easyrsa 0.8.0 → 0.8.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +67 -0
- data/easyrsa.gemspec +2 -1
- data/lib/easyrsa.rb +10 -0
- data/lib/easyrsa/ca.rb +96 -0
- data/lib/easyrsa/certificate.rb +1 -5
- data/lib/easyrsa/version.rb +1 -1
- data/spec/easyrsa/02_certificate_spec.rb +1 -1
- data/spec/easyrsa/03_ca_spec.rb +63 -0
- metadata +41 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3742312c40f8eb4d1d8764440fbbe194ceff36a9
|
4
|
+
data.tar.gz: f35d595436a145b81b1974019de0bdb1f57005dc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 045c72d676fcad6d830008a7403494716bd650a65501664fb3985056bb804a058d427e409064697a43291e0a2d3051efcc57e9b622fee812bbb190344dc38164
|
7
|
+
data.tar.gz: c0d2824fa7b381b25fa5697b7e011856da91ff300ebce56195b5959431252a817d498ac0d6ed318525ce16b74b56aa93b39737c04c9e7150bf08a72adcbf618d
|
data/README.md
ADDED
@@ -0,0 +1,67 @@
|
|
1
|
+
# ruby-easyrsa
|
2
|
+
[![Build Status](https://travis-ci.org/mikemackintosh/ruby-easyrsa.svg)](https://travis-ci.org/mikemackintosh/ruby-easyrsa)
|
3
|
+
|
4
|
+
[![](http://ruby-gem-downloads-badge.herokuapp.com/easyrsa?type=total)](https://rubygems.org/gems/easyrsa)
|
5
|
+
|
6
|
+
[![Dependency Status](https://gemnasium.com/mikemackintosh/ruby-easyrsa.svg)](https://gemnasium.com/mikemackintosh/ruby-easyrsa)
|
7
|
+
|
8
|
+
[![Gem Version](https://badge.fury.io/rb/easyrsa.svg)](https://rubygems.org/gems/easyrsa)
|
9
|
+
|
10
|
+
|
11
|
+
Generate OpenVPN certificate and keys with Ruby using this gem.
|
12
|
+
|
13
|
+
## Installation
|
14
|
+
|
15
|
+
Via command line use `gem`:
|
16
|
+
|
17
|
+
```shell
|
18
|
+
gem install easyrsa
|
19
|
+
```
|
20
|
+
|
21
|
+
or add it to your projects `Gemfile`:
|
22
|
+
```ruby
|
23
|
+
gem 'easyrsa'
|
24
|
+
```
|
25
|
+
|
26
|
+
and simply require it in your code:
|
27
|
+
|
28
|
+
```ruby
|
29
|
+
require 'easyrsa'
|
30
|
+
```
|
31
|
+
|
32
|
+
## Usage
|
33
|
+
|
34
|
+
First, set your issuer configuration like so:
|
35
|
+
|
36
|
+
```ruby
|
37
|
+
EasyRSA.configure do |issuer|
|
38
|
+
issuer.email = 'support@company.com'
|
39
|
+
issuer.server = 'vpnserver.company.com'
|
40
|
+
issuer.country = 'US'
|
41
|
+
issuer.city = 'New York'
|
42
|
+
issuer.company = 'My Company'
|
43
|
+
issuer.orgunit = 'IT'
|
44
|
+
end
|
45
|
+
```
|
46
|
+
|
47
|
+
then use the `EasyRSA::Certificate` class to generate the certificate:
|
48
|
+
|
49
|
+
```ruby
|
50
|
+
cn = 'Users Common Name'
|
51
|
+
email = 'users-common-name@company.com'
|
52
|
+
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, cn, email)
|
53
|
+
g = easyrsa.generate
|
54
|
+
#=> [:key => '...RSA KEY...', :crt => '...CERTIFICATE...']
|
55
|
+
```
|
56
|
+
|
57
|
+
>**Note** `ca_cert` and `ca_key` should point to the same certificate and keys that are included in your OpenVPN configuration file.
|
58
|
+
|
59
|
+
## Generate the CA files
|
60
|
+
|
61
|
+
The following can be used to create a Certificate Authority:
|
62
|
+
|
63
|
+
```ruby
|
64
|
+
ca = EasyRSA::CA.new('CN=openvpn/DC=example/DC=com')
|
65
|
+
g = ca.generate
|
66
|
+
#=> [:key => '...RSA KEY...', :crt => '...CERTIFICATE...']
