eassl3 3.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 975e8d4b5b91a9681f9b719d7bbd5db546433203
+  data.tar.gz: 0f421b863e64b983a436716b3242593c30e74313
+SHA512:
+  metadata.gz: 4fe2c4f90e9ca7f5b4bf97d53a511d42b1fd2e6fa9549929a1d66f84e5b8250692a15039be41dce41b88d1fe873c76a7cfa97cacdbd28310973dac7fde365186
+  data.tar.gz: d84e442c0a7d8e64b6026312960379fc8e84baec3303d4f3bd63db01351db195c306b9eb27fefab183566e6a52f609f6ebbc7ebe4d3d8a735650e90569f54735

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.2.0

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http:contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in eassl.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,32 @@
+PATH
+  remote: .
+  specs:
+    eassl3 (3.0.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.2.5)
+    rake (10.4.2)
+    rspec (3.3.0)
+      rspec-core (~> 3.3.0)
+      rspec-expectations (~> 3.3.0)
+      rspec-mocks (~> 3.3.0)
+    rspec-core (3.3.1)
+      rspec-support (~> 3.3.0)
+    rspec-expectations (3.3.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-mocks (3.3.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-support (3.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.8)
+  eassl3!
+  rake (~> 10.0)
+  rspec

data/LICENSE.txt

@@ -0,0 +1,57 @@
+Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.co.jp>.
+You can redistribute it and/or modify it under either the terms of the GPL
+(see COPYING.txt file), or the conditions below:
+
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+	  modifications to Usenet or an equivalent medium, or by allowing
+	  the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) rename any non-standard executables so the names do not conflict
+	  with standard executables, which must also be provided.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or executable
+     form, provided that you do at least ONE of the following:
+
+       a) distribute the executables and library files of the software,
+	  together with instructions (in the manual page or equivalent)
+	  on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+	  the software.
+
+       c) give non-standard executables non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial).  But some files in the distribution
+     are not written by the author, so that they are not under this terms.
+
+     They are gc.c(partly), utils.c(partly), regex.[ch], st.[ch] and some
+     files under the ./missing directory.  See each file for the copying
+     condition.
+
+  5. The scripts and library files supplied as input to or produced as 
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them, 
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.

data/README.md

@@ -0,0 +1,58 @@
+# Eassl
+
+EaSSL is a library aimed at making openSSL certificate generation and management easier and more ruby-ish.
+
+Forked from https://github.com/chrisa/eassl and patched using available pull requests for that project and additional development for better utilizing CSR details and using SHA512 for signing by default.  Rcov and Jeweler were switched out in favor of Rspec and Bundler.
+ 
+Ruby license, inherited from the rubyforge project.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'eassl3'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install eassl3
+
+## Usage
+
+Generating a CSR and private key:
+    options = {
+      :department     => 'web sites',
+      :common_name    => 'www.mydomain.com',
+      :organization,  => 'My Org'
+      :email          => 'test@test.com',
+      :city           => 'Fargo',
+      :state          => 'North Dakota',
+      :country        => 'USA',
+      :subject_alt_name => ['www.mydomain.com', 'mydomain.com']
+    }
+
+    ea_key  = EaSSL::Key.new
+    ea_name = EaSSL::CertificateName.new(options)
+    ea_csr  = EaSSL::SigningRequest.new(:name => ea_name, :key => ea_key)
+
+    csr = ea_csr.ssl.to_s
+    key = ea_key.private_key.to_s
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/eassl/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "eassl"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/eassl.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'eassl/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "eassl3"
+  spec.version       = Eassl::VERSION
+  spec.authors       = ["Peter Bell", "Paul Nicholson", "Paul Meserve", "Chris Andrews"]
+  spec.email         = ["bellpeterm+github@gmail.com"]
+
+#  if spec.respond_to?(:metadata)
+#    spec.metadata['allowed_push_host'] = "TODO: Set to 'http://mygemserver.com' to prevent pushes to rubygems.org, or delete to allow pushes to any server."
+#  end
+
+  spec.summary       = %q{EaSSL is a library aimed at making openSSL certificate generation and management easier and more ruby-ish.}
+  spec.description   = %q{This gem is a drop-in replacement for eassl 0.1.1643}
+  spec.homepage      = "https://github.com/bellpeterm/eassl"
+  spec.license       = "Ruby"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.8"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec"
+end

