eassl3 3.0.2 → 3.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +13 -1
- data/lib/eassl.rb +1 -1
- data/lib/eassl/certificate.rb +12 -3
- data/lib/eassl/signing_request.rb +10 -1
- data/lib/eassl/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f53948925e3600b73c879e40ebdf8d1905a6944d
|
|
4
|
+
data.tar.gz: 8accdc4e3a61b2279987e625686b4e5d5de64d98
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6ff10d1084ee10aff7378b7936f2f504f50d63e15033ed5fdb290a960fa7ac946bf3ebfefe3c3a2579fce8c168dcdfcc3a7ed0157cf3083d6e3ee2ec765470f6
|
|
7
|
+
data.tar.gz: a177054fd5ae76fefcc50274a2894d6a86cc3f79a1274e5e3ff87499399fec78dd4b7de9bcd9a85317195944b6f18555de564be57efe83fe5ebd7cc42d7add70
|
data/README.md
CHANGED
|
@@ -33,7 +33,9 @@ Generating a CSR and private key:
|
|
|
33
33
|
:city => 'Fargo',
|
|
34
34
|
:state => 'North Dakota',
|
|
35
35
|
:country => 'USA',
|
|
36
|
-
:subject_alt_name => ['www.mydomain.com', 'mydomain.com']
|
|
36
|
+
:subject_alt_name => ['www.mydomain.com', 'mydomain.com', { :name => "IP", :value => "127.0.0.1" }]
|
|
37
|
+
:type => 'custom'
|
|
38
|
+
:extensions => [ {:name => "keyUsage", :value => "digitalSignature"} ]
|
|
37
39
|
}
|
|
38
40
|
|
|
39
41
|
ea_key = EaSSL::Key.new
|
|
@@ -43,6 +45,16 @@ Generating a CSR and private key:
|
|
|
43
45
|
csr = ea_csr.ssl.to_s
|
|
44
46
|
key = ea_key.private_key.to_s
|
|
45
47
|
|
|
48
|
+
## Options description
|
|
49
|
+
Standard certificate options, e.g. department or email, are not described here
|
|
50
|
+
* `subject_alt_name` - `subjectAltName` option, should be an array of either strings or hashes. Each string defaults to the `DNS` type.
|
|
51
|
+
* `type` - use pre-defined collection of extensions.
|
|
52
|
+
* `:type => 'server'` - default, adds `keyUsage=digitalSignature,keyEncipherment` and `extendedKeyUsage=serverAuth`
|
|
53
|
+
* `:type => 'client'` - adds `keyUsage=nonRepudiation,digitalSignature,keyEncipherment` and `extendedKeyUsage=clientAuth,emailProtection`
|
|
54
|
+
* `:type => 'peer'` - adds `keyUsage=digitalSignature,keyEncipherment` and `extendedKeyUsage=serverAuth,clientAuth`
|
|
55
|
+
* `:type => 'server'` - adds the extensions provided in the `:extensions` option
|
|
56
|
+
* `extensions` - list of the key usage values in case if the `:type => 'custom'` was chosen. Takes an array of `{:name, :value}` hashes.
|
|
57
|
+
|
|
46
58
|
## Development
|
|
47
59
|
|
|
48
60
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
|
data/lib/eassl.rb
CHANGED
|
@@ -19,7 +19,7 @@ $:.unshift File.expand_path(File.dirname(__FILE__))
|
|
|
19
19
|
# * EaSSL::SigningRequest: the class for creating SSL signing requests
|
|
20
20
|
|
|
21
21
|
module EaSSL
|
|
22
|
-
VERSION = '3.0.
