easyrsa 0.8.0 → 0.8.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9ada5a7e2f566650ae8026337014a26b49edbdab
-  data.tar.gz: 65e56567acfec259aaa97c4316ce120e6efeea02
+  metadata.gz: 3742312c40f8eb4d1d8764440fbbe194ceff36a9
+  data.tar.gz: f35d595436a145b81b1974019de0bdb1f57005dc
 SHA512:
-  metadata.gz: 4f6cd1854b8cf83e0eff3b076949fc2749356b8f59c0be413cc29bc1ce376d685f66d6dff8333c126692f0ff7f1629d93d9b2cab68b1bca4bb525ed5813bc2d1
-  data.tar.gz: 7a03dc59b07b8b892870f358c00f8a6f2732f04738e089e502f3ca73a816074c4ee991b16394c959d4863bfa0374292a320f84d5506b5d10c827cba364c7fa90
+  metadata.gz: 045c72d676fcad6d830008a7403494716bd650a65501664fb3985056bb804a058d427e409064697a43291e0a2d3051efcc57e9b622fee812bbb190344dc38164
+  data.tar.gz: c0d2824fa7b381b25fa5697b7e011856da91ff300ebce56195b5959431252a817d498ac0d6ed318525ce16b74b56aa93b39737c04c9e7150bf08a72adcbf618d

data/README.md

@@ -0,0 +1,67 @@
+# ruby-easyrsa
+[![Build Status](https://travis-ci.org/mikemackintosh/ruby-easyrsa.svg)](https://travis-ci.org/mikemackintosh/ruby-easyrsa)
+
+[![](http://ruby-gem-downloads-badge.herokuapp.com/easyrsa?type=total)](https://rubygems.org/gems/easyrsa)
+
+[![Dependency Status](https://gemnasium.com/mikemackintosh/ruby-easyrsa.svg)](https://gemnasium.com/mikemackintosh/ruby-easyrsa)
+
+[![Gem Version](https://badge.fury.io/rb/easyrsa.svg)](https://rubygems.org/gems/easyrsa)
+
+
+Generate OpenVPN certificate and keys with Ruby using this gem.
+
+## Installation
+
+Via command line use `gem`:
+
+```shell
+gem install easyrsa
+```
+
+or add it to your projects `Gemfile`:
+```ruby
+gem 'easyrsa'
+```
+
+and simply require it in your code:
+
+```ruby
+require 'easyrsa'
+```
+
+## Usage
+
+First, set your issuer configuration like so:
+
+```ruby
+EasyRSA.configure do |issuer|
+  issuer.email = 'support@company.com'
+  issuer.server = 'vpnserver.company.com'
+  issuer.country = 'US'
+  issuer.city = 'New York'
+  issuer.company = 'My Company'
+  issuer.orgunit = 'IT'
+end
+```
+
+then use the `EasyRSA::Certificate` class to generate the certificate:
+
+```ruby
+cn = 'Users Common Name'
+email = 'users-common-name@company.com'
+easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, cn, email)
+g = easyrsa.generate
+ #=> [:key => '...RSA KEY...', :crt => '...CERTIFICATE...']
+```
+
+>**Note** `ca_cert` and `ca_key` should point to the same certificate and keys that are included in your OpenVPN configuration file.
+
+## Generate the CA files
+
+The following can be used to create a Certificate Authority:
+
+```ruby
+ca = EasyRSA::CA.new('CN=openvpn/DC=example/DC=com')
+g = ca.generate
+ #=> [:key => '...RSA KEY...', :crt => '...CERTIFICATE...']
+```

data/easyrsa.gemspec

@@ -25,10 +25,11 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'openssl'
   s.add_dependency 'fattr'
+  s.add_dependency 'paint'
+  s.add_dependency 'methadone'
 
   s.add_development_dependency "bundler"
   s.add_development_dependency "rake"
   s.add_development_dependency "rspec"
-  s.add_development_dependency "webmock"
 
 end

data/lib/easyrsa.rb

@@ -4,11 +4,16 @@ require 'fattr'
 require 'easyrsa/version'
 require 'easyrsa/config'
 require 'easyrsa/certificate'
+require 'easyrsa/ca'
+require 'easyrsa/cli'
+#require 'easyrsa/revoke'
 
 module EasyRSA
 
+# Extend Self
   extend self
 
+# The Configure Block
   def configure
     block_given? ? yield(Config) : Config
     %w(email server country city company orgunit).each do |key|
@@ -21,4 +26,9 @@ module EasyRSA
   end
   alias_method :config, :configure
 
