easyrsa 0.9.6 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +7 -0
- data/lib/easyrsa/certificate.rb +37 -13
- data/lib/easyrsa/version.rb +1 -1
- data/spec/easyrsa/02_certificate_spec.rb +14 -0
- metadata +16 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 43e7206caedd0fc9b919c8a1ab79cf204a1b7b56
|
|
4
|
+
data.tar.gz: 1715cb46938f410c6e4dc3af2daf75963af01182
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 661f27d18e2a947a8080ac64599103b497681e0c37953847068a9113af74b8429e464b27c5bac1d6cec49a22c649c627616ce19b654f7c47ff2694ae996d3820
|
|
7
|
+
data.tar.gz: 2e43c53b50b501a65b26588a276683042a8fdf021adc46d211ba4edf3ad7f1c3fb27410aa31ed0261203520425d79fe4e3011e934a1707743ccc3da1f199d273
|
data/README.md
CHANGED
data/lib/easyrsa/certificate.rb
CHANGED
|
@@ -1,24 +1,33 @@
|
|
|
1
1
|
module EasyRSA
|
|
2
2
|
class Certificate
|
|
3
3
|
|
|
4
|
+
Client = 1
|
|
5
|
+
Server = 2
|
|
6
|
+
|
|
4
7
|
class UnableToReadCACert < RuntimeError ; end
|
|
5
8
|
class UnableToReadCAKey < RuntimeError ; end
|
|
6
9
|
class BitLengthToWeak < RuntimeError ; end
|
|
10
|
+
class InvalidCertType < RuntimeError ; end
|
|
7
11
|
class MissingParameter < RuntimeError ; end
|
|
8
12
|
|
|
9
|
-
def initialize(ca_crt, ca_key, id=nil, email=nil, bits=4096, &block)
|
|
13
|
+
def initialize(ca_crt, ca_key, id=nil, email=nil, bits=4096, certtype=EasyRSA::Certificate::Client, &block)
|
|
14
|
+
if certtype < 1 || certtype > 2
|
|
15
|
+
raise EasyRSA::Certificate::InvalidCertType,
|
|
16
|
+
"Please provide a valid Cert Type, either Client or Server"
|
|
17
|
+
end
|
|
18
|
+
@certtype = certtype
|
|
10
19
|
|
|
11
20
|
# ID to generate cert for
|
|
12
21
|
if id.eql? nil
|
|
13
22
|
raise EasyRSA::Certificate::MissingParameter,
|
|
14
|
-
"Please provide an 'id', also known as a subject, for the certificates' CN field
|
|
23
|
+
"Please provide an 'id', also known as a subject, for the certificates' CN field"
|
|
15
24
|
end
|
|
16
25
|
@id = id
|
|
17
26
|
|
|
18
27
|
# ID to generate cert for
|
|
19
28
|
if email.eql? nil
|
|
20
29
|
raise EasyRSA::Certificate::MissingParameter,
|
|
21
|
-
"Please provide an 'email', also known as a subject, for the certificates' emailAddress field
|
|
30
|
+
"Please provide an 'email', also known as a subject, for the certificates' emailAddress field"
|
|
22
31
|
end
|
|
23
32
|
@email = email
|
|
24
33
|
|
|
@@ -33,9 +42,9 @@ module EasyRSA
|
|
|
33
42
|
fail EasyRSA::Certificate::UnableToReadCACert,
|
|
34
43
|
'Invalid CA Certificate.'
|
|
35
44
|
end
|
|
36
|
-
end
|
|
45
|
+
end
|
|
37
46
|
end
|
|
38
|
-
@ca_cert = ca_crt
|
|
47
|
+
@ca_cert = ca_crt
|
|
39
48
|
|
|
40
49
|
# Get cert details if it's in a file
|
|
41
50
|
unless ca_key.is_a? OpenSSL::PKey::RSA
|
|
@@ -52,12 +61,12 @@ module EasyRSA
|
|
|
52
61
|
end
|
|
53
62
|
@ca_key = ca_key
|
|
54
63
|
|
|
55
|
-
|
|
64
|
+
|
|
56
65
|
# Generate Private Key and new Certificate
|
|
57
66
|
if bits < 2048
|
|
58
67
|
raise EasyRSA::Certificate::BitLengthToWeak,
|
|
59
68
|
"Please select a bit length greater than 2048. Default is 4096. You chose '#{bits}'"
|
|
60
|
-
end
|
|
69
|
+
end
|
|
61
70
|
@key = OpenSSL::PKey::RSA.new(bits)
|
|
62
71
|
|
|
63
72
|
# Instantiate a new certificate
|
|
@@ -67,13 +76,13 @@ module EasyRSA
|
|
|
67
76
|
@cert.not_before = Time.now
|
|
68
77
|
|
|
69
78
|
# Set it to version
|
|
70
|
-
@cert.version = 2
|
|
79
|
+
@cert.version = 2
|
|
71
80
|
|
|
72
81
|
instance_eval(&block) if block_given?
