jruby-openssl 0.8.0.pre3 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest.txt +5 -124
- data/Rakefile +3 -3
- data/lib/shared/jopenssl.jar +0 -0
- data/lib/shared/jopenssl/version.rb +1 -1
- metadata +10 -116
- data/test/1.8/ssl_server.rb +0 -99
- data/test/1.8/test_asn1.rb +0 -212
- data/test/1.8/test_cipher.rb +0 -193
- data/test/1.8/test_config.rb +0 -290
- data/test/1.8/test_digest.rb +0 -88
- data/test/1.8/test_ec.rb +0 -128
- data/test/1.8/test_hmac.rb +0 -46
- data/test/1.8/test_ns_spki.rb +0 -59
- data/test/1.8/test_pair.rb +0 -149
- data/test/1.8/test_pkcs7.rb +0 -489
- data/test/1.8/test_pkey_rsa.rb +0 -49
- data/test/1.8/test_ssl.rb +0 -1032
- data/test/1.8/test_x509cert.rb +0 -277
- data/test/1.8/test_x509crl.rb +0 -253
- data/test/1.8/test_x509ext.rb +0 -99
- data/test/1.8/test_x509name.rb +0 -290
- data/test/1.8/test_x509req.rb +0 -195
- data/test/1.8/test_x509store.rb +0 -246
- data/test/1.8/utils.rb +0 -144
- data/test/1.9/ssl_server.rb +0 -81
- data/test/1.9/test_asn1.rb +0 -589
- data/test/1.9/test_bn.rb +0 -23
- data/test/1.9/test_buffering.rb +0 -88
- data/test/1.9/test_cipher.rb +0 -107
- data/test/1.9/test_config.rb +0 -288
- data/test/1.9/test_digest.rb +0 -118
- data/test/1.9/test_engine.rb +0 -15
- data/test/1.9/test_hmac.rb +0 -32
- data/test/1.9/test_ns_spki.rb +0 -50
- data/test/1.9/test_ocsp.rb +0 -47
- data/test/1.9/test_pair.rb +0 -257
- data/test/1.9/test_pkcs12.rb +0 -209
- data/test/1.9/test_pkcs7.rb +0 -156
- data/test/1.9/test_pkey_dh.rb +0 -72
- data/test/1.9/test_pkey_dsa.rb +0 -224
- data/test/1.9/test_pkey_ec.rb +0 -182
- data/test/1.9/test_pkey_rsa.rb +0 -244
- data/test/1.9/test_ssl.rb +0 -499
- data/test/1.9/test_ssl_session.rb +0 -327
- data/test/1.9/test_x509cert.rb +0 -217
- data/test/1.9/test_x509crl.rb +0 -221
- data/test/1.9/test_x509ext.rb +0 -69
- data/test/1.9/test_x509name.rb +0 -366
- data/test/1.9/test_x509req.rb +0 -150
- data/test/1.9/test_x509store.rb +0 -229
- data/test/1.9/utils.rb +0 -304
- data/test/cert_with_ec_pk.cer +0 -27
- data/test/fixture/ca-bundle.crt +0 -2794
- data/test/fixture/ca_path/72fa7371.0 +0 -19
- data/test/fixture/ca_path/verisign.pem +0 -19
- data/test/fixture/cacert.pem +0 -23
- data/test/fixture/cert_localhost.pem +0 -19
- data/test/fixture/common.pem +0 -48
- data/test/fixture/ids_in_subject_rdn_set.pem +0 -31
- data/test/fixture/imaps/cacert.pem +0 -60
- data/test/fixture/imaps/server.crt +0 -61
- data/test/fixture/imaps/server.key +0 -15
- data/test/fixture/key_then_cert.pem +0 -34
- data/test/fixture/keypair.pem +0 -27
- data/test/fixture/localhost_keypair.pem +0 -18
- data/test/fixture/max.pem +0 -29
- data/test/fixture/purpose/b70a5bc1.0 +0 -24
- data/test/fixture/purpose/ca/PASSWD_OF_CA_KEY_IS_1234 +0 -0
- data/test/fixture/purpose/ca/ca_config.rb +0 -37
- data/test/fixture/purpose/ca/cacert.pem +0 -24
- data/test/fixture/purpose/ca/newcerts/2_cert.pem +0 -19
- data/test/fixture/purpose/ca/newcerts/3_cert.pem +0 -19
- data/test/fixture/purpose/ca/newcerts/4_cert.pem +0 -19
- data/test/fixture/purpose/ca/private/cakeypair.pem +0 -30
- data/test/fixture/purpose/ca/serial +0 -1
- data/test/fixture/purpose/cacert.pem +0 -24
- data/test/fixture/purpose/scripts/gen_cert.rb +0 -127
