kybus-ssl 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: e2bf5e7b4893134432a12134b41fb41b318b7ef6928e5690a4ec2a978b06cebe
4
+ data.tar.gz: 9576e4b32580447fc71678eec7ee7f56e5a7a5c6f34e8d6015aee3d846a00bb1
5
+ SHA512:
6
+ metadata.gz: 726fae80d20e37cc77fe945a33cbee37f093d39e862bb1228c0397c624c476144e91a26ddfefae7e2200c5a05aeaafba483c60c3c3986d31b83dd63afe080a09
7
+ data.tar.gz: c7adaeedef2ea71b15c948eb79eb70c8a10082a550aceba4b9a0965b974b6005b26169bc259872d0f7c9342645c25b8ee1d7826158b5999d9d1bd218371423e0
data/lib/kybus/ssl.rb ADDED
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'ssl/inventory'
4
+ require_relative 'ssl/version'
@@ -0,0 +1,55 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'openssl'
4
+
5
+ module Kybus
6
+ module SSL
7
+ # Stores a X509 certificate.
8
+ class Certificate
9
+ attr_reader :cert, :key
10
+
11
+ def initialize(config, inventory)
12
+ @config = config
13
+ @inventory = inventory
14
+ @key = OpenSSL::PKey::RSA.new(@config['key_size'])
15
+ @cert = OpenSSL::X509::Certificate.new
16
+ @cert.public_key = @key.public_key
17
+ @extensions = OpenSSL::X509::ExtensionFactory.new
18
+ @extensions.subject_certificate = @cert
19
+ end
20
+
21
+ def create!
22
+ return if File.file?(@config.key_path)
23
+
24
+ @ca = @inventory.ca(@config['parent'])
25
+ configure_details!
26
+ configure_extensions!
27
+ sign!
28
+ save!
29
+ end
30
+
31
+ def configure_details!
32
+ @config.configure_cert_details!(@cert)
33
+ end
34
+
35
+ def configure_extensions!
36
+ @extensions.issuer_certificate = @ca.cert
37
+ @config.configure_extensions!(@cert, @extensions)
38
+ end
39
+
40
+ def sign!
41
+ @cert.issuer = @ca.cert.subject
42
+ @cert.sign(@ca.key, OpenSSL::Digest::SHA256.new)
43
+ end
44
+
45
+ def save!
46
+ File.write(@config.key_path, @key.to_s)
47
+ File.write(@config.crt_path, @cert.to_s)
48
+ end
49
+
50
+ def ca_name
51
+ @config['ca']
52
+ end
53
+ end
54
+ end
55
+ end
@@ -0,0 +1,57 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Kybus
4
+ module SSL
5
+ # Stores a configuration for a certificate
6
+ class Configuration
7
+ ONE_YEAR = 60 * 60 * 24 * 365
8
+
9
+ def initialize(root, group, cert)
10
+ @config = root.merge(group).merge(cert)
11
+ end
12
+
13
+ def saving_directory(type)
14
+ path = @config['saving_directory']
15
+ serial = @config['serial']
16
+ "#{path}/#{serial}.#{type}.pem"
17
+ end
18
+
19
+ def crt_path
20
+ saving_directory('crt')
21
+ end
22
+
23
+ def key_path
24
+ saving_directory('key')
25
+ end
26
+
27
+ def subject_string
28
+ "/C=#{@config['country']}/ST=#{@config['state']}" \
29
+ "/L=#{@config['city']}/O=#{@config['organization']}" \
30
+ "/OU=#{@config['team']}/CN=#{@config['name']}"
31
+ end
32
+
33
+ def configure_cert_details!(cert)
34
+ cert.version = 2
35
+ cert.serial = @config['serial']
36
+ cert.subject = OpenSSL::X509::Name.parse(subject_string)
37
+ cert.not_before = Time.now
38
+ cert.not_after = cert.not_before + ONE_YEAR * @config['expiration']
39
+ end
40
+
41
+ def configure_extensions!(cert, extension_factory)
42
+ @config['extensions'].each do |name, details|
43
+ extension = extension_factory.create_extension(
44
+ name,
45
+ details['details'],
46
+ details['critical']
47
+ )
48
+ cert.add_extension(extension)
49
+ end
50
+ end
51
+
52
+ def [](key)
53
+ @config[key]
54
+ end
55
+ end
56
+ end
57
+ end
@@ -0,0 +1,71 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'configuration'
4
+ require_relative 'certificate'
5
+ require_relative 'revocation_list'
6
+
7
+ require 'fileutils'
8
+
9
+ module Kybus
10
+ module SSL
11
+ # This provides a full inventory of PKI.
