RubyGems - easyrsa - Versions diffs - 0.8.0 → 0.8.5 - Mend

easyrsa 0.8.0 → 0.8.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/README.md +67 -0
data/easyrsa.gemspec +2 -1
data/lib/easyrsa.rb +10 -0
data/lib/easyrsa/ca.rb +96 -0
data/lib/easyrsa/certificate.rb +1 -5
data/lib/easyrsa/version.rb +1 -1
data/spec/easyrsa/02_certificate_spec.rb +1 -1
data/spec/easyrsa/03_ca_spec.rb +63 -0
metadata +41 -23

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9ada5a7e2f566650ae8026337014a26b49edbdab
-  data.tar.gz: 65e56567acfec259aaa97c4316ce120e6efeea02
+  metadata.gz: 3742312c40f8eb4d1d8764440fbbe194ceff36a9
+  data.tar.gz: f35d595436a145b81b1974019de0bdb1f57005dc
 SHA512:
-  metadata.gz: 4f6cd1854b8cf83e0eff3b076949fc2749356b8f59c0be413cc29bc1ce376d685f66d6dff8333c126692f0ff7f1629d93d9b2cab68b1bca4bb525ed5813bc2d1
-  data.tar.gz: 7a03dc59b07b8b892870f358c00f8a6f2732f04738e089e502f3ca73a816074c4ee991b16394c959d4863bfa0374292a320f84d5506b5d10c827cba364c7fa90
+  metadata.gz: 045c72d676fcad6d830008a7403494716bd650a65501664fb3985056bb804a058d427e409064697a43291e0a2d3051efcc57e9b622fee812bbb190344dc38164
+  data.tar.gz: c0d2824fa7b381b25fa5697b7e011856da91ff300ebce56195b5959431252a817d498ac0d6ed318525ce16b74b56aa93b39737c04c9e7150bf08a72adcbf618d

data/README.md ADDED Viewed

@@ -0,0 +1,67 @@
+# ruby-easyrsa
+[![Build Status](https://travis-ci.org/mikemackintosh/ruby-easyrsa.svg)](https://travis-ci.org/mikemackintosh/ruby-easyrsa)
+[![](http://ruby-gem-downloads-badge.herokuapp.com/easyrsa?type=total)](https://rubygems.org/gems/easyrsa)
+[![Dependency Status](https://gemnasium.com/mikemackintosh/ruby-easyrsa.svg)](https://gemnasium.com/mikemackintosh/ruby-easyrsa)
+[![Gem Version](https://badge.fury.io/rb/easyrsa.svg)](https://rubygems.org/gems/easyrsa)
+Generate OpenVPN certificate and keys with Ruby using this gem.
+## Installation
+Via command line use `gem`:
+```shell
+gem install easyrsa
+```
+or add it to your projects `Gemfile`:
+```ruby
+gem 'easyrsa'
+```
+and simply require it in your code:
+```ruby
+require 'easyrsa'
+```
+## Usage
+First, set your issuer configuration like so:
+```ruby
+EasyRSA.configure do |issuer|
+  issuer.email = 'support@company.com'
+  issuer.server = 'vpnserver.company.com'
+  issuer.country = 'US'
+  issuer.city = 'New York'
+  issuer.company = 'My Company'
+  issuer.orgunit = 'IT'
+end
+```
+then use the `EasyRSA::Certificate` class to generate the certificate:
+```ruby
+cn = 'Users Common Name'
+email = 'users-common-name@company.com'
+easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, cn, email)
+g = easyrsa.generate
+ #=> [:key => '...RSA KEY...', :crt => '...CERTIFICATE...']
+```
+>**Note** `ca_cert` and `ca_key` should point to the same certificate and keys that are included in your OpenVPN configuration file.
+## Generate the CA files
+The following can be used to create a Certificate Authority:
+```ruby
+ca = EasyRSA::CA.new('CN=openvpn/DC=example/DC=com')
+g = ca.generate
+ #=> [:key => '...RSA KEY...', :crt => '...CERTIFICATE...']
+```

data/easyrsa.gemspec CHANGED Viewed

@@ -25,10 +25,11 @@ Gem::Specification.new do |s|
   s.add_dependency 'openssl'
   s.add_dependency 'fattr'
+  s.add_dependency 'paint'
+  s.add_dependency 'methadone'
   s.add_development_dependency "bundler"
   s.add_development_dependency "rake"
   s.add_development_dependency "rspec"
-  s.add_development_dependency "webmock"
 end