- data/test/fixture/purpose/scripts/gen_csr.rb +0 -50
- data/test/fixture/purpose/scripts/init_ca.rb +0 -66
- data/test/fixture/purpose/sslclient.pem +0 -19
- data/test/fixture/purpose/sslclient/csr.pem +0 -10
- data/test/fixture/purpose/sslclient/keypair.pem +0 -15
- data/test/fixture/purpose/sslclient/sslclient.pem +0 -19
- data/test/fixture/purpose/sslserver.pem +0 -19
- data/test/fixture/purpose/sslserver/csr.pem +0 -10
- data/test/fixture/purpose/sslserver/keypair.pem +0 -15
- data/test/fixture/purpose/sslserver/sslserver.pem +0 -19
- data/test/fixture/purpose/sslserver_no_dsig_in_keyUsage.pem +0 -19
- data/test/fixture/selfcert.pem +0 -23
- data/test/fixture/verisign.pem +0 -19
- data/test/fixture/verisign_c3.pem +0 -14
- data/test/ref/a.out +0 -0
- data/test/ref/compile.rb +0 -8
- data/test/ref/pkcs1 +0 -0
- data/test/ref/pkcs1.c +0 -21
- data/test/ruby/envutil.rb +0 -208
- data/test/ruby/ut_eof.rb +0 -128
- data/test/test_all.rb +0 -1
- data/test/test_certificate.rb +0 -132
- data/test/test_cipher.rb +0 -197
- data/test/test_imaps.rb +0 -107
- data/test/test_integration.rb +0 -144
- data/test/test_openssl.rb +0 -4
- data/test/test_parse_certificate.rb +0 -27
- data/test/test_pkcs7.rb +0 -56
- data/test/test_pkey_dsa.rb +0 -180
- data/test/test_pkey_rsa.rb +0 -329
- data/test/test_ssl.rb +0 -97
- data/test/test_x509store.rb +0 -168
File without changes
|
@@ -1,37 +0,0 @@
|
|
1
|
-
class CAConfig
|
2
|
-
BASE_DIR = File.dirname(__FILE__)
|
3
|
-
KEYPAIR_FILE = "#{BASE_DIR}/private/cakeypair.pem"
|
4
|
-
CERT_FILE = "#{BASE_DIR}/cacert.pem"
|
5
|
-
SERIAL_FILE = "#{BASE_DIR}/serial"
|
6
|
-
NEW_CERTS_DIR = "#{BASE_DIR}/newcerts"
|
7
|
-
NEW_KEYPAIR_DIR = "#{BASE_DIR}/private/keypair_backup"
|
8
|
-
CRL_DIR = "#{BASE_DIR}/crl"
|
9
|
-
|
10
|
-
NAME = [['C', 'JP'], ['O', 'www.ruby-lang.org'], ['OU', 'development']]
|
11
|
-
CA_CERT_DAYS = 20 * 365
|
12
|
-
CA_RSA_KEY_LENGTH = 2048
|
13
|
-
|
14
|
-
CERT_DAYS = 18 * 365
|
15
|
-
CERT_KEY_LENGTH_MIN = 1024
|
16
|
-
CERT_KEY_LENGTH_MAX = 2048
|
17
|
-
CDP_LOCATION = nil
|
18
|
-
OCSP_LOCATION = nil
|
19
|
-
|
20
|
-
CRL_FILE = "#{CRL_DIR}/jruby.crl"
|
21
|
-
CRL_PEM_FILE = "#{CRL_DIR}/jruby.pem"
|
22
|
-
CRL_DAYS = 14
|
23
|
-
|
24
|
-
PASSWD_CB = Proc.new { |flag|
|
25
|
-
print "Enter password: "
|
26
|
-
pass = $stdin.gets.chop!
|
27
|
-
# when the flag is true, this passphrase
|
28
|
-
# will be used to perform encryption; otherwise it will
|
29
|
-
# be used to perform decryption.
|
30
|
-
if flag
|
31
|
-
print "Verify password: "
|
32
|
-
pass2 = $stdin.gets.chop!
|
33
|
-
raise "verify failed." if pass != pass2
|
34
|
-
end
|
35
|
-
pass
|
36
|
-
}
|
37
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIEADCCAuigAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
|
3
|
-
MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
|
4
|
-
MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDI5MjBaFw0yOTExMTQxMDI5MjBaMEwx
|
5
|
-
CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzEUMBIGA1UE
|
6
|
-
CwwLZGV2ZWxvcG1lbnQxCzAJBgNVBAMMAkNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
7
|
-
AQ8AMIIBCgKCAQEA2nXhXZxXUs1Sfxqi8sReyzPHRcAHQM9RqDAGG9Nt1zYrLXwg
|
8
|
-