|
67
|
+
```
|
data/easyrsa.gemspec
CHANGED
@@ -25,10 +25,11 @@ Gem::Specification.new do |s|
|
|
25
25
|
|
26
26
|
s.add_dependency 'openssl'
|
27
27
|
s.add_dependency 'fattr'
|
28
|
+
s.add_dependency 'paint'
|
29
|
+
s.add_dependency 'methadone'
|
28
30
|
|
29
31
|
s.add_development_dependency "bundler"
|
30
32
|
s.add_development_dependency "rake"
|
31
33
|
s.add_development_dependency "rspec"
|
32
|
-
s.add_development_dependency "webmock"
|
33
34
|
|
34
35
|
end
|
data/lib/easyrsa.rb
CHANGED
@@ -4,11 +4,16 @@ require 'fattr'
|
|
4
4
|
require 'easyrsa/version'
|
5
5
|
require 'easyrsa/config'
|
6
6
|
require 'easyrsa/certificate'
|
7
|
+
require 'easyrsa/ca'
|
8
|
+
require 'easyrsa/cli'
|
9
|
+
#require 'easyrsa/revoke'
|
7
10
|
|
8
11
|
module EasyRSA
|
9
12
|
|
13
|
+
# Extend Self
|
10
14
|
extend self
|
11
15
|
|
16
|
+
# The Configure Block
|
12
17
|
def configure
|
13
18
|
block_given? ? yield(Config) : Config
|
14
19
|
%w(email server country city company orgunit).each do |key|
|
@@ -21,4 +26,9 @@ module EasyRSA
|
|
21
26
|
end
|
22
27
|
alias_method :config, :configure
|
23
28
|
|
29
|
+
# Helper for years from now
|
30
|
+
def years_from_now(i = 10)
|
31
|
+
Time.now + i * 365 * 24 * 60 * 60
|
32
|
+
end
|
33
|
+
|
24
34
|
end
|
data/lib/easyrsa/ca.rb
ADDED
@@ -0,0 +1,96 @@
|
|
1
|
+
module EasyRSA
|
2
|
+
class CA
|
3
|
+
|
4
|
+
class BitLengthToWeak < RuntimeError; end
|
5
|
+
class InvalidCAName < RuntimeError; end
|
6
|
+
class MissingParameter < RuntimeError; end
|
7
|
+
|
8
|
+
def initialize(ca_name=nil, bits=4096, &block)
|
9
|
+
|
10
|
+
# CA Name to generate cert for
|
11
|
+
begin
|
12
|
+
if ca_name.eql? nil
|
13
|
+
raise EasyRSA::CA::MissingParameter,
|
14
|
+
"Please provide a 'ca name', for the certificates' CN field. This should be in the format, 'CN=ca/DC=example/DC=com' for 'ca.example.com'"
|
15
|
+
end
|
16
|
+
@ca_name = OpenSSL::X509::Name.parse ca_name
|
17
|
+
rescue TypeError => e
|
18
|
+
fail EasyRSA::CA::InvalidCAName,
|
19
|
+
"Please provide a 'ca name', for the certificates' CN field. This should be in the format, 'CN=ca/DC=example/DC=com' for 'ca.example.com'"
|
20
|
+
end
|
21
|
+
|
22
|
+
# Generate Private Key
|
23
|
+
if bits < 2048
|
24
|
+
raise EasyRSA::CA::BitLengthToWeak,
|
25
|
+
"Please select a bit length greater than 2048. Default is 4096. You chose '#{bits}'"
|
26
|
+
end
|
27
|
+
@ca_key = OpenSSL::PKey::RSA.new(bits)
|
28
|
+
|
29
|
+
# Instantiate a new certificate
|
30
|
+
@ca_cert = OpenSSL::X509::Certificate.new
|
31
|
+
|
32
|
+
# This cert should never be valid before now
|
33
|
+
@ca_cert.not_before = Time.now
|
34
|
+
|
35
|
+
# Set it to version
|
36
|
+
@ca_cert.version = 2
|
37
|
+
|
38
|
+
# Generate and assign the serial
|
39
|
+
@ca_cert.serial = 0
|
40
|
+
|
41
|
+
instance_eval(&block) if block_given?
