devcert 1.0.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/devcert/cli.rb +34 -6
- data/lib/devcert/export.rb +1 -1
- data/lib/devcert/genca.rb +13 -4
- data/lib/devcert/issue.rb +16 -5
- data/lib/devcert/util.rb +34 -9
- data/lib/devcert/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 524bdedd2d34226aadd340479748ed1db37d4467
|
4
|
+
data.tar.gz: 2e26e8060d094d6b33adc0ceba90844e50e915d2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f10dfa18dc5a94131ddfccdaab39901bc0036e3df02e365b2aed76eef0c912391c619a4a6ef2a746726e10cd9ab0a13d1f06a8142d10b13bfaf2ceba5f983860
|
7
|
+
data.tar.gz: 1a519f09de81ed0927f0a697f1ced2c6a64b8e83b36d598f08a404d1481d826469dbdbcaa353e2bde41d1ffbdf4133f3392194efdb88ea10b35221c56a152fe8
|
data/lib/devcert/cli.rb
CHANGED
@@ -15,22 +15,36 @@ module DevCert
|
|
15
15
|
desc: 'Output directory'
|
16
16
|
)
|
17
17
|
method_option(
|
18
|
-
:
|
18
|
+
:key_type,
|
19
|
+
enum: ['rsa', 'ec'],
|
20
|
+
default: 'rsa',
|
21
|
+
desc: 'Key type'
|
22
|
+
)
|
23
|
+
method_option(
|
24
|
+
:rsa_key_size,
|
19
25
|
type: :numeric,
|
20
26
|
default: 2048,
|
21
27
|
desc: 'RSA key size in bits'
|
22
28
|
)
|
29
|
+
method_option(
|
30
|
+
:ec_key_size,
|
31
|
+
enum: ['256', '384'],
|
32
|
+
default: '256',
|
33
|
+
desc: 'EC key size in bits'
|
34
|
+
)
|
23
35
|
method_option(
|
24
36
|
:validity,
|
25
37
|
type: :numeric,
|
26
|
-
default:
|
38
|
+
default: 180,
|
27
39
|
desc: 'CA certificate validity in days'
|
28
40
|
)
|
29
41
|
def genca(ca_name)
|
30
42
|
::DevCert::GenCA.generate_ca(
|
31
43
|
ca_name,
|
32
44
|
options[:output],
|
33
|
-
options[:
|
45
|
+
options[:key_type],
|
46
|
+
options[:rsa_key_size],
|
47
|
+
options[:ec_key_size],
|
34
48
|
options[:validity]
|
35
49
|
)
|
36
50
|
end
|
@@ -74,15 +88,27 @@ module DevCert
|
|
74
88
|
desc: 'Domain list'
|
75
89
|
)
|
76
90
|
method_option(
|
77
|
-
:
|
91
|
+
:key_type,
|
92
|
+
enum: ['rsa', 'ec'],
|
93
|
+
default: 'rsa',
|
94
|
+
desc: 'Key type'
|
95
|
+
)
|
96
|
+
method_option(
|
97
|
+
:rsa_key_size,
|
78
98
|
type: :numeric,
|
79
99
|
default: 2048,
|
80
100
|
desc: 'RSA key size in bits'
|
81
101
|
)
|
102
|
+
method_option(
|
103
|
+
:ec_key_size,
|
104
|
+
enum: ['256', '384'],
|
105
|
+
default: '256',
|
106
|
+
desc: 'EC key size in bits'
|
107
|
+
)
|
82
108
|
method_option(
|
83
109
|
:validity,
|
84
110
|
type: :numeric,
|
85
|
-
default:
|
111
|
+
default: 180,
|
86
112
|
desc: 'Certificate validity in days'
|
87
113
|
)
|
88
114
|
def issue(ca_bundle_path)
|
@@ -90,7 +116,9 @@ module DevCert
|
|
90
116
|
::File.absolute_path(ca_bundle_path, ::Dir.pwd),
|
91
117
|
options[:domains],
|
92
118
|
options[:output],
|
93
|
-
options[:
|
119
|
+
options[:key_type],
|
120
|
+
options[:rsa_key_size],
|
121
|
+
options[:ec_key_size],
|
94
122
|
options[:validity]
|
95
123
|
)
|
96
124
|
end
|
data/lib/devcert/export.rb
CHANGED
@@ -3,7 +3,7 @@ require 'devcert/util'
|
|
3
3
|
module DevCert
|
4
4
|
module Export
|
5
5
|
def self.export(bundle_path, type, output_dir)
|
6
|
-
bundle = ::DevCert::Util.load_bundle
|
6
|
+
bundle = ::DevCert::Util.load_bundle(bundle_path)
|
7
7
|
case type
|
8
8
|
when 'private_key'
|
9
9
|
private_key_path = ::File.join(