MmUhOr4yBeW2KAxJGxdRQSzI38jyT6mrDRBpTl/OeU9zBG4p6AtFGkoMnRvUonB3
|
9
|
-
CvgYJXhmrFjnHn34JNaRSORjaZDBmI9/fMGvaYndEM3wJ2b3jEOeizDIG60kZxA6
|
10
|
-
XQ+X7ral+aABsjomubvjEQ9dlcDhQlssKjbjaN3NZ/kL/i/75jc6rzT05XYYkj+Z
|
11
|
-
9rPRfT+HH3c5EYLtxcRTEHVWXMC8/of7oOFgZwwI3Cx9/v1s2Z6gdJ8J0kIkEoUL
|
12
|
-
ziYsLIOmVB2tx0rKkmeivJB4PTM5QyHb7d1xUwIDAQABo4HsMIHpMA8GA1UdEwEB
|
13
|
-
/wQFMAMBAf8wMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQg
|
14
|
-
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFBOZGvHkAfn+0Ct33rQ6tW2UmF5TMA4GA1Ud
|
15
|
-
DwEB/wQEAwIBBjB0BgNVHSMEbTBrgBQTmRrx5AH5/tArd960OrVtlJheU6FQpE4w
|
16
|
-
TDELMAkGA1UEBhMCSlAxGjAYBgNVBAoMEXd3dy5ydWJ5LWxhbmcub3JnMRQwEgYD
|
17
|
-
VQQLDAtkZXZlbG9wbWVudDELMAkGA1UEAwwCQ0GCAQEwDQYJKoZIhvcNAQEFBQAD
|
18
|
-
ggEBACfgSl3pA+e3JyjgS/zscaJHHNDwXIIoH0KY6pcrZnl7Zh8CW+Gdba621Lek
|
19
|
-
aAy0YhAAM9bF87QZG1+sL7B2H1oSTt7F67SwQfq079oNWjhEdV5dxBKk6XaU0R31
|
20
|
-
KXSsmLR4pMxcFdPzGM0FTiSj9FNKk2pydVySsa5jJeG0qvXVFMqsRUUwklQHl9Kx
|
21
|
-
9GZiknt4PEGj/ThUwarhRbRjV5z7ZxXKexkangBlRWPX7TjvlpZPgLzAODG4fiRW
|
22
|
-
ZUo8Ng7QolTJuPAhlVxhdi9n5hItm6mt21RTpQcP49KoGe8x+T4EzPO0PPdCMliD
|
23
|
-
fH3udDO+bq2F8H4ts6ZJAYWFo8U=
|
24
|
-
-----END CERTIFICATE-----
|
@@ -1,19 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIDBjCCAe6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
|
3
|
-
MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
|
4
|
-
MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDMwMTdaFw0yODExMTQxMDMwMTdaMD0x
|
5
|
-
CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzESMBAGA1UE
|
6
|
-
AwwJc3Nsc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgYsazavfR
|
7
|
-
a72yK4qfnIjOrDT9Uv2ToL4swbE86PXY5N+YvUig3fVmNJo72rT5JlAODs+MtJJU
|
8
|
-
aJ8HsczlGdrhjTWyT/0fyoY/rC4mi5UFASBCbaoaviDPgbhI6ehBY6d5vEYQOW79
|
9
|
-
fL95KIa+OyGzUNYy+EkSxJmvt/8EJYtqIwIDAQABo4GFMIGCMAwGA1UdEwEB/wQC
|
10
|
-
MAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
|
11
|
-
aWNhdGUwHQYDVR0OBBYEFJsUyGU/R4muSKVIeckJElcBNbipMAsGA1UdDwQEAwIF
|
12
|
-
oDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAAc49qdDC
|
13
|
-
TzFoWy794TYEx/uSAFQPMxp/dktYuMvtMSqhOfkDAaX7YFAD40R9tQljm6Vb7uEB
|
14
|
-
afAecveSyBN2EPZas8NdohJJcTT/pu39E9iMuvAoxz+R8RV7S/RikFOtoet79owa
|
15
|
-
6lnD3893tz5RR5BloRX7yRii87U5LUdxd3CvEmA7ycNTO8ZEaAuLDitsTMxhPiIJ
|
16
|
-
DeGW5L8DCyiWuDt9K6S13XdnDxTvYUmafVPU59BncdSoY/3BebappMzDM8QM0yCZ
|
17
|
-
GWh7ItY4sncMur1fc9ZuSsyplT3d3jysmVXolz2khxboMPVBoRSTtgBOn1PSsVma
|
18
|
-
FWULbrbYBK5Cqg==
|
19
|
-
-----END CERTIFICATE-----
|
@@ -1,19 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIDEDCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
|
3
|
-
MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
|
4
|
-
MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDMwMjdaFw0yODExMTQxMDMwMjdaMD0x
|
5
|
-
CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzESMBAGA1UE
|
6
|
-
AwwJc3NsY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgemBPByEo
|
7
|
-
KbxaYnHXJxslyYsdWWCKf6j2mVIoxzC0b7W4TS5loBzOkZ05rkuapZ7O5flSMjtH
|
8
|
-
5NMJ2h7/zsgK5XBkNRCPFK+8HMXVFdSs+euKY+2qE01P0NIuCrkvKjJgsrXdy3sG
|
9
|
-
2UVUEoYEt5MHDR6aBL0Km+nVKc6T7O+KtQIDAQABo4GPMIGMMAwGA1UdEwEB/wQC
|
10
|
-
MAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
