eassl2 2.0.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,13 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+#   gem "activesupport", ">= 2.3.5"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.5.2"
+  gem "rcov", ">= 0"
+  gem 'simplecov', :require => false
+end

data/Gemfile.lock

@@ -0,0 +1,24 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    git (1.2.5)
+    jeweler (1.5.2)
+      bundler (~> 1.0.0)
+      git (>= 1.2.5)
+      rake
+    multi_json (1.0.4)
+    rake (0.9.2.2)
+    rcov (0.9.11)
+    simplecov (0.5.4)
+      multi_json (~> 1.0.3)
+      simplecov-html (~> 0.5.3)
+    simplecov-html (0.5.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  jeweler (~> 1.5.2)
+  rcov
+  simplecov

data/LICENSE.txt

@@ -0,0 +1,57 @@
+Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.co.jp>.
+You can redistribute it and/or modify it under either the terms of the GPL
+(see COPYING.txt file), or the conditions below:
+
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+	  modifications to Usenet or an equivalent medium, or by allowing
+	  the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) rename any non-standard executables so the names do not conflict
+	  with standard executables, which must also be provided.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or executable
+     form, provided that you do at least ONE of the following:
+
+       a) distribute the executables and library files of the software,
+	  together with instructions (in the manual page or equivalent)
+	  on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+	  the software.
+
+       c) give non-standard executables non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial).  But some files in the distribution
+     are not written by the author, so that they are not under this terms.
+
+     They are gc.c(partly), utils.c(partly), regex.[ch], st.[ch] and some
+     files under the ./missing directory.  See each file for the copying
+     condition.
+
+  5. The scripts and library files supplied as input to or produced as 
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them, 
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.

data/README.txt

@@ -0,0 +1,10 @@
+EaSSL is a library aimed at making openSSL certificate generation and
+management easier and more ruby-ish.
+
+Patch from https://github.com/openrain/eassl-fix applied onto source
+of eassl-0.1.1643 from rubyforge, jeweler-ized, and switched from MD5
+to SHA1 hash for CSR signing
+
+Ruby license, inherited from the rubyforge project
+
+This version, 2.0.0, is published as the "eassl2" gem. 

data/Rakefile

@@ -0,0 +1,53 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "eassl2"
+  gem.homepage = "http://github.com/chrisa/eassl"
+  gem.license = "Ruby"
+  gem.summary = %Q{EaSSL is a library aimed at making openSSL certificate generation and management easier and more ruby-ish.}
+  gem.description = %Q{This gem is a more featureful but still drop-in replacement for eassl 0.1.1643}
+  gem.email = "chris@nodnol.org"
+  gem.authors = ["Paul Nicholson", "Paul Meserve", "Chris Andrews"]
+  # Include your dependencies below. Runtime dependencies are required when using your gem,
+  # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
+  #  gem.add_runtime_dependency 'jabber4r', '> 0.1'
+  #  gem.add_development_dependency 'rspec', '> 1.2.3'
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+require 'rcov/rcovtask'
+Rcov::RcovTask.new do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "eassl #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/Readme.mkd

@@ -0,0 +1,44 @@
+eassl
+====================
+EaSSL is a library aimed at making openSSL certificate generation and management easier and more ruby-ish.
+
+Patch from https://github.com/openrain/eassl-fix applied onto source of eassl-0.1.1643 from rubyforge, jeweler-ized, and switched from MD5 to SHA1 hash for CSR signing
+
+Ruby license, inherited from the rubyforge project
+
+Installation
+------------
+We recommend installing with Bundler:
+    gem 'eassl', :git => 'git://github.com/pogodan/eassl.git'
+
+Use
+-------------
+Generating a CSR and private key:
+    options = {
+      :department     => 'web sites',
+      :common_name    => 'www.mydomain.com',
+      :organization,  => 'My Org'
+      :email          => 'test@test.com', 
+      :city           => 'Fargo',
+      :state          => 'North Dakota',
+      :country        => 'USA'
+    }
+
+    ea_key  = EaSSL::Key.new
+    ea_name = EaSSL::CertificateName.new(options)
+    ea_csr  = EaSSL::SigningRequest.new(:name => ea_name, :key => ea_key)
+
+    csr = ea_csr.ssl.to_s
+    key = ea_key.private_key.to_s
+
+Contributing
+-------------
+(boilerplate Jeweler text)
+
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.

