHANGED
@@ -3,12 +3,23 @@ require 'devcert/util'
|
|
3
3
|
|
4
4
|
module DevCert
|
5
5
|
module Issue
|
6
|
-
def self.issue(ca_bundle_path, domains, output_dir,
|
7
|
-
|
6
|
+
def self.issue(ca_bundle_path, domains, output_dir, key_type, rsa_key_size,
|
7
|
+
ec_key_size, validity)
|
8
|
+
ca_bundle = ::DevCert::Util.load_bundle(ca_bundle_path)
|
8
9
|
defaults = ::DevCert::Util.get_defaults
|
9
10
|
common_name = domains[0]
|
10
11
|
|
11
|
-
server_key =
|
12
|
+
server_key = nil
|
13
|
+
public_key = nil
|
14
|
+
if key_type == 'rsa'
|
15
|
+
server_key, public_key = ::DevCert::Util.generate_rsa_key(rsa_key_size)
|
16
|
+
elsif key_type == 'ec'
|
17
|
+
server_key, public_key = ::DevCert::Util.generate_ec_key(
|
18
|
+
ec_key_size.to_i
|
19
|
+
)
|
20
|
+
else
|
21
|
+
raise 'Unsupported key type/size'
|
22
|
+
end
|
12
23
|
|
13
24
|
server_name = OpenSSL::X509::Name.new [
|
14
25
|
['CN', common_name],
|
@@ -25,7 +36,7 @@ module DevCert
|
|
25
36
|
server_cert.not_after = Time.now + 60 * 60 * 24 * validity
|
26
37
|
|
27
38
|
server_cert.subject = server_name
|
28
|
-
server_cert.public_key =
|
39
|
+
server_cert.public_key = public_key
|
29
40
|
server_cert.issuer = ca_bundle[:certificate].subject
|
30
41
|
|
31
42
|
extension_factory = OpenSSL::X509::ExtensionFactory.new
|
@@ -65,7 +76,7 @@ module DevCert
|
|
65
76
|
)
|
66
77
|
)
|
67
78
|
|
68
|
-
server_cert.sign
|
79
|
+
server_cert.sign(ca_bundle[:private_key], OpenSSL::Digest::SHA256.new)
|
69
80
|
|
70
81
|
bundle_path = ::File.join(
|
71
82
|
output_dir,
|
data/lib/devcert/util.rb
CHANGED
@@ -2,12 +2,14 @@ require 'yaml'
|
|
2
2
|
require 'openssl'
|
3
3
|
require 'securerandom'
|
4
4
|
|
5
|
+
::OpenSSL::PKey::EC.send(:alias_method, :private?, :private_key?)
|
6
|
+
|
5
7
|
module DevCert
|
6
8
|
module Util
|
7
9
|
def self.get_defaults
|
8
|
-
path = ::File.absolute_path
|
10
|
+
path = ::File.absolute_path('defaults.yaml', ::Dir.pwd)
|
9
11
|
data = \
|
10
|
-
if ::File.exist?
|
12
|
+
if ::File.exist?(path)
|
11
13
|
::YAML.load(::File.open(path)).fetch('devcert', {})
|
12
14
|
else
|
13
15
|
{}
|
@@ -33,23 +35,23 @@ module DevCert
|
|
33
35
|
}
|
34
36
|
|
35
37
|
open path, 'w' do |io|
|
36
|
-
io.write
|
38
|
+
io.write(bundle.to_yaml)
|
37
39
|
end
|
38
40
|
end
|
39
41
|
|
40
42
|
def self.export(path, entity)
|
41
43
|
open path, 'w' do |io|
|
42
|
-
io.write
|
44
|
+
io.write(entity.to_pem)
|
43
45
|
end
|
44
46
|
end
|
45
47
|
|
46
48
|
def self.load_bundle(path)
|
47
|
-
full_path = ::File.absolute_path
|
48
|
-
if ::File.exist?
|
49
|
-
data = ::YAML.load
|
49
|
+
full_path = ::File.absolute_path(path, __dir__)
|
50
|
+
if ::File.exist?(full_path)
|
51
|
+
data = ::YAML.load(::File.open(full_path))
|
50
52
|
{
|
51
53
|
common_name: data[:common_name],
|
52
|
-
private_key: ::OpenSSL::PKey
|
54
|
+
private_key: ::OpenSSL::PKey.read(data[:private_key]),
|
53
55
|
certificate: ::OpenSSL::X509::Certificate.new(data[:certificate])
|
54
56
|
}
|
55
57
|
else
|
@@ -61,7 +63,30 @@ module DevCert
|
|
61
63
|
machine_bytes = ['foo'].pack('p').size
|
62
64
|
machine_bits = machine_bytes * 8
|
63
65
|
machine_max_signed = 2**(machine_bits - 1) - 1
|
64
|
-
::SecureRandom.random_number
|
66
|
+
::SecureRandom.random_number(machine_max_signed)
|
67
|
+
end
|
68
|
+
|
69
|
+
def self.generate_rsa_key(size)
|
70
|
+
key = ::OpenSSL::PKey::RSA.new(size)
|
71
|
+
return key, key.public_key
|
72
|
+
end
|
73
|
+
|
74
|
+
def self.generate_ec_key(size)
|
75
|
+
curve_name = nil
|
76
|
+
if size == 256
|
77
|
+
curve_name = 'prime256v1'
|
78
|
+
elsif curve_name == 384
|
79
|
+
curve_name = 'secp384r1'
|
80
|
+
end
|
81
|
+
|
82
|
+
raise 'Unsupported curve!' if curve_name.nil?
|
83
|
+
|
84
|
+
private_key = ::OpenSSL::PKey::EC.new(curve_name)
|
85
|
+
public_key = ::OpenSSL::PKey::EC.new(curve_name)
|
86
|
+
|
87
|
+
private_key.generate_key
|
88
|
+
public_key.public_key = private_key.public_key
|
89
|
+
return private_key, public_key
|
65
90
|
end
|
66
91
|
end
|
67
92
|
end
|
data/lib/devcert/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devcert
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alexander Pyatkin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-03-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
87
87
|
version: '0'
|
88
88
|
requirements: []
|
89
89
|
rubyforge_project:
|
90
|
-
rubygems_version: 2.
|
90
|
+
rubygems_version: 2.6.8
|
91
91
|
signing_key:
|
92
92
|
specification_version: 4
|
93
93
|
summary: Create development SSL/TLS certificates without a hassle
|