data/lib/easyrsa.rb CHANGED Viewed

@@ -4,11 +4,16 @@ require 'fattr'
 require 'easyrsa/version'
 require 'easyrsa/config'
 require 'easyrsa/certificate'
+require 'easyrsa/ca'
+require 'easyrsa/cli'
+#require 'easyrsa/revoke'
 module EasyRSA
+# Extend Self
   extend self
+# The Configure Block
   def configure
     block_given? ? yield(Config) : Config
     %w(email server country city company orgunit).each do |key|
@@ -21,4 +26,9 @@ module EasyRSA
   end
   alias_method :config, :configure
+# Helper for years from now
+  def years_from_now(i = 10)
+    Time.now + i * 365 * 24 * 60 * 60
+  end
 end

data/lib/easyrsa/ca.rb ADDED Viewed

@@ -0,0 +1,96 @@
+module EasyRSA
+  class CA
+    class BitLengthToWeak < RuntimeError; end
+    class InvalidCAName < RuntimeError; end
+    class MissingParameter < RuntimeError; end
+    def initialize(ca_name=nil, bits=4096, &block)
+    # CA Name to generate cert for
+      begin
+        if ca_name.eql? nil
+          raise EasyRSA::CA::MissingParameter,
+            "Please provide a 'ca name', for the certificates' CN field. This should be in the format, 'CN=ca/DC=example/DC=com' for 'ca.example.com'"
+        end
+        @ca_name = OpenSSL::X509::Name.parse ca_name
+      rescue TypeError => e
+        fail EasyRSA::CA::InvalidCAName,
+          "Please provide a 'ca name', for the certificates' CN field. This should be in the format, 'CN=ca/DC=example/DC=com' for 'ca.example.com'"
+      end
+    # Generate Private Key
+      if bits < 2048
+        raise EasyRSA::CA::BitLengthToWeak,
+          "Please select a bit length greater than 2048. Default is 4096. You chose '#{bits}'"
+      end
+      @ca_key = OpenSSL::PKey::RSA.new(bits)
+    # Instantiate a new certificate
+      @ca_cert = OpenSSL::X509::Certificate.new
+    # This cert should never be valid before now
+      @ca_cert.not_before = Time.now
+    # Set it to version
+      @ca_cert.version = 2
+    # Generate and assign the serial
+      @ca_cert.serial = 0
+      instance_eval(&block) if block_given?
+    end
+    def generate(validfor=10)
+    # Set the expiration date
+      @ca_cert.not_after = EasyRSA::years_from_now(validfor)
+    # Add the public key
+      @ca_cert.public_key = @ca_key.public_key
+    # Set the CA Cert Subject
+      @ca_cert.subject = @ca_name
+    # Set the CA Cert Subject
+      gen_issuer
+    # Add extensions
+      add_extensions
+    # Sign the cert
+      sign_cert
+      { key: @ca_key.to_pem, crt: @ca_cert.to_pem }
+    end
+    private
+    # Cert issuer details
+      def gen_issuer
+        @ca_cert.issuer = OpenSSL::X509::Name.parse("/C=#{EasyRSA::Config.country}/" \
+          "L=#{EasyRSA::Config.city}/O=#{EasyRSA::Config.company}/OU=#{EasyRSA::Config.orgunit}/" \
+          "CN=#{EasyRSA::Config.server}/name=#{EasyRSA::Config.orgunit}/" \
+          "emailAddress=#{EasyRSA::Config.email}")
+      end
+    # Add Extensions needed
+      def add_extensions
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = @ca_cert
+        ef.issuer_certificate = @ca_cert
+        @ca_cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash')
+        @ca_cert.add_extension ef.create_extension('basicConstraints', 'CA:TRUE', true)
+        @ca_cert.add_extension ef.create_extension('keyUsage', 'cRLSign,keyCertSign', true)
+      end
+    # Sign cert with CA key
+      def sign_cert
+        @ca_cert.sign @ca_key, OpenSSL::Digest::SHA256.new
+      end
+  end
+end

