easyrsa 0.9.6 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +7 -0
- data/lib/easyrsa/certificate.rb +37 -13
- data/lib/easyrsa/version.rb +1 -1
- data/spec/easyrsa/02_certificate_spec.rb +14 -0
- metadata +16 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 43e7206caedd0fc9b919c8a1ab79cf204a1b7b56
|
|
4
|
+
data.tar.gz: 1715cb46938f410c6e4dc3af2daf75963af01182
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 661f27d18e2a947a8080ac64599103b497681e0c37953847068a9113af74b8429e464b27c5bac1d6cec49a22c649c627616ce19b654f7c47ff2694ae996d3820
|
|
7
|
+
data.tar.gz: 2e43c53b50b501a65b26588a276683042a8fdf021adc46d211ba4edf3ad7f1c3fb27410aa31ed0261203520425d79fe4e3011e934a1707743ccc3da1f199d273
|
data/README.md
CHANGED
data/lib/easyrsa/certificate.rb
CHANGED
|
@@ -1,24 +1,33 @@
|
|
|
1
1
|
module EasyRSA
|
|
2
2
|
class Certificate
|
|
3
3
|
|
|
4
|
+
Client = 1
|
|
5
|
+
Server = 2
|
|
6
|
+
|
|
4
7
|
class UnableToReadCACert < RuntimeError ; end
|
|
5
8
|
class UnableToReadCAKey < RuntimeError ; end
|
|
6
9
|
class BitLengthToWeak < RuntimeError ; end
|
|
10
|
+
class InvalidCertType < RuntimeError ; end
|
|
7
11
|
class MissingParameter < RuntimeError ; end
|
|
8
12
|
|
|
9
|
-
def initialize(ca_crt, ca_key, id=nil, email=nil, bits=4096, &block)
|
|
13
|
+
def initialize(ca_crt, ca_key, id=nil, email=nil, bits=4096, certtype=EasyRSA::Certificate::Client, &block)
|
|
14
|
+
if certtype < 1 || certtype > 2
|
|
15
|
+
raise EasyRSA::Certificate::InvalidCertType,
|
|
16
|
+
"Please provide a valid Cert Type, either Client or Server"
|
|
17
|
+
end
|
|
18
|
+
@certtype = certtype
|
|
10
19
|
|
|
11
20
|
# ID to generate cert for
|
|
12
21
|
if id.eql? nil
|
|
13
22
|
raise EasyRSA::Certificate::MissingParameter,
|
|
14
|
-
"Please provide an 'id', also known as a subject, for the certificates' CN field
|
|
23
|
+
"Please provide an 'id', also known as a subject, for the certificates' CN field"
|
|
15
24
|
end
|
|
16
25
|
@id = id
|
|
17
26
|
|
|
18
27
|
# ID to generate cert for
|
|
19
28
|
if email.eql? nil
|
|
20
29
|
raise EasyRSA::Certificate::MissingParameter,
|
|
21
|
-
"Please provide an 'email', also known as a subject, for the certificates' emailAddress field
|
|
30
|
+
"Please provide an 'email', also known as a subject, for the certificates' emailAddress field"
|
|
22
31
|
end
|
|
23
32
|
@email = email
|
|
24
33
|
|
|
@@ -33,9 +42,9 @@ module EasyRSA
|
|
|
33
42
|
fail EasyRSA::Certificate::UnableToReadCACert,
|
|
34
43
|
'Invalid CA Certificate.'
|
|
35
44
|
end
|
|
36
|
-
end
|
|
45
|
+
end
|
|
37
46
|
end
|
|
38
|
-
@ca_cert = ca_crt
|
|
47
|
+
@ca_cert = ca_crt
|
|
39
48
|
|
|
40
49
|
# Get cert details if it's in a file
|
|
41
50
|
unless ca_key.is_a? OpenSSL::PKey::RSA
|
|
@@ -52,12 +61,12 @@ module EasyRSA
|
|
|
52
61
|
end
|
|
53
62
|
@ca_key = ca_key
|
|
54
63
|
|
|
55
|
-
|
|
64
|
+
|
|
56
65
|
# Generate Private Key and new Certificate
|
|
57
66
|
if bits < 2048
|
|
58
67
|
raise EasyRSA::Certificate::BitLengthToWeak,
|
|
59
68
|
"Please select a bit length greater than 2048. Default is 4096. You chose '#{bits}'"
|
|
60
|
-
end
|
|
69
|
+
end
|
|
61
70
|
@key = OpenSSL::PKey::RSA.new(bits)
|
|
62
71
|
|
|
63
72
|
# Instantiate a new certificate
|
|
@@ -67,13 +76,13 @@ module EasyRSA
|
|
|
67
76
|
@cert.not_before = Time.now
|
|
68
77
|
|
|
69
78
|
# Set it to version
|
|
70
|
-
@cert.version = 2
|
|
79
|
+
@cert.version = 2
|
|
71
80
|
|
|
72
81
|
instance_eval(&block) if block_given?