12
+ # It is composed of:
13
+ # - Authorities
14
+ # - Clients
15
+ # - Servers
16
+ class Inventory
17
+ attr_reader :defaults
18
+
19
+ def initialize(defaults, auth, clients, servers)
20
+ @defaults = defaults
21
+ @authorities = SubInventory.new(auth, self)
22
+ @clients = SubInventory.new(clients, self)
23
+ @servers = SubInventory.new(servers, self)
24
+ end
25
+
26
+ def create_certificates!
27
+ validate_inventories!
28
+ create_directory!
29
+ [@authorities, @clients, @servers].each(&:create_certificates!)
30
+ end
31
+
32
+ # TODO: Implement validation of inventories
33
+ def validate_inventories!
34
+ true
35
+ end
36
+
37
+ def create_directory!
38
+ FileUtils.mkdir_p(@defaults['saving_directory'])
39
+ end
40
+
41
+ def ca(name)
42
+ @authorities.ca(name)
43
+ end
44
+ end
45
+
46
+ # Implements a single inventory. It creates certificates using similar
47
+ # configurations.
48
+ class SubInventory
49
+ def initialize(configs, inventory)
50
+ defaults = configs['defaults']
51
+ @parent = inventory
52
+ @certificates = configs['certificates'].map do |cert|
53
+ configuration = Configuration.new(
54
+ inventory.defaults,
55
+ defaults,
56
+ cert
57
+ )
58
+ Certificate.new(configuration, inventory)
59
+ end
60
+ end
61
+
62
+ def create_certificates!
63
+ @certificates.each(&:create!)
64
+ end
65
+
66
+ def ca(name)
67
+ @certificates.find { |cert| cert.ca_name == name }
68
+ end
69
+ end
70
+ end
71
+ end
@@ -0,0 +1,10 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Kybus
4
+ module SSL
5
+ # Generates revocation list after revocating a list of certs
6
+ # TODO: Implement CRL
7
+ class RevocationList
8
+ end
9
+ end
10
+ end
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Kybus
4
+ module SSL
5
+ VERSION = '0.1.0'
6
+ end
7
+ end
metadata ADDED
@@ -0,0 +1,133 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: kybus-ssl
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Gilberto Vargas
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-06-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: minitest
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '5.11'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '5.11'
27
+ - !ruby/object:Gem::Dependency
28
+ name: pry
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '0.12'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '0.12'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '12.3'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '12.3'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rdoc
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '6.1'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '6.1'
69
+ - !ruby/object:Gem::Dependency
70
+ name: simplecov
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '0.16'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '0.16'
83
+ - !ruby/object:Gem::Dependency
84
+ name: webmock
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '3.5'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '3.5'
97
+ description: Package for creating self signed certificates for development purpose
98
+ email:
99
+ - tachoguitar@gmail.com
100
+ executables: []
101
+ extensions: []
102
+ extra_rdoc_files: []
103
+ files:
104
+ - lib/kybus/ssl.rb
105
+ - lib/kybus/ssl/certificate.rb
106
+ - lib/kybus/ssl/configuration.rb
107
+ - lib/kybus/ssl/inventory.rb
108
+ - lib/kybus/ssl/revocation_list.rb
109
+ - lib/kybus/ssl/version.rb
110
+ homepage: https://github.com/KueskiEngineering/ruby-kybus-server
111
+ licenses:
112
+ - MIT
113
+ metadata: {}
114
+ post_install_message:
115
+ rdoc_options: []
116
+ require_paths:
117
+ - lib
118
+ required_ruby_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - - ">="
121
+ - !ruby/object:Gem::Version
122
+ version: '0'
123
+ required_rubygems_version: !ruby/object:Gem::Requirement
124
+ requirements:
125
+ - - ">="
126
+ - !ruby/object:Gem::Version
127
+ version: '0'
128
+ requirements: []
129
+ rubygems_version: 3.1.4
130
+ signing_key:
131
+ specification_version: 4
132
+ summary: Kybus SSL tools
133
+ test_files: []