|
11
|
-
aWNhdGUwHQYDVR0OBBYEFOFnq0r6adftxM/7aApl0DDrLTNWMAsGA1UdDwQEAwIF
|
12
|
-
4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQAD
|
13
|
-
ggEBACiRGC9KvUP2PaU7JmcIzJHMJtz0mUsO8KJeFWmBCSkfQErF3egOzE47WcRM
|
14
|
-
0lGy0e4fjJB3at/O2V4RgwkFpsBpGXv9LJ5ZVXkEu9PwzwLTGZ4VfSPNIXgse1lK
|
15
|
-
9EYOXgL8XhL7c9XPJLRFOWt6Odwp1VjQ2RqkpYLYnsHZam+5gsRd5K2yS0VO8A1Q
|
16
|
-
otxH1D4evwpoSAaRHSff71Qh7046g2jGvCvdEVqBXuAoOuY8IRvf6YpTKEcPuOOo
|
17
|
-
t7h5kLIVKuG4/AikVZ62Xh7DjdRFxy/Pxg3uIhrvkHkG8QtEFgBBMHoQR6iSGf6N
|
18
|
-
1SNrs9tpu1oqTSzoKFG72BsEA6M=
|
19
|
-
-----END CERTIFICATE-----
|
@@ -1,19 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIDBjCCAe6gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
|
3
|
-
MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
|
4
|
-
MQswCQYDVQQDDAJDQTAeFw0xMTEyMTQwNDQxNTNaFw0yOTEyMDkwNDQxNTNaMD0x
|
5
|
-
CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzESMBAGA1UE
|
6
|
-
AwwJc3Nsc2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgYsazavfR
|
7
|
-
a72yK4qfnIjOrDT9Uv2ToL4swbE86PXY5N+YvUig3fVmNJo72rT5JlAODs+MtJJU
|
8
|
-
aJ8HsczlGdrhjTWyT/0fyoY/rC4mi5UFASBCbaoaviDPgbhI6ehBY6d5vEYQOW79
|
9
|
-
fL95KIa+OyGzUNYy+EkSxJmvt/8EJYtqIwIDAQABo4GFMIGCMAwGA1UdEwEB/wQC
|
10
|
-
MAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
|
11
|
-
aWNhdGUwHQYDVR0OBBYEFJsUyGU/R4muSKVIeckJElcBNbipMAsGA1UdDwQEAwIF
|
12
|
-
IDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEArdmTvG5H
|
13
|
-
elHkiHWp/yFdiIrbUHfDsAmB1jN7Zhte9yWzUuaVKR6GS6FzL4zU6dgAA3UNroVK
|
14
|
-
MuyeL5Cejsck2+HgOvAtwTJFjP4c8YwdlYuycvMkk5EbaByY1h59ZvV1J+GxmoDA
|
15
|
-
uO3iTqGrKwrFDK59yuxhdn1yyGTwYTBAdvllfSmTmfnbOkV/faF8gpRvrenx3lLK
|
16
|
-
eAVhBCzAw2cblXKJEvly+wzAXykS6jagtrnHm5ilt2R5zPzS1wNJlzBq4laI+pZU
|
17
|
-
timqb2wMA9TLd4FCKqK4HwiUKyAR7eknxtdskQ0/2DBAiOoh1Gl5hwnrDAlb73vA
|
18
|
-
DDOusxgmoBZS4w==
|
19
|
-
-----END CERTIFICATE-----
|
@@ -1,30 +0,0 @@
|
|
1
|
-
-----BEGIN RSA PRIVATE KEY-----
|
2
|
-
Proc-Type: 4,ENCRYPTED
|
3
|
-
DEK-Info: DES-EDE3-CBC,1381BA5304F6971E
|
4
|
-
|
5
|
-
NmDiHjP3Kn3gG7q0oG8n5nyCM8wp5PYeEpuwrZmnNzpdsTTxpPV2Px8wy9EBrR4k
|
6
|
-
SeZufUHA7T+zOLc1mSGMm+LOSSV2CMcUnby+yVRuV7CTtw7AwD+et7asff/HU1v6
|
7
|
-
GE4SbX0tnZskiAR00zZTN/C17w27HIG7qNHrEjCng/S4fKFVNe6riQbmQqvykYQS
|
8
|
-
8bZsQzzlB8e8kxNV5EDvYag3oevgY7RpIWUXEwTHd46o+8GsExuhs+8WpiO1az1D
|
9
|
-
vu0u0MpO5t6PKyafp5vdiLTiwoY8VUdCF627FbyCWFkSuRbYxXNiRZzIvgwtZS7d
|
10
|
-
wHOr5aVA2ROli2S7W5Mmx00tww05mPdzQbk5q6ZMxD+lK9bIuHEGwBY0IaWjkJtt
|
11
|
-
a0RyBilLatVE9866D40dmNKA4mzAqtADdq6vwzoEqd7kVdwjdk7EMvaZgACrBypH
|
12
|
-
NfadJ+HG2TW+4gnZLG60y6YaMPXAbObCUHCUYVhJe/E4mGdSkKOGgiQks9hT448T
|
13
|
-
+/YBt2TqCq3UQU2rfxLVV6AlD/tywTwPTb0Leu40oTNEQyJ9aaQXmcZHZlDWI+Sl
|
14
|
-
xdvGule84RenlV+GnC5UlBxUopTKbVSI7tw10grJtz5/TWx7ubOQ4pCNHzxksQH7
|
15
|
-
YqygX5F6jlR6GbZFYUozNf57Frh9zUmhc6YWGFeTz1uc6rRqTCrKcyqvRD9QCYPY
|
16
|
-
P+8MhvztbbYOr+XRStVeuDXzMwS6/HUrlPTt0IvO3Hq9dFDaTg1bW4mzgdKuYotV
|
17
|
-
VF5DRenkF8lalTFpMppNsfpldazrZ8VvW5qRwbKF4mu7AWsBh9IpZMW15LtI7fUA
|
18
|
-
L+JQO8aBUq6gyXTzaJxx8kxpdcIRtubOIultptj2m/XPXNNFSsI5DMv7V5jh58sC
|
19
|
-
ju2RwxwivcWh1XtQxc4RNzvP3/Ek85at+cO9Q74Tu4f8alJZiWT51PZRwaucdQ8y
|
20
|
-
rYT32rsqoWw1MvkDDENHbEt1QZ7AFmO3zFeGYXbPNHoi2gKzCo7xQtCm+QXQAh7B
|
21
|
-