|
42
|
+
end
|
43
|
+
|
44
|
+
def generate(validfor=10)
|
45
|
+
|
46
|
+
# Set the expiration date
|
47
|
+
@ca_cert.not_after = EasyRSA::years_from_now(validfor)
|
48
|
+
|
49
|
+
# Add the public key
|
50
|
+
@ca_cert.public_key = @ca_key.public_key
|
51
|
+
|
52
|
+
# Set the CA Cert Subject
|
53
|
+
@ca_cert.subject = @ca_name
|
54
|
+
|
55
|
+
# Set the CA Cert Subject
|
56
|
+
gen_issuer
|
57
|
+
|
58
|
+
# Add extensions
|
59
|
+
add_extensions
|
60
|
+
|
61
|
+
# Sign the cert
|
62
|
+
sign_cert
|
63
|
+
|
64
|
+
{ key: @ca_key.to_pem, crt: @ca_cert.to_pem }
|
65
|
+
|
66
|
+
end
|
67
|
+
|
68
|
+
private
|
69
|
+
|
70
|
+
# Cert issuer details
|
71
|
+
def gen_issuer
|
72
|
+
@ca_cert.issuer = OpenSSL::X509::Name.parse("/C=#{EasyRSA::Config.country}/" \
|
73
|
+
"L=#{EasyRSA::Config.city}/O=#{EasyRSA::Config.company}/OU=#{EasyRSA::Config.orgunit}/" \
|
74
|
+
"CN=#{EasyRSA::Config.server}/name=#{EasyRSA::Config.orgunit}/" \
|
75
|
+
"emailAddress=#{EasyRSA::Config.email}")
|
76
|
+
end
|
77
|
+
|
78
|
+
# Add Extensions needed
|
79
|
+
def add_extensions
|
80
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
81
|
+
ef.subject_certificate = @ca_cert
|
82
|
+
ef.issuer_certificate = @ca_cert
|
83
|
+
|
84
|
+
@ca_cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash')
|
85
|
+
@ca_cert.add_extension ef.create_extension('basicConstraints', 'CA:TRUE', true)
|
86
|
+
@ca_cert.add_extension ef.create_extension('keyUsage', 'cRLSign,keyCertSign', true)
|
87
|
+
|
88
|
+
end
|
89
|
+
|
90
|
+
# Sign cert with CA key
|
91
|
+
def sign_cert
|
92
|
+
@ca_cert.sign @ca_key, OpenSSL::Digest::SHA256.new
|
93
|
+
end
|
94
|
+
|
95
|
+
end
|
96
|
+
end
|
data/lib/easyrsa/certificate.rb
CHANGED
@@ -60,7 +60,7 @@ module EasyRSA
|
|
60
60
|
def generate(validfor=10)
|
61
61
|
|
62
62
|
# Set the expiration date
|
63
|
-
@cert.not_after = years_from_now(validfor)
|
63
|
+
@cert.not_after = EasyRSA::years_from_now(validfor)
|
64
64
|
|
65
65
|
# Add the public key
|
66
66
|
@cert.public_key = @key.public_key
|
@@ -124,10 +124,6 @@ module EasyRSA
|
|
124
124
|
"#{Time.now.strftime("%Y%m%d%H%M%S")}#{@id.unpack('c*').join.to_i}".to_i
|
125
125
|
end
|
126
126
|
|
127
|
-
def years_from_now(i = 10)
|
128
|
-
Time.now + i * 365 * 24 * 60 * 60
|
129
|
-
end
|
130
|
-
|
131
127
|
def sign_cert_with_ca
|
132
128
|
@cert.sign @ca_key, OpenSSL::Digest::SHA256.new
|
133
129
|
end
|
data/lib/easyrsa/version.rb
CHANGED
@@ -0,0 +1,63 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
2
|
+
|
3
|
+
describe EasyRSA::CA, 'Should' do
|
4
|
+
include_context "shared environment"
|
5
|
+
|
6
|
+
before do
|
7
|
+
EasyRSA.configure do |issuer|
|
8
|
+
issuer.email = @email
|
9
|
+
issuer.server = @server
|
10
|
+
issuer.country = @country
|
11
|
+
issuer.city = @city
|
12
|
+
issuer.company = @company
|
13
|
+
issuer.orgunit = @orgunit
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'throw error when arguments are missing' do
|
18
|
+
expect {
|
19
|
+
EasyRSA::CA.new
|
20
|
+
}.to raise_error(EasyRSA::CA::MissingParameter)
|
21
|
+
end
|
22
|
+
|
23
|
+
it 'throw error when invalid ca key is passed' do
|
24
|
+
|
25
|
+
expect {
|
26
|
+
EasyRSA::CA.new('sadfsdf')
|
27
|
+
}.to raise_error(EasyRSA::CA::InvalidCAName)
|
28
|
+
|
29
|
+
end
|
30
|
+
|
31
|
+
it 'throw error when bit length is too weak' do
|
32
|
+
|
33
|
+
expect {
|
34
|
+
EasyRSA::CA.new("CN=ca/DC=example", 512)
|
35
|
+
}.to raise_error(EasyRSA::CA::BitLengthToWeak)
|
36
|
+
|
37
|
+
end
|
38
|
+
|
39
|
+
it 'return keys successfully' do
|
40
|
+
|
41
|
+
easyrsa = EasyRSA::CA.new("CN=ca/DC=example")
|
42
|
+
g = easyrsa.generate
|
43
|
+
|
44
|
+
expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
|
45
|
+
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
46
|
+
|
47
|
+
end
|
48
|
+
|
49
|
+
|
50
|
+
it 'return successful in a block as well' do
|
51
|
+
g = {}
|
52
|
+
EasyRSA::CA.new("CN=ca/DC=example") do |c|
|
53
|
+
c.generate.each do |k, v|
|
54
|
+
g[k] = v
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
|
59
|
+