data/lib/eassl/authority_certificate.rb

@@ -0,0 +1,59 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class AuthorityCertificate
+    def initialize(options)
+      @options = {
+        :key => nil, #required
+        :name => {}, #required, CertificateName
+      }.update(options)
+    end
+
+    def ssl
+      unless @ssl
+        cert = OpenSSL::X509::Certificate.new
+        cert.not_before = Time.now
+        cert.subject = cert.issuer = CertificateName.new({ :common_name => "CA" }.update(@options[:name])).name
+        cert.not_after = cert.not_before + (365 * 5) * 24 * 60 * 60
+        cert.public_key = @options[:key].public_key
+        cert.serial = 1
+        cert.version = 2 # X509v3
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate = cert
+        cert.extensions = [
+          ef.create_extension("basicConstraints","CA:TRUE"),
+          ef.create_extension("keyUsage", "cRLSign, keyCertSign"),
+          ef.create_extension("subjectKeyIdentifier", "hash"),
+          ef.create_extension("nsComment", "Ruby/OpenSSL/EaSSL Generated Certificate"),
+        ]
+        cert.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always"))
+        cert.sign(@options[:key].private_key, OpenSSL::Digest::SHA1.new)
+        @ssl = cert
+      end
+      @ssl
+    end
+
+    def method_missing(method)
+      ssl.send(method)
+    end
+
+    def load(pem_string)
+      begin
+        @ssl = OpenSSL::X509::Certificate.new(pem_string)
+      rescue
+        raise "CertificateLoader: Error loading certificate"
+      end
+      self
+    end
+
+    def self.load(pem_file_path)
+      new({}).load(File.read(pem_file_path))
+    end
+  end
+end

data/lib/eassl/certificate.rb

@@ -0,0 +1,109 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class Certificate
+    def initialize(options)
+      @options = {
+        :days_valid       => (365 * 5),
+        :signing_request  => nil,               #required
+        :ca_certificate   => nil,               #required
+        :comment          => "Ruby/OpenSSL/EaSSL Generated Certificate",
+        :type             => "server",
+        :subject_alt_name => nil, #optional e.g. [ "*.example.com", "example.com" ]
+        :override_req     => true
+      }.update(options)
+    end
+
+    def ssl
+      unless @ssl
+        @ssl = OpenSSL::X509::Certificate.new
+        @ssl.not_before = Time.now
+        @ssl.subject = @options[:signing_request].subject
+        @ssl.issuer = @options[:ca_certificate]? @options[:ca_certificate].subject :  @ssl.subject
+        @ssl.not_after = @ssl.not_before + @options[:days_valid] * 24 * 60 * 60
+        @ssl.public_key = @options[:signing_request].public_key
+        @ssl.serial = @options[:serial] || 2
+        @ssl.version = 2 # X509v3
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = @ssl
+        ef.issuer_certificate = @options[:ca_certificate]? @options[:ca_certificate].ssl : @ssl
+        @ssl.extensions = [ ef.create_extension("subjectKeyIdentifier", "hash") ]
+        @ssl.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always"))
+        
+        extensions = Array.new
+        
+        extensions << ef.create_extension("basicConstraints","CA:FALSE")
+        extensions << ef.create_extension("nsComment", @options[:comment])
+
+        case @options[:type]
+        when 'server'
+          extensions << ef.create_extension("keyUsage", "digitalSignature,keyEncipherment")
+          extensions << ef.create_extension("extendedKeyUsage", "serverAuth")
+        when 'client'
+          extensions << ef.create_extension("keyUsage", "nonRepudiation,digitalSignature,keyEncipherment")
+          extensions << ef.create_extension("extendedKeyUsage", "clientAuth,emailProtection")
+        end
+
+        #add subject alternate names
+        if @options[:subject_alt_name]
+          subjectAltName = @options[:subject_alt_name].map { |d| "DNS: #{d}" }.join(',')
+          extensions << ef.create_extension("subjectAltName", subjectAltName)
+        end
+
+        if sr = @options[:signing_request]
+          sr.extensions.each do |ext|
+            if @options[:override_req] # CA extensions take precedence in merge, default behavior
+              extensions << ext unless extensions.any? { |e| e.oid == ext.oid }
+            else # Req extensions take precedence in merge
+              extensions.delete_if { |e| e.oid == ext.oid }
+              extensions << ext
+            end
+          end
+        end
+
+        extensions.each do |ext|
+          @ssl.add_extension(ext)
+        end
+
+      end
+      @ssl
+    end
+
+    def sign(ca_key, digest=OpenSSL::Digest::SHA1.new)
+      ssl.sign(ca_key.private_key, digest)
+    end
+
+    def to_pem
+      ssl.to_pem
+    end
+
+    # Returns a SHA1 fingerprint of the certificate in the OpenSSL style
+    def sha1_fingerprint
+      Digest::SHA1.hexdigest(ssl.to_der).upcase.gsub(/(..)/, '\1:').chop
+    end
+
+    # This method is used to intercept and pass-thru calls to openSSL methods and instance
+    # variables.
+    def method_missing(method)
+      ssl.send(method)
+    end
+
+    def self.load(pem_file_path)
+      new({}).load(File.read(pem_file_path))
+    end
+
+    def load(pem_string)
+      begin
+        @ssl = OpenSSL::X509::Certificate.new(pem_string)
+      rescue
+        raise "CertificateLoader: Error loading certificate"
+      end
+      self
+    end
+  end
+end