data/VERSION

@@ -0,0 +1 @@
+2.0.0

data/eassl2.gemspec

@@ -0,0 +1,93 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{eassl2}
+  s.version = "2.0.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = [%q{Paul Nicholson}, %q{Paul Meserve}, %q{Chris Andrews}]
+  s.date = %q{2012-07-20}
+  s.description = %q{This gem is a drop-in replacement for eassl 0.1.1643}
+  s.email = %q{chris@nodnol.org}
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.txt"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.txt",
+    "Rakefile",
+    "Readme.mkd",
+    "VERSION",
+    "eassl.gemspec",
+    "lib/eassl.rb",
+    "lib/eassl/authority_certificate.rb",
+    "lib/eassl/certificate.rb",
+    "lib/eassl/certificate_authority.rb",
+    "lib/eassl/certificate_name.rb",
+    "lib/eassl/key.rb",
+    "lib/eassl/serial.rb",
+    "lib/eassl/signing_request.rb",
+    "test/CA/cacert.pem",
+    "test/CA/cakey.pem",
+    "test/CA/serial.txt",
+    "test/certificate.pem",
+    "test/csr.pem",
+    "test/encrypted_key.pem",
+    "test/helper.rb",
+    "test/test_eassl.rb",
+    "test/test_eassl_authority_certificate.rb",
+    "test/test_eassl_certificate.rb",
+    "test/test_eassl_certificate_authority.rb",
+    "test/test_eassl_key.rb",
+    "test/test_eassl_key_csr.rb",
+    "test/test_eassl_sign_cert.rb",
+    "test/test_eassl_signing_request.rb",
+    "test/unencrypted_key.pem",
+    "test/unencrypted_key2.pem"
+  ]
+  s.homepage = %q{http://github.com/chrisa/eassl}
+  s.licenses = [%q{Ruby}]
+  s.require_paths = [%q{lib}]
+  s.rubygems_version = %q{1.8.6}
+  s.summary = %q{EaSSL is a library aimed at making openSSL certificate generation and management easier and more ruby-ish.}
+  s.test_files = [
+    "test/helper.rb",
+    "test/test_eassl.rb",
+    "test/test_eassl_authority_certificate.rb",
+    "test/test_eassl_certificate.rb",
+    "test/test_eassl_certificate_authority.rb",
+    "test/test_eassl_key.rb",
+    "test/test_eassl_key_csr.rb",
+    "test/test_eassl_sign_cert.rb",
+    "test/test_eassl_signing_request.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+      s.add_development_dependency(%q<simplecov>, [">= 0"])
+    else
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+      s.add_dependency(%q<simplecov>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+    s.add_dependency(%q<simplecov>, [">= 0"])
+  end
+end
+

data/lib/eassl/authority_certificate.rb

@@ -0,0 +1,59 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class AuthorityCertificate
+    def initialize(options)
+      @options = {
+        :key => nil, #required
+        :name => {}, #required, CertificateName
+      }.update(options)
+    end
+
+    def ssl
+      unless @ssl
+        cert = OpenSSL::X509::Certificate.new
+        cert.not_before = Time.now
+        cert.subject = cert.issuer = CertificateName.new({ :common_name => "CA" }.update(@options[:name])).name
+        cert.not_after = cert.not_before + (365 * 5) * 24 * 60 * 60
+        cert.public_key = @options[:key].public_key
+        cert.serial = 1
+        cert.version = 2 # X509v3
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate = cert
+        cert.extensions = [
+          ef.create_extension("basicConstraints","CA:TRUE"),
+          ef.create_extension("keyUsage", "cRLSign, keyCertSign"),
+          ef.create_extension("subjectKeyIdentifier", "hash"),
+          ef.create_extension("nsComment", "Ruby/OpenSSL/EaSSL Generated Certificate"),
+        ]
+        cert.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always"))
+        cert.sign(@options[:key].private_key, OpenSSL::Digest::SHA1.new)
+        @ssl = cert
+      end
+      @ssl
+    end
+
+    def method_missing(method)
+      ssl.send(method)
+    end
+
+    def load(pem_string)
+      begin
+        @ssl = OpenSSL::X509::Certificate.new(pem_string)
+      rescue
+        raise "CertificateLoader: Error loading certificate"
+      end
+      self
+    end
+
+    def self.load(pem_file_path)
+      new({}).load(File.read(pem_file_path))
+    end
+  end
+end