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
60
|
+
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: easyrsa
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Mackintosh
|
@@ -14,84 +14,98 @@ dependencies:
|
|
14
14
|
name: openssl
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- -
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: fattr
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '0'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
42
|
+
name: paint
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- -
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
47
|
version: '0'
|
48
|
-
type: :
|
48
|
+
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- -
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
56
|
+
name: methadone
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- -
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: bundler
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
60
74
|
- !ruby/object:Gem::Version
|
61
75
|
version: '0'
|
62
76
|
type: :development
|
63
77
|
prerelease: false
|
64
78
|
version_requirements: !ruby/object:Gem::Requirement
|
65
79
|
requirements:
|
66
|
-
- -
|
80
|
+
- - ">="
|
67
81
|
- !ruby/object:Gem::Version
|
68
82
|
version: '0'
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
|
-
name:
|
84
|
+
name: rake
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
72
86
|
requirements:
|
73
|
-
- -
|
87
|
+
- - ">="
|
74
88
|
- !ruby/object:Gem::Version
|
75
89
|
version: '0'
|
76
90
|
type: :development
|
77
91
|
prerelease: false
|
78
92
|
version_requirements: !ruby/object:Gem::Requirement
|
79
93
|
requirements:
|
80
|
-
- -
|
94
|
+
- - ">="
|
81
95
|
- !ruby/object:Gem::Version
|
82
96
|
version: '0'
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
|
-
name:
|
98
|
+
name: rspec
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
86
100
|
requirements:
|
87
|
-
- -
|
101
|
+
- - ">="
|
88
102
|
- !ruby/object:Gem::Version
|
89
103
|
version: '0'
|
90
104
|
type: :development
|
91
105
|
prerelease: false
|
92
106
|
version_requirements: !ruby/object:Gem::Requirement
|
93
107
|
requirements:
|
94
|
-
- -
|
108
|
+
- - ">="
|
95
109
|
- !ruby/object:Gem::Version
|
96
110
|
version: '0'
|
97
111
|
description: Easily generate OpenVPN certificates without needing the easyrsa packaged
|
@@ -101,13 +115,15 @@ executables: []
|
|
101
115
|
extensions: []
|
102
116
|
extra_rdoc_files: []
|
103
117
|
files:
|
104
|
-
- .gitignore
|
105
|
-
- .rock.yml
|
118
|
+
- ".gitignore"
|
119
|
+
- ".rock.yml"
|
106
120
|
- Gemfile
|
107
121
|
- LICENSE.txt
|
122
|
+
- README.md
|
108
123
|
- Rakefile
|
109
124
|
- easyrsa.gemspec
|
110
125
|
- lib/easyrsa.rb
|
126
|
+
- lib/easyrsa/ca.rb
|
111
127
|
- lib/easyrsa/certificate.rb
|
112
128
|
- lib/easyrsa/config.rb
|
113
129
|
- lib/easyrsa/version.rb
|
@@ -115,6 +131,7 @@ files:
|
|
115
131
|
- spec/cakey.pem
|
116
132
|
- spec/easyrsa/01_config_spec.rb
|
117
133
|
- spec/easyrsa/02_certificate_spec.rb
|
134
|
+
- spec/easyrsa/03_ca_spec.rb
|
118
135
|
- spec/spec_helper.rb
|
119
136
|
homepage: http://github.com/mikemackintosh/ruby-easyrsa
|
120
137
|
licenses:
|
@@ -126,17 +143,17 @@ require_paths:
|
|
126
143
|
- lib
|
127
144
|
required_ruby_version: !ruby/object:Gem::Requirement
|
128
145
|
requirements:
|
129
|
-
- -
|
146
|
+
- - ">="
|
130
147
|
- !ruby/object:Gem::Version
|
131
148
|
version: '0'
|
132
149
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
133
150
|
requirements:
|
134
|
-
- -
|
151
|
+
- - ">="
|
135
152
|
- !ruby/object:Gem::Version
|
136
153
|
version: '0'
|
137
154
|
requirements: []
|
138
155
|
rubyforge_project:
|
139
|
-
rubygems_version: 2.
|
156
|
+
rubygems_version: 2.2.2
|
140
157
|
signing_key:
|
141
158
|
specification_version: 4
|
142
159
|
summary: EasyRSA interface for generating OpenVPN certificates
|
@@ -145,4 +162,5 @@ test_files:
|
|
145
162
|
- spec/cakey.pem
|
146
163
|
- spec/easyrsa/01_config_spec.rb
|
147
164
|
- spec/easyrsa/02_certificate_spec.rb
|
165
|
+
- spec/easyrsa/03_ca_spec.rb
|
148
166
|
- spec/spec_helper.rb
|