data/lib/eassl/certificate_authority.rb

@@ -0,0 +1,46 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class CertificateAuthority
+    attr_reader :key, :certificate, :serial
+    def initialize(options = {})
+      if options[:key] && options[:certificate] && options[:serial]
+        @key = options[:key]
+        @certificate = options[:certificate]
+        @serial = options[:serial]
+      else
+        options[:name] ||= {}
+        @key = Key.new({:password => 'ca_ssl_password'}.update(options))
+        @certificate = AuthorityCertificate.new(:key => @key, :name => options[:name])
+        @serial = Serial.new(:next => 1)
+      end
+    end
+
+    def self.load(options)
+      key = Key.load(File.join(options[:ca_path], 'cakey.pem'), options[:ca_password])
+      certificate = AuthorityCertificate.load(File.join(options[:ca_path], 'cacert.pem'))
+      serial = Serial.load(File.join(options[:ca_path], 'serial.txt'))
+      self.new(:key => key, :certificate => certificate, :serial => serial)
+    end
+
+    def create_certificate(signing_request, type='server', days_valid=nil, digest=OpenSSL::Digest::SHA512.new)
+      options = {
+        :signing_request => signing_request,
+        :ca_certificate => @certificate,
+        :serial => @serial.issue_serial,
+        :type => type
+      }
+      if days_valid
+        options[:days_valid] = days_valid
+      end
+      cert = Certificate.new(options)
+      @serial.save!
+      cert.sign(@key, digest)
+      cert
+    end
+  end
+end

data/lib/eassl/certificate_name.rb

@@ -0,0 +1,40 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class CertificateName
+    def initialize(options)
+      @options = options
+    end
+
+    def ssl
+      name_mapping = [
+        ['C', :country, OpenSSL::ASN1::PRINTABLESTRING],
+        ['ST', :state, OpenSSL::ASN1::PRINTABLESTRING],
+        ['L', :city, OpenSSL::ASN1::PRINTABLESTRING],
+        ['O', :organization, OpenSSL::ASN1::UTF8STRING],
+        ['OU', :department, OpenSSL::ASN1::UTF8STRING],
+        ['CN', :common_name, OpenSSL::ASN1::UTF8STRING],
+        ['emailAddress', :email, OpenSSL::ASN1::IA5STRING]
+      ]
+
+      name = []
+      name_mapping.each do |k|
+        name << [k[0], @options[k[1]], k[2]] if @options[k[1]]
+      end
+
+      OpenSSL::X509::Name.new(name)
+    end
+
+    def name
+      ssl
+    end
+
+    def options
+      @options
+    end
+  end
+end

data/lib/eassl/key.rb

@@ -0,0 +1,70 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # == EaSSL::Key creates and manages openSSL keys
+  #
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  #
+  # ==== Usage
+  #
+  # ===== Availible Methods - including methods provided by openSSL::PKey:
+  # * public_key
+  # * private_key
+  # * to_text
+  class Key
+    # Create new Key using the provided options or using the defaults
+    def initialize(options = {}) #:params: options
+      @options = {
+        :bits => 2048,
+        :password => 'ssl_password',
+      }.update(options)
+    end
+
+    def ssl
+      unless @ssl
+        # <Should use some kind of logger on this>
+        # $stderr.puts "Generating #{@options[:bits]} bit key\n"
+        @ssl = OpenSSL::PKey::RSA::new(@options[:bits])
+      end
+      @ssl
+    end
+
+    # This method is used to intercept and pass-thru calls to openSSL methods and instance
+    # variables.
+    def method_missing(method) # :nodoc:
+      ssl.send(method)
+    end
+
+    def private_key
+      ssl
+    end
+
+    # Returns the length of the key in bits
+    def length
+      ssl.n.num_bytes * 8
+    end
+
+    # Export the encrypted key, returns a string
+    def to_pem
+      ssl.export(OpenSSL::Cipher::DES.new('EDE3-CBC'), @options[:password])
+    end
+
+    # Decrypt and load a PEM encoded Key from the file system with the provided password.
+    def self.load(pem_file_path, password=nil)
+      new.load(File.read(pem_file_path), password)
+    end
+
+    # Decrypt and load a PEM encoded Key from provided string with the provided password.
+    def load(pem_string, password=nil)
+      begin
+        @ssl = OpenSSL::PKey::RSA::new(pem_string, password || @options[:password])
+      rescue
+        raise "KeyLoader: Error decrypting key with password"
+      end
+      self
+    end
+  end
+end

