flores 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/flores.gemspec +1 -1
- data/lib/flores/pki.rb +8 -2
- data/spec/flores/pki_integration_spec.rb +77 -0
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 753a3d8f3f074aa4abec9b5a50782da024e4c7d9
|
|
4
|
+
data.tar.gz: b0680aa3d4ff01572d386edf6d3909c851a5df3b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 038c0c32048a720f228e0acd243d9ca9ca71d92e8b81ed4a80d70634b6788d34ca7325e926db02422d7dfbce3ebd4b1c46ffc521d139467d69b1f789f0d0a28e
|
|
7
|
+
data.tar.gz: 61a9bbc371ff597856663a6e35f31f7b8c5d6e0547b9b1d584d4d59e7ec9d46f9185d062ac868ed9fbe9f2c05ddca13d36efa2be09942ac6cca30fe26da261b0
|
data/.gitignore
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
coverage/
|
data/flores.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ Gem::Specification.new do |spec|
|
|
|
2
2
|
files = %x(git ls-files).split("\n")
|
|
3
3
|
|
|
4
4
|
spec.name = "flores"
|
|
5
|
-
spec.version = "0.0.
|
|
5
|
+
spec.version = "0.0.5"
|
|
6
6
|
spec.summary = "Fuzz, randomize, and stress your tests"
|
|
7
7
|
spec.description = <<-DESCRIPTION
|
|
8
8
|
Add fuzzing, randomization, and stress to your tests.
|
data/lib/flores/pki.rb
CHANGED
|
@@ -168,11 +168,12 @@ module Flores::PKI
|
|
|
168
168
|
extensions.issuer_certificate = self_signed? ? certificate : signing_certificate
|
|
169
169
|
|
|
170
170
|
certificate.issuer = extensions.issuer_certificate.subject
|
|
171
|
-
certificate.add_extension(extensions.create_extension("subjectKeyIdentifier", "hash",
|
|
171
|
+
certificate.add_extension(extensions.create_extension("subjectKeyIdentifier", "hash", false))
|
|
172
172
|
|
|
173
173
|
# RFC 5280 4.2.1.1. Authority Key Identifier
|
|
174
174
|
# This is "who signed this key"
|
|
175
|
-
certificate.add_extension(extensions.create_extension("authorityKeyIdentifier", "keyid:always
|
|
175
|
+
certificate.add_extension(extensions.create_extension("authorityKeyIdentifier", "keyid:always", false))
|
|
176
|
+
#certificate.add_extension(extensions.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always", false))
|
|
176
177
|
|
|
177
178
|
if want_signature_ability?
|
|
178
179
|
# Create a CA.
|
|
@@ -196,6 +197,11 @@ module Flores::PKI
|
|
|
196
197
|
certificate.add_extension(extensions.create_extension("keyUsage", "digitalSignature, keyEncipherment", true))
|
|
197
198
|
certificate.add_extension(extensions.create_extension("extendedKeyUsage", "clientAuth, serverAuth", false))
|
|
198
199
|
end
|
|
200
|
+
|
|
201
|
+
if @subject_alternates
|
|
202
|
+
certificate.add_extension(extensions.create_extension("subjectAltName", @subject_alternates.join(",")))
|
|
203
|
+
end
|
|
204
|
+
|
|
199
205
|
certificate.serial = OpenSSL::BN.new(serial)
|
|
200
206
|
certificate.sign(signing_key, digest_method)
|
|
201
207
|
certificate
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# This file is part of ruby-flores.
|
|
3
|
+
# Copyright (C) 2015 Jordan Sissel
|
|
4
|
+
#
|
|
5
|
+
# This program is free software: you can redistribute it and/or modify
|
|
6
|
+
# it under the terms of the GNU Affero General Public License as
|
|
7
|
+
# published by the Free Software Foundation, either version 3 of the
|
|
8
|
+
# License, or (at your option) any later version.
|
|
9
|
+
#
|
|
10
|
+
# This program is distributed in the hope that it will be useful,
|
|
11
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
12
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
13
|
+
# GNU Affero General Public License for more details.
|
|
14
|
+
#
|
|
15
|
+
# You should have received a copy of the GNU Affero General Public License
|
|
16
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
17
|
+
require "spec_init"
|
|
18
|
+
require "flores/pki"
|
|
19
|
+
|
|
20
|
+
describe "PKI Integration" do
|
|
21
|
+
let(:csr) { Flores::PKI::CertificateSigningRequest.new }
|
|
22
|
+
# Here, I use a 1024-bit key for faster tests.
|
|
23
|
+
# Please do not use such small keys in production.
|
|
24
|
+
let(:key_bits) { 1024 }
|
|
25
|
+
let(:key) { OpenSSL::PKey::RSA.generate(key_bits, 65537) }
|
|
26
|
+
let(:certificate_duration) { Flores::Random.number(1..86400) }
|
|
27
|
+
|
|
28
|
+
context "with self-signed client/server certificate" do
|
|
29
|
+
let(:certificate_subject) { "CN=server.example.com" }
|
|
30
|
+
let(:certificate) { csr.create }
|
|
31
|
+
|
|
32
|
+
# Returns [socket, address, port]
|
|
33
|
+
let(:listener) { Flores::Random.tcp_listener }
|
|
34
|
+
let(:server) { listener[0] }
|
|
35
|
+
let(:server_address) { listener[1] }
|
|
36
|
+
let(:server_port) { listener[2] }
|
|
37
|
+
|
|
38
|
+
let(:server_context) { OpenSSL::SSL::SSLContext.new }
|
|
39
|
+
let(:client_context) { OpenSSL::SSL::SSLContext.new }
|
|
40
|
+
|
|
41
|
+
before do
|
|
42
|
+
#Thread.abort_on_exception = true
|
|
43
|
+
csr.subject = certificate_subject
|
|
44
|
+
csr.public_key = key.public_key
|
|
45
|
+
csr.start_time = Time.now
|
|
46
|
+
csr.expire_time = csr.start_time + certificate_duration
|
|
47
|
+
csr.signing_key = key
|
|
48
|
+
csr.want_signature_ability = true
|
|
49
|
+
|
|
50
|
+
server_context.cert = certificate
|
|
51
|
+
server_context.key = key
|
|
52
|
+
server_context.ssl_version = :TLSv1
|
|
53
|
+
server_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
54
|
+
|
|
55
|
+
client_store = OpenSSL::X509::Store.new
|
|
56
|
+
client_store.add_cert(certificate)
|
|
57
|
+
client_context.cert_store = client_store
|
|
58
|
+
client_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
59
|
+
client_context.ssl_version = :TLSv1
|
|
60
|
+
|
|
61
|
+
ssl_server = OpenSSL::SSL::SSLServer.new(server, server_context)
|
|
62
|
+
Thread.new do
|
|
63
|
+
begin
|
|
64
|
+
ssl_server.accept
|
|
65
|
+
rescue => e
|
|
66
|
+
puts "Server accept failed: #{e}"
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
it "should successfully connect as a client" do
|
|
72
|
+
socket = TCPSocket.new(server_address, server_port)
|
|
73
|
+
ssl_client = OpenSSL::SSL::SSLSocket.new(socket, client_context)
|
|
74
|
+
ssl_client.connect
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: flores
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jordan Sissel
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-07-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: |2
|
|
14
14
|
Add fuzzing, randomization, and stress to your tests.
|
|
@@ -23,6 +23,7 @@ executables: []
|
|
|
23
23
|
extensions: []
|
|
24
24
|
extra_rdoc_files: []
|
|
25
25
|
files:
|
|
26
|
+
- ".gitignore"
|
|
26
27
|
- ".rubocop.yml"
|
|
27
28
|
- Gemfile
|
|
28
29
|
- Gemfile.lock
|
|
@@ -40,6 +41,7 @@ files:
|
|
|
40
41
|
- lib/flores/rspec/analyze.rb
|
|
41
42
|
- lib/flores/rspec/formatters/analyze.rb
|
|
42
43
|
- lib/flores/rspec/stress.rb
|
|
44
|
+
- spec/flores/pki_integration_spec.rb
|
|
43
45
|
- spec/flores/pki_spec.rb
|
|
44
46
|
- spec/flores/random_spec.rb
|
|
45
47
|
- spec/flores/rspec/stress_spec.rb
|
|
@@ -65,9 +67,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
65
67
|
version: '0'
|
|
66
68
|
requirements: []
|
|
67
69
|
rubyforge_project:
|
|
68
|
-
rubygems_version: 2.4.
|
|
70
|
+
rubygems_version: 2.4.8
|
|
69
71
|
signing_key:
|
|
70
72
|
specification_version: 4
|
|
71
73
|
summary: Fuzz, randomize, and stress your tests
|
|
72
74
|
test_files: []
|
|
73
|
-
has_rdoc:
|