kybus-ssl 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/kybus/ssl.rb +4 -0
- data/lib/kybus/ssl/certificate.rb +55 -0
- data/lib/kybus/ssl/configuration.rb +57 -0
- data/lib/kybus/ssl/inventory.rb +71 -0
- data/lib/kybus/ssl/revocation_list.rb +10 -0
- data/lib/kybus/ssl/version.rb +7 -0
- metadata +133 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: e2bf5e7b4893134432a12134b41fb41b318b7ef6928e5690a4ec2a978b06cebe
|
4
|
+
data.tar.gz: 9576e4b32580447fc71678eec7ee7f56e5a7a5c6f34e8d6015aee3d846a00bb1
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 726fae80d20e37cc77fe945a33cbee37f093d39e862bb1228c0397c624c476144e91a26ddfefae7e2200c5a05aeaafba483c60c3c3986d31b83dd63afe080a09
|
7
|
+
data.tar.gz: c7adaeedef2ea71b15c948eb79eb70c8a10082a550aceba4b9a0965b974b6005b26169bc259872d0f7c9342645c25b8ee1d7826158b5999d9d1bd218371423e0
|
data/lib/kybus/ssl.rb
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'openssl'
|
4
|
+
|
5
|
+
module Kybus
|
6
|
+
module SSL
|
7
|
+
# Stores a X509 certificate.
|
8
|
+
class Certificate
|
9
|
+
attr_reader :cert, :key
|
10
|
+
|
11
|
+
def initialize(config, inventory)
|
12
|
+
@config = config
|
13
|
+
@inventory = inventory
|
14
|
+
@key = OpenSSL::PKey::RSA.new(@config['key_size'])
|
15
|
+
@cert = OpenSSL::X509::Certificate.new
|
16
|
+
@cert.public_key = @key.public_key
|
17
|
+
@extensions = OpenSSL::X509::ExtensionFactory.new
|
18
|
+
@extensions.subject_certificate = @cert
|
19
|
+
end
|
20
|
+
|
21
|
+
def create!
|
22
|
+
return if File.file?(@config.key_path)
|
23
|
+
|
24
|
+
@ca = @inventory.ca(@config['parent'])
|
25
|
+
configure_details!
|
26
|
+
configure_extensions!
|
27
|
+
sign!
|
28
|
+
save!
|
29
|
+
end
|
30
|
+
|
31
|
+
def configure_details!
|
32
|
+
@config.configure_cert_details!(@cert)
|
33
|
+
end
|
34
|
+
|
35
|
+
def configure_extensions!
|
36
|
+
@extensions.issuer_certificate = @ca.cert
|
37
|
+
@config.configure_extensions!(@cert, @extensions)
|
38
|
+
end
|
39
|
+
|
40
|
+
def sign!
|
41
|
+
@cert.issuer = @ca.cert.subject
|
42
|
+
@cert.sign(@ca.key, OpenSSL::Digest::SHA256.new)
|
43
|
+
end
|
44
|
+
|
45
|
+
def save!
|
46
|
+
File.write(@config.key_path, @key.to_s)
|
47
|
+
File.write(@config.crt_path, @cert.to_s)
|
48
|
+
end
|
49
|
+
|
50
|
+
def ca_name
|
51
|
+
@config['ca']
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Kybus
|
4
|
+
module SSL
|
5
|
+
# Stores a configuration for a certificate
|
6
|
+
class Configuration
|
7
|
+
ONE_YEAR = 60 * 60 * 24 * 365
|
8
|
+
|
9
|
+
def initialize(root, group, cert)
|
10
|
+
@config = root.merge(group).merge(cert)
|
11
|
+
end
|
12
|
+
|
13
|
+
def saving_directory(type)
|
14
|
+
path = @config['saving_directory']
|
15
|
+
serial = @config['serial']
|
16
|
+
"#{path}/#{serial}.#{type}.pem"
|
17
|
+
end
|
18
|
+
|
19
|
+
def crt_path
|
20
|
+
saving_directory('crt')
|
21
|
+
end
|
22
|
+
|
23
|
+
def key_path
|
24
|
+
saving_directory('key')
|
25
|
+
end
|
26
|
+
|
27
|
+
def subject_string
|
28
|
+
"/C=#{@config['country']}/ST=#{@config['state']}" \
|
29
|
+
"/L=#{@config['city']}/O=#{@config['organization']}" \
|
30
|
+
"/OU=#{@config['team']}/CN=#{@config['name']}"
|
31
|
+
end
|
32
|
+
|
33
|
+
def configure_cert_details!(cert)
|
34
|
+
cert.version = 2
|
35
|
+
cert.serial = @config['serial']
|
36
|
+
cert.subject = OpenSSL::X509::Name.parse(subject_string)
|
37
|
+
cert.not_before = Time.now
|
38
|
+
cert.not_after = cert.not_before + ONE_YEAR * @config['expiration']
|
39
|
+
end
|
40
|
+
|
41
|
+
def configure_extensions!(cert, extension_factory)
|
42
|
+
@config['extensions'].each do |name, details|
|
43
|
+
extension = extension_factory.create_extension(
|
44
|
+
name,
|
45
|
+
details['details'],
|
46
|
+
details['critical']
|
47
|
+
)
|
48
|
+
cert.add_extension(extension)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def [](key)
|
53
|
+
@config[key]
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'configuration'
|
4
|
+
require_relative 'certificate'
|
5
|
+
require_relative 'revocation_list'
|
6
|
+
|
7
|
+
require 'fileutils'