|
data/lib/devcert/genca.rb
CHANGED
@@ -3,10 +3,19 @@ require 'devcert/util'
|
|
3
3
|
|
4
4
|
module DevCert
|
5
5
|
module GenCA
|
6
|
-
def self.generate_ca(common_name, output_dir,
|
6
|
+
def self.generate_ca(common_name, output_dir, key_type, rsa_key_size,
|
7
|
+
ec_key_size, validity)
|
7
8
|
defaults = ::DevCert::Util.get_defaults
|
8
9
|
|
9
|
-
ca_key =
|
10
|
+
ca_key = nil
|
11
|
+
public_key = nil
|
12
|
+
if key_type == 'rsa'
|
13
|
+
ca_key, public_key = ::DevCert::Util.generate_rsa_key(rsa_key_size)
|
14
|
+
elsif key_type == 'ec'
|
15
|
+
ca_key, public_key = ::DevCert::Util.generate_ec_key(ec_key_size.to_i)
|
16
|
+
else
|
17
|
+
raise 'Unsupported key type/size'
|
18
|
+
end
|
10
19
|
|
11
20
|
ca_name = ::OpenSSL::X509::Name.new(
|
12
21
|
[
|
@@ -24,7 +33,7 @@ module DevCert
|
|
24
33
|
ca_cert.not_before = ::Time.now
|
25
34
|
ca_cert.not_after = ::Time.now + 60 * 60 * 24 * validity
|
26
35
|
|
27
|
-
ca_cert.public_key =
|
36
|
+
ca_cert.public_key = public_key
|
28
37
|
ca_cert.subject = ca_name
|
29
38
|
ca_cert.issuer = ca_name
|
30
39
|
|
@@ -65,7 +74,7 @@ module DevCert
|
|
65
74
|
output_dir,
|
66
75
|
"#{::DevCert::Util.normalize_name(common_name)}.devcert"
|
67
76
|
)
|
68
|
-
::DevCert::Util.save_bundle
|
77
|
+
::DevCert::Util.save_bundle(bundle_path, common_name, ca_key, ca_cert)
|
69
78
|
puts "devcert bundle: #{bundle_path}"
|
70
79
|
end
|
71
80
|
end
|
data/lib/devcert/issue.rb
CHANGED
@@ -3,12 +3,23 @@ require 'devcert/util'
|
|
3
3
|
|
4
4
|
module DevCert
|
5
5
|
module Issue
|
6
|
-
def self.issue(ca_bundle_path, domains, output_dir,
|
7
|
-
|
6
|
+
def self.issue(ca_bundle_path, domains, output_dir, key_type, rsa_key_size,
|
7
|
+
ec_key_size, validity)
|
8
|
+
ca_bundle = ::DevCert::Util.load_bundle(ca_bundle_path)
|
8
9
|
defaults = ::DevCert::Util.get_defaults
|
9
10
|
common_name = domains[0]
|
10
11
|
|
11
|
-
server_key =
|
12
|
+
server_key = nil
|
13
|
+
public_key = nil
|
14
|
+
if key_type == 'rsa'
|
15
|
+
server_key, public_key = ::DevCert::Util.generate_rsa_key(rsa_key_size)
|
16
|
+
elsif key_type == 'ec'
|
17
|
+
server_key, public_key = ::DevCert::Util.generate_ec_key(
|
18
|
+
ec_key_size.to_i
|
19
|
+
)
|
20
|
+
else
|
21
|
+
raise 'Unsupported key type/size'
|
22
|
+
end
|
12
23
|
|
13
24
|
server_name = OpenSSL::X509::Name.new [
|
14
25
|
['CN', common_name],
|
@@ -25,7 +36,7 @@ module DevCert
|
|
25
36
|
server_cert.not_after = Time.now + 60 * 60 * 24 * validity
|
26
37
|
|
27
38
|
server_cert.subject = server_name
|
28
|
-
server_cert.public_key =
|
39
|
+
server_cert.public_key = public_key
|
29
40
|
server_cert.issuer = ca_bundle[:certificate].subject
|
30
41
|
|
31
42
|
extension_factory = OpenSSL::X509::ExtensionFactory.new
|
@@ -65,7 +76,7 @@ module DevCert
|
|
65
76
|
)
|
66
77
|
)
|
67
78
|
|
68
|
-
server_cert.sign
|
79
|
+
server_cert.sign(ca_bundle[:private_key], OpenSSL::Digest::SHA256.new)
|
69
80
|
|
70
81
|
bundle_path = ::File.join(
|
71
82
|
output_dir,
|
data/lib/devcert/util.rb
CHANGED
@@ -2,12 +2,14 @@ require 'yaml'
|
|
2
2
|
require 'openssl'
|
3
3
|
require 'securerandom'
|
4
4
|
|
5
|
+
::OpenSSL::PKey::EC.send(:alias_method, :private?, :private_key?)
