easyrsa 0.9.4 → 0.9.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +2 -1
- data/Makefile +21 -0
- data/README.md +3 -1
- data/Rakefile +1 -1
- data/easyrsa.gemspec +8 -8
- data/lib/easyrsa.rb +11 -5
- data/lib/easyrsa/ca.rb +12 -5
- data/lib/easyrsa/certificate.rb +10 -3
- data/lib/easyrsa/config.rb +2 -2
- data/lib/easyrsa/version.rb +1 -1
- data/spec/easyrsa/01_config_spec.rb +1 -1
- data/spec/easyrsa/02_certificate_spec.rb +32 -9
- data/spec/easyrsa/03_ca_spec.rb +3 -3
- data/spec/easyrsa/04_revocation_spec.rb +1 -1
- data/spec/spec_helper.rb +6 -4
- metadata +3 -3
- data/.rock.yml +0 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1c2db93736f5e5d6b66ed2fab4e7f35645ea795c
|
|
4
|
+
data.tar.gz: 08f19e69d1f991a99c1e719083c3149e7d506b6d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0f5816c6d68b7fd88095fb7058a70b8e413a023bd9873aff5bee79bf279318fe021ecb3072c1da3de8b5df70d78eb4bd47eb7224487fd89cf104525c89e7a8ef
|
|
7
|
+
data.tar.gz: 50ad779ab439ac14fd075f28706359878736a40de52ce030591ce4510666e205723a83d6191def02cf5d111f1a1ff7bd12509a1f1d56c1da0687749fb5fa1639
|
data/.gitignore
CHANGED
data/Makefile
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
GEM := $(shell which gem)
|
|
2
|
+
BUNDLE := $(shell which bundle)
|
|
3
|
+
|
|
4
|
+
all: clear build push
|
|
5
|
+
|
|
6
|
+
clear:
|
|
7
|
+
rm -rf *.gem
|
|
8
|
+
|
|
9
|
+
init:
|
|
10
|
+
$(BUNDLE) install --path=vendor/bundle
|
|
11
|
+
|
|
12
|
+
build:
|
|
13
|
+
$(GEM) build easyrsa.gemspec
|
|
14
|
+
|
|
15
|
+
push: build
|
|
16
|
+
$(GEM) push *.gem
|
|
17
|
+
|
|
18
|
+
test:
|
|
19
|
+
$(BUNDLE) exec rake test
|
|
20
|
+
|
|
21
|
+
gem: test build push
|
data/README.md
CHANGED
|
@@ -36,8 +36,10 @@ First, set your issuer configuration like so:
|
|
|
36
36
|
```ruby
|
|
37
37
|
EasyRSA.configure do |issuer|
|
|
38
38
|
issuer.email = 'support@company.com'
|
|
39
|
+
issuer.name = 'MrKickass'
|
|
39
40
|
issuer.server = 'vpnserver.company.com'
|
|
40
41
|
issuer.country = 'US'
|
|
42
|
+
issuer.state = 'NY'
|
|
41
43
|
issuer.city = 'New York'
|
|
42
44
|
issuer.company = 'My Company'
|
|
43
45
|
issuer.orgunit = 'IT'
|
|
@@ -92,4 +94,4 @@ easyrsa = EasyRSA::DH.new
|
|
|
92
94
|
g = easyrsa.generate
|
|
93
95
|
puts g
|
|
94
96
|
#=> -----BEGIN DH PARAMETERS-----
|
|
95
|
-
```
|
|
97
|
+
```
|
data/Rakefile
CHANGED
data/easyrsa.gemspec
CHANGED
|
@@ -8,17 +8,17 @@ Gem::Specification.new do |s|
|
|
|
8
8
|
|
|
9
9
|
s.name = 'easyrsa'
|
|
10
10
|
s.version = EasyRSA::VERSION
|
|
11
|
-
s.date = '
|
|
12
|
-
s.summary =
|
|
13
|
-
s.description =
|
|
14
|
-
s.authors = [
|
|
11
|
+
s.date = Time.now.to_s.split(' ').first
|
|
12
|
+
s.summary = 'EasyRSA interface for generating OpenVPN certificates'
|
|
13
|
+
s.description = 'Easily generate OpenVPN certificates without needing the easyrsa packaged scripts'
|
|
14
|
+
s.authors = ['Mike Mackintosh']
|
|
15
15
|
s.email = 'm@zyp.io'
|
|
16
16
|
s.homepage =
|
|
17
17
|
'http://github.com/mikemackintosh/ruby-easyrsa'
|
|
18
18
|
|
|
19
19
|
s.license = 'MIT'
|
|
20
20
|
|
|
21
|
-
s.require_paths = [
|
|
21
|
+
s.require_paths = ['lib']
|
|
22
22
|
s.files = `git ls-files -z`.split("\x0")
|
|
23
23
|
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
|
24
24
|
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
@@ -26,8 +26,8 @@ Gem::Specification.new do |s|
|
|
|
26
26
|
s.add_dependency 'paint'
|
|
27
27
|
s.add_dependency 'methadone'
|
|
28
28
|
|
|
29
|
-
s.add_development_dependency
|
|
30
|
-
s.add_development_dependency
|
|
31
|
-
s.add_development_dependency
|
|
29
|
+
s.add_development_dependency 'bundler'
|
|
30
|
+
s.add_development_dependency 'rake'
|
|
31
|
+
s.add_development_dependency 'rspec'
|
|
32
32
|
|
|
33
33
|
end
|
data/lib/easyrsa.rb
CHANGED
|
@@ -33,16 +33,22 @@ module EasyRSA
|
|
|
33
33
|
|
|
34
34
|
# Helper for issuer details
|
|
35
35
|
def gen_issuer
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
36
|
+
name = "/C=#{EasyRSA::Config.country}"
|
|
37
|
+
name += "/ST=#{EasyRSA::Config.state}" unless !EasyRSA::Config.state || EasyRSA::Config.state.empty?
|
|
38
|
+
name += "/L=#{EasyRSA::Config.city}"
|
|
39
|
+
name += "/O=#{EasyRSA::Config.company}"
|
|
40
|
+
name += "/OU=#{EasyRSA::Config.orgunit}"
|
|
41
|
+
name += "/CN=#{EasyRSA::Config.server}"
|
|
42
|
+
name += "/name=#{EasyRSA::Config.name}" unless !EasyRSA::Config.name || EasyRSA::Config.name.empty?
|
|
43
|
+
name += "/emailAddress=#{EasyRSA::Config.email}"
|
|
44
|
+
|
|
45
|
+
OpenSSL::X509::Name.parse(name)
|
|
40
46
|
end
|
|
41
47
|
|
|
42
48
|
# Helper for generating serials
|
|
43
49
|
def gen_serial(id)
|
|
44
50
|
# Must always be unique, so we do date and id's chars
|
|
45
|
-
"#{Time.now.strftime(
|
|
51
|
+
"#{Time.now.strftime('%Y%m%d%H%M%S')}#{id.unpack('c*').join.to_i}".to_i
|
|
46
52
|
end
|
|
47
53
|
|
|
48
54
|
end
|
data/lib/easyrsa/ca.rb
CHANGED
|
@@ -69,10 +69,17 @@ module EasyRSA
|
|
|
69
69
|
|
|
70
70
|
# Cert issuer details
|
|
71
71
|
def gen_issuer
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
72
|
+
name = "/C=#{EasyRSA::Config.country}"
|
|
73
|
+
name += "/ST=#{EasyRSA::Config.state}" unless !EasyRSA::Config.state || EasyRSA::Config.state.empty?
|
|
74
|
+
name += "/L=#{EasyRSA::Config.city}"
|
|
75
|
+
name += "/O=#{EasyRSA::Config.company}"
|
|
76
|
+
name += "/OU=#{EasyRSA::Config.orgunit}"
|
|
77
|
+
name += "/CN=#{EasyRSA::Config.server}"
|
|
78
|
+
name += "/name=#{EasyRSA::Config.name}" unless !EasyRSA::Config.name || EasyRSA::Config.name.empty?
|
|
79
|
+
name += "/name=#{EasyRSA::Config.orgunit}" if !EasyRSA::Config.name || EasyRSA::Config.name.empty?
|
|
80
|
+
name += "/emailAddress=#{EasyRSA::Config.email}"
|
|
81
|
+
|
|
82
|
+
@ca_cert.issuer = OpenSSL::X509::Name.parse(name)
|
|
76
83
|
end
|
|
77
84
|
|
|
78
85
|
# Add Extensions needed
|
|
@@ -93,4 +100,4 @@ module EasyRSA
|
|
|
93
100
|
end
|
|
94
101
|
|
|
95
102
|
end
|
|
96
|
-
end
|
|
103
|
+
end
|
data/lib/easyrsa/certificate.rb
CHANGED
|
@@ -103,9 +103,16 @@ module EasyRSA
|
|
|
103
103
|
|
|
104
104
|
# Cert subject for End-User
|
|
105
105
|
def gen_subject
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
106
|
+
subject_name = "/C=#{EasyRSA::Config.country}"
|
|
107
|
+
subject_name += "/ST=#{EasyRSA::Config.state}" unless !EasyRSA::Config.state || EasyRSA::Config.state.empty?
