easyrsa 0.9.4 → 0.9.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +2 -1
- data/Makefile +21 -0
- data/README.md +3 -1
- data/Rakefile +1 -1
- data/easyrsa.gemspec +8 -8
- data/lib/easyrsa.rb +11 -5
- data/lib/easyrsa/ca.rb +12 -5
- data/lib/easyrsa/certificate.rb +10 -3
- data/lib/easyrsa/config.rb +2 -2
- data/lib/easyrsa/version.rb +1 -1
- data/spec/easyrsa/01_config_spec.rb +1 -1
- data/spec/easyrsa/02_certificate_spec.rb +32 -9
- data/spec/easyrsa/03_ca_spec.rb +3 -3
- data/spec/easyrsa/04_revocation_spec.rb +1 -1
- data/spec/spec_helper.rb +6 -4
- metadata +3 -3
- data/.rock.yml +0 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1c2db93736f5e5d6b66ed2fab4e7f35645ea795c
|
|
4
|
+
data.tar.gz: 08f19e69d1f991a99c1e719083c3149e7d506b6d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0f5816c6d68b7fd88095fb7058a70b8e413a023bd9873aff5bee79bf279318fe021ecb3072c1da3de8b5df70d78eb4bd47eb7224487fd89cf104525c89e7a8ef
|
|
7
|
+
data.tar.gz: 50ad779ab439ac14fd075f28706359878736a40de52ce030591ce4510666e205723a83d6191def02cf5d111f1a1ff7bd12509a1f1d56c1da0687749fb5fa1639
|
data/.gitignore
CHANGED
data/Makefile
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
GEM := $(shell which gem)
|
|
2
|
+
BUNDLE := $(shell which bundle)
|
|
3
|
+
|
|
4
|
+
all: clear build push
|
|
5
|
+
|
|
6
|
+
clear:
|
|
7
|
+
rm -rf *.gem
|
|
8
|
+
|
|
9
|
+
init:
|
|
10
|
+
$(BUNDLE) install --path=vendor/bundle
|
|
11
|
+
|
|
12
|
+
build:
|
|
13
|
+
$(GEM) build easyrsa.gemspec
|
|
14
|
+
|
|
15
|
+
push: build
|
|
16
|
+
$(GEM) push *.gem
|
|
17
|
+
|
|
18
|
+
test:
|
|
19
|
+
$(BUNDLE) exec rake test
|
|
20
|
+
|
|
21
|
+
gem: test build push
|
data/README.md
CHANGED
|
@@ -36,8 +36,10 @@ First, set your issuer configuration like so:
|
|
|
36
36
|
```ruby
|
|
37
37
|
EasyRSA.configure do |issuer|
|
|
38
38
|
issuer.email = 'support@company.com'
|
|
39
|
+
issuer.name = 'MrKickass'
|
|
39
40
|
issuer.server = 'vpnserver.company.com'
|
|
40
41
|
issuer.country = 'US'
|
|
42
|
+
issuer.state = 'NY'
|
|
41
43
|
issuer.city = 'New York'
|
|
42
44
|
issuer.company = 'My Company'
|
|
43
45
|
issuer.orgunit = 'IT'
|
|
@@ -92,4 +94,4 @@ easyrsa = EasyRSA::DH.new
|
|
|
92
94
|
g = easyrsa.generate
|
|
93
95
|
puts g
|
|
94
96
|
#=> -----BEGIN DH PARAMETERS-----
|
|
95
|
-
```
|
|
97
|
+
```
|
data/Rakefile
CHANGED
data/easyrsa.gemspec
CHANGED
|
@@ -8,17 +8,17 @@ Gem::Specification.new do |s|
|
|
|
8
8
|
|
|
9
9
|
s.name = 'easyrsa'
|
|
10
10
|
s.version = EasyRSA::VERSION
|
|
11
|
-
s.date = '
|
|
12
|
-
s.summary =
|
|
13
|
-
s.description =
|
|
14
|
-
s.authors = [
|
|
11
|
+
s.date = Time.now.to_s.split(' ').first
|
|
12
|
+
s.summary = 'EasyRSA interface for generating OpenVPN certificates'
|
|
13
|
+
s.description = 'Easily generate OpenVPN certificates without needing the easyrsa packaged scripts'
|
|
14
|
+
s.authors = ['Mike Mackintosh']
|
|
15
15
|
s.email = 'm@zyp.io'
|
|
16
16
|
s.homepage =
|
|
17
17
|
'http://github.com/mikemackintosh/ruby-easyrsa'
|
|
18
18
|
|
|
19
19
|
s.license = 'MIT'
|
|
20
20
|
|
|
21
|
-
s.require_paths = [
|
|
21
|
+
s.require_paths = ['lib']
|
|
22
22
|
s.files = `git ls-files -z`.split("\x0")
