oggcert 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/oggcert +209 -0
- metadata +133 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 204244d81f4c10ef199bb8d7c9a2b717489a098d
|
4
|
+
data.tar.gz: 6bf22ae3bc85dd7b26f5ff24dd3fc1d96e17efa8
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: d0a2dba7a0144156a92dd5e0489849093d6cc4f73b85e496d442f4395d03d836a839a751b24932cb9f284b09fc8f06f4cf4b5e73947d609df853d7a488867e47
|
7
|
+
data.tar.gz: 753f405bd6381b4828500af8e141d577548d054f4cd3f28fd96d516311f03deb8dd16125adda7b4988e4a65a2bdeb8481c50ed00cc2010c02638345f8519ec13
|
data/bin/oggcert
ADDED
@@ -0,0 +1,209 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'rubygems'
|
3
|
+
require 'getoptlong'
|
4
|
+
require 'pp'
|
5
|
+
require 'colorize'
|
6
|
+
require 'json'
|
7
|
+
require 'pty'
|
8
|
+
require 'fileutils'
|
9
|
+
require 'console_table'
|
10
|
+
require 'openssl'
|
11
|
+
|
12
|
+
@final_files = Hash.new
|
13
|
+
@final_files[:key]=""
|
14
|
+
@final_files[:cert]=""
|
15
|
+
@final_files[:ca]=""
|
16
|
+
@final_files[:csr]=""
|
17
|
+
@final_files[:full]=""
|
18
|
+
|
19
|
+
@results_directory = "#{ENV["HOME"]}/.oggcert"
|
20
|
+
@config_file = "#{ENV["HOME"]}/.oggcert.json"
|
21
|
+
|
22
|
+
example_config = {
|
23
|
+
:snpp => {
|
24
|
+
:digest_algorithm => "sha256",
|
25
|
+
:key_size_bits => 4096,
|
26
|
+
:city => "Springfield",
|
27
|
+
:country => "US",
|
28
|
+
:organization => "Springfield Nuclear Power Plant",
|
29
|
+
:state => "Illinois",
|
30
|
+
:s3_bucket => "somebucket",
|
31
|
+
:aws_profile => "someprofile",
|
32
|
+
:enable_s3_upload => false,
|
33
|
+
:enable_iam_upload => false
|
34
|
+
}
|
35
|
+
}
|
36
|
+
|
37
|
+
def writeSampleConfig(path,data)
|
38
|
+
File.open(path,"w") do |f|
|
39
|
+
f.write(JSON.pretty_generate(data))
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
writeSampleConfig(@config_file,example_config) if !File.exists? @config_file
|
44
|
+
|
45
|
+
begin
|
46
|
+
@config = JSON.parse(File.read @config_file)
|
47
|
+
rescue
|
48
|
+
puts "I'm So Sorry, I can't open or read or find your config file".colorize(:red)
|
49
|
+
exit 1
|
50
|
+
end
|
51
|
+
|
52
|
+
def display_help
|
53
|
+
puts
|
54
|
+
puts "This is a tool to generate SSL CSR's and KEYs "
|
55
|
+
puts "Config File: #{@config_file.colorize(:blue)}"
|
56
|
+
puts
|
57
|
+
puts "Options:"
|
58
|
+
puts "-h or --help ".ljust(30) +"-> Display this help message"
|
59
|
+
puts "-c or --config".ljust(30) +"-> Specifiy Config to use"
|
60
|
+
puts "-f or --fqdn".ljust(30) +"-> Domain name you want a CRT for"
|
61
|
+
puts "-l or --list".ljust(30) + "-> List Valid Configs"
|
62
|
+
puts
|
63
|
+
exit 1
|
64
|
+
end
|
65
|
+
|
66
|
+
def parse_cli
|
67
|
+
opts = GetoptLong.new(
|
68
|
+
["-h", "--help", GetoptLong::NO_ARGUMENT],
|
69
|
+
["-c", "--config", GetoptLong::REQUIRED_ARGUMENT],
|
70
|
+
["-f", "--fqdn", GetoptLong::REQUIRED_ARGUMENT],
|
71
|
+
["-l", "--list", GetoptLong::NO_ARGUMENT]
|
72
|
+
)
|
73
|
+
|
74
|
+
opts.each do |opt, arg|
|
75
|
+
case opt
|
76
|
+
when "-h" || "--help"
|
77
|
+
display_help; exit
|
78
|
+
when "-c" || "--config"
|
79
|
+
@active_config = arg.strip().downcase()
|
80
|
+
when "-f" || "--fqdn"
|
81
|
+
@fqdn = arg.strip().downcase()
|
82
|
+
when "-l" || "--list"
|
83
|
+
list
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
end
|
88
|
+
|
89
|
+
|
90
|
+
def list
|
91
|
+
puts "\nHint: Use the #{"Blue".colorize(:blue)} items and your config name"
|
92
|
+
table_config = [
|
93
|
+
{:key=>:shortname, :size=>16, :title=>"Config"},
|
94
|
+
{:key=>:organization, :size=>40, :title=>"Organization"},
|
95
|
+
{:key=>:digest_algorithm, :size=>12, :title=>"Algorithm"},
|
96
|
+
{:key=>:key_size_bits, :size=>10, :title=>"Key Size"},
|
97
|
+
{:key=>:enable_iam_upload, :size=>13, :title=>"IAM Enabled"},
|
98
|
+
{:key=>:enable_s3_upload, :size=>13, :title=>"S3 Enabled"}
|
99
|
+
]
|
100
|
+
ConsoleTable.define(table_config) do |table|
|
101
|
+
@config.each do |item|
|
102
|
+
table << [
|
103
|
+
item[0].dup.colorize(:blue),
