oggcert 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 204244d81f4c10ef199bb8d7c9a2b717489a098d
+  data.tar.gz: 6bf22ae3bc85dd7b26f5ff24dd3fc1d96e17efa8
+SHA512:
+  metadata.gz: d0a2dba7a0144156a92dd5e0489849093d6cc4f73b85e496d442f4395d03d836a839a751b24932cb9f284b09fc8f06f4cf4b5e73947d609df853d7a488867e47
+  data.tar.gz: 753f405bd6381b4828500af8e141d577548d054f4cd3f28fd96d516311f03deb8dd16125adda7b4988e4a65a2bdeb8481c50ed00cc2010c02638345f8519ec13

data/bin/oggcert

@@ -0,0 +1,209 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+require 'getoptlong'
+require 'pp'
+require 'colorize'
+require 'json'
+require 'pty'
+require 'fileutils'
+require 'console_table'
+require 'openssl'
+
+@final_files = Hash.new
+@final_files[:key]=""
+@final_files[:cert]=""
+@final_files[:ca]=""
+@final_files[:csr]=""
+@final_files[:full]=""
+
+@results_directory = "#{ENV["HOME"]}/.oggcert"
+@config_file = "#{ENV["HOME"]}/.oggcert.json"
+
+example_config = {
+  :snpp => {
+    :digest_algorithm => "sha256",
+    :key_size_bits => 4096,
+    :city => "Springfield",
+    :country => "US",
+    :organization => "Springfield Nuclear Power Plant",
+    :state => "Illinois",
+    :s3_bucket => "somebucket",
+    :aws_profile => "someprofile",
+    :enable_s3_upload => false,
+    :enable_iam_upload => false
+  }
+}
+
+def writeSampleConfig(path,data)
+  File.open(path,"w") do |f|
+    f.write(JSON.pretty_generate(data))
+  end
+end
+
+writeSampleConfig(@config_file,example_config) if !File.exists? @config_file
+
+begin
+  @config = JSON.parse(File.read @config_file)
+rescue
+  puts "I'm So Sorry, I can't open or read or find your config file".colorize(:red)
+  exit 1
+end
+
+def display_help
+	puts
+  puts "This is a tool to generate SSL CSR's and KEYs "
+  puts "Config File: #{@config_file.colorize(:blue)}"
+  puts
+	puts "Options:"
+	puts "-h or --help ".ljust(30) 		  	+"-> Display this help message"
+	puts "-c or --config".ljust(30) 		  +"-> Specifiy Config to use"
+	puts "-f or --fqdn".ljust(30) 		    +"-> Domain name you want a CRT for"
+	puts "-l or --list".ljust(30)         + "-> List Valid Configs"
+	puts
+	exit 1
+end
+
+def parse_cli
+  opts = GetoptLong.new(
+    ["-h", "--help", GetoptLong::NO_ARGUMENT],
+    ["-c", "--config", GetoptLong::REQUIRED_ARGUMENT],
+    ["-f", "--fqdn", GetoptLong::REQUIRED_ARGUMENT],
+    ["-l", "--list", GetoptLong::NO_ARGUMENT]
+  )
+
+  opts.each do |opt, arg|
+    case opt
+    when  "-h" || "--help"
+      display_help; exit
+    when "-c" || "--config"
+      @active_config = arg.strip().downcase()
+    when "-f" || "--fqdn"
+      @fqdn = arg.strip().downcase()
+    when "-l" || "--list"
+      list
+    end
+  end
+
+end
+
+
+def list
+  puts "\nHint: Use the #{"Blue".colorize(:blue)} items and your config name"
+  table_config = [
+     {:key=>:shortname, :size=>16, :title=>"Config"},
+     {:key=>:organization, :size=>40, :title=>"Organization"},
+     {:key=>:digest_algorithm, :size=>12, :title=>"Algorithm"},
+     {:key=>:key_size_bits, :size=>10, :title=>"Key Size"},
+     {:key=>:enable_iam_upload, :size=>13, :title=>"IAM Enabled"},
+     {:key=>:enable_s3_upload, :size=>13, :title=>"S3 Enabled"}
+  ]
+  ConsoleTable.define(table_config) do |table|
+    @config.each do |item|
+      table << [
+        item[0].dup.colorize(:blue),
+        item[1]["organization"],
+        item[1]["digest_algorithm"].colorize(:yellow),
+        item[1]["key_size_bits"].to_s.colorize(:purple),
+        item[1]["enable_s3_upload"] ? item[1]["enable_s3_upload"].to_s.colorize(:green) : item[1]["enable_s3_upload"].to_s.colorize(:red),
+        item[1]["enable_iam_upload"] ? item[1]["enable_iam_upload"].to_s.colorize(:green) : item[1]["enable_iam_upload"].to_s.colorize(:red)
+      ]
+    end
+  end
+  puts
+  exit 0
+end
+
+def generateKey
+  @key = OpenSSL::PKey::RSA.new @sel_config["key_size_bits"]
+  puts "New key generated (bits: #{@sel_config["key_size_bits"]})"
+end
+
+def generateCSR
+  @request = OpenSSL::X509::Request.new
+  @request.version = 0
+  @request.subject = OpenSSL::X509::Name.new([
+  ['C',             @sel_config["country"],      OpenSSL::ASN1::PRINTABLESTRING],
+  ['ST',            @sel_config["state"],        OpenSSL::ASN1::PRINTABLESTRING],
