RubyGems - dice_bag - Versions diffs - 1.4.1 → 1.5.0 - Mend

dice_bag 1.4.1 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +3 -0
data/lib/dice_bag/private_key.rb +9 -1
data/lib/dice_bag/template_helpers.rb +52 -0
data/lib/dice_bag/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 67394e5cb64e5f46237587f1003f18728424dae2b61387244312cc188e45b27a
-  data.tar.gz: 8491e662b055c31b0089a7c916a884857d3f3e77683a21479513bfac3840e2dc
+  metadata.gz: aad1fdaa143ede5c607a8ea0c451252da996e6d783a895ed742ee6c6b82b1001
+  data.tar.gz: 52802ac8af7acc21bcddcb86b246860bb05e9274be8bef54c9ccedffadfe670d
 SHA512:
-  metadata.gz: 0ccb8dc0a4d26c920ac7df9bebfc4e5ec56b14b43b451858fb89a5e36a16505e4a6e6f5711fd14056e516928e4f2684d2cfa28320a78643d19d65d07a09783c3
-  data.tar.gz: 5c803e0e968f9f16f4012a1d2cc129723885adcfd113189a282b4ff5e7e46fa88419da151c2c4d92d2203720038d7fafaba36352439cb504af480ee9a1f4c246
+  metadata.gz: 91dd8e76e891b52d9bb836f6b0da7a453f4f0aa182d63a0f2082e09260f6dd495d799ba62700f259d225233f676d2b6a8677981bf2de7653b8554b4fb911f030
+  data.tar.gz: d1947a678fef6d5f1c3855cead618c181593ac0a87f54fd6932609ba914ee904357d7acd450dd9b7fcea3c98ecc3351b43b426df890e6017357f54d1a1e2d601

data/CHANGELOG.md CHANGED

@@ -1,3 +1,6 @@
+# 1.5.0
+* Add ability to generate and verify x509 certificates.
 # 1.4.1
 * Bundle extra files in the gem (MIT-LICENSE etc.).

data/lib/dice_bag/private_key.rb CHANGED

@@ -10,7 +10,7 @@ module DiceBag
       require "openssl"
       begin
-        OpenSSL::PKey::RSA.new @private_key
+        rsa_object
         true
       rescue => e
         puts "#{e.message}\n#{e.backtrace}"
@@ -25,6 +25,14 @@ module DiceBag
       @private_key = [HEADER, body, FOOTER].flatten.join("\n")
     end
+    def public_key
+      rsa_object.public_key
+    end
+    def rsa_object
+      @rsa_object ||= OpenSSL::PKey::RSA.new(@private_key)
+    end
     private
     HEADER = "-----BEGIN RSA PRIVATE KEY-----".freeze

data/lib/dice_bag/template_helpers.rb CHANGED

@@ -17,5 +17,57 @@ module DiceBag
         raise "The private key provided is invalid"
       end
     end
+    # Generates https://en.wikipedia.org/wiki/X.509 certificate, commonly used in authentication services
+    def generate_509_certificate(private_key, root_ca: nil, root_key: nil)
+      root_key ||= OpenSSL::PKey::RSA.new(2048) # the CA's public/private key
+      root_ca ||= default_root_ca(root_key)
+      cert = OpenSSL::X509::Certificate.new
+      cert.version = 2
+      cert.serial = 2
+      cert.subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby certificate")
+      cert.issuer = root_ca.subject # root CA is the issuer
+      cert.public_key = PrivateKey.new(private_key.dup).public_key
+      cert.not_before = Time.now
+      cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = cert
+      ef.issuer_certificate = root_ca
+      cert.add_extension(ef.create_extension("keyUsage", "digitalSignature", true))
+      cert.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
+      cert.sign(root_key, OpenSSL::Digest::SHA256.new)
+      cert
+    end
+    # raw_cert: DER or PEM encoded certificate
+    def ensure_is_509_certificate(raw_cert)
+      certificate = OpenSSL::X509::Certificate.new(raw_cert)
+    rescue OpenSSL::X509::CertificateError
+      false
+    end
+    def default_root_ca(root_key)
+      @default_root_ca ||= generate_root_ca(root_key)
+    end
+    def generate_root_ca(root_key)
+      root_ca = OpenSSL::X509::Certificate.new
+      root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
+      root_ca.serial = 1 # considered a security flaw for real certificates
+      root_ca.subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby CA")
+      root_ca.issuer = root_ca.subject # root CA's are "self-signed"
+      root_ca.public_key = root_key.public_key
+      root_ca.not_before = Time.now
+      root_ca.not_after = root_ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = root_ca
+      ef.issuer_certificate = root_ca
+      root_ca.add_extension(ef.create_extension("basicConstraints", "CA:TRUE", true))
+      root_ca.add_extension(ef.create_extension("keyUsage", "keyCertSign, cRLSign", true))
+      root_ca.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
+      root_ca.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always", false))
+      root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
+    end
   end
 end

data/lib/dice_bag/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module DiceBag
-  VERSION = "1.4.1"
+  VERSION = "1.5.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dice_bag
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Andrew Smith
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-14 00:00:00.000000000 Z
+date: 2020-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake