mini_ca 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/mini_ca/certificate.rb +16 -1
- data/lib/mini_ca/version.rb +1 -1
- data/spec/mini_ca/certificate_spec.rb +21 -3
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 017ba2353e7b1f0cfc7770644189710f4b665dff
|
|
4
|
+
data.tar.gz: fb8b2ec2b5a20d6f6b64e48be6894bd3308bec73
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 349e601091f44f72f7674bde29fd5a362bd53bf1e7768be38203f10125b9851860a65d7d61bb781ccd91c659da044f83e7e336d01c580265f08f1170da9cd321
|
|
7
|
+
data.tar.gz: a498bcf442c489c9a05ab1830035e14fea8a8efc0eaea19c9f8b6cbab2b0f3b6f22b334ea66ae0a682a503b80e123992bc6a8c9418f89a8e1903ce7ba492d455
|
data/lib/mini_ca/certificate.rb
CHANGED
|
@@ -28,7 +28,7 @@ module MiniCa
|
|
|
28
28
|
x509.version = 0x2
|
|
29
29
|
x509.serial = serial || 0
|
|
30
30
|
|
|
31
|
-
x509.public_key =
|
|
31
|
+
x509.public_key = public_key
|
|
32
32
|
|
|
33
33
|
x509.subject = OpenSSL::X509::Name.new
|
|
34
34
|
|
|
@@ -126,5 +126,20 @@ module MiniCa
|
|
|
126
126
|
def private_key_pem
|
|
127
127
|
private_key.to_pem
|
|
128
128
|
end
|
|
129
|
+
|
|
130
|
+
def public_key
|
|
131
|
+
case private_key
|
|
132
|
+
when OpenSSL::PKey::RSA
|
|
133
|
+
private_key.public_key
|
|
134
|
+
when OpenSSL::PKey::EC
|
|
135
|
+
# See: https://github.com/ruby/openssl/issues/29#issuecomment-230664793
|
|
136
|
+
# See: https://alexpeattie.com/blog/signing-a-csr-with-ecdsa-in-ruby
|
|
137
|
+
pub = OpenSSL::PKey::EC.new(private_key.group)
|
|
138
|
+
pub.public_key = private_key.public_key
|
|
139
|
+
pub
|
|
140
|
+
else
|
|
141
|
+
raise Error, "Unsupported private_key: #{private_key.class}"
|
|
142
|
+
end
|
|
143
|
+
end
|
|
129
144
|
end
|
|
130
145
|
end
|
data/lib/mini_ca/version.rb
CHANGED
|
@@ -53,10 +53,28 @@ describe MiniCa::Certificate do
|
|
|
53
53
|
end
|
|
54
54
|
end
|
|
55
55
|
|
|
56
|
-
it 'initializes with a custom private_key' do
|
|
56
|
+
it 'initializes with a custom private_key (RSA)' do
|
|
57
57
|
k = OpenSSL::PKey::RSA.new(512)
|
|
58
|
-
|
|
59
|
-
|
|
58
|
+
|
|
59
|
+
crt = described_class.new('x', private_key: k)
|
|
60
|
+
expect(crt.private_key_pem).to eq(k.to_pem)
|
|
61
|
+
expect(crt.x509.check_private_key(k)).to be_truthy
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
it 'initializes with a custom private_key (ECDSA)' do
|
|
65
|
+
k = OpenSSL::PKey::EC.new('prime256v1').tap(&:generate_key)
|
|
66
|
+
|
|
67
|
+
# Ruby < 2.4 lacks a #private? method on EC keys, which is used when
|
|
68
|
+
# signing. We're not going to monkey-patch this for users, but we want to
|
|
69
|
+
# monkey patch it for our own specs.
|
|
70
|
+
maj, min, = RUBY_VERSION.split('.').map { |e| Integer(e) }
|
|
71
|
+
unless maj >= 2 && min >= 4 || maj > 2
|
|
72
|
+
allow(k).to receive(:private?) { k.private_key? }
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
crt = described_class.new('x', private_key: k)
|
|
76
|
+
expect(crt.private_key_pem).to eq(k.to_pem)
|
|
77
|
+
expect(crt.x509.check_private_key(k)).to be_truthy
|
|
60
78
|
end
|
|
61
79
|
end
|
|
62
80
|
|