data/lib/eassl/certificate.rb

@@ -0,0 +1,87 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class Certificate
+    def initialize(options)
+      @options = {
+        :days_valid       => (365 * 5),
+        :signing_request  => nil,               #required
+        :ca_certificate   => nil,               #required
+        :comment          => "Ruby/OpenSSL/EaSSL Generated Certificate",
+        :type             => "server"
+      }.update(options)
+    end
+
+    def ssl
+      unless @ssl
+        @ssl = OpenSSL::X509::Certificate.new
+        @ssl.not_before = Time.now
+        @ssl.subject = @options[:signing_request].subject
+        @ssl.issuer = @options[:ca_certificate]? @options[:ca_certificate].subject :  @ssl.subject
+        @ssl.not_after = @ssl.not_before + @options[:days_valid] * 24 * 60 * 60
+        @ssl.public_key = @options[:signing_request].public_key
+        @ssl.serial = @options[:serial] || 2
+        @ssl.version = 2 # X509v3
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = @ssl
+        ef.issuer_certificate = @options[:ca_certificate]? @options[:ca_certificate].ssl : @ssl
+        @ssl.extensions = [
+          ef.create_extension("basicConstraints","CA:FALSE"),
+          ef.create_extension("subjectKeyIdentifier", "hash"),
+
+          ef.create_extension("nsComment", @options[:comment]),
+        ]
+        # this extension must be added separately, after the others.
+        # presumably needs subjectKeyIdentifier to already be in place
+        @ssl.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always"))
+
+        if @options[:type] == 'server'
+          @ssl.add_extension(ef.create_extension("keyUsage", "digitalSignature,keyEncipherment"))
+          @ssl.add_extension(ef.create_extension("extendedKeyUsage", "serverAuth"))
+        end
+        if @options[:type] == 'client'
+          @ssl.add_extension(ef.create_extension("keyUsage", "nonRepudiation,digitalSignature,keyEncipherment"))
+          @ssl.add_extension(ef.create_extension("extendedKeyUsage", "clientAuth,emailProtection"))
+        end
+      end
+      @ssl
+    end
+
+    def sign(ca_key)
+      ssl.sign(ca_key.private_key, OpenSSL::Digest::SHA1.new)
+    end
+
+    def to_pem
+      ssl.to_pem
+    end
+
+    # Returns a SHA1 fingerprint of the certificate in the OpenSSL style
+    def sha1_fingerprint
+      Digest::SHA1.hexdigest(ssl.to_der).upcase.gsub(/(..)/, '\1:').chop
+    end
+
+    # This method is used to intercept and pass-thru calls to openSSL methods and instance
+    # variables.
+    def method_missing(method)
+      ssl.send(method)
+    end
+
+    def self.load(pem_file_path)
+      new({}).load(File.read(pem_file_path))
+    end
+
+    def load(pem_string)
+      begin
+        @ssl = OpenSSL::X509::Certificate.new(pem_string)
+      rescue
+        raise "CertificateLoader: Error loading certificate"
+      end
+      self
+    end
+  end
+end

data/lib/eassl/certificate_authority.rb

@@ -0,0 +1,46 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class CertificateAuthority
+    attr_reader :key, :certificate, :serial
+    def initialize(options = {})
+      if options[:key] && options[:certificate] && options[:serial]
+        @key = options[:key]
+        @certificate = options[:certificate]
+        @serial = options[:serial]
+      else
+        options[:name] ||= {}
+        @key = Key.new({:password => 'ca_ssl_password'}.update(options))
+        @certificate = AuthorityCertificate.new(:key => @key, :name => options[:name])
+        @serial = Serial.new(:next => 1)
+      end
+    end
+
+    def self.load(options)
+      key = Key.load(File.join(options[:ca_path], 'cakey.pem'), options[:ca_password])
+      certificate = AuthorityCertificate.load(File.join(options[:ca_path], 'cacert.pem'))
+      serial = Serial.load(File.join(options[:ca_path], 'serial.txt'))
+      self.new(:key => key, :certificate => certificate, :serial => serial)
+    end
+
+    def create_certificate(signing_request, type='server', days_valid=nil)
+      options = {
+        :signing_request => signing_request,
+        :ca_certificate => @certificate,
+        :serial => @serial.issue_serial,
+        :type => type
+      }
+      if days_valid
+        options[:days_valid] = days_valid
+      end
+      cert = Certificate.new(options)
+      @serial.save!
+      cert.sign(@key)
+      cert
+    end
+  end
+end