|
8
|
+
|
9
|
+
module Kybus
|
10
|
+
module SSL
|
11
|
+
# This provides a full inventory of PKI.
|
12
|
+
# It is composed of:
|
13
|
+
# - Authorities
|
14
|
+
# - Clients
|
15
|
+
# - Servers
|
16
|
+
class Inventory
|
17
|
+
attr_reader :defaults
|
18
|
+
|
19
|
+
def initialize(defaults, auth, clients, servers)
|
20
|
+
@defaults = defaults
|
21
|
+
@authorities = SubInventory.new(auth, self)
|
22
|
+
@clients = SubInventory.new(clients, self)
|
23
|
+
@servers = SubInventory.new(servers, self)
|
24
|
+
end
|
25
|
+
|
26
|
+
def create_certificates!
|
27
|
+
validate_inventories!
|
28
|
+
create_directory!
|
29
|
+
[@authorities, @clients, @servers].each(&:create_certificates!)
|
30
|
+
end
|
31
|
+
|
32
|
+
# TODO: Implement validation of inventories
|
33
|
+
def validate_inventories!
|
34
|
+
true
|
35
|
+
end
|
36
|
+
|
37
|
+
def create_directory!
|
38
|
+
FileUtils.mkdir_p(@defaults['saving_directory'])
|
39
|
+
end
|
40
|
+
|
41
|
+
def ca(name)
|
42
|
+
@authorities.ca(name)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
# Implements a single inventory. It creates certificates using similar
|
47
|
+
# configurations.
|
48
|
+
class SubInventory
|
49
|
+
def initialize(configs, inventory)
|
50
|
+
defaults = configs['defaults']
|
51
|
+
@parent = inventory
|
52
|
+
@certificates = configs['certificates'].map do |cert|
|
53
|
+
configuration = Configuration.new(
|
54
|
+
inventory.defaults,
|
55
|
+
defaults,
|
56
|
+
cert
|
57
|
+
)
|
58
|
+
Certificate.new(configuration, inventory)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
def create_certificates!
|
63
|
+
@certificates.each(&:create!)
|
64
|
+
end
|
65
|
+
|
66
|
+
def ca(name)
|
67
|
+
@certificates.find { |cert| cert.ca_name == name }
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
metadata
ADDED
@@ -0,0 +1,133 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: kybus-ssl
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Gilberto Vargas
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2021-06-15 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: minitest
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '5.11'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '5.11'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: pry
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0.12'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0.12'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '12.3'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '12.3'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rdoc
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '6.1'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '6.1'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: simplecov
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0.16'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0.16'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: webmock
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '3.5'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '3.5'
|
97
|
+
description: Package for creating self signed certificates for development purpose
|
98
|
+
email:
|
99
|
+
- tachoguitar@gmail.com
|
100
|
+
executables: []
|
101
|
+
extensions: []
|
102
|
+
extra_rdoc_files: []
|
103
|
+
files:
|
104
|
+
- lib/kybus/ssl.rb
|
105
|
+
- lib/kybus/ssl/certificate.rb
|
106
|
+
- lib/kybus/ssl/configuration.rb
|
107
|
+
- lib/kybus/ssl/inventory.rb
|
108
|
+
- lib/kybus/ssl/revocation_list.rb
|
109
|
+
- lib/kybus/ssl/version.rb
|
110
|
+
homepage: https://github.com/KueskiEngineering/ruby-kybus-server
|
111
|
+
licenses:
|
112
|
+
- MIT
|
113
|
+
metadata: {}
|
114
|
+
post_install_message:
|
115
|
+
rdoc_options: []
|
116
|
+
require_paths:
|
117
|
+
- lib
|
118
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
119
|
+
requirements:
|
120
|
+
- - ">="
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
version: '0'
|
123
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
124
|
+
requirements:
|
125
|
+
- - ">="
|
126
|
+
- !ruby/object:Gem::Version
|
127
|
+
version: '0'
|
128
|
+
requirements: []
|
129
|
+
rubygems_version: 3.1.4
|
130
|
+
signing_key:
|
131
|
+
specification_version: 4
|
132
|
+
summary: Kybus SSL tools
|
133
|
+
test_files: []
|