RubyGems - dice_bag - Versions diffs - 1.4.1 → 1.5.0 - Mend

dice_bag 1.4.1 → 1.5.0

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +3 -0
data/lib/dice_bag/private_key.rb +9 -1
data/lib/dice_bag/template_helpers.rb +52 -0
data/lib/dice_bag/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 67394e5cb64e5f46237587f1003f18728424dae2b61387244312cc188e45b27a
-  data.tar.gz: 8491e662b055c31b0089a7c916a884857d3f3e77683a21479513bfac3840e2dc
+  metadata.gz: aad1fdaa143ede5c607a8ea0c451252da996e6d783a895ed742ee6c6b82b1001
+  data.tar.gz: 52802ac8af7acc21bcddcb86b246860bb05e9274be8bef54c9ccedffadfe670d
 SHA512:
-  metadata.gz: 0ccb8dc0a4d26c920ac7df9bebfc4e5ec56b14b43b451858fb89a5e36a16505e4a6e6f5711fd14056e516928e4f2684d2cfa28320a78643d19d65d07a09783c3
-  data.tar.gz: 5c803e0e968f9f16f4012a1d2cc129723885adcfd113189a282b4ff5e7e46fa88419da151c2c4d92d2203720038d7fafaba36352439cb504af480ee9a1f4c246
+  metadata.gz: 91dd8e76e891b52d9bb836f6b0da7a453f4f0aa182d63a0f2082e09260f6dd495d799ba62700f259d225233f676d2b6a8677981bf2de7653b8554b4fb911f030
+  data.tar.gz: d1947a678fef6d5f1c3855cead618c181593ac0a87f54fd6932609ba914ee904357d7acd450dd9b7fcea3c98ecc3351b43b426df890e6017357f54d1a1e2d601

data/CHANGELOG.md CHANGED

@@ -1,3 +1,6 @@
+# 1.5.0
+* Add ability to generate and verify x509 certificates.
 # 1.4.1
 * Bundle extra files in the gem (MIT-LICENSE etc.).

data/lib/dice_bag/private_key.rb CHANGED

@@ -10,7 +10,7 @@ module DiceBag
       require "openssl"
       begin
-        OpenSSL::PKey::RSA.new @private_key
+        rsa_object
         true
       rescue => e
         puts "#{e.message}\n#{e.backtrace}"
@@ -25,6 +25,14 @@ module DiceBag
       @private_key = [HEADER, body, FOOTER].flatten.join("\n")
     end
+    def public_key
+      rsa_object.public_key
+    end
+    def rsa_object
+      @rsa_object ||= OpenSSL::PKey::RSA.new(@private_key)
+    end
     private
     HEADER = "-----BEGIN RSA PRIVATE KEY-----".freeze

data/lib/dice_bag/template_helpers.rb CHANGED

@@ -17,5 +17,57 @@ module DiceBag
         raise "The private key provided is invalid"
       end
     end
+    # Generates https://en.wikipedia.org/wiki/X.509 certificate, commonly used in authentication services
+    def generate_509_certificate(private_key, root_ca: nil, root_key: nil)
+      root_key ||= OpenSSL::PKey::RSA.new(2048) # the CA's public/private key
+      root_ca ||= default_root_ca(root_key)
+      cert = OpenSSL::X509::Certificate.new
+      cert.version = 2
+      cert.serial = 2
+      cert.subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby certificate")
+      cert.issuer = root_ca.subject # root CA is the issuer
+      cert.public_key = PrivateKey.new(private_key.dup).public_key
+      cert.not_before = Time.now
+      cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = cert
+      ef.issuer_certificate = root_ca
+      cert.add_extension(ef.create_extension("keyUsage", "digitalSignature", true))
+      cert.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
+      cert.sign(root_key, OpenSSL::Digest::SHA256.new)
+      cert
+    end
+    # raw_cert: DER or PEM encoded certificate
+    def ensure_is_509_certificate(raw_cert)
+      certificate = OpenSSL::X509::Certificate.new(raw_cert)
+    rescue OpenSSL::X509::CertificateError
+      false
+    end
+    def default_root_ca(root_key)
+      @default_root_ca ||= generate_root_ca(root_key)
+    end
+    def generate_root_ca(root_key)
+      root_ca = OpenSSL::X509::Certificate.new
+      root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
+      root_ca.serial = 1 # considered a security flaw for real certificates
+      root_ca.subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby CA")
+      root_ca.issuer = root_ca.subject # root CA's are "self-signed"
+      root_ca.public_key = root_key.public_key
+      root_ca.not_before = Time.now
+      root_ca.not_after = root_ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.subject_certificate = root_ca
+      ef.issuer_certificate = root_ca
+      root_ca.add_extension(ef.create_extension("basicConstraints", "CA:TRUE", true))
+      root_ca.add_extension(ef.create_extension("keyUsage", "keyCertSign, cRLSign", true))
+      root_ca.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
+      root_ca.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always", false))
+      root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
+    end
   end
 end

data/lib/dice_bag/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module DiceBag
-  VERSION = "1.4.1"
+  VERSION = "1.5.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dice_bag
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Andrew Smith
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-14 00:00:00.000000000 Z
+date: 2020-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake