flores 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/flores.gemspec +1 -1
- data/lib/flores/pki.rb +8 -2
- data/spec/flores/pki_integration_spec.rb +77 -0
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 753a3d8f3f074aa4abec9b5a50782da024e4c7d9
|
|
4
|
+
data.tar.gz: b0680aa3d4ff01572d386edf6d3909c851a5df3b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 038c0c32048a720f228e0acd243d9ca9ca71d92e8b81ed4a80d70634b6788d34ca7325e926db02422d7dfbce3ebd4b1c46ffc521d139467d69b1f789f0d0a28e
|
|
7
|
+
data.tar.gz: 61a9bbc371ff597856663a6e35f31f7b8c5d6e0547b9b1d584d4d59e7ec9d46f9185d062ac868ed9fbe9f2c05ddca13d36efa2be09942ac6cca30fe26da261b0
|
data/.gitignore
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
coverage/
|
data/flores.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ Gem::Specification.new do |spec|
|
|
|
2
2
|
files = %x(git ls-files).split("\n")
|
|
3
3
|
|
|
4
4
|
spec.name = "flores"
|
|
5
|
-
spec.version = "0.0.
|
|
5
|
+
spec.version = "0.0.5"
|
|
6
6
|
spec.summary = "Fuzz, randomize, and stress your tests"
|
|
7
7
|
spec.description = <<-DESCRIPTION
|
|
8
8
|
Add fuzzing, randomization, and stress to your tests.
|
data/lib/flores/pki.rb
CHANGED
|
@@ -168,11 +168,12 @@ module Flores::PKI
|
|
|
168
168
|
extensions.issuer_certificate = self_signed? ? certificate : signing_certificate
|
|
169
169
|
|
|
170
170
|
certificate.issuer = extensions.issuer_certificate.subject
|
|
171
|
-
certificate.add_extension(extensions.create_extension("subjectKeyIdentifier", "hash",
|
|
171
|
+
certificate.add_extension(extensions.create_extension("subjectKeyIdentifier", "hash", false))
|
|
172
172
|
|
|
173
173
|
# RFC 5280 4.2.1.1. Authority Key Identifier
|
|
174
174
|
# This is "who signed this key"
|
|
175
|
-
certificate.add_extension(extensions.create_extension("authorityKeyIdentifier", "keyid:always
|
|
175
|
+
certificate.add_extension(extensions.create_extension("authorityKeyIdentifier", "keyid:always", false))
|
|
176
|
+
#certificate.add_extension(extensions.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always", false))
|
|
176
177
|
|
|
177
178
|
if want_signature_ability?
|
|
178
179
|
# Create a CA.
|
|
@@ -196,6 +197,11 @@ module Flores::PKI
|
|
|
196
197
|
certificate.add_extension(extensions.create_extension("keyUsage", "digitalSignature, keyEncipherment", true))
|
|
197
198
|
certificate.add_extension(extensions.create_extension("extendedKeyUsage", "clientAuth, serverAuth", false))
|
|
198
199
|
end
|
|
200
|
+
|
|
201
|
+
if @subject_alternates
|
|
202
|
+
certificate.add_extension(extensions.create_extension("subjectAltName", @subject_alternates.join(",")))
|
|
203
|
+
end
|
|
204
|
+
|
|
199
205
|
certificate.serial = OpenSSL::BN.new(serial)
|
|
200
206
|
certificate.sign(signing_key, digest_method)
|
|
201
207
|
certificate
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# This file is part of ruby-flores.
|
|
3
|
+
# Copyright (C) 2015 Jordan Sissel
|
|
4
|
+
#
|
|
5
|
+
# This program is free software: you can redistribute it and/or modify
|
|
6
|
+
# it under the terms of the GNU Affero General Public License as
|
|
7
|
+
# published by the Free Software Foundation, either version 3 of the
|
|
8
|
+
# License, or (at your option) any later version.
|
|
9
|
+
#
|
|
10
|
+
# This program is distributed in the hope that it will be useful,
|
|
11
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
12
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
13
|
+
# GNU Affero General Public License for more details.
|
|
14
|
+
#
|
|
15
|
+
# You should have received a copy of the GNU Affero General Public License
|
|
16
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
17
|
+
require "spec_init"
|
|
18
|
+
require "flores/pki"
