leap_cli 1.5.6 → 1.6.2

data/vendor/certificate_authority/lib/certificate_authority/signing_request.rb

@@ -5,6 +5,29 @@ module CertificateAuthority
     attr_accessor :raw_body
     attr_accessor :openssl_csr
     attr_accessor :digest
+    attr_accessor :attributes
+
+    def initialize()
+      @attributes = []
+    end
+
+    # Fake attribute for convenience because adding
+    # alternative names on a CSR is remarkably non-trivial.
+    def subject_alternative_names=(alt_names)
+      raise "alt_names must be an Array" unless alt_names.is_a?(Array)
+
+      factory = OpenSSL::X509::ExtensionFactory.new
+      name_list = alt_names.map{|m| "DNS:#{m}"}.join(",")
+      ext = factory.create_ext("subjectAltName",name_list,false)
+      ext_set = OpenSSL::ASN1::Set([OpenSSL::ASN1::Sequence([ext])])
+      attr = OpenSSL::X509::Attribute.new("extReq", ext_set)
+      @attributes << attr
+    end
+
+    def read_attributes_by_oid(*oids)
+      attributes.detect { |a| oids.include?(a.oid) }
+    end
+    protected :read_attributes_by_oid
 
     def to_cert
       cert = Certificate.new
@@ -12,6 +35,15 @@ module CertificateAuthority
         cert.distinguished_name = @distinguished_name
       end
       cert.key_material = @key_material
+      if attribute = read_attributes_by_oid('extReq', 'msExtReq')
+        set = OpenSSL::ASN1.decode(attribute.value)
+        seq = set.value.first
+        seq.value.collect { |asn1ext| OpenSSL::X509::Extension.new(asn1ext).to_a }.each do |o, v, c|
+         Certificate::EXTENSIONS.each do |klass|
+            cert.extensions[klass::OPENSSL_IDENTIFIER] = klass.parse(v, c) if v && klass::OPENSSL_IDENTIFIER == o
+          end
+        end
+      end
       cert
     end
 
@@ -24,10 +56,12 @@ module CertificateAuthority
       raise "Invalid DN in request" unless @distinguished_name.valid?
       raise "CSR must have key material" if @key_material.nil?
       raise "CSR must include a public key on key material" if @key_material.public_key.nil?
+      raise "Need a private key on key material for CSR generation" if @key_material.private_key.nil?
 
       opensslcsr = OpenSSL::X509::Request.new
       opensslcsr.subject = @distinguished_name.to_x509_name
       opensslcsr.public_key = @key_material.public_key
+      opensslcsr.attributes = @attributes unless @attributes.nil?
       opensslcsr.sign @key_material.private_key, OpenSSL::Digest::Digest.new(@digest || "SHA512")
       opensslcsr
     end
@@ -38,6 +72,7 @@ module CertificateAuthority
       csr.distinguished_name = DistinguishedName.from_openssl openssl_csr.subject
       csr.raw_body = raw_csr
       csr.openssl_csr = openssl_csr
+      csr.attributes = openssl_csr.attributes
       key_material = SigningRequestKeyMaterial.new
       key_material.public_key = openssl_csr.public_key
       csr.key_material = key_material
@@ -53,4 +88,4 @@ module CertificateAuthority
       csr
     end
   end
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: leap_cli
 version: !ruby/object:Gem::Version
-  version: 1.5.6
+  version: 1.6.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-04 00:00:00.000000000 Z
+date: 2014-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -34,7 +34,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.5.0
+        version: 2.12.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -42,7 +42,7 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.5.0
+        version: 2.12.0
 - !ruby/object:Gem::Dependency
   name: command_line_reporter
   requirement: !ruby/object:Gem::Requirement
@@ -108,13 +108,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: capistrano
+  name: net-ssh
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.15.5
+        version: 2.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -122,23 +122,23 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 2.15.5
+        version: 2.7.0
 - !ruby/object:Gem::Dependency
-  name: net-ssh
+  name: capistrano
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.15.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.15.5
 - !ruby/object:Gem::Dependency
   name: gpgme
   requirement: !ruby/object:Gem::Requirement
@@ -243,17 +243,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/lib_ext/markdown_document_listener.rb
-- lib/lib_ext/gli.rb
-- lib/lib_ext/capistrano_connections.rb
-- lib/core_ext/hash.rb
-- lib/core_ext/json.rb
-- lib/core_ext/nil.rb
-- lib/core_ext/boolean.rb
-- lib/core_ext/string.rb
 - lib/leap_cli.rb
 - lib/leap/platform.rb
-- lib/leap_cli/constants.rb
 - lib/leap_cli/markdown_document_listener.rb
 - lib/leap_cli/ssh_key.rb
 - lib/leap_cli/commands/facts.rb
@@ -262,16 +253,20 @@ files:
 - lib/leap_cli/commands/compile.rb
 - lib/leap_cli/commands/db.rb
 - lib/leap_cli/commands/user.rb
+- lib/leap_cli/commands/ssh.rb
 - lib/leap_cli/commands/node.rb
 - lib/leap_cli/commands/clean.rb
 - lib/leap_cli/commands/test.rb
 - lib/leap_cli/commands/util.rb
+- lib/leap_cli/commands/env.rb
 - lib/leap_cli/commands/list.rb
+- lib/leap_cli/commands/node_init.rb
 - lib/leap_cli/commands/new.rb
 - lib/leap_cli/commands/deploy.rb
 - lib/leap_cli/commands/inspect.rb
-- lib/leap_cli/commands/shell.rb
 - lib/leap_cli/commands/vagrant.rb
+- lib/leap_cli/lib_ext/gli.rb
+- lib/leap_cli/lib_ext/capistrano_connections.rb
 - lib/leap_cli/util/remote_command.rb
 - lib/leap_cli/util/secret.rb
 - lib/leap_cli/util/x509.rb
@@ -279,7 +274,13 @@ files:
 - lib/leap_cli/remote/rsync_plugin.rb
 - lib/leap_cli/remote/puppet_plugin.rb
 - lib/leap_cli/remote/leap_plugin.rb
-- lib/leap_cli/requirements.rb
+- lib/leap_cli/core_ext/yaml.rb
+- lib/leap_cli/core_ext/hash.rb
+- lib/leap_cli/core_ext/json.rb
+- lib/leap_cli/core_ext/nil.rb
+- lib/leap_cli/core_ext/boolean.rb
+- lib/leap_cli/core_ext/string.rb
+- lib/leap_cli/override/json.rb
 - lib/leap_cli/path.rb
 - lib/leap_cli/leapfile.rb
 - lib/leap_cli/exceptions.rb
@@ -288,11 +289,11 @@ files:
 - lib/leap_cli/config/manager.rb
 - lib/leap_cli/config/object.rb
 - lib/leap_cli/config/tag.rb
+- lib/leap_cli/config/filter.rb
 - lib/leap_cli/config/object_list.rb
 - lib/leap_cli/config/provider.rb
 - lib/leap_cli/config/secrets.rb
 - lib/leap_cli/config/node.rb
-- lib/leap_cli/config/macros.rb
 - lib/leap_cli/logger.rb
 - lib/leap_cli/load_paths.rb
 - lib/leap_cli/version.rb