data/lib/eassl/certificate_name.rb

@@ -0,0 +1,41 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class CertificateName
+    def initialize(options)
+      @options = {
+        :country      => "US",
+        :state        => "North Carolina",
+        :city         => "Fuquay Varina",
+        :organization => "WebPower Design",
+        :department   => "Web Security",
+        :common_name  =>  nil,                     # required
+        :email        => "eassl@rubyforge.org",
+      }.update(options)
+    end
+
+    def ssl
+      OpenSSL::X509::Name.new([
+        ['C',             @options[:country],      OpenSSL::ASN1::PRINTABLESTRING],
+        ['ST',            @options[:state],        OpenSSL::ASN1::PRINTABLESTRING],
+        ['L',             @options[:city],         OpenSSL::ASN1::PRINTABLESTRING],
+        ['O',             @options[:organization], OpenSSL::ASN1::UTF8STRING],
+        ['OU',            @options[:department],   OpenSSL::ASN1::UTF8STRING],
+        ['CN',            @options[:common_name],  OpenSSL::ASN1::UTF8STRING],
+        ['emailAddress',  @options[:email],        OpenSSL::ASN1::UTF8STRING]
+      ])
+    end
+
+    def name
+      ssl
+    end
+
+    def options
+      @options
+    end
+  end
+end

data/lib/eassl/key.rb

@@ -0,0 +1,70 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # == EaSSL::Key creates and manages openSSL keys
+  #
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  #
+  # ==== Usage
+  #
+  # ===== Availible Methods - including methods provided by openSSL::PKey:
+  # * public_key
+  # * private_key
+  # * to_text
+  class Key
+    # Create new Key using the provided options or using the defaults
+    def initialize(options = {}) #:params: options
+      @options = {
+        :bits => 2048,
+        :password => 'ssl_password',
+      }.update(options)
+    end
+
+    def ssl
+      unless @ssl
+        # <Should use some kind of logger on this>
+        # $stderr.puts "Generating #{@options[:bits]} bit key\n"
+        @ssl = OpenSSL::PKey::RSA::new(@options[:bits])
+      end
+      @ssl
+    end
+
+    # This method is used to intercept and pass-thru calls to openSSL methods and instance
+    # variables.
+    def method_missing(method) # :nodoc:
+      ssl.send(method)
+    end
+
+    def private_key
+      ssl
+    end
+
+    # Returns the length of the key in bits
+    def length
+      ssl.n.num_bytes * 8
+    end
+
+    # Export the encrypted key, returns a string
+    def to_pem
+      ssl.export(OpenSSL::Cipher::DES.new('EDE3-CBC'), @options[:password])
+    end
+
+    # Decrypt and load a PEM encoded Key from the file system with the provided password.
+    def self.load(pem_file_path, password=nil)
+      new.load(File.read(pem_file_path), password)
+    end
+
+    # Decrypt and load a PEM encoded Key from provided string with the provided password.
+    def load(pem_string, password=nil)
+      begin
+        @ssl = OpenSSL::PKey::RSA::new(pem_string, password || @options[:password])
+      rescue
+        raise "KeyLoader: Error decrypting key with password"
+      end
+      self
+    end
+  end
+end

data/lib/eassl/serial.rb

@@ -0,0 +1,33 @@
+require 'eassl'
+module EaSSL
+  # Author::    Chris Andrews  (mailto:chris@nodnol.org)
+  # Copyright:: Copyright (c) 2011 Chris Andrews
+  # License::   Distributes under the same terms as Ruby
+  class Serial
+    attr_reader :next
+    def initialize(options = {})
+      @next = options[:next]
+      @path = options[:path]
+    end
+
+    def self.load(serial_file_path)
+      hex_string = (File.read(serial_file_path))
+      self.new(:next => Integer("0x#{hex_string}"), :path => serial_file_path)
+    end
+
+    def save!
+      if @path
+        hex_string = sprintf("%04X", @next)
+        File.open(@path, 'w') do |io|
+          io.write "#{hex_string}\n"
+        end
+      end
+    end
+
+    def issue_serial
+      @next = @next + 1
+      @next - 1
+    end
+  end
+end
+