|
|
73
82
|
end
|
|
74
83
|
|
|
75
|
-
def generate(validfor=10)
|
|
76
|
-
|
|
84
|
+
def generate(type=Client,validfor=10)
|
|
85
|
+
|
|
77
86
|
# Set the expiration date
|
|
78
87
|
@cert.not_after = EasyRSA::years_from_now(validfor)
|
|
79
88
|
|
|
@@ -82,7 +91,7 @@ module EasyRSA
|
|
|
82
91
|
|
|
83
92
|
# Generate and assign the serial
|
|
84
93
|
@cert.serial = EasyRSA::gen_serial(@id)
|
|
85
|
-
|
|
94
|
+
|
|
86
95
|
# Generate issuer
|
|
87
96
|
@cert.issuer = EasyRSA::gen_issuer
|
|
88
97
|
|
|
@@ -99,6 +108,15 @@ module EasyRSA
|
|
|
99
108
|
|
|
100
109
|
end
|
|
101
110
|
|
|
111
|
+
def get_extensions
|
|
112
|
+
extensions = Hash.new
|
|
113
|
+
cert = OpenSSL::X509::Certificate.new @cert.to_pem
|
|
114
|
+
cert.extensions.each do |ext|
|
|
115
|
+
extensions[ext.oid] = ext.value
|
|
116
|
+
end
|
|
117
|
+
extensions
|
|
118
|
+
end
|
|
119
|
+
|
|
102
120
|
private
|
|
103
121
|
|
|
104
122
|
# Cert subject for End-User
|
|
@@ -122,13 +140,19 @@ module EasyRSA
|
|
|
122
140
|
|
|
123
141
|
@cert.extensions = [
|
|
124
142
|
ef.create_extension('basicConstraints', 'CA:FALSE'),
|
|
125
|
-
ef.create_extension('nsCertType', 'client, objsign'),
|
|
126
|
-
ef.create_extension('nsComment', 'Easy-RSA Generated Certificate'),
|
|
127
143
|
ef.create_extension('subjectKeyIdentifier', 'hash'),
|
|
128
144
|
ef.create_extension('extendedKeyUsage', 'clientAuth'),
|
|
129
145
|
ef.create_extension('keyUsage', 'digitalSignature')
|
|
130
146
|
]
|
|
131
147
|
|
|
148
|
+
if @certtype.eql? EasyRSA::Certificate::Client
|
|
149
|
+
@cert.add_extension ef.create_extension('nsComment', 'Easy-RSA Generated Certificate')
|
|
150
|
+
@cert.add_extension ef.create_extension('nsCertType', 'client, objsign')
|
|
151
|
+
elsif @certtype.eql? EasyRSA::Certificate::Server
|
|
152
|
+
@cert.add_extension ef.create_extension('nsComment', 'Easy-RSA Generated Server Certificate')
|
|
153
|
+
@cert.add_extension ef.create_extension('nsCertType', 'server')
|
|
154
|
+
end
|
|
155
|
+
|
|
132
156
|
@cert.add_extension ef.create_extension('authorityKeyIdentifier',
|
|
133
157
|
'keyid,issuer:always')
|
|
134
158
|
end
|
data/lib/easyrsa/version.rb
CHANGED
|
@@ -153,4 +153,18 @@ KEY
|
|
|
153
153
|
expect(r.subject.to_s).to include(@name)
|
|
154
154
|
end
|
|
155
155
|
|
|
156
|
+
it 'should be a client cert by default' do
|
|
157
|
+
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem')
|
|
158
|
+
easyrsa.generate
|
|
159
|
+
r = easyrsa.get_extensions
|
|
160
|
+
expect(r['nsCertType']).to include("SSL Client, Object Signing")
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
it 'should be a server certificate if set' do
|
|
164
|
+
easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem', 2048, EasyRSA::Certificate::Server)
|
|
165
|
+
easyrsa.generate
|
|
166
|
+
r = easyrsa.get_extensions
|
|
167
|
+
expect(r['nsCertType']).to include("SSL Server")
|
|
168
|
+
end
|
|
169
|
+
|
|
156
170
|
end
|
metadata
CHANGED
|
@@ -1,83 +1,83 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: easyrsa
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Mackintosh
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-10-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: paint
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- -
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '0'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- -
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: methadone
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '0'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: bundler
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- -
|
|
45
|
+
- - ">="
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: '0'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- -
|
|
52
|
+
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rake
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- -
|
|
59
|
+
- - ">="
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
61
|
version: '0'
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
|
-
- -
|
|
66
|
+
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rspec
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
|
-
- -
|
|
73
|
+
- - ">="
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
75
|
version: '0'
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
|
-
- -
|
|
80
|
+
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '0'
|
|
83
83
|
description: Easily generate OpenVPN certificates without needing the easyrsa packaged
|
|
@@ -87,7 +87,7 @@ executables: []
|
|
|
87
87
|
extensions: []
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
|
-
- .gitignore
|
|
90
|
+
- ".gitignore"
|
|
91
91
|
- Gemfile
|
|
92
92
|
- LICENSE.txt
|
|
93
93
|
- Makefile
|
|
@@ -120,17 +120,17 @@ require_paths:
|
|
|
120
120
|
- lib
|
|
121
121
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
122
122
|
requirements:
|
|
123
|
-
- -
|
|
123
|
+
- - ">="
|
|
124
124
|
- !ruby/object:Gem::Version
|
|
125
125
|
version: '0'
|
|
126
126
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
127
127
|
requirements:
|
|
128
|
-
- -
|
|
128
|
+
- - ">="
|
|
129
129
|
- !ruby/object:Gem::Version
|
|
130
130
|
version: '0'
|
|
131
131
|
requirements: []
|
|
132
132
|
rubyforge_project:
|
|
133
|
-
rubygems_version: 2.
|
|
133
|
+
rubygems_version: 2.5.2.3
|
|
134
134
|
signing_key:
|
|
135
135
|
specification_version: 4
|
|
136
136
|
summary: EasyRSA interface for generating OpenVPN certificates
|