+# Helper for years from now
+  def years_from_now(i = 10)
+    Time.now + i * 365 * 24 * 60 * 60
+  end
+
 end

data/lib/easyrsa/ca.rb

@@ -0,0 +1,96 @@
+module EasyRSA
+  class CA
+
+    class BitLengthToWeak < RuntimeError; end
+    class InvalidCAName < RuntimeError; end
+    class MissingParameter < RuntimeError; end
+
+    def initialize(ca_name=nil, bits=4096, &block)
+
+    # CA Name to generate cert for
+      begin
+        if ca_name.eql? nil
+          raise EasyRSA::CA::MissingParameter,
+            "Please provide a 'ca name', for the certificates' CN field. This should be in the format, 'CN=ca/DC=example/DC=com' for 'ca.example.com'"
+        end
+        @ca_name = OpenSSL::X509::Name.parse ca_name
+      rescue TypeError => e
+        fail EasyRSA::CA::InvalidCAName, 
+          "Please provide a 'ca name', for the certificates' CN field. This should be in the format, 'CN=ca/DC=example/DC=com' for 'ca.example.com'"
+      end
+    
+    # Generate Private Key
+      if bits < 2048
+        raise EasyRSA::CA::BitLengthToWeak,
+          "Please select a bit length greater than 2048. Default is 4096. You chose '#{bits}'"
+      end      
+      @ca_key = OpenSSL::PKey::RSA.new(bits)
+
+    # Instantiate a new certificate
+      @ca_cert = OpenSSL::X509::Certificate.new
+
+    # This cert should never be valid before now
+      @ca_cert.not_before = Time.now
+
+    # Set it to version
+      @ca_cert.version = 2     
+    
+    # Generate and assign the serial
+      @ca_cert.serial = 0
+
+      instance_eval(&block) if block_given?
+    end
+
+    def generate(validfor=10)
+  
+    # Set the expiration date
+      @ca_cert.not_after = EasyRSA::years_from_now(validfor)
+
+    # Add the public key
+      @ca_cert.public_key = @ca_key.public_key
+
+    # Set the CA Cert Subject
+      @ca_cert.subject = @ca_name
+
+    # Set the CA Cert Subject
+      gen_issuer
+
+    # Add extensions
+      add_extensions
+
+    # Sign the cert
+      sign_cert
+
+      { key: @ca_key.to_pem, crt: @ca_cert.to_pem }
+
+    end
+
+    private
+
+    # Cert issuer details
+      def gen_issuer
+        @ca_cert.issuer = OpenSSL::X509::Name.parse("/C=#{EasyRSA::Config.country}/" \
+          "L=#{EasyRSA::Config.city}/O=#{EasyRSA::Config.company}/OU=#{EasyRSA::Config.orgunit}/" \
+          "CN=#{EasyRSA::Config.server}/name=#{EasyRSA::Config.orgunit}/" \
+          "emailAddress=#{EasyRSA::Config.email}")
+      end
+
+    # Add Extensions needed
+      def add_extensions
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = @ca_cert
+        ef.issuer_certificate = @ca_cert
+
+        @ca_cert.add_extension ef.create_extension('subjectKeyIdentifier', 'hash')
+        @ca_cert.add_extension ef.create_extension('basicConstraints', 'CA:TRUE', true)
+        @ca_cert.add_extension ef.create_extension('keyUsage', 'cRLSign,keyCertSign', true)
+
+      end
+
+    # Sign cert with CA key
+      def sign_cert
+        @ca_cert.sign @ca_key, OpenSSL::Digest::SHA256.new
+      end
+
+  end
+end

data/lib/easyrsa/certificate.rb

@@ -60,7 +60,7 @@ module EasyRSA
     def generate(validfor=10)
   
       # Set the expiration date
-      @cert.not_after = years_from_now(validfor)
+      @cert.not_after = EasyRSA::years_from_now(validfor)
 