+  ['L',             @sel_config["city"],         OpenSSL::ASN1::PRINTABLESTRING],
+  ['O',             @sel_config["organization"], OpenSSL::ASN1::UTF8STRING],
+  ['CN',            @fqdn.gsub('wildcard','*'),  OpenSSL::ASN1::UTF8STRING]
+  ])
+  @request.public_key = @key.public_key
+  @request.sign(@key, Kernel.const_get("OpenSSL::Digest::#{@sel_config["digest_algorithm"].upcase}").new)
+  puts @request
+end
+
+
+def process_new_certificates
+  puts "Please Paste the CERT in here (End with ^D):".colorize(:green)
+  @signed_cert = $stdin.read
+  puts "Please Paste the Certificate Chain in here (End with ^D):".colorize(:green)
+  @chain = $stdin.read
+
+  if @signed_cert.length == 0 ||  @chain.length == 0
+    puts "we need a certificate's to continue, im going to quit".colorize(:red)
+    exit 1
+  end
+
+  # ensure new line at the end of the cert
+  [@signed_cert, @chain].each do |f|
+    f+"\n" if f[-1] != "\n"
+  end
+
+  new_certificate = OpenSSL::X509::Certificate.new @signed_cert
+  not_after_date = new_certificate.not_after.strftime('%m-%d-%Y')
+  fqdn_from_certificate = new_certificate.subject.to_s(OpenSSL::X509::Name::RFC2253).split(',')[0].split('=')[1]
+  file_name_friendly_fqdn = fqdn_from_certificate.gsub('*','wildcard')
+
+  @my_path = "#{@results_directory}/#{@active_config}/#{file_name_friendly_fqdn}"
+  FileUtils.mkdir_p(@my_path) if !File.directory? @my_path
+  puts "Storing results in #{@my_path}"
+
+  @final_files[:key]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.key"
+  @final_files[:cert]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.pem"
+  @final_files[:ca]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.ca.pem"
+  @final_files[:csr]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.csr"
+  @final_files[:full]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.full.pem"
+
+  File.open(@final_files[:cert], 'w') {|f| f.write( @signed_cert ) }
+  File.open(@final_files[:ca], 'w') {|f| f.write( @chain ) }
+  File.open(@final_files[:full], 'w') {|f| f.write( @signed_cert + @chain ) }
+  File.open(@final_files[:csr], 'w') {|f| f.write( @request ) }
+  File.open(@final_files[:key], 'w') {|f| f.write( @key.to_pem ) }
+
+  if @sel_config["enable_iam_upload"] == true
+    puts "uploading new certificate to aws IAM: #{file_name_friendly_fqdn}-#{not_after_date}"
+    command = "aws --profile=#{@sel_config["aws_profile"]} iam upload-server-certificate \
+              --server-certificate-name #{file_name_friendly_fqdn}-#{not_after_date} \
+              --certificate-body file://#{@final_files[:cert]} \
+              --private-key file://#{@final_files[:key]}\
+              --certificate-chain file://#{@final_files[:ca]}"
+    system(command)
+  end
+
+  if @sel_config["enable_s3_upload"] == true
+    @final_files.each do |k,v|
+      puts "uploading new certificate to aws s3 bucket #{@sel_config["s3_bucket"]} : #{file_name_friendly_fqdn}-#{not_after_date}"
+      command = "aws --profile=#{@sel_config["aws_profile"]} \
+                cp  #{v}  s3://#{@sel_config["s3_bucket"]}/#{v.split('/')[-1]}"
+      system(command)
+    end
+  end
+
+end
+
+
+
+parse_cli
+if @fqdn.nil? || @active_config.nil?
+  display_help
+  exit 1
+end
+@sel_config = @config[@active_config]
+if @sel_config == nil
+ puts "Help, I can't seem to find the config your asking for in #{@config_file}".colorize(:red)
+ exit 1
+end
+generateKey
+generateCSR
+process_new_certificates

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: oggcert
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Dr. Ogg
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-05-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.1
+- !ruby/object:Gem::Dependency
+  name: console_table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+- !ruby/object:Gem::Dependency
+  name: fileutils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.2
+description: 
+email: ogg@sr375.com
+executables:
+- oggcert
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/oggcert
+homepage: https://github.com/DoctorOgg/oggcert
+licenses:
+- GPL-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Cert Mangment tools
+test_files: []