|
|
73
82
|
end
|
|
74
83
|
|
|
75
|
-
def generate(validfor=10)
|
|
76
|
-
|
|
84
|
+
def generate(type=Client,validfor=10)
|
|
85
|
+
|
|
77
86
|
# Set the expiration date
|
|
78
87
|
@cert.not_after = EasyRSA::years_from_now(validfor)
|
|
79
88
|
|
|
@@ -82,7 +91,7 @@ module EasyRSA
|
|
|
82
91
|
|
|
83
92
|
# Generate and assign the serial
|
|
84
93
|
@cert.serial = EasyRSA::gen_serial(@id)
|
|
85
|
-
|
|
94
|
+
|
|
86
95
|
# Generate issuer
|
|
87
96
|
@cert.issuer = EasyRSA::gen_issuer
|
|
88
97
|
|
|
@@ -99,6 +108,15 @@ module EasyRSA
|
|
|
99
108
|
|
|
100
109
|
end
|
|
101
110
|
|
|
111
|
+
def get_extensions
|
|
112
|
+
extensions = Hash.new
|
|
113
|
+
cert = OpenSSL::X509::Certificate.new @cert.to_pem
|
|
114
|
+
cert.extensions.each do |ext|
|
|
115
|
+
extensions[ext.oid] = ext.value
|
|
116
|
+
end
|
|
117
|
+
extensions
|
|
118
|
+
end
|
|
119
|
+
|
|
102
120
|
private
|
|
103
121
|
|
|
104
122
|
# Cert subject for End-User
|
|
@@ -122,13 +140,19 @@ module EasyRSA
|
|
|
122
140
|
|
|
123
141
|
@cert.extensions = [
|
|
124
142
|
ef.create_extension('basicConstraints', 'CA:FALSE'),
|
|
125
|
-
ef.create_extension('nsCertType', 'client, objsign'),
|
|
126
|
-
ef.create_extension('nsComment', 'Easy-RSA Generated Certificate'),
|
|
127
143
|
ef.create_extension('subjectKeyIdentifier', 'hash'),
|
|
128
144
|
ef.create_extension('extendedKeyUsage', 'clientAuth'),
|
|
129
145
|
ef.create_extension('keyUsage', 'digitalSignature')
|
|
130
146
|
]
|
|
131
147
|
|
|
148
|
+
if @certtype.eql? EasyRSA::Certificate::Client
|
|
149
|
+
@cert.add_extension ef.create_extension('nsComment', 'Easy-RSA Generated Certificate')
|
|
150
|
+
@cert.add_extension ef.create_extension('nsCertType', 'client, objsign')
|
|
151
|
+
elsif @certtype.eql? EasyRSA::Certificate::Server
|
|
152
|
+
@cert.add_extension ef.create_extension('nsComment', 'Easy-RSA Generated Server Certificate')
|
|
153
|
+
@cert.add_extension ef.create_extension('nsCertType', 'server')
|
|
154
|
+
end
|
|
155
|
+
|
|
132
156
|
@cert.add_extension ef.create_extension('authorityKeyIdentifier',
|
|
133
157
|
'keyid,issuer:always')
|
|
134
158
|
end
|
data/lib/easyrsa/version.rb
CHANGED
|
@@ -153,4 +153,18 @@ KEY
|
|
|
153
153
|
expect(r.subject.to_s).to include(@name)
|
|
154
154
|
end
|
|
155
155
|
|
|
156
|
+
it 'should be a client cert by default' do
|
|
157
|
+
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem')
|
|
158
|
+
easyrsa.generate
|
|
159
|
+
r = easyrsa.get_extensions
|
|
160
|
+
expect(r['nsCertType']).to include("SSL Client, Object Signing")
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
it 'should be a server certificate if set' do
|
|
164
|
+
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem', 2048, EasyRSA::Certificate::Server)
|
|
165
|
+
easyrsa.generate
|
|
166
|
+
r = easyrsa.get_extensions
|
|
167
|
+
expect(r['nsCertType']).to include("SSL Server")
|
|
168
|
+
end
|
|
169
|
+
|
|
156
170
|
end
|
metadata
CHANGED
|
@@ -1,83 +1,83 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: easyrsa
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Mackintosh
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-10-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: paint
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- -
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- -
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: methadone
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '0'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: bundler
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- -
|
|
45
|
+
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: '0'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- -
|
|
52
|
+
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rake
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- -
|
|
59
|
+
- - ">="
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
61
|
version: '0'
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
|
-
- -
|
|
66
|
+
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rspec
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
|
-
- -
|
|
73
|
+
- - ">="
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
75
|
version: '0'
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
|
-
- -
|
|
80
|
+
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
83
|
description: Easily generate OpenVPN certificates without needing the easyrsa packaged
|
|
@@ -87,7 +87,7 @@ executables: []
|
|
|
87
87
|
extensions: []
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
|
-
- .gitignore
|
|
90
|
+
- ".gitignore"
|
|
91
91
|
- Gemfile
|
|
92
92
|
- LICENSE.txt
|
|
93
93
|
- Makefile
|
|
@@ -120,17 +120,17 @@ require_paths:
|
|
|
120
120
|
- lib
|
|
121
121
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
122
122
|
requirements:
|
|
123
|
-
- -
|
|
123
|
+
- - ">="
|
|
124
124
|
- !ruby/object:Gem::Version
|
|
125
125
|
version: '0'
|
|
126
126
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
127
127
|
requirements:
|
|
128
|
-
- -
|
|
128
|
+
- - ">="
|
|
129
129
|
- !ruby/object:Gem::Version
|
|
130
130
|
version: '0'
|
|
131
131
|
requirements: []
|
|
132
132
|
rubyforge_project:
|
|
133
|
-
rubygems_version: 2.
|
|
133
|
+
rubygems_version: 2.5.2.3
|
|
134
134
|
signing_key:
|
|
135
135
|
specification_version: 4
|
|
136
136
|
summary: EasyRSA interface for generating OpenVPN certificates
|