kybus-ssl 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +7 -0
  2. data/lib/kybus/ssl.rb +4 -0
  3. data/lib/kybus/ssl/certificate.rb +55 -0
  4. data/lib/kybus/ssl/configuration.rb +57 -0
  5. data/lib/kybus/ssl/inventory.rb +71 -0
  6. data/lib/kybus/ssl/revocation_list.rb +10 -0
  7. data/lib/kybus/ssl/version.rb +7 -0
  8. metadata +133 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: e2bf5e7b4893134432a12134b41fb41b318b7ef6928e5690a4ec2a978b06cebe
4
+ data.tar.gz: 9576e4b32580447fc71678eec7ee7f56e5a7a5c6f34e8d6015aee3d846a00bb1
5
+ SHA512:
6
+ metadata.gz: 726fae80d20e37cc77fe945a33cbee37f093d39e862bb1228c0397c624c476144e91a26ddfefae7e2200c5a05aeaafba483c60c3c3986d31b83dd63afe080a09
7
+ data.tar.gz: c7adaeedef2ea71b15c948eb79eb70c8a10082a550aceba4b9a0965b974b6005b26169bc259872d0f7c9342645c25b8ee1d7826158b5999d9d1bd218371423e0
data/lib/kybus/ssl.rb ADDED
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'ssl/inventory'
4
+ require_relative 'ssl/version'
data/lib/kybus/ssl/certificate.rb ADDED
@@ -0,0 +1,55 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'openssl'
4
+
5
+ module Kybus
6
+ module SSL
7
+ # Stores a X509 certificate.
8
+ class Certificate
9
+ attr_reader :cert, :key
10
+
11
+ def initialize(config, inventory)
12
+ @config = config
13
+ @inventory = inventory
14
+ @key = OpenSSL::PKey::RSA.new(@config['key_size'])
15
+ @cert = OpenSSL::X509::Certificate.new
16
+ @cert.public_key = @key.public_key
17
+ @extensions = OpenSSL::X509::ExtensionFactory.new
18
+ @extensions.subject_certificate = @cert
19
+ end
20
+
21
+ def create!
22
+ return if File.file?(@config.key_path)
23
+
24
+ @ca = @inventory.ca(@config['parent'])
25
+ configure_details!
26
+ configure_extensions!
27
+ sign!
28
+ save!
29
+ end
30
+
31
+ def configure_details!
32
+ @config.configure_cert_details!(@cert)
33
+ end
34
+
35
+ def configure_extensions!
36
+ @extensions.issuer_certificate = @ca.cert
37
+ @config.configure_extensions!(@cert, @extensions)
38
+ end
39
+
40
+ def sign!
41
+ @cert.issuer = @ca.cert.subject
42
+ @cert.sign(@ca.key, OpenSSL::Digest::SHA256.new)
43
+ end
44
+
45
+ def save!
46
+ File.write(@config.key_path, @key.to_s)
47
+ File.write(@config.crt_path, @cert.to_s)
48
+ end
49
+
50
+ def ca_name
51
+ @config['ca']
52
+ end
53
+ end
54
+ end
55
+ end
data/lib/kybus/ssl/configuration.rb ADDED
@@ -0,0 +1,57 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Kybus
4
+ module SSL
5
+ # Stores a configuration for a certificate
6
+ class Configuration
7
+ ONE_YEAR = 60 * 60 * 24 * 365
8
+
9
+ def initialize(root, group, cert)
10
+ @config = root.merge(group).merge(cert)
11
+ end
12
+
13
+ def saving_directory(type)
14
+ path = @config['saving_directory']
15
+ serial = @config['serial']
16
+ "#{path}/#{serial}.#{type}.pem"
17
+ end
18
+
19
+ def crt_path
20
+ saving_directory('crt')
21
+ end
22
+
23
+ def key_path
24
+ saving_directory('key')
25
+ end
26
+
27
+ def subject_string
28
+ "/C=#{@config['country']}/ST=#{@config['state']}" \
29
+ "/L=#{@config['city']}/O=#{@config['organization']}" \
30
+ "/OU=#{@config['team']}/CN=#{@config['name']}"
31
+ end
32
+
33
+ def configure_cert_details!(cert)
34
+ cert.version = 2
35
+ cert.serial = @config['serial']
36
+ cert.subject = OpenSSL::X509::Name.parse(subject_string)
37
+ cert.not_before = Time.now
38
+ cert.not_after = cert.not_before + ONE_YEAR * @config['expiration']
39
+ end
40
+
41
+ def configure_extensions!(cert, extension_factory)
42
+ @config['extensions'].each do |name, details|
43
+ extension = extension_factory.create_extension(
44
+ name,
45
+ details['details'],
46
+ details['critical']
47
+ )
48
+ cert.add_extension(extension)
49
+ end
50
+ end
51
+
52
+ def [](key)
53
+ @config[key]
54
+ end
55
+ end
56
+ end
57
+ end
data/lib/kybus/ssl/inventory.rb ADDED
@@ -0,0 +1,71 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'configuration'
4
+ require_relative 'certificate'
5
+ require_relative 'revocation_list'
6
+
7
+ require 'fileutils'
8
+
9
+ module Kybus
10
+ module SSL
11
+ # This provides a full inventory of PKI.