data/lib/easyrsa/certificate.rb CHANGED Viewed

@@ -60,7 +60,7 @@ module EasyRSA
     def generate(validfor=10)
       # Set the expiration date
-      @cert.not_after = years_from_now(validfor)
+      @cert.not_after = EasyRSA::years_from_now(validfor)
       # Add the public key
       @cert.public_key = @key.public_key
@@ -124,10 +124,6 @@ module EasyRSA
         "#{Time.now.strftime("%Y%m%d%H%M%S")}#{@id.unpack('c*').join.to_i}".to_i
       end
-      def years_from_now(i = 10)
-        Time.now + i * 365 * 24 * 60 * 60
-      end
       def sign_cert_with_ca
         @cert.sign @ca_key, OpenSSL::Digest::SHA256.new
       end

data/lib/easyrsa/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module EasyRSA
-  VERSION = '0.8.0'
+  VERSION = '0.8.5'
 end

data/spec/easyrsa/02_certificate_spec.rb CHANGED Viewed

@@ -38,7 +38,7 @@ describe EasyRSA::Certificate, 'Should' do
   end
-  it 'throw error when invalid ca key is passed' do
+  it 'throw error when bit length is too weak' do
     expect {
       EasyRSA::Certificate.new(@ca_cert, @ca_key, 'blah', 'blah@blah', 512)

data/spec/easyrsa/03_ca_spec.rb ADDED Viewed

@@ -0,0 +1,63 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+describe EasyRSA::CA, 'Should' do
+  include_context "shared environment"
+  before do
+    EasyRSA.configure do |issuer|
+      issuer.email = @email
+      issuer.server = @server
+      issuer.country = @country
+      issuer.city = @city
+      issuer.company = @company
+      issuer.orgunit = @orgunit
+    end
+  end
+  it 'throw error when arguments are missing' do
+    expect {
+      EasyRSA::CA.new
+    }.to raise_error(EasyRSA::CA::MissingParameter)
+  end
+  it 'throw error when invalid ca key is passed' do
+    expect {
+      EasyRSA::CA.new('sadfsdf')
+    }.to raise_error(EasyRSA::CA::InvalidCAName)
+  end
+  it 'throw error when bit length is too weak' do
+    expect {
+      EasyRSA::CA.new("CN=ca/DC=example", 512)
+    }.to raise_error(EasyRSA::CA::BitLengthToWeak)
+  end
+  it 'return keys successfully' do
+    easyrsa = EasyRSA::CA.new("CN=ca/DC=example")
+    g = easyrsa.generate
+    expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
+    expect(g[:crt]).to include('BEGIN CERTIFICATE')
+  end
+  it 'return successful in a block as well' do
+    g = {}
+    EasyRSA::CA.new("CN=ca/DC=example") do |c|
+      c.generate.each do |k, v|
+        g[k] = v
+      end
+    end
+    expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
+    expect(g[:crt]).to include('BEGIN CERTIFICATE')
+  end
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: easyrsa
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.5
 platform: ruby
 authors:
 - Mike Mackintosh
@@ -14,84 +14,98 @@ dependencies:
   name: openssl
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: fattr
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: paint
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: methadone
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Easily generate OpenVPN certificates without needing the easyrsa packaged
@@ -101,13 +115,15 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rock.yml
+- ".gitignore"
+- ".rock.yml"
 - Gemfile
 - LICENSE.txt
+- README.md
 - Rakefile
 - easyrsa.gemspec
 - lib/easyrsa.rb
+- lib/easyrsa/ca.rb
 - lib/easyrsa/certificate.rb
 - lib/easyrsa/config.rb
 - lib/easyrsa/version.rb
@@ -115,6 +131,7 @@ files:
 - spec/cakey.pem
 - spec/easyrsa/01_config_spec.rb
 - spec/easyrsa/02_certificate_spec.rb
+- spec/easyrsa/03_ca_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/mikemackintosh/ruby-easyrsa
 licenses:
@@ -126,17 +143,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.0.14
+rubygems_version: 2.2.2
 signing_key:
 specification_version: 4
 summary: EasyRSA interface for generating OpenVPN certificates
@@ -145,4 +162,5 @@ test_files:
 - spec/cakey.pem
 - spec/easyrsa/01_config_spec.rb
 - spec/easyrsa/02_certificate_spec.rb
+- spec/easyrsa/03_ca_spec.rb
 - spec/spec_helper.rb