mini_ca 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/mini_ca/certificate.rb +16 -1
- data/lib/mini_ca/version.rb +1 -1
- data/spec/mini_ca/certificate_spec.rb +21 -3
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 017ba2353e7b1f0cfc7770644189710f4b665dff
|
|
4
|
+
data.tar.gz: fb8b2ec2b5a20d6f6b64e48be6894bd3308bec73
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 349e601091f44f72f7674bde29fd5a362bd53bf1e7768be38203f10125b9851860a65d7d61bb781ccd91c659da044f83e7e336d01c580265f08f1170da9cd321
|
|
7
|
+
data.tar.gz: a498bcf442c489c9a05ab1830035e14fea8a8efc0eaea19c9f8b6cbab2b0f3b6f22b334ea66ae0a682a503b80e123992bc6a8c9418f89a8e1903ce7ba492d455
|
data/lib/mini_ca/certificate.rb
CHANGED
|
@@ -28,7 +28,7 @@ module MiniCa
|
|
|
28
28
|
x509.version = 0x2
|
|
29
29
|
x509.serial = serial || 0
|
|
30
30
|
|
|
31
|
-
x509.public_key =
|
|
31
|
+
x509.public_key = public_key
|
|
32
32
|
|
|
33
33
|
x509.subject = OpenSSL::X509::Name.new
|
|
34
34
|
|
|
@@ -126,5 +126,20 @@ module MiniCa
|
|
|
126
126
|
def private_key_pem
|
|
127
127
|
private_key.to_pem
|
|
128
128
|
end
|
|
129
|
+
|
|
130
|
+
def public_key
|
|
131
|
+
case private_key
|
|
132
|
+
when OpenSSL::PKey::RSA
|
|
133
|
+
private_key.public_key
|
|
134
|
+
when OpenSSL::PKey::EC
|
|
135
|
+
# See: https://github.com/ruby/openssl/issues/29#issuecomment-230664793
|
|
136
|
+
# See: https://alexpeattie.com/blog/signing-a-csr-with-ecdsa-in-ruby
|
|
137
|
+
pub = OpenSSL::PKey::EC.new(private_key.group)
|
|
138
|
+
pub.public_key = private_key.public_key
|
|
139
|
+
pub
|
|
140
|
+
else
|
|
141
|
+
raise Error, "Unsupported private_key: #{private_key.class}"
|
|
142
|
+
end
|
|
143
|
+
end
|
|
129
144
|
end
|
|
130
145
|
end
|
data/lib/mini_ca/version.rb
CHANGED
|
@@ -53,10 +53,28 @@ describe MiniCa::Certificate do
|
|
|
53
53
|
end
|
|
54
54
|
end
|
|
55
55
|
|
|
56
|
-
it 'initializes with a custom private_key' do
|
|
56
|
+
it 'initializes with a custom private_key (RSA)' do
|
|
57
57
|
k = OpenSSL::PKey::RSA.new(512)
|
|
58
|
-
|
|
59
|
-
|
|
58
|
+
|
|
59
|
+
crt = described_class.new('x', private_key: k)
|
|
60
|
+
expect(crt.private_key_pem).to eq(k.to_pem)
|
|
61
|
+
expect(crt.x509.check_private_key(k)).to be_truthy
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
it 'initializes with a custom private_key (ECDSA)' do
|
|
65
|
+
k = OpenSSL::PKey::EC.new('prime256v1').tap(&:generate_key)
|
|
66
|
+
|
|
67
|
+
# Ruby < 2.4 lacks a #private? method on EC keys, which is used when
|
|
68
|
+
# signing. We're not going to monkey-patch this for users, but we want to
|
|
69
|
+
# monkey patch it for our own specs.
|
|
70
|
+
maj, min, = RUBY_VERSION.split('.').map { |e| Integer(e) }
|
|
71
|
+
unless maj >= 2 && min >= 4 || maj > 2
|
|
72
|
+
allow(k).to receive(:private?) { k.private_key? }
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
crt = described_class.new('x', private_key: k)
|
|
76
|
+
expect(crt.private_key_pem).to eq(k.to_pem)
|
|
77
|
+
expect(crt.x509.check_private_key(k)).to be_truthy
|
|
60
78
|
end
|
|
61
79
|
end
|
|
62
80
|
|