data/lib/leap_cli/commands/shell.rb

@@ -1,89 +0,0 @@
-module LeapCli; module Commands
-
-  desc 'Log in to the specified node with an interactive shell.'
-  arg_name 'NAME' #, :optional => false, :multiple => false
-  command :ssh do |c|
-    c.action do |global_options,options,args|
-      exec_ssh(:ssh, args)
-    end
-  end
-
-  desc 'Log in to the specified node with an interactive shell using mosh (requires node to have mosh.enabled set to true).'
-  arg_name 'NAME'
-  command :mosh do |c|
-    c.action do |global_options,options,args|
-      exec_ssh(:mosh, args)
-    end
-  end
-
-  protected
-
-  #
-  # allow for ssh overrides of all commands that use ssh_connect
-  #
-  def connect_options(options)
-    connect_options = {:ssh_options=>{}}
-    if options[:port]
-      connect_options[:ssh_options][:port] = options[:port]
-    end
-    if options[:ip]
-      connect_options[:ssh_options][:host_name] = options[:ip]
-    end
-    return connect_options
-  end
-
-  def ssh_config_help_message
-    puts ""
-    puts "Are 'too many authentication failures' getting you down?"
-    puts "Then we have the solution for you! Add something like this to your ~/.ssh/config file:"
-    puts "  Host *.#{manager.provider.domain}"
-    puts "  IdentityFile ~/.ssh/id_rsa"
-    puts "  IdentitiesOnly=yes"
-    puts "(replace `id_rsa` with the actual private key filename that you use for this provider)"
-  end
-
-  private
-
-  def exec_ssh(cmd, args)
-    node = get_node_from_args(args, :include_disabled => true)
-    options = [
-      "-o 'HostName=#{node.ip_address}'",
-      # "-o 'HostKeyAlias=#{node.name}'", << oddly incompatible with ports in known_hosts file, so we must not use this or non-standard ports break.
-      "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'",
-      "-o 'UserKnownHostsFile=/dev/null'"
-    ]
-    if node.vagrant?
-      options << "-i #{vagrant_ssh_key_file}"    # use the universal vagrant insecure key
-      options << "-o IdentitiesOnly=yes"         # force the use of the insecure vagrant key
-      options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it (since userknownhostsfile is /dev/null)
-    else
-      options << "-o 'StrictHostKeyChecking=yes'"
-    end
-    username = 'root'
-    if LeapCli.log_level >= 3
-      options << "-vv"
-    elsif LeapCli.log_level >= 2
-      options << "-v"
-    end
-    ssh = "ssh -l #{username} -p #{node.ssh.port} #{options.join(' ')}"
-    if cmd == :ssh
-      command = "#{ssh} #{node.domain.full}"
-    elsif cmd == :mosh
-      command = "MOSH_TITLE_NOPREFIX=1 mosh --ssh \"#{ssh}\" #{node.domain.full}"
-    end
-    log 2, command
-
-    # exec the shell command in a subprocess
-    pid = fork { exec "#{command}" }
-
-    # wait for shell to exit so we can grab the exit status
-    _, status = Process.waitpid2(pid)
-
-    if status.exitstatus == 255
-      ssh_config_help_message
-    elsif status.exitstatus != 0
-      exit_now! status.exitstatus, status.exitstatus
-    end
-  end
-
-end; end