data/lib/eassl/serial.rb

@@ -0,0 +1,33 @@
+require 'eassl'
+module EaSSL
+  # Author::    Chris Andrews  (mailto:chris@nodnol.org)
+  # Copyright:: Copyright (c) 2011 Chris Andrews
+  # License::   Distributes under the same terms as Ruby
+  class Serial
+    attr_reader :next
+    def initialize(options = {})
+      @next = options[:next]
+      @path = options[:path]
+    end
+
+    def self.load(serial_file_path)
+      hex_string = (File.read(serial_file_path))
+      self.new(:next => Integer("0x#{hex_string}"), :path => serial_file_path)
+    end
+
+    def save!
+      if @path
+        hex_string = sprintf("%04X", @next)
+        File.open(@path, 'w') do |io|
+          io.write "#{hex_string}\n"
+        end
+      end
+    end
+
+    def issue_serial
+      @next = @next + 1
+      @next - 1
+    end
+  end
+end
+

data/lib/eassl/signing_request.rb

@@ -0,0 +1,91 @@
+require 'openssl'
+require 'eassl'
+module EaSSL
+  # Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+  # Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+  # Copyright:: Copyright (c) 2006 WebPower Design
+  # License::   Distributes under the same terms as Ruby
+  class SigningRequest
+    attr_reader :extensions
+
+    def initialize(options = {})
+      @options = {
+        :name       => {},                #required, CertificateName
+        :key        => nil,               #required
+        :digest     => OpenSSL::Digest::SHA512.new,
+      }.update(options)
+      @options[:key] ||= Key.new(@options)
+    end
+
+    def ssl
+      unless @ssl
+        @ssl = OpenSSL::X509::Request.new
+        @ssl.version = 0
+        @ssl.subject = CertificateName.new(@options[:name].options).name
+        @ssl.public_key = key.public_key
+        
+        @extensions = Array.new
+        ef = OpenSSL::X509::ExtensionFactory.new
+        
+        case @options[:type]
+        when 'subordinate'
+          @extensions << ef.create_extension("basicConstraints","CA:TRUE")
+        when 'server'
+          @extensions << ef.create_extension("basicConstraints","CA:FALSE")
+          @extensions << ef.create_extension("keyUsage", "digitalSignature,keyEncipherment")
+          @extensions << ef.create_extension("extendedKeyUsage", "serverAuth")
+        when 'client'
+          @extensions << ef.create_extension("basicConstraints","CA:FALSE")
+          @extensions << ef.create_extension("keyUsage", "nonRepudiation,digitalSignature,keyEncipherment")
+          @extensions << ef.create_extension("extendedKeyUsage", "clientAuth,emailProtection")
+        end
+        
+        if @options[:subject_alt_name]
+          subjectAltName = @options[:subject_alt_name].map { |d| "DNS: #{d}" }.join(',')
+          @extensions << ef.create_extension("subjectAltName", subjectAltName)
+        end
+        
+        if @extensions.count > 0
+          seq = OpenSSL::ASN1::Sequence.new(extensions)
+          set = OpenSSL::ASN1::Set.new([seq])
+          attr = OpenSSL::X509::Attribute.new('extReq', set)
+          @ssl.add_attribute(attr)
+        end
+
+        @ssl.sign(key.private_key, @options[:digest])
+      end
+      @ssl
+    end
+
+    def key
+      @options[:key]
+    end
+
+    def options
+      @options
+    end
+
+    def to_pem
+      ssl.to_pem
+    end
+
+    # This method is used to intercept and pass-thru calls to openSSL methods and instance
+    # variables.
+    def method_missing(method)
+      ssl.send(method)
+    end
+
+    def self.load(pem_file_path)
+      new.load(File.read(pem_file_path))
+    end
+
+    def load(pem_string)
+      begin
+        @ssl = OpenSSL::X509::Request.new(pem_string)
+      rescue
+        raise "SigningRequestLoader: Error loading signing request"
+      end
+      self
+    end
+  end
+end

