oggcert 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/bin/oggcert +209 -0
  3. metadata +133 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 204244d81f4c10ef199bb8d7c9a2b717489a098d
4
+ data.tar.gz: 6bf22ae3bc85dd7b26f5ff24dd3fc1d96e17efa8
5
+ SHA512:
6
+ metadata.gz: d0a2dba7a0144156a92dd5e0489849093d6cc4f73b85e496d442f4395d03d836a839a751b24932cb9f284b09fc8f06f4cf4b5e73947d609df853d7a488867e47
7
+ data.tar.gz: 753f405bd6381b4828500af8e141d577548d054f4cd3f28fd96d516311f03deb8dd16125adda7b4988e4a65a2bdeb8481c50ed00cc2010c02638345f8519ec13
data/bin/oggcert ADDED
@@ -0,0 +1,209 @@
1
+ #!/usr/bin/env ruby
2
+ require 'rubygems'
3
+ require 'getoptlong'
4
+ require 'pp'
5
+ require 'colorize'
6
+ require 'json'
7
+ require 'pty'
8
+ require 'fileutils'
9
+ require 'console_table'
10
+ require 'openssl'
11
+
12
+ @final_files = Hash.new
13
+ @final_files[:key]=""
14
+ @final_files[:cert]=""
15
+ @final_files[:ca]=""
16
+ @final_files[:csr]=""
17
+ @final_files[:full]=""
18
+
19
+ @results_directory = "#{ENV["HOME"]}/.oggcert"
20
+ @config_file = "#{ENV["HOME"]}/.oggcert.json"
21
+
22
+ example_config = {
23
+ :snpp => {
24
+ :digest_algorithm => "sha256",
25
+ :key_size_bits => 4096,
26
+ :city => "Springfield",
27
+ :country => "US",
28
+ :organization => "Springfield Nuclear Power Plant",
29
+ :state => "Illinois",
30
+ :s3_bucket => "somebucket",
31
+ :aws_profile => "someprofile",
32
+ :enable_s3_upload => false,
33
+ :enable_iam_upload => false
34
+ }
35
+ }
36
+
37
+ def writeSampleConfig(path,data)
38
+ File.open(path,"w") do |f|
39
+ f.write(JSON.pretty_generate(data))
40
+ end
41
+ end
42
+
43
+ writeSampleConfig(@config_file,example_config) if !File.exists? @config_file
44
+
45
+ begin
46
+ @config = JSON.parse(File.read @config_file)
47
+ rescue
48
+ puts "I'm So Sorry, I can't open or read or find your config file".colorize(:red)
49
+ exit 1
50
+ end
51
+
52
+ def display_help
53
+ puts
54
+ puts "This is a tool to generate SSL CSR's and KEYs "
55
+ puts "Config File: #{@config_file.colorize(:blue)}"
56
+ puts
57
+ puts "Options:"
58
+ puts "-h or --help ".ljust(30) +"-> Display this help message"
59
+ puts "-c or --config".ljust(30) +"-> Specifiy Config to use"
60
+ puts "-f or --fqdn".ljust(30) +"-> Domain name you want a CRT for"
61
+ puts "-l or --list".ljust(30) + "-> List Valid Configs"
62
+ puts
63
+ exit 1
64
+ end
65
+
66
+ def parse_cli
67
+ opts = GetoptLong.new(
68
+ ["-h", "--help", GetoptLong::NO_ARGUMENT],
69
+ ["-c", "--config", GetoptLong::REQUIRED_ARGUMENT],
70
+ ["-f", "--fqdn", GetoptLong::REQUIRED_ARGUMENT],
71
+ ["-l", "--list", GetoptLong::NO_ARGUMENT]
72
+ )
73
+
74
+ opts.each do |opt, arg|
75
+ case opt
76
+ when "-h" || "--help"
77
+ display_help; exit
78
+ when "-c" || "--config"
79
+ @active_config = arg.strip().downcase()
80
+ when "-f" || "--fqdn"
81
+ @fqdn = arg.strip().downcase()
82
+ when "-l" || "--list"
83
+ list
84
+ end
85
+ end
86
+
87
+ end
88
+
89
+
90
+ def list
91
+ puts "\nHint: Use the #{"Blue".colorize(:blue)} items and your config name"
92
+ table_config = [
93
+ {:key=>:shortname, :size=>16, :title=>"Config"},
94
+ {:key=>:organization, :size=>40, :title=>"Organization"},
95
+ {:key=>:digest_algorithm, :size=>12, :title=>"Algorithm"},
96
+ {:key=>:key_size_bits, :size=>10, :title=>"Key Size"},
97
+ {:key=>:enable_iam_upload, :size=>13, :title=>"IAM Enabled"},
98
+ {:key=>:enable_s3_upload, :size=>13, :title=>"S3 Enabled"}
99
+ ]
100
+ ConsoleTable.define(table_config) do |table|
101
+ @config.each do |item|
102
+ table << [
103
+ item[0].dup.colorize(:blue),
104
+ item[1]["organization"],
105
+ item[1]["digest_algorithm"].colorize(:yellow),
106
+ item[1]["key_size_bits"].to_s.colorize(:purple),
107
+ item[1]["enable_s3_upload"] ? item[1]["enable_s3_upload"].to_s.colorize(:green) : item[1]["enable_s3_upload"].to_s.colorize(:red),
108