|
|
19
|
+
|
|
20
|
+
describe "PKI Integration" do
|
|
21
|
+
let(:csr) { Flores::PKI::CertificateSigningRequest.new }
|
|
22
|
+
# Here, I use a 1024-bit key for faster tests.
|
|
23
|
+
# Please do not use such small keys in production.
|
|
24
|
+
let(:key_bits) { 1024 }
|
|
25
|
+
let(:key) { OpenSSL::PKey::RSA.generate(key_bits, 65537) }
|
|
26
|
+
let(:certificate_duration) { Flores::Random.number(1..86400) }
|
|
27
|
+
|
|
28
|
+
context "with self-signed client/server certificate" do
|
|
29
|
+
let(:certificate_subject) { "CN=server.example.com" }
|
|
30
|
+
let(:certificate) { csr.create }
|
|
31
|
+
|
|
32
|
+
# Returns [socket, address, port]
|
|
33
|
+
let(:listener) { Flores::Random.tcp_listener }
|
|
34
|
+
let(:server) { listener[0] }
|
|
35
|
+
let(:server_address) { listener[1] }
|
|
36
|
+
let(:server_port) { listener[2] }
|
|
37
|
+
|
|
38
|
+
let(:server_context) { OpenSSL::SSL::SSLContext.new }
|
|
39
|
+
let(:client_context) { OpenSSL::SSL::SSLContext.new }
|
|
40
|
+
|
|
41
|
+
before do
|
|
42
|
+
#Thread.abort_on_exception = true
|
|
43
|
+
csr.subject = certificate_subject
|
|
44
|
+
csr.public_key = key.public_key
|
|
45
|
+
csr.start_time = Time.now
|
|
46
|
+
csr.expire_time = csr.start_time + certificate_duration
|
|
47
|
+
csr.signing_key = key
|
|
48
|
+
csr.want_signature_ability = true
|
|
49
|
+
|
|
50
|
+
server_context.cert = certificate
|
|
51
|
+
server_context.key = key
|
|
52
|
+
server_context.ssl_version = :TLSv1
|
|
53
|
+
server_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
54
|
+
|
|
55
|
+
client_store = OpenSSL::X509::Store.new
|
|
56
|
+
client_store.add_cert(certificate)
|
|
57
|
+
client_context.cert_store = client_store
|
|
58
|
+
client_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
59
|
+
client_context.ssl_version = :TLSv1
|
|
60
|
+
|
|
61
|
+
ssl_server = OpenSSL::SSL::SSLServer.new(server, server_context)
|
|
62
|
+
Thread.new do
|
|
63
|
+
begin
|
|
64
|
+
ssl_server.accept
|
|
65
|
+
rescue => e
|
|
66
|
+
puts "Server accept failed: #{e}"
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
it "should successfully connect as a client" do
|
|
72
|
+
socket = TCPSocket.new(server_address, server_port)
|
|
73
|
+
ssl_client = OpenSSL::SSL::SSLSocket.new(socket, client_context)
|
|
74
|
+
ssl_client.connect
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: flores
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jordan Sissel
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-07-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: |2
|
|
14
14
|
Add fuzzing, randomization, and stress to your tests.
|
|
@@ -23,6 +23,7 @@ executables: []
|
|
|
23
23
|
extensions: []
|
|
24
24
|
extra_rdoc_files: []
|
|
25
25
|
files:
|
|
26
|
+
- ".gitignore"
|
|
26
27
|
- ".rubocop.yml"
|
|
27
28
|
- Gemfile
|
|
28
29
|
- Gemfile.lock
|
|
@@ -40,6 +41,7 @@ files:
|
|
|
40
41
|
- lib/flores/rspec/analyze.rb
|
|
41
42
|
- lib/flores/rspec/formatters/analyze.rb
|
|
42
43
|
- lib/flores/rspec/stress.rb
|
|
44
|
+
- spec/flores/pki_integration_spec.rb
|
|
43
45
|
- spec/flores/pki_spec.rb
|
|
44
46
|
- spec/flores/random_spec.rb
|
|
45
47
|
- spec/flores/rspec/stress_spec.rb
|
|
@@ -65,9 +67,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
65
67
|
version: '0'
|
|
66
68
|
requirements: []
|
|
67
69
|
rubyforge_project:
|
|
68
|
-
rubygems_version: 2.4.
|
|
70
|
+
rubygems_version: 2.4.8
|
|
69
71
|
signing_key:
|
|
70
72
|
specification_version: 4
|
|
71
73
|
summary: Fuzz, randomize, and stress your tests
|
|
72
74
|
test_files: []
|
|
73
|
-
has_rdoc:
|