|
104
|
+
item[1]["organization"],
|
105
|
+
item[1]["digest_algorithm"].colorize(:yellow),
|
106
|
+
item[1]["key_size_bits"].to_s.colorize(:purple),
|
107
|
+
item[1]["enable_s3_upload"] ? item[1]["enable_s3_upload"].to_s.colorize(:green) : item[1]["enable_s3_upload"].to_s.colorize(:red),
|
108
|
+
item[1]["enable_iam_upload"] ? item[1]["enable_iam_upload"].to_s.colorize(:green) : item[1]["enable_iam_upload"].to_s.colorize(:red)
|
109
|
+
]
|
110
|
+
end
|
111
|
+
end
|
112
|
+
puts
|
113
|
+
exit 0
|
114
|
+
end
|
115
|
+
|
116
|
+
def generateKey
|
117
|
+
@key = OpenSSL::PKey::RSA.new @sel_config["key_size_bits"]
|
118
|
+
puts "New key generated (bits: #{@sel_config["key_size_bits"]})"
|
119
|
+
end
|
120
|
+
|
121
|
+
def generateCSR
|
122
|
+
@request = OpenSSL::X509::Request.new
|
123
|
+
@request.version = 0
|
124
|
+
@request.subject = OpenSSL::X509::Name.new([
|
125
|
+
['C', @sel_config["country"], OpenSSL::ASN1::PRINTABLESTRING],
|
126
|
+
['ST', @sel_config["state"], OpenSSL::ASN1::PRINTABLESTRING],
|
127
|
+
['L', @sel_config["city"], OpenSSL::ASN1::PRINTABLESTRING],
|
128
|
+
['O', @sel_config["organization"], OpenSSL::ASN1::UTF8STRING],
|
129
|
+
['CN', @fqdn.gsub('wildcard','*'), OpenSSL::ASN1::UTF8STRING]
|
130
|
+
])
|
131
|
+
@request.public_key = @key.public_key
|
132
|
+
@request.sign(@key, Kernel.const_get("OpenSSL::Digest::#{@sel_config["digest_algorithm"].upcase}").new)
|
133
|
+
puts @request
|
134
|
+
end
|
135
|
+
|
136
|
+
|
137
|
+
def process_new_certificates
|
138
|
+
puts "Please Paste the CERT in here (End with ^D):".colorize(:green)
|
139
|
+
@signed_cert = $stdin.read
|
140
|
+
puts "Please Paste the Certificate Chain in here (End with ^D):".colorize(:green)
|
141
|
+
@chain = $stdin.read
|
142
|
+
|
143
|
+
if @signed_cert.length == 0 || @chain.length == 0
|
144
|
+
puts "we need a certificate's to continue, im going to quit".colorize(:red)
|
145
|
+
exit 1
|
146
|
+
end
|
147
|
+
|
148
|
+
# ensure new line at the end of the cert
|
149
|
+
[@signed_cert, @chain].each do |f|
|
150
|
+
f+"\n" if f[-1] != "\n"
|
151
|
+
end
|
152
|
+
|
153
|
+
new_certificate = OpenSSL::X509::Certificate.new @signed_cert
|
154
|
+
not_after_date = new_certificate.not_after.strftime('%m-%d-%Y')
|
155
|
+
fqdn_from_certificate = new_certificate.subject.to_s(OpenSSL::X509::Name::RFC2253).split(',')[0].split('=')[1]
|
156
|
+
file_name_friendly_fqdn = fqdn_from_certificate.gsub('*','wildcard')
|
157
|
+
|
158
|
+
@my_path = "#{@results_directory}/#{@active_config}/#{file_name_friendly_fqdn}"
|
159
|
+
FileUtils.mkdir_p(@my_path) if !File.directory? @my_path
|
160
|
+
puts "Storing results in #{@my_path}"
|
161
|
+
|
162
|
+
@final_files[:key]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.key"
|
163
|
+
@final_files[:cert]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.pem"
|
164
|
+
@final_files[:ca]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.ca.pem"
|
165
|
+
@final_files[:csr]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.csr"
|
166
|
+
@final_files[:full]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.full.pem"
|
167
|
+
|
168
|
+
File.open(@final_files[:cert], 'w') {|f| f.write( @signed_cert ) }
|
169
|
+
File.open(@final_files[:ca], 'w') {|f| f.write( @chain ) }
|
170
|
+
File.open(@final_files[:full], 'w') {|f| f.write( @signed_cert + @chain ) }
|
171
|
+
File.open(@final_files[:csr], 'w') {|f| f.write( @request ) }
|
172
|
+
File.open(@final_files[:key], 'w') {|f| f.write( @key.to_pem ) }
|
173
|
+
|
174
|
+
if @sel_config["enable_iam_upload"] == true
|
175
|
+
puts "uploading new certificate to aws IAM: #{file_name_friendly_fqdn}-#{not_after_date}"
|
176
|
+
command = "aws --profile=#{@sel_config["aws_profile"]} iam upload-server-certificate \
|
177
|
+
--server-certificate-name #{file_name_friendly_fqdn}-#{not_after_date} \
|
178
|
+
--certificate-body file://#{@final_files[:cert]} \
|
179
|
+
--private-key file://#{@final_files[:key]}\
|
180
|
+
--certificate-chain file://#{@final_files[:ca]}"
|
181
|
+
system(command)
|
182