       # Add the public key
       @cert.public_key = @key.public_key
@@ -124,10 +124,6 @@ module EasyRSA
         "#{Time.now.strftime("%Y%m%d%H%M%S")}#{@id.unpack('c*').join.to_i}".to_i
       end
 
-      def years_from_now(i = 10)
-        Time.now + i * 365 * 24 * 60 * 60
-      end
-
       def sign_cert_with_ca
         @cert.sign @ca_key, OpenSSL::Digest::SHA256.new
       end

data/lib/easyrsa/version.rb

@@ -1,3 +1,3 @@
 module EasyRSA
-  VERSION = '0.8.0'
+  VERSION = '0.8.5'
 end

data/spec/easyrsa/02_certificate_spec.rb

@@ -38,7 +38,7 @@ describe EasyRSA::Certificate, 'Should' do
 
   end
 
-  it 'throw error when invalid ca key is passed' do
+  it 'throw error when bit length is too weak' do
 
     expect {
       EasyRSA::Certificate.new(@ca_cert, @ca_key, 'blah', 'blah@blah', 512)

data/spec/easyrsa/03_ca_spec.rb

@@ -0,0 +1,63 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+
+describe EasyRSA::CA, 'Should' do
+  include_context "shared environment"
+
+  before do
+    EasyRSA.configure do |issuer|
+      issuer.email = @email
+      issuer.server = @server
+      issuer.country = @country
+      issuer.city = @city
+      issuer.company = @company
+      issuer.orgunit = @orgunit
+    end
+  end
+
+  it 'throw error when arguments are missing' do
+    expect {
+      EasyRSA::CA.new
+    }.to raise_error(EasyRSA::CA::MissingParameter)
+  end
+
+  it 'throw error when invalid ca key is passed' do
+
+    expect {
+      EasyRSA::CA.new('sadfsdf')
+    }.to raise_error(EasyRSA::CA::InvalidCAName)
+
+  end
+
+  it 'throw error when bit length is too weak' do
+
+    expect {
+      EasyRSA::CA.new("CN=ca/DC=example", 512)
+    }.to raise_error(EasyRSA::CA::BitLengthToWeak)
+
+  end
+
+  it 'return keys successfully' do
+
+    easyrsa = EasyRSA::CA.new("CN=ca/DC=example")
+    g = easyrsa.generate
+
+    expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
+    expect(g[:crt]).to include('BEGIN CERTIFICATE')    
+
+  end
+
+
+  it 'return successful in a block as well' do
+    g = {}
+    EasyRSA::CA.new("CN=ca/DC=example") do |c|
+      c.generate.each do |k, v|
+        g[k] = v
+      end
+    end
+
+    expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
+    expect(g[:crt]).to include('BEGIN CERTIFICATE')    
+
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: easyrsa
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.5
 platform: ruby
 authors:
 - Mike Mackintosh
@@ -14,84 +14,98 @@ dependencies:
   name: openssl
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: fattr
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: paint
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: methadone
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Easily generate OpenVPN certificates without needing the easyrsa packaged
@@ -101,13 +115,15 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rock.yml
+- ".gitignore"
+- ".rock.yml"
 - Gemfile
 - LICENSE.txt
+- README.md
 - Rakefile
 - easyrsa.gemspec
 - lib/easyrsa.rb
+- lib/easyrsa/ca.rb
 - lib/easyrsa/certificate.rb
 - lib/easyrsa/config.rb
 - lib/easyrsa/version.rb
@@ -115,6 +131,7 @@ files:
 - spec/cakey.pem
 - spec/easyrsa/01_config_spec.rb
 - spec/easyrsa/02_certificate_spec.rb
+- spec/easyrsa/03_ca_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/mikemackintosh/ruby-easyrsa
 licenses:
@@ -126,17 +143,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: EasyRSA interface for generating OpenVPN certificates
@@ -145,4 +162,5 @@ test_files:
 - spec/cakey.pem
 - spec/easyrsa/01_config_spec.rb
 - spec/easyrsa/02_certificate_spec.rb
+- spec/easyrsa/03_ca_spec.rb
 - spec/spec_helper.rb