|
|
23
23
|
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
|
24
24
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
@@ -26,8 +26,8 @@ Gem::Specification.new do |s|
|
|
|
26
26
|
s.add_dependency 'paint'
|
|
27
27
|
s.add_dependency 'methadone'
|
|
28
28
|
|
|
29
|
-
s.add_development_dependency
|
|
30
|
-
s.add_development_dependency
|
|
31
|
-
s.add_development_dependency
|
|
29
|
+
s.add_development_dependency 'bundler'
|
|
30
|
+
s.add_development_dependency 'rake'
|
|
31
|
+
s.add_development_dependency 'rspec'
|
|
32
32
|
|
|
33
33
|
end
|
data/lib/easyrsa.rb
CHANGED
|
@@ -33,16 +33,22 @@ module EasyRSA
|
|
|
33
33
|
|
|
34
34
|
# Helper for issuer details
|
|
35
35
|
def gen_issuer
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
36
|
+
name = "/C=#{EasyRSA::Config.country}"
|
|
37
|
+
name += "/ST=#{EasyRSA::Config.state}" unless !EasyRSA::Config.state || EasyRSA::Config.state.empty?
|
|
38
|
+
name += "/L=#{EasyRSA::Config.city}"
|
|
39
|
+
name += "/O=#{EasyRSA::Config.company}"
|
|
40
|
+
name += "/OU=#{EasyRSA::Config.orgunit}"
|
|
41
|
+
name += "/CN=#{EasyRSA::Config.server}"
|
|
42
|
+
name += "/name=#{EasyRSA::Config.name}" unless !EasyRSA::Config.name || EasyRSA::Config.name.empty?
|
|
43
|
+
name += "/emailAddress=#{EasyRSA::Config.email}"
|
|
44
|
+
|
|
45
|
+
OpenSSL::X509::Name.parse(name)
|
|
40
46
|
end
|
|
41
47
|
|
|
42
48
|
# Helper for generating serials
|
|
43
49
|
def gen_serial(id)
|
|
44
50
|
# Must always be unique, so we do date and id's chars
|
|
45
|
-
"#{Time.now.strftime(
|
|
51
|
+
"#{Time.now.strftime('%Y%m%d%H%M%S')}#{id.unpack('c*').join.to_i}".to_i
|
|
46
52
|
end
|
|
47
53
|
|
|
48
54
|
end
|
data/lib/easyrsa/ca.rb
CHANGED
|
@@ -69,10 +69,17 @@ module EasyRSA
|
|
|
69
69
|
|
|
70
70
|
# Cert issuer details
|
|
71
71
|
def gen_issuer
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
72
|
+
name = "/C=#{EasyRSA::Config.country}"
|
|
73
|
+
name += "/ST=#{EasyRSA::Config.state}" unless !EasyRSA::Config.state || EasyRSA::Config.state.empty?
|
|
74
|
+
name += "/L=#{EasyRSA::Config.city}"
|
|
75
|
+
name += "/O=#{EasyRSA::Config.company}"
|
|
76
|
+
name += "/OU=#{EasyRSA::Config.orgunit}"
|
|
77
|
+
name += "/CN=#{EasyRSA::Config.server}"
|
|
78
|
+
name += "/name=#{EasyRSA::Config.name}" unless !EasyRSA::Config.name || EasyRSA::Config.name.empty?
|
|
79
|
+
name += "/name=#{EasyRSA::Config.orgunit}" if !EasyRSA::Config.name || EasyRSA::Config.name.empty?
|
|
80
|
+
name += "/emailAddress=#{EasyRSA::Config.email}"
|
|
81
|
+
|
|
82
|
+
@ca_cert.issuer = OpenSSL::X509::Name.parse(name)
|
|
76
83
|
end
|
|
77
84
|
|
|
78
85
|
# Add Extensions needed
|
|
@@ -93,4 +100,4 @@ module EasyRSA
|
|
|
93
100
|
end
|
|
94
101
|
|
|
95
102
|
end
|
|
96
|
-
end
|
|
103
|
+
end
|
data/lib/easyrsa/certificate.rb
CHANGED
|
@@ -103,9 +103,16 @@ module EasyRSA
|
|
|
103
103
|
|
|
104
104
|
# Cert subject for End-User
|
|
105
105
|
def gen_subject
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
106
|
+
subject_name = "/C=#{EasyRSA::Config.country}"
|
|
107
|
+
subject_name += "/ST=#{EasyRSA::Config.state}" unless !EasyRSA::Config.state || EasyRSA::Config.state.empty?