|
+
end
|
183
|
+
|
184
|
+
if @sel_config["enable_s3_upload"] == true
|
185
|
+
@final_files.each do |k,v|
|
186
|
+
puts "uploading new certificate to aws s3 bucket #{@sel_config["s3_bucket"]} : #{file_name_friendly_fqdn}-#{not_after_date}"
|
187
|
+
command = "aws --profile=#{@sel_config["aws_profile"]} \
|
188
|
+
cp #{v} s3://#{@sel_config["s3_bucket"]}/#{v.split('/')[-1]}"
|
189
|
+
system(command)
|
190
|
+
end
|
191
|
+
end
|
192
|
+
|
193
|
+
end
|
194
|
+
|
195
|
+
|
196
|
+
|
197
|
+
parse_cli
|
198
|
+
if @fqdn.nil? || @active_config.nil?
|
199
|
+
display_help
|
200
|
+
exit 1
|
201
|
+
end
|
202
|
+
@sel_config = @config[@active_config]
|
203
|
+
if @sel_config == nil
|
204
|
+
puts "Help, I can't seem to find the config your asking for in #{@config_file}".colorize(:red)
|
205
|
+
exit 1
|
206
|
+
end
|
207
|
+
generateKey
|
208
|
+
generateCSR
|
209
|
+
process_new_certificates
|
metadata
ADDED
@@ -0,0 +1,133 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: oggcert
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Dr. Ogg
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-05-20 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: colorize
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.8.1
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.8.1
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: console_table
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.3.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 0.3.0
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: fileutils
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.2'
|
48
|
+
- - ">="
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: 1.2.0
|
51
|
+
type: :runtime
|
52
|
+
prerelease: false
|
53
|
+
version_requirements: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - "~>"
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: '1.2'
|
58
|
+
- - ">="
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: 1.2.0
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: json
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - "~>"
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '2.2'
|
68
|
+
- - ">="
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: 2.2.0
|
71
|
+
type: :runtime
|
72
|
+
prerelease: false
|
73
|
+
version_requirements: !ruby/object:Gem::Requirement
|
74
|
+
requirements:
|
75
|
+
- - "~>"
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '2.2'
|
78
|
+
- - ">="
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: 2.2.0
|
81
|
+
- !ruby/object:Gem::Dependency
|
82
|
+
name: openssl
|
83
|
+
requirement: !ruby/object:Gem::Requirement
|
84
|
+
requirements:
|
85
|
+
- - "~>"
|
86
|
+
- !ruby/object:Gem::Version
|
87
|
+
version: '2.1'
|
88
|
+
- - ">="
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: 2.1.2
|
91
|
+
type: :runtime
|
92
|
+
prerelease: false
|
93
|
+
version_requirements: !ruby/object:Gem::Requirement
|
94
|
+
requirements:
|
95
|
+
- - "~>"
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: '2.1'
|
98
|
+
- - ">="
|
99
|
+
- !ruby/object:Gem::Version
|
100
|
+
version: 2.1.2
|
101
|
+
description:
|
102
|
+
email: ogg@sr375.com
|
103
|
+
executables:
|
104
|
+
- oggcert
|
105
|
+
extensions: []
|
106
|
+
extra_rdoc_files: []
|
107
|
+
files:
|
108
|
+
- bin/oggcert
|
109
|
+
homepage: https://github.com/DoctorOgg/oggcert
|
110
|
+
licenses:
|
111
|
+
- GPL-2.0
|
112
|
+
metadata: {}
|
113
|
+
post_install_message:
|
114
|
+
rdoc_options: []
|
115
|
+
require_paths:
|
116
|
+
- lib
|
117
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
118
|
+
requirements:
|
119
|
+
- - ">="
|
120
|
+
- !ruby/object:Gem::Version
|
121
|
+
version: '0'
|
122
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
123
|
+
requirements:
|
124
|
+
- - ">="
|
125
|
+
- !ruby/object:Gem::Version
|
126
|
+
version: '0'
|
127
|
+
requirements: []
|
128
|
+
rubyforge_project:
|
129
|
+
rubygems_version: 2.6.13
|
130
|
+
signing_key:
|
131
|
+
specification_version: 4
|
132
|
+
summary: Cert Mangment tools
|
133
|
+
test_files: []
|