12
+ # It is composed of:
13
+ # - Authorities
14
+ # - Clients
15
+ # - Servers
16
+ class Inventory
17
+ attr_reader :defaults
18
+
19
+ def initialize(defaults, auth, clients, servers)
20
+ @defaults = defaults
21
+ @authorities = SubInventory.new(auth, self)
22
+ @clients = SubInventory.new(clients, self)
23
+ @servers = SubInventory.new(servers, self)
24
+ end
25
+
26
+ def create_certificates!
27
+ validate_inventories!
28
+ create_directory!
29
+ [@authorities, @clients, @servers].each(&:create_certificates!)
30
+ end
31
+
32
+ # TODO: Implement validation of inventories
33
+ def validate_inventories!
34
+ true
35
+ end
36
+
37
+ def create_directory!
38
+ FileUtils.mkdir_p(@defaults['saving_directory'])
39
+ end
40
+
41
+ def ca(name)
42
+ @authorities.ca(name)
43
+ end
44
+ end
45
+
46
+ # Implements a single inventory. It creates certificates using similar
47
+ # configurations.
48
+ class SubInventory
49
+ def initialize(configs, inventory)
50
+ defaults = configs['defaults']
51
+ @parent = inventory
52
+ @certificates = configs['certificates'].map do |cert|
53
+ configuration = Configuration.new(
54
+ inventory.defaults,
55
+ defaults,
56
+ cert
57
+ )
58
+ Certificate.new(configuration, inventory)
59
+ end
60
+ end
61
+
62
+ def create_certificates!
63
+ @certificates.each(&:create!)
64
+ end
65
+
66
+ def ca(name)
67
+ @certificates.find { |cert| cert.ca_name == name }
68
+ end
69
+ end
70
+ end
71
+ end
data/lib/kybus/ssl/revocation_list.rb ADDED
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Kybus
4
+ module SSL
5
+ # Generates revocation list after revocating a list of certs
6
+ # TODO: Implement CRL
7
+ class RevocationList
8
+ end
9
+ end
10
+ end
data/lib/kybus/ssl/version.rb ADDED
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Kybus
4
+ module SSL
5
+ VERSION = '0.1.0'
6
+ end
7
+ end
metadata ADDED
@@ -0,0 +1,133 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: kybus-ssl
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Gilberto Vargas
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-06-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: minitest
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '5.11'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '5.11'
27
+ - !ruby/object:Gem::Dependency
28
+ name: pry
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.12'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.12'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '12.3'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '12.3'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rdoc
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '6.1'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '6.1'
69
+ - !ruby/object:Gem::Dependency
70
+ name: simplecov
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '0.16'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '0.16'
83
+ - !ruby/object:Gem::Dependency
84
+ name: webmock
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.5'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.5'
97
+ description: Package for creating self signed certificates for development purpose
98
+ email:
99
+ - tachoguitar@gmail.com
100
+ executables: []
101
+ extensions: []
102
+ extra_rdoc_files: []
103
+ files:
104
+ - lib/kybus/ssl.rb
105
+ - lib/kybus/ssl/certificate.rb
106
+ - lib/kybus/ssl/configuration.rb
107
+ - lib/kybus/ssl/inventory.rb
108
+ - lib/kybus/ssl/revocation_list.rb
109
+ - lib/kybus/ssl/version.rb
110
+ homepage: https://github.com/KueskiEngineering/ruby-kybus-server
111
+ licenses:
112
+ - MIT
113
+ metadata: {}
114
+ post_install_message:
115
+ rdoc_options: []
116
+ require_paths:
117
+ - lib
118
+ required_ruby_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - - ">="
121
+ - !ruby/object:Gem::Version
122
+ version: '0'
123
+ required_rubygems_version: !ruby/object:Gem::Requirement
124
+ requirements:
125
+ - - ">="
126
+ - !ruby/object:Gem::Version
127
+ version: '0'
128
+ requirements: []
129
+ rubygems_version: 3.1.4
130
+ signing_key:
131
+ specification_version: 4
132
+ summary: Kybus SSL tools
133
+ test_files: []