|
6
|
+
|
5
7
|
module DevCert
|
6
8
|
module Util
|
7
9
|
def self.get_defaults
|
8
|
-
path = ::File.absolute_path
|
10
|
+
path = ::File.absolute_path('defaults.yaml', ::Dir.pwd)
|
9
11
|
data = \
|
10
|
-
if ::File.exist?
|
12
|
+
if ::File.exist?(path)
|
11
13
|
::YAML.load(::File.open(path)).fetch('devcert', {})
|
12
14
|
else
|
13
15
|
{}
|
@@ -33,23 +35,23 @@ module DevCert
|
|
33
35
|
}
|
34
36
|
|
35
37
|
open path, 'w' do |io|
|
36
|
-
io.write
|
38
|
+
io.write(bundle.to_yaml)
|
37
39
|
end
|
38
40
|
end
|
39
41
|
|
40
42
|
def self.export(path, entity)
|
41
43
|
open path, 'w' do |io|
|
42
|
-
io.write
|
44
|
+
io.write(entity.to_pem)
|
43
45
|
end
|
44
46
|
end
|
45
47
|
|
46
48
|
def self.load_bundle(path)
|
47
|
-
full_path = ::File.absolute_path
|
48
|
-
if ::File.exist?
|
49
|
-
data = ::YAML.load
|
49
|
+
full_path = ::File.absolute_path(path, __dir__)
|
50
|
+
if ::File.exist?(full_path)
|
51
|
+
data = ::YAML.load(::File.open(full_path))
|
50
52
|
{
|
51
53
|
common_name: data[:common_name],
|
52
|
-
private_key: ::OpenSSL::PKey
|
54
|
+
private_key: ::OpenSSL::PKey.read(data[:private_key]),
|
53
55
|
certificate: ::OpenSSL::X509::Certificate.new(data[:certificate])
|
54
56
|
}
|
55
57
|
else
|
@@ -61,7 +63,30 @@ module DevCert
|
|
61
63
|
machine_bytes = ['foo'].pack('p').size
|
62
64
|
machine_bits = machine_bytes * 8
|
63
65
|
machine_max_signed = 2**(machine_bits - 1) - 1
|
64
|
-
::SecureRandom.random_number
|
66
|
+
::SecureRandom.random_number(machine_max_signed)
|
67
|
+
end
|
68
|
+
|
69
|
+
def self.generate_rsa_key(size)
|
70
|
+
key = ::OpenSSL::PKey::RSA.new(size)
|
71
|
+
return key, key.public_key
|
72
|
+
end
|
73
|
+
|
74
|
+
def self.generate_ec_key(size)
|
75
|
+
curve_name = nil
|
76
|
+
if size == 256
|
77
|
+
curve_name = 'prime256v1'
|
78
|
+
elsif curve_name == 384
|
79
|
+
curve_name = 'secp384r1'
|
80
|
+
end
|
81
|
+
|
82
|
+
raise 'Unsupported curve!' if curve_name.nil?
|
83
|
+
|
84
|
+
private_key = ::OpenSSL::PKey::EC.new(curve_name)
|
85
|
+
public_key = ::OpenSSL::PKey::EC.new(curve_name)
|
86
|
+
|
87
|
+
private_key.generate_key
|
88
|
+
public_key.public_key = private_key.public_key
|
89
|
+
return private_key, public_key
|
65
90
|
end
|
66
91
|
end
|
67
92
|
end
|
data/lib/devcert/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devcert
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alexander Pyatkin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2017-03-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
87
87
|
version: '0'
|
88
88
|
requirements: []
|
89
89
|
rubyforge_project:
|
90
|
-
rubygems_version: 2.
|
90
|
+
rubygems_version: 2.6.8
|
91
91
|
signing_key:
|
92
92
|
specification_version: 4
|
93
93
|
summary: Create development SSL/TLS certificates without a hassle
|