data/lib/eassl/version.rb

@@ -0,0 +1,3 @@
+module Eassl
+  VERSION = "3.0.0"
+end

data/lib/eassl.rb

@@ -0,0 +1,71 @@
+require 'openssl'
+require 'fileutils'
+$:.unshift File.expand_path(File.dirname(__FILE__))
+# = About EaSSL
+#
+# Author::    Paul Nicholson  (mailto:paul@webpowerdesign.net)
+# Co-Author:: Adam Williams (mailto:adam@thewilliams.ws)
+# Copyright:: Copyright (c) 2006 WebPower Design
+# License::   Distributes under the same terms as Ruby
+#
+# By requiring <tt>eassl</tt>, you can load the full set of EaSSL classes.
+#
+# For a full list of features and instructions, see the #README.
+#
+# EaSSL is a module containing all of the great EaSSL classes for creating
+# and managing openSSL keys, signing request, and certificates.
+#
+# * EaSSL::Key: the class for loading and creating SSL keys
+# * EaSSL::SigningRequest: the class for creating SSL signing requests
+
+module EaSSL
+  VERSION = '2.0.0'
+
+  def self.generate_self_signed(options)
+    ca = CertificateAuthority.new({:bits => 1024}.update(options[:ca_options]||{}))
+    sr = SigningRequest.new(options)
+    cert = ca.create_certificate(sr)
+    [ca, sr, cert]
+  end
+
+  def self.config_webrick(webrick_config, options = {})
+    hostname = `hostname`.strip
+    eassl_host_dir = "#{File.expand_path('~')}/.eassl/#{hostname}"
+    ca_cert_file = "#{eassl_host_dir}/ca.crt"
+    ca_key_file = "#{eassl_host_dir}/ca.key"
+    server_key_file = "#{eassl_host_dir}/server.key"
+    server_cert_file = "#{eassl_host_dir}/server.crt"
+    FileUtils.rm_rf(eassl_host_dir) if options[:force_regeneration]
+
+    if File.exist?(server_cert_file)
+      key = Key.load(server_key_file, 'countinghouse1234')
+      cert = Certificate.load(server_cert_file)
+    else
+      ca, sr, cert = self.generate_self_signed({:name => {:common_name => hostname}, :bits => 1024}.update(options))
+      key = sr.key
+      FileUtils.makedirs(eassl_host_dir)
+      File.open(%(#{ca_cert_file}.pem), "w", 0777) {|f| f << ca.certificate.to_pem }
+      File.open(%(#{ca_cert_file}.der), "w", 0777) {|f| f << ca.certificate.to_der }
+      File.open(ca_key_file, "w", 0777) {|f| f << ca.key.to_pem }
+      File.open(server_key_file, "w", 0777) {|f| f << key.to_pem }
+      File.open(server_cert_file, "w", 0777) {|f| f << cert.to_pem }
+    end
+
+    webrick_config.update({
+      :SSLEnable       => true,
+      :SSLPrivateKey => key.ssl,
+      :SSLCertificate => cert.ssl,
+      :SSLExtraChainCert => [Certificate.load(%(#{ca_cert_file}.pem)).ssl],
+      :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
+      :SSLStartImmediately => true,
+    })
+  end
+end
+
+require 'eassl/key'
+require 'eassl/certificate_name'
+require 'eassl/signing_request'
+require 'eassl/certificate'
+require 'eassl/authority_certificate'
+require 'eassl/certificate_authority'
+require 'eassl/serial'

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification
+name: eassl3
+version: !ruby/object:Gem::Version
+  version: 3.0.0
+platform: ruby
+authors:
+- Peter Bell
+- Paul Nicholson
+- Paul Meserve
+- Chris Andrews
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-06-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a drop-in replacement for eassl 0.1.1643
+email:
+- bellpeterm+github@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- eassl.gemspec
+- lib/eassl.rb
+- lib/eassl/authority_certificate.rb
+- lib/eassl/certificate.rb
+- lib/eassl/certificate_authority.rb
+- lib/eassl/certificate_name.rb
+- lib/eassl/key.rb
+- lib/eassl/serial.rb
+- lib/eassl/signing_request.rb
+- lib/eassl/version.rb
+homepage: https://github.com/bellpeterm/eassl
+licenses:
+- Ruby
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: EaSSL is a library aimed at making openSSL certificate generation and management
+  easier and more ruby-ish.
+test_files: []