|
|
108
|
+
subject_name += "/L=#{EasyRSA::Config.city}"
|
|
109
|
+
subject_name += "/O=#{EasyRSA::Config.company}"
|
|
110
|
+
subject_name += "/OU=#{EasyRSA::Config.orgunit}"
|
|
111
|
+
subject_name += "/CN=#{@id}"
|
|
112
|
+
subject_name += "/name=#{EasyRSA::Config.name}" unless !EasyRSA::Config.name || EasyRSA::Config.name.empty?
|
|
113
|
+
subject_name += "/emailAddress=#{@email}"
|
|
114
|
+
|
|
115
|
+
@cert.subject = OpenSSL::X509::Name.parse(subject_name)
|
|
109
116
|
end
|
|
110
117
|
|
|
111
118
|
def add_extensions
|
data/lib/easyrsa/config.rb
CHANGED
|
@@ -5,7 +5,7 @@ module EasyRSA
|
|
|
5
5
|
|
|
6
6
|
extend self
|
|
7
7
|
|
|
8
|
-
attr_accessor :email, :server, :country, :city, :company, :orgunit
|
|
8
|
+
attr_accessor :email, :server, :country, :city, :company, :orgunit, :name, :state
|
|
9
9
|
|
|
10
10
|
# Configure easyrsa from a hash. This is usually called after parsing a
|
|
11
11
|
# yaml config file such as easyrsa.yaml.
|
|
@@ -34,4 +34,4 @@ module EasyRSA
|
|
|
34
34
|
end
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
|
-
end
|
|
37
|
+
end
|
data/lib/easyrsa/version.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
2
|
|
|
3
3
|
describe EasyRSA::Certificate, 'Should' do
|
|
4
|
-
include_context
|
|
4
|
+
include_context 'shared environment'
|
|
5
5
|
|
|
6
6
|
before do
|
|
7
7
|
EasyRSA.configure do |issuer|
|
|
@@ -73,11 +73,11 @@ KEY
|
|
|
73
73
|
expect {
|
|
74
74
|
EasyRSA::Certificate.new('ca.crt', 'ca.key', 'blah', 'blah@blah')
|
|
75
75
|
}.to raise_error(EasyRSA::Certificate::UnableToReadCACert)
|
|
76
|
-
|
|
76
|
+
|
|
77
77
|
expect {
|
|
78
78
|
EasyRSA::Certificate.new(cert, 'ca.key', 'blah', 'blah@blah')
|
|
79
79
|
}.to raise_error(EasyRSA::Certificate::UnableToReadCAKey)
|
|
80
|
-
|
|
80
|
+
|
|
81
81
|
expect {
|
|
82
82
|
EasyRSA::Certificate.new(cert, key, 'blah', 'blah@blah')
|
|
83
83
|
}.to_not raise_error
|
|
@@ -102,7 +102,7 @@ KEY
|
|
|
102
102
|
g = easyrsa.generate
|
|
103
103
|
|
|
104
104
|
expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
|
|
105
|
-
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
|
105
|
+
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
|
106
106
|
|
|
107
107
|
end
|
|
108
108
|
|
|
@@ -116,7 +116,7 @@ KEY
|
|
|
116
116
|
end
|
|
117
117
|
|
|
118
118
|
expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
|
|
119
|
-
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
|
119
|
+
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
|
120
120
|
|
|
121
121
|
end
|
|
122
122
|
|
|
@@ -125,9 +125,32 @@ KEY
|
|
|
125
125
|
g = easyrsa.generate
|
|
126
126
|
r = OpenSSL::X509::Certificate.new g[:crt]
|
|
127
127
|
expect("#{r.serial}").to include("#{Time.now.year}")
|
|
128
|
-
end
|
|
128
|
+
end
|
|
129
129
|
|
|
130
|
-
|
|
130
|
+
before do
|
|
131
|
+
EasyRSA.configure do |issuer|
|
|
132
|
+
issuer.email = @email
|
|
133
|
+
issuer.server = @server
|
|
134
|
+
issuer.country = @country
|
|
135
|
+
issuer.state = @state
|
|
136
|
+
issuer.city = @city
|
|
137
|
+
issuer.company = @company
|
|
138
|
+
issuer.name = @name
|
|
139
|
+
end
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
it 'should allow optional state' do
|
|
143
|