|
|
108
|
+
subject_name += "/L=#{EasyRSA::Config.city}"
|
|
109
|
+
subject_name += "/O=#{EasyRSA::Config.company}"
|
|
110
|
+
subject_name += "/OU=#{EasyRSA::Config.orgunit}"
|
|
111
|
+
subject_name += "/CN=#{@id}"
|
|
112
|
+
subject_name += "/name=#{EasyRSA::Config.name}" unless !EasyRSA::Config.name || EasyRSA::Config.name.empty?
|
|
113
|
+
subject_name += "/emailAddress=#{@email}"
|
|
114
|
+
|
|
115
|
+
@cert.subject = OpenSSL::X509::Name.parse(subject_name)
|
|
109
116
|
end
|
|
110
117
|
|
|
111
118
|
def add_extensions
|
data/lib/easyrsa/config.rb
CHANGED
|
@@ -5,7 +5,7 @@ module EasyRSA
|
|
|
5
5
|
|
|
6
6
|
extend self
|
|
7
7
|
|
|
8
|
-
attr_accessor :email, :server, :country, :city, :company, :orgunit
|
|
8
|
+
attr_accessor :email, :server, :country, :city, :company, :orgunit, :name, :state
|
|
9
9
|
|
|
10
10
|
# Configure easyrsa from a hash. This is usually called after parsing a
|
|
11
11
|
# yaml config file such as easyrsa.yaml.
|
|
@@ -34,4 +34,4 @@ module EasyRSA
|
|
|
34
34
|
end
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
|
-
end
|
|
37
|
+
end
|
data/lib/easyrsa/version.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
2
|
|
|
3
3
|
describe EasyRSA::Certificate, 'Should' do
|
|
4
|
-
include_context
|
|
4
|
+
include_context 'shared environment'
|
|
5
5
|
|
|
6
6
|
before do
|
|
7
7
|
EasyRSA.configure do |issuer|
|
|
@@ -73,11 +73,11 @@ KEY
|
|
|
73
73
|
expect {
|
|
74
74
|
EasyRSA::Certificate.new('ca.crt', 'ca.key', 'blah', 'blah@blah')
|
|
75
75
|
}.to raise_error(EasyRSA::Certificate::UnableToReadCACert)
|
|
76
|
-
|
|
76
|
+
|
|
77
77
|
expect {
|
|
78
78
|
EasyRSA::Certificate.new(cert, 'ca.key', 'blah', 'blah@blah')
|
|
79
79
|
}.to raise_error(EasyRSA::Certificate::UnableToReadCAKey)
|
|
80
|
-
|
|
80
|
+
|
|
81
81
|
expect {
|
|
82
82
|
EasyRSA::Certificate.new(cert, key, 'blah', 'blah@blah')
|
|
83
83
|
}.to_not raise_error
|
|
@@ -102,7 +102,7 @@ KEY
|
|
|
102
102
|
g = easyrsa.generate
|
|
103
103
|
|
|
104
104
|
expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
|
|
105
|
-
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
|
105
|
+
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
|
106
106
|
|
|
107
107
|
end
|
|
108
108
|
|
|
@@ -116,7 +116,7 @@ KEY
|
|
|
116
116
|
end
|
|
117
117
|
|
|
118
118
|
expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
|
|
119
|
-
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
|
119
|
+
expect(g[:crt]).to include('BEGIN CERTIFICATE')
|
|
120
120
|
|
|
121
121
|
end
|
|
122
122
|
|
|
@@ -125,9 +125,32 @@ KEY
|
|
|
125
125
|
g = easyrsa.generate
|
|
126
126
|
r = OpenSSL::X509::Certificate.new g[:crt]
|
|
127
127
|
expect("#{r.serial}").to include("#{Time.now.year}")
|
|
128
|
-
end
|
|
128
|
+
end
|
|
129
129
|
|
|
130
|
-
|
|
130
|
+
before do
|
|
131
|
+
EasyRSA.configure do |issuer|
|
|
132
|
+
issuer.email = @email
|
|
133
|
+
issuer.server = @server
|
|
134
|
+
issuer.country = @country
|
|
135
|
+
issuer.state = @state
|
|
136
|
+
issuer.city = @city
|
|
137
|
+
issuer.company = @company
|
|
138
|
+
issuer.name = @name
|
|
139
|
+
end
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
it 'should allow optional state' do
|
|
143
|
+