|
|
22
|
+
VERSION = '3.0.3'
|
|
23
23
|
|
|
24
24
|
def self.generate_self_signed(options)
|
|
25
25
|
ca = CertificateAuthority.new({:bits => 1024}.update(options[:ca_options]||{}))
|
data/lib/eassl/certificate.rb
CHANGED
|
@@ -13,8 +13,9 @@ module EaSSL
|
|
|
13
13
|
:ca_certificate => nil, #required
|
|
14
14
|
:comment => "Ruby/OpenSSL/EaSSL Generated Certificate",
|
|
15
15
|
:type => "server",
|
|
16
|
-
:subject_alt_name => nil, #optional e.g. [ "*.example.com", "example.com" ]
|
|
17
|
-
:override_req => true
|
|
16
|
+
:subject_alt_name => nil, #optional e.g. [ "*.example.com", "example.com", {:name => "IP", :value => "127.0.0.1"} ]
|
|
17
|
+
:override_req => true,
|
|
18
|
+
:extensions => nil #if type is custom, [ {:name => "keyUsage", :value => "digitalSignature"} ]
|
|
18
19
|
}.update(options)
|
|
19
20
|
end
|
|
20
21
|
|
|
@@ -47,11 +48,19 @@ module EaSSL
|
|
|
47
48
|
when 'client'
|
|
48
49
|
extensions << ef.create_extension("keyUsage", "nonRepudiation,digitalSignature,keyEncipherment")
|
|
49
50
|
extensions << ef.create_extension("extendedKeyUsage", "clientAuth,emailProtection")
|
|
51
|
+
when 'peer'
|
|
52
|
+
extensions << ef.create_extension("keyUsage", "digitalSignature,keyEncipherment")
|
|
53
|
+
extensions << ef.create_extension("extendedKeyUsage", "serverAuth,clientAuth")
|
|
54
|
+
when 'custom'
|
|
55
|
+
exten_opts = @options[:extensions] || @options[:signing_request].options[:extensions]
|
|
56
|
+
exten_opts.each do |ext|
|
|
57
|
+
extensions << ef.create_extension(ext[:name], ext[:value])
|
|
58
|
+
end
|
|
50
59
|
end
|
|
51
60
|
|
|
52
61
|
#add subject alternate names
|
|
53
62
|
if @options[:subject_alt_name]
|
|
54
|
-
subjectAltName = @options[:subject_alt_name].map {
|
|
63
|
+
subjectAltName = @options[:subject_alt_name].map {|d| d.is_a?(Hash) ? "#{d[:name]}: #{d[:value]}" : "DNS: #{d}" }.join(',')
|
|
55
64
|
extensions << ef.create_extension("subjectAltName", subjectAltName)
|
|
56
65
|
end
|
|
57
66
|
|
|
@@ -13,6 +13,7 @@ module EaSSL
|
|
|
13
13
|
:name => {}, #required, CertificateName
|
|
14
14
|
:key => nil, #required
|
|
15
15
|
:digest => OpenSSL::Digest::SHA512.new,
|
|
16
|
+
:extensions => nil
|
|
16
17
|
}.update(options)
|
|
17
18
|
@options[:key] ||= Key.new(@options)
|
|
18
19
|
end
|
|
@@ -38,10 +39,18 @@ module EaSSL
|
|
|
38
39
|
@extensions << ef.create_extension("basicConstraints","CA:FALSE")
|
|
39
40
|
@extensions << ef.create_extension("keyUsage", "nonRepudiation,digitalSignature,keyEncipherment")
|
|
40
41
|
@extensions << ef.create_extension("extendedKeyUsage", "clientAuth,emailProtection")
|
|
42
|
+
when 'peer'
|
|
43
|
+
@extensions << ef.create_extension("basicConstraints","CA:FALSE")
|
|
44
|
+
@extensions << ef.create_extension("keyUsage", "digitalSignature,keyEncipherment")
|
|
45
|
+
@extensions << ef.create_extension("extendedKeyUsage", "serverAuth,clientAuth")
|
|
46
|
+
when 'custom'
|
|
47
|
+
@options[:extensions].each do |ext|
|
|
48
|
+
@extensions << ef.create_extensions(ext[:name], ext[:value])
|
|
49
|
+
end
|
|
41
50
|
end
|
|
42
51
|
|
|
43
52
|
if @options[:subject_alt_name]
|
|
44
|
-
subjectAltName = @options[:subject_alt_name].map {
|
|
53
|
+
subjectAltName = @options[:subject_alt_name].map {|d| d.is_a?(Hash) ? "#{d[:name]}: #{d[:value]}" : "DNS: #{d}" }.join(',')
|
|
45
54
|
@extensions << ef.create_extension("subjectAltName", subjectAltName)
|
|
46
55
|
end
|
|
47
56
|
|
data/lib/eassl/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: eassl3
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter Bell
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: exe
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2016-
|
|
14
|
+
date: 2016-05-24 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: bundler
|
|
@@ -103,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
103
103
|
version: '0'
|
|
104
104
|
requirements: []
|
|
105
105
|
rubyforge_project:
|
|
106
|
-
rubygems_version: 2.
|
|
106
|
+
rubygems_version: 2.5.1
|
|
107
107
|
signing_key:
|
|
108
108
|
specification_version: 4
|
|
109
109
|
summary: EaSSL is a library aimed at making openSSL certificate generation and management
|