+
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem')
|
|
144
|
+
g = easyrsa.generate
|
|
145
|
+
r = OpenSSL::X509::Certificate.new g[:crt]
|
|
146
|
+
expect(r.subject.to_s).to include(@state)
|
|
147
|
+
end
|
|
131
148
|
|
|
132
|
-
|
|
133
|
-
|
|
149
|
+
it 'should allow optional name' do
|
|
150
|
+
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem')
|
|
151
|
+
g = easyrsa.generate
|
|
152
|
+
r = OpenSSL::X509::Certificate.new g[:crt]
|
|
153
|
+
expect(r.subject.to_s).to include(@name)
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
end
|
data/spec/easyrsa/03_ca_spec.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
2
|
|
|
3
3
|
describe EasyRSA::CA, 'Should' do
|
|
4
|
-
include_context
|
|
4
|
+
include_context 'shared environment'
|
|
5
5
|
|
|
6
6
|
before do
|
|
7
7
|
EasyRSA.configure do |issuer|
|
|
@@ -31,14 +31,14 @@ describe EasyRSA::CA, 'Should' do
|
|
|
31
31
|
it 'throw error when bit length is too weak' do
|
|
32
32
|
|
|
33
33
|
expect {
|
|
34
|
-
EasyRSA::CA.new(
|
|
34
|
+
EasyRSA::CA.new('CN=ca/DC=example', 512)
|
|
35
35
|
}.to raise_error(EasyRSA::CA::BitLengthToWeak)
|
|
36
36
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
it 'return keys successfully' do
|
|
40
40
|
|
|
41
|
-
easyrsa = EasyRSA::CA.new(
|
|
41
|
+
easyrsa = EasyRSA::CA.new('CN=ca/DC=example')
|
|
42
42
|
g = easyrsa.generate
|
|
43
43
|
|
|
44
44
|
expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
|
data/spec/spec_helper.rb
CHANGED
|
@@ -5,7 +5,7 @@ require File.join(File.dirname(__FILE__), '..', 'lib', 'easyrsa')
|
|
|
5
5
|
# Create the share API context
|
|
6
6
|
# so we can pass stuff between
|
|
7
7
|
# the different tests
|
|
8
|
-
RSpec.shared_context
|
|
8
|
+
RSpec.shared_context 'shared environment', :a => :b do
|
|
9
9
|
|
|
10
10
|
before(:all) do
|
|
11
11
|
|
|
@@ -13,15 +13,17 @@ RSpec.shared_context "shared environment", :a => :b do
|
|
|
13
13
|
@server = 'easyrsa-gem-test'
|
|
14
14
|
@country = 'US'
|
|
15
15
|
@city = 'New York'
|
|
16
|
+
@state = 'New York'
|
|
16
17
|
@company = 'Mike Mackintosh'
|
|
17
18
|
@orgunit = 'EasyRSA Gem Test'
|
|
19
|
+
@name = 'Your mom'
|
|
18
20
|
|
|
19
21
|
@ca_key = File.join(File.dirname(__FILE__), 'cakey.pem')
|
|
20
22
|
@ca_key_pass = 'aaaa'
|
|
21
23
|
@ca_cert = File.join(File.dirname(__FILE__), 'cacert.pem')
|
|
22
24
|
|
|
23
|
-
@client_id =
|
|
24
|
-
@client_email =
|
|
25
|
+
@client_id = 'sexyhorse'
|
|
26
|
+
@client_email = 'sexyhorse@zyp.io'
|
|
25
27
|
|
|
26
28
|
end
|
|
27
29
|
|
|
@@ -33,4 +35,4 @@ end
|
|
|
33
35
|
config.color = true
|
|
34
36
|
config.formatter = :documentation
|
|
35
37
|
end
|
|
36
|
-
#end
|
|
38
|
+
#end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: easyrsa
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Mackintosh
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-10-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: paint
|
|
@@ -88,9 +88,9 @@ extensions: []
|
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
90
|
- .gitignore
|
|
91
|
-
- .rock.yml
|
|
92
91
|
- Gemfile
|
|
93
92
|
- LICENSE.txt
|
|
93
|
+
- Makefile
|
|
94
94
|
- README.md
|
|
95
95
|
- Rakefile
|
|
96
96
|
- easyrsa.gemspec
|