87KoKqwS9BO9QA/F+htVW9mbA+Yc5a2vcykxYbGlGqyMleI8cU5AeIbGoZdyYaun
|
22
|
-
cDX/NtyV3HGPD5aHUPcz/sP7KAbdLzwh72CzRqQQo8yxOmQEWdd7W8jtxt0on2cs
|
23
|
-
AXj59c9jKRJl5XlXMQO+VWnWO04bWxs8PAgop5Y4ePY766/mL1bAr02kdI6DJ9mx
|
24
|
-
Opmpqk4gPZpnksnCQWJelPPYad0S49QxbOIWf5bI9FMi+6cgVh76iC5nMGVGI+gw
|
25
|
-
lS64zEHhSRXuAC9Nsw5d+owc3aCG15DzUjpEBhDJ8EYKP9kgiJU0rnqPqGrriyrb
|
26
|
-
f6kNOisGvAbI3RldVDLvvZbZEffPu60yA1rP7XaBRPn4K3g+3KTiEcn00wwJaoc3
|
27
|
-
rddzmUCbx6fOluN+34BiPdJzHBZsROEvCcT4KGw1/nZIp/GgX3f3nPW40go2RLFP
|
28
|
-
THQ5L0tuEvyhtJWaiLzjoZ3kCiwWZUzUwYCSfP9raVVXAxLoS4wU+qqKPl6/AaLI
|
29
|
-
NDgIDJtZ0hrnptZuCkBUzVGQzxpMr8IVK/zQDq8uSXI53heZhLQoww==
|
30
|
-
-----END RSA PRIVATE KEY-----
|
@@ -1 +0,0 @@
|
|
1
|
-
0005
|
@@ -1,24 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIEADCCAuigAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
|
3
|
-
MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
|
4
|
-
MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDI5MjBaFw0yOTExMTQxMDI5MjBaMEwx
|
5
|
-
CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzEUMBIGA1UE
|
6
|
-
CwwLZGV2ZWxvcG1lbnQxCzAJBgNVBAMMAkNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
7
|
-
AQ8AMIIBCgKCAQEA2nXhXZxXUs1Sfxqi8sReyzPHRcAHQM9RqDAGG9Nt1zYrLXwg
|
8
|
-
MmUhOr4yBeW2KAxJGxdRQSzI38jyT6mrDRBpTl/OeU9zBG4p6AtFGkoMnRvUonB3
|
9
|
-
CvgYJXhmrFjnHn34JNaRSORjaZDBmI9/fMGvaYndEM3wJ2b3jEOeizDIG60kZxA6
|
10
|
-
XQ+X7ral+aABsjomubvjEQ9dlcDhQlssKjbjaN3NZ/kL/i/75jc6rzT05XYYkj+Z
|
11
|
-
9rPRfT+HH3c5EYLtxcRTEHVWXMC8/of7oOFgZwwI3Cx9/v1s2Z6gdJ8J0kIkEoUL
|
12
|
-
ziYsLIOmVB2tx0rKkmeivJB4PTM5QyHb7d1xUwIDAQABo4HsMIHpMA8GA1UdEwEB
|
13
|
-
/wQFMAMBAf8wMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQg
|
14
|
-
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFBOZGvHkAfn+0Ct33rQ6tW2UmF5TMA4GA1Ud
|
15
|
-
DwEB/wQEAwIBBjB0BgNVHSMEbTBrgBQTmRrx5AH5/tArd960OrVtlJheU6FQpE4w
|
16
|
-
TDELMAkGA1UEBhMCSlAxGjAYBgNVBAoMEXd3dy5ydWJ5LWxhbmcub3JnMRQwEgYD
|
17
|
-
VQQLDAtkZXZlbG9wbWVudDELMAkGA1UEAwwCQ0GCAQEwDQYJKoZIhvcNAQEFBQAD
|
18
|
-
ggEBACfgSl3pA+e3JyjgS/zscaJHHNDwXIIoH0KY6pcrZnl7Zh8CW+Gdba621Lek
|
19
|
-
aAy0YhAAM9bF87QZG1+sL7B2H1oSTt7F67SwQfq079oNWjhEdV5dxBKk6XaU0R31
|
20
|
-
KXSsmLR4pMxcFdPzGM0FTiSj9FNKk2pydVySsa5jJeG0qvXVFMqsRUUwklQHl9Kx
|
21
|
-
9GZiknt4PEGj/ThUwarhRbRjV5z7ZxXKexkangBlRWPX7TjvlpZPgLzAODG4fiRW
|
22
|
-
ZUo8Ng7QolTJuPAhlVxhdi9n5hItm6mt21RTpQcP49KoGe8x+T4EzPO0PPdCMliD
|
23
|
-
fH3udDO+bq2F8H4ts6ZJAYWFo8U=
|
24
|
-
-----END CERTIFICATE-----
|
@@ -1,127 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
require 'openssl'
|
4
|
-
require 'ca_config'
|
5
|
-
require 'fileutils'
|
6
|
-
require 'getopts'
|
7
|
-
|
8
|
-
include OpenSSL
|
9
|
-
|
10
|
-
def usage
|
11
|
-
myname = File::basename($0)
|
12
|
-
$stderr.puts "Usage: #{myname} [--type (client|server|ca|ocsp)] [--out certfile] csr_file"
|
13
|
-
exit
|
14
|
-
end
|
15
|
-
|
16
|
-
getopts nil, 'type:client', 'out:', 'force'
|
17
|
-
|
18
|
-
cert_type = $OPT_type
|
19
|
-
out_file = $OPT_out || 'cert.pem'
|
20
|
-
csr_file = ARGV.shift or usage
|
21
|
-
ARGV.empty? or usage
|
22
|
-
|
23
|
-
csr = X509::Request.new(File.open(csr_file).read)
|
24
|
-
unless csr.verify(csr.public_key)
|
25
|
-
raise "CSR sign verification failed."
|
26
|
-
end
|
27
|
-
p csr.public_key
|
28
|
-
if csr.public_key.n.num_bits < CAConfig::CERT_KEY_LENGTH_MIN
|
29
|
-
raise "Key length too short"
|
30
|
-
end
|
31
|
-
if csr.public_key.n.num_bits > CAConfig::CERT_KEY_LENGTH_MAX
|
32
|
-
raise "Key length too long"
|
33
|
-
end
|
34
|
-
if csr.subject.to_a[0, CAConfig::NAME.size] != CAConfig::NAME
|
35
|
-
unless $OPT_force
|
36
|
-
p csr.subject.to_a
|
37
|
-
p CAConfig::NAME
|
38
|
-
raise "DN does not match"
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
# Only checks signature here. You must verify CSR according to your CP/CPS.
|
43
|
-
|
44
|
-
$stdout.sync = true
|
45
|
-
|
46
|
-
# CA setup
|
47
|
-
|
48
|
-
ca_file = CAConfig::CERT_FILE
|
49
|
-
puts "Reading CA cert (from #{ca_file})"
|
50
|
-
ca = X509::Certificate.new(File.read(ca_file))
|
51
|
-
|
52
|
-
ca_keypair_file = CAConfig::KEYPAIR_FILE
|
53
|
-
puts "Reading CA keypair (from #{ca_keypair_file})"
|
54
|
-
ca_keypair = PKey::RSA.new(File.read(ca_keypair_file), &CAConfig::PASSWD_CB)
|
55
|
-
|
56
|
-
serial = File.open(CAConfig::SERIAL_FILE, "r").read.chomp.hex
|
57
|
-
File.open(CAConfig::SERIAL_FILE, "w") do |f|
|
58
|
-
f << sprintf("%04X", serial + 1)
|
59
|
-
end
|
60
|
-
|
61
|
-
# Generate new cert
|
62
|
-
|
63
|
-
cert = X509::Certificate.new
|
64
|
-
from = Time.now # + 30 * 60 # Wait 30 minutes.
|
65
|
-
cert.subject = csr.subject
|
66
|
-
cert.issuer = ca.subject
|
67
|
-
cert.not_before = from
|
68
|
-
cert.not_after = from + CAConfig::CERT_DAYS * 24 * 60 * 60
|
69
|
-
cert.public_key = csr.public_key
|
70
|
-
cert.serial = serial
|
71
|
-
cert.version = 2 # X509v3
|
72
|
-
|
73
|
-
basic_constraint = nil
|
74
|
-
key_usage = []
|
75
|
-
ext_key_usage = []
|
76
|
-
case cert_type
|
77
|
-
when "ca"
|
78
|
-
basic_constraint = "CA:TRUE"
|
79
|
-
key_usage << "cRLSign" << "keyCertSign"
|
80
|
-
when "terminalsubca"
|
81
|
-
basic_constraint = "CA:TRUE,pathlen:0"
|
82
|
-
key_usage << "cRLSign" << "keyCertSign"
|
83
|
-
when "server"
|
84
|
-
basic_constraint = "CA:FALSE"
|
85
|
-
key_usage << "digitalSignature" << "keyEncipherment"
|
86
|
-
ext_key_usage << "serverAuth"
|
87
|
-
when "ocsp"
|
88
|
-
basic_constraint = "CA:FALSE"
|
89
|
-
key_usage << "nonRepudiation" << "digitalSignature"
|
90
|
-
ext_key_usage << "serverAuth" << "OCSPSigning"
|
91
|
-
when "client"
|
92
|
-
basic_constraint = "CA:FALSE"
|
93
|
-
key_usage << "nonRepudiation" << "digitalSignature" << "keyEncipherment"
|
94
|
-
ext_key_usage << "clientAuth" << "emailProtection"
|
95
|
-
else
|
96
|
-
raise "unknonw cert type \"#{cert_type}\" is specified."
|
97
|
-
end
|
98
|
-
|
99
|
-
ef = X509::ExtensionFactory.new
|
100
|
-
ef.subject_certificate = cert
|
101
|
-
ef.issuer_certificate = ca
|
102
|
-
ex = []
|
103
|
-
ex << ef.create_extension("basicConstraints", basic_constraint, true)
|
104
|
-
ex << ef.create_extension("nsComment","Ruby/OpenSSL Generated Certificate")
|
105
|
-
ex << ef.create_extension("subjectKeyIdentifier", "hash")
|
106
|
-
#ex << ef.create_extension("nsCertType", "client,email")
|
107
|
-
ex << ef.create_extension("keyUsage", key_usage.join(",")) unless key_usage.empty?
|
108
|
-
#ex << ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
|
109
|
-
#ex << ef.create_extension("authorityKeyIdentifier", "keyid:always")
|
110
|
-
ex << ef.create_extension("extendedKeyUsage", ext_key_usage.join(",")) unless ext_key_usage.empty?
|
111
|
-
|
112
|
-
ex << ef.create_extension("crlDistributionPoints", CAConfig::CDP_LOCATION) if CAConfig::CDP_LOCATION
|
113
|
-
ex << ef.create_extension("authorityInfoAccess", "OCSP;" << CAConfig::OCSP_LOCATION) if CAConfig::OCSP_LOCATION
|
114
|
-
cert.extensions = ex
|
115
|
-
cert.sign(ca_keypair, OpenSSL::Digest::SHA1.new)
|
116
|
-
|
117
|
-
# For backup
|
118
|
-
|
119
|
-
cert_file = CAConfig::NEW_CERTS_DIR + "/#{cert.serial}_cert.pem"
|
120
|
-
File.open(cert_file, "w", 0644) do |f|
|
121
|
-
f << cert.to_pem
|
122
|
-
end
|
123
|
-
|
124
|
-
puts "Writing cert.pem..."
|
125
|
-
FileUtils.copy(cert_file, out_file)
|
126
|
-
|
127
|
-
puts "DONE. (Generated certificate for '#{cert.subject}')"
|
@@ -1,50 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
require 'getopts'
|
4
|
-
require 'openssl'
|
5
|
-
|
6
|
-
include OpenSSL
|
7
|
-
|
8
|
-
def usage
|
9
|
-
myname = File::basename($0)
|
10
|
-
$stderr.puts <<EOS
|
11
|
-
Usage: #{myname} [--key keypair_file] name
|
12
|
-
name ... ex. /C=JP/O=RRR/OU=CA/CN=NaHi/emailAddress=nahi@example.org
|
13
|
-
EOS
|
14
|
-
exit
|
15
|
-
end
|
16
|
-
|
17
|
-
getopts nil, "key:", "csrout:", "keyout:"
|
18
|
-
keypair_file = $OPT_key
|
19
|
-
csrout = $OPT_csrout || "csr.pem"
|
20
|
-
keyout = $OPT_keyout || "keypair.pem"
|
21
|
-
|
22
|
-
$stdout.sync = true
|
23
|
-
name_str = ARGV.shift or usage()
|
24
|
-
p name_str
|
25
|
-
name = X509::Name.parse(name_str)
|
26
|
-
|
27
|
-
keypair = nil
|
28
|
-
if keypair_file
|
29
|
-
keypair = PKey::RSA.new(File.open(keypair_file).read)
|
30
|
-
else
|
31
|
-
keypair = PKey::RSA.new(1024) { putc "." }
|
32
|
-
puts
|
33
|
-
puts "Writing #{keyout}..."
|
34
|
-
File.open(keyout, "w", 0400) do |f|
|
35
|
-
f << keypair.to_pem
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
puts "Generating CSR for #{name_str}"
|
40
|
-
|
41
|
-
req = X509::Request.new
|
42
|
-
req.version = 0
|
43
|
-
req.subject = name
|
44
|
-
req.public_key = keypair.public_key
|
45
|
-
req.sign(keypair, OpenSSL::Digest::MD5.new)
|
46
|
-
|
47
|
-
puts "Writing #{csrout}..."