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem')
|
|
144
|
+
g = easyrsa.generate
|
|
145
|
+
r = OpenSSL::X509::Certificate.new g[:crt]
|
|
146
|
+
expect(r.subject.to_s).to include(@state)
|
|
147
|
+
end
|
|
131
148
|
|
|
132
|
-
|
|
133
|
-
|
|
149
|
+
it 'should allow optional name' do
|
|
150
|
+
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem')
|
|
151
|
+
g = easyrsa.generate
|
|
152
|
+
r = OpenSSL::X509::Certificate.new g[:crt]
|
|
153
|
+
expect(r.subject.to_s).to include(@name)
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
end
|
data/spec/easyrsa/03_ca_spec.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
2
|
|
|
3
3
|
describe EasyRSA::CA, 'Should' do
|
|
4
|
-
include_context
|
|
4
|
+
include_context 'shared environment'
|
|
5
5
|
|
|
6
6
|
before do
|
|
7
7
|
EasyRSA.configure do |issuer|
|
|
@@ -31,14 +31,14 @@ describe EasyRSA::CA, 'Should' do
|
|
|
31
31
|
it 'throw error when bit length is too weak' do
|
|
32
32
|
|
|
33
33
|
expect {
|
|
34
|
-
EasyRSA::CA.new(
|
|
34
|
+
EasyRSA::CA.new('CN=ca/DC=example', 512)
|
|
35
35
|
}.to raise_error(EasyRSA::CA::BitLengthToWeak)
|
|
36
36
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
it 'return keys successfully' do
|
|
40
40
|
|
|
41
|
-
easyrsa = EasyRSA::CA.new(
|
|
41
|
+
easyrsa = EasyRSA::CA.new('CN=ca/DC=example')
|
|
42
42
|
g = easyrsa.generate
|
|
43
43
|
|
|
44
44
|
expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
|
data/spec/spec_helper.rb
CHANGED
|
@@ -5,7 +5,7 @@ require File.join(File.dirname(__FILE__), '..', 'lib', 'easyrsa')
|
|
|
5
5
|
# Create the share API context
|
|
6
6
|
# so we can pass stuff between
|
|
7
7
|
# the different tests
|
|
8
|
-
RSpec.shared_context
|
|
8
|
+
RSpec.shared_context 'shared environment', :a => :b do
|
|
9
9
|
|
|
10
10
|
before(:all) do
|
|
11
11
|
|
|
@@ -13,15 +13,17 @@ RSpec.shared_context "shared environment", :a => :b do
|
|
|
13
13
|
@server = 'easyrsa-gem-test'
|
|
14
14
|
@country = 'US'
|
|
15
15
|
@city = 'New York'
|
|
16
|
+
@state = 'New York'
|
|
16
17
|
@company = 'Mike Mackintosh'
|
|
17
18
|
@orgunit = 'EasyRSA Gem Test'
|
|
19
|
+
@name = 'Your mom'
|
|
18
20
|
|
|
19
21
|
@ca_key = File.join(File.dirname(__FILE__), 'cakey.pem')
|
|
20
22
|
@ca_key_pass = 'aaaa'
|
|
21
23
|
@ca_cert = File.join(File.dirname(__FILE__), 'cacert.pem')
|
|
22
24
|
|
|
23
|
-
@client_id =
|
|
24
|
-
@client_email =
|
|
25
|
+
@client_id = 'sexyhorse'
|
|
26
|
+
@client_email = 'sexyhorse@zyp.io'
|
|
25
27
|
|
|
26
28
|
end
|
|
27
29
|
|
|
@@ -33,4 +35,4 @@ end
|
|
|
33
35
|
config.color = true
|
|
34
36
|
config.formatter = :documentation
|
|
35
37
|
end
|
|
36
|
-
#end
|
|
38
|
+
#end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: easyrsa
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Mackintosh
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-10-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: paint
|
|
@@ -88,9 +88,9 @@ extensions: []
|
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
90
|
- .gitignore
|
|
91
|
-
- .rock.yml
|
|
92
91
|
- Gemfile
|
|
93
92
|
- LICENSE.txt
|
|
93
|
+
- Makefile
|
|
94
94
|
- README.md
|
|
95
95
|
- Rakefile
|
|
96
96
|
- easyrsa.gemspec
|