dice_bag 1.4.1 → 1.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 67394e5cb64e5f46237587f1003f18728424dae2b61387244312cc188e45b27a
4
- data.tar.gz: 8491e662b055c31b0089a7c916a884857d3f3e77683a21479513bfac3840e2dc
3
+ metadata.gz: aad1fdaa143ede5c607a8ea0c451252da996e6d783a895ed742ee6c6b82b1001
4
+ data.tar.gz: 52802ac8af7acc21bcddcb86b246860bb05e9274be8bef54c9ccedffadfe670d
5
5
  SHA512:
6
- metadata.gz: 0ccb8dc0a4d26c920ac7df9bebfc4e5ec56b14b43b451858fb89a5e36a16505e4a6e6f5711fd14056e516928e4f2684d2cfa28320a78643d19d65d07a09783c3
7
- data.tar.gz: 5c803e0e968f9f16f4012a1d2cc129723885adcfd113189a282b4ff5e7e46fa88419da151c2c4d92d2203720038d7fafaba36352439cb504af480ee9a1f4c246
6
+ metadata.gz: 91dd8e76e891b52d9bb836f6b0da7a453f4f0aa182d63a0f2082e09260f6dd495d799ba62700f259d225233f676d2b6a8677981bf2de7653b8554b4fb911f030
7
+ data.tar.gz: d1947a678fef6d5f1c3855cead618c181593ac0a87f54fd6932609ba914ee904357d7acd450dd9b7fcea3c98ecc3351b43b426df890e6017357f54d1a1e2d601
@@ -1,3 +1,6 @@
1
+ # 1.5.0
2
+ * Add ability to generate and verify x509 certificates.
3
+
1
4
  # 1.4.1
2
5
  * Bundle extra files in the gem (MIT-LICENSE etc.).
3
6
 
@@ -10,7 +10,7 @@ module DiceBag
10
10
  require "openssl"
11
11
 
12
12
  begin
13
- OpenSSL::PKey::RSA.new @private_key
13
+ rsa_object
14
14
  true
15
15
  rescue => e
16
16
  puts "#{e.message}\n#{e.backtrace}"
@@ -25,6 +25,14 @@ module DiceBag
25
25
  @private_key = [HEADER, body, FOOTER].flatten.join("\n")
26
26
  end
27
27
 
28
+ def public_key
29
+ rsa_object.public_key
30
+ end
31
+
32
+ def rsa_object
33
+ @rsa_object ||= OpenSSL::PKey::RSA.new(@private_key)
34
+ end
35
+
28
36
  private
29
37
 
30
38
  HEADER = "-----BEGIN RSA PRIVATE KEY-----".freeze
@@ -17,5 +17,57 @@ module DiceBag
17
17
  raise "The private key provided is invalid"
18
18
  end
19
19
  end
20
+
21
+ # Generates https://en.wikipedia.org/wiki/X.509 certificate, commonly used in authentication services
22
+ def generate_509_certificate(private_key, root_ca: nil, root_key: nil)
23
+ root_key ||= OpenSSL::PKey::RSA.new(2048) # the CA's public/private key
24
+ root_ca ||= default_root_ca(root_key)
25
+
26
+ cert = OpenSSL::X509::Certificate.new
27
+ cert.version = 2
28
+ cert.serial = 2
29
+ cert.subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby certificate")
30
+ cert.issuer = root_ca.subject # root CA is the issuer
31
+ cert.public_key = PrivateKey.new(private_key.dup).public_key
32
+ cert.not_before = Time.now
33
+ cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
34
+ ef = OpenSSL::X509::ExtensionFactory.new
35
+ ef.subject_certificate = cert
36
+ ef.issuer_certificate = root_ca
37
+ cert.add_extension(ef.create_extension("keyUsage", "digitalSignature", true))
38
+ cert.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
39
+ cert.sign(root_key, OpenSSL::Digest::SHA256.new)
40
+ cert
41
+ end
42
+
43
+ # raw_cert: DER or PEM encoded certificate
44
+ def ensure_is_509_certificate(raw_cert)
45
+ certificate = OpenSSL::X509::Certificate.new(raw_cert)
46
+ rescue OpenSSL::X509::CertificateError
47
+ false
48
+ end
49
+
50
+ def default_root_ca(root_key)
51
+ @default_root_ca ||= generate_root_ca(root_key)
52
+ end
53
+
54
+ def generate_root_ca(root_key)
55
+ root_ca = OpenSSL::X509::Certificate.new
56
+ root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
57
+ root_ca.serial = 1 # considered a security flaw for real certificates
58
+ root_ca.subject = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby CA")
59
+ root_ca.issuer = root_ca.subject # root CA's are "self-signed"
60
+ root_ca.public_key = root_key.public_key
61
+ root_ca.not_before = Time.now
62
+ root_ca.not_after = root_ca.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
63
+ ef = OpenSSL::X509::ExtensionFactory.new
64
+ ef.subject_certificate = root_ca
65
+ ef.issuer_certificate = root_ca
66
+ root_ca.add_extension(ef.create_extension("basicConstraints", "CA:TRUE", true))
67
+ root_ca.add_extension(ef.create_extension("keyUsage", "keyCertSign, cRLSign", true))
68
+ root_ca.add_extension(ef.create_extension("subjectKeyIdentifier", "hash", false))
69
+ root_ca.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always", false))
70
+ root_ca.sign(root_key, OpenSSL::Digest::SHA256.new)
71
+ end
20
72
  end
21
73
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module DiceBag
4
- VERSION = "1.4.1"
4
+ VERSION = "1.5.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dice_bag
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.1
4
+ version: 1.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Smith
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-08-14 00:00:00.000000000 Z
12
+ date: 2020-11-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rake