|
48
|
-
File.open(csrout, "w") do |f|
|
49
|
-
f << req.to_pem
|
50
|
-
end
|
@@ -1,66 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
require 'openssl'
|
4
|
-
require 'ca_config'
|
5
|
-
|
6
|
-
include OpenSSL
|
7
|
-
|
8
|
-
$stdout.sync = true
|
9
|
-
|
10
|
-
cn = ARGV.shift || 'CA'
|
11
|
-
|
12
|
-
unless FileTest.exist?('private')
|
13
|
-
Dir.mkdir('private', 0700)
|
14
|
-
end
|
15
|
-
unless FileTest.exist?('newcerts')
|
16
|
-
Dir.mkdir('newcerts')
|
17
|
-
end
|
18
|
-
unless FileTest.exist?('crl')
|
19
|
-
Dir.mkdir('crl')
|
20
|
-
end
|
21
|
-
unless FileTest.exist?('serial')
|
22
|
-
File.open('serial', 'w') do |f|
|
23
|
-
f << '2'
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
print "Generating CA keypair: "
|
28
|
-
keypair = PKey::RSA.new(CAConfig::CA_RSA_KEY_LENGTH) { putc "." }
|
29
|
-
putc "\n"
|
30
|
-
|
31
|
-
now = Time.now
|
32
|
-
cert = X509::Certificate.new
|
33
|
-
name = CAConfig::NAME.dup << ['CN', cn]
|
34
|
-
cert.subject = cert.issuer = X509::Name.new(name)
|
35
|
-
cert.not_before = now
|
36
|
-
cert.not_after = now + CAConfig::CA_CERT_DAYS * 24 * 60 * 60
|
37
|
-
cert.public_key = keypair.public_key
|
38
|
-
cert.serial = 0x1
|
39
|
-
cert.version = 2 # X509v3
|
40
|
-
|
41
|
-
key_usage = ["cRLSign", "keyCertSign"]
|
42
|
-
ef = X509::ExtensionFactory.new
|
43
|
-
ef.subject_certificate = cert
|
44
|
-
ef.issuer_certificate = cert # we needed subjectKeyInfo inside, now we have it
|
45
|
-
ext1 = ef.create_extension("basicConstraints","CA:TRUE", true)
|
46
|
-
ext2 = ef.create_extension("nsComment","Ruby/OpenSSL Generated Certificate")
|
47
|
-
ext3 = ef.create_extension("subjectKeyIdentifier", "hash")
|
48
|
-
ext4 = ef.create_extension("keyUsage", key_usage.join(","), true)
|
49
|
-
cert.extensions = [ext1, ext2, ext3, ext4]
|
50
|
-
ext0 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
|
51
|
-
cert.add_extension(ext0)
|
52
|
-
cert.sign(keypair, OpenSSL::Digest::SHA1.new)
|
53
|
-
|
54
|
-
keypair_file = CAConfig::KEYPAIR_FILE
|
55
|
-
puts "Writing keypair."
|
56
|
-
File.open(keypair_file, "w", 0400) do |f|
|
57
|
-
f << keypair.export(Cipher::DES.new(:EDE3, :CBC), &CAConfig::PASSWD_CB)
|
58
|
-
end
|
59
|
-
|
60
|
-
cert_file = CAConfig::CERT_FILE
|
61
|
-
puts "Writing #{cert_file}."
|
62
|
-
File.open(cert_file, "w", 0644) do |f|
|
63
|
-
f << cert.to_pem
|
64
|
-
end
|
65
|
-
|
66
|
-
puts "DONE. (Generated certificate for '#{cert.subject}')"
|
@@ -1,19 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIDEDCCAfigAwIBAgIBAzANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJKUDEa
|
3
|
-
MBgGA1UECgwRd3d3LnJ1YnktbGFuZy5vcmcxFDASBgNVBAsMC2RldmVsb3BtZW50
|
4
|
-
MQswCQYDVQQDDAJDQTAeFw0wOTExMTkxMDMwMjdaFw0yODExMTQxMDMwMjdaMD0x
|
5
|
-
CzAJBgNVBAYTAkpQMRowGAYDVQQKDBF3d3cucnVieS1sYW5nLm9yZzESMBAGA1UE
|
6
|
-
AwwJc3NsY2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgemBPByEo
|
7
|
-
KbxaYnHXJxslyYsdWWCKf6j2mVIoxzC0b7W4TS5loBzOkZ05rkuapZ7O5flSMjtH
|
8
|
-
5NMJ2h7/zsgK5XBkNRCPFK+8HMXVFdSs+euKY+2qE01P0NIuCrkvKjJgsrXdy3sG
|
9
|
-
2UVUEoYEt5MHDR6aBL0Km+nVKc6T7O+KtQIDAQABo4GPMIGMMAwGA1UdEwEB/wQC
|
10
|
-
MAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
|
11
|
-
aWNhdGUwHQYDVR0OBBYEFOFnq0r6adftxM/7aApl0DDrLTNWMAsGA1UdDwQEAwIF
|
12
|
-
4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQAD
|
13
|
-
ggEBACiRGC9KvUP2PaU7JmcIzJHMJtz0mUsO8KJeFWmBCSkfQErF3egOzE47WcRM
|
14
|
-
0lGy0e4fjJB3at/O2V4RgwkFpsBpGXv9LJ5ZVXkEu9PwzwLTGZ4VfSPNIXgse1lK
|
15
|
-
9EYOXgL8XhL7c9XPJLRFOWt6Odwp1VjQ2RqkpYLYnsHZam+5gsRd5K2yS0VO8A1Q
|
16
|
-
otxH1D4evwpoSAaRHSff71Qh7046g2jGvCvdEVqBXuAoOuY8IRvf6YpTKEcPuOOo
|
17
|
-
t7h5kLIVKuG4/AikVZ62Xh7DjdRFxy/Pxg3uIhrvkHkG8QtEFgBBMHoQR6iSGf6N
|
18
|
-
1SNrs9tpu1oqTSzoKFG72BsEA6M=
|
19
|
-
-----END CERTIFICATE-----
|