+ item[1]["enable_iam_upload"] ? item[1]["enable_iam_upload"].to_s.colorize(:green) : item[1]["enable_iam_upload"].to_s.colorize(:red)
109
+ ]
110
+ end
111
+ end
112
+ puts
113
+ exit 0
114
+ end
115
+
116
+ def generateKey
117
+ @key = OpenSSL::PKey::RSA.new @sel_config["key_size_bits"]
118
+ puts "New key generated (bits: #{@sel_config["key_size_bits"]})"
119
+ end
120
+
121
+ def generateCSR
122
+ @request = OpenSSL::X509::Request.new
123
+ @request.version = 0
124
+ @request.subject = OpenSSL::X509::Name.new([
125
+ ['C', @sel_config["country"], OpenSSL::ASN1::PRINTABLESTRING],
126
+ ['ST', @sel_config["state"], OpenSSL::ASN1::PRINTABLESTRING],
127
+ ['L', @sel_config["city"], OpenSSL::ASN1::PRINTABLESTRING],
128
+ ['O', @sel_config["organization"], OpenSSL::ASN1::UTF8STRING],
129
+ ['CN', @fqdn.gsub('wildcard','*'), OpenSSL::ASN1::UTF8STRING]
130
+ ])
131
+ @request.public_key = @key.public_key
132
+ @request.sign(@key, Kernel.const_get("OpenSSL::Digest::#{@sel_config["digest_algorithm"].upcase}").new)
133
+ puts @request
134
+ end
135
+
136
+
137
+ def process_new_certificates
138
+ puts "Please Paste the CERT in here (End with ^D):".colorize(:green)
139
+ @signed_cert = $stdin.read
140
+ puts "Please Paste the Certificate Chain in here (End with ^D):".colorize(:green)
141
+ @chain = $stdin.read
142
+
143
+ if @signed_cert.length == 0 || @chain.length == 0
144
+ puts "we need a certificate's to continue, im going to quit".colorize(:red)
145
+ exit 1
146
+ end
147
+
148
+ # ensure new line at the end of the cert
149
+ [@signed_cert, @chain].each do |f|
150
+ f+"\n" if f[-1] != "\n"
151
+ end
152
+
153
+ new_certificate = OpenSSL::X509::Certificate.new @signed_cert
154
+ not_after_date = new_certificate.not_after.strftime('%m-%d-%Y')
155
+ fqdn_from_certificate = new_certificate.subject.to_s(OpenSSL::X509::Name::RFC2253).split(',')[0].split('=')[1]
156
+ file_name_friendly_fqdn = fqdn_from_certificate.gsub('*','wildcard')
157
+
158
+ @my_path = "#{@results_directory}/#{@active_config}/#{file_name_friendly_fqdn}"
159
+ FileUtils.mkdir_p(@my_path) if !File.directory? @my_path
160
+ puts "Storing results in #{@my_path}"
161
+
162
+ @final_files[:key]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.key"
163
+ @final_files[:cert]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.pem"
164
+ @final_files[:ca]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.ca.pem"
165
+ @final_files[:csr]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.csr"
166
+ @final_files[:full]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.full.pem"
167
+
168
+ File.open(@final_files[:cert], 'w') {|f| f.write( @signed_cert ) }
169
+ File.open(@final_files[:ca], 'w') {|f| f.write( @chain ) }
170
+ File.open(@final_files[:full], 'w') {|f| f.write( @signed_cert + @chain ) }
171
+ File.open(@final_files[:csr], 'w') {|f| f.write( @request ) }
172
+ File.open(@final_files[:key], 'w') {|f| f.write( @key.to_pem ) }
173
+
174
+ if @sel_config["enable_iam_upload"] == true
175
+ puts "uploading new certificate to aws IAM: #{file_name_friendly_fqdn}-#{not_after_date}"
176
+ command = "aws --profile=#{@sel_config["aws_profile"]} iam upload-server-certificate \
177
+ --server-certificate-name #{file_name_friendly_fqdn}-#{not_after_date} \
178
+ --certificate-body file://#{@final_files[:cert]} \
179
+ --private-key file://#{@final_files[:key]}\
180
+ --certificate-chain file://#{@final_files[:ca]}"
181
+ system(command)
182
+ end
183
+
184
+ if @sel_config["enable_s3_upload"] == true
185
+ @final_files.each do |k,v|
186
+ puts "uploading new certificate to aws s3 bucket #{@sel_config["s3_bucket"]} : #{file_name_friendly_fqdn}-#{not_after_date}"
187
+ command = "aws --profile=#{@sel_config["aws_profile"]} \
188
+ cp #{v} s3://#{@sel_config["s3_bucket"]}/#{v.split('/')[-1]}"
189
+ system(command)
190
+ end
191
+ end
192
+
193
+ end
194
+
195
+
196
+
197
+ parse_cli
198
+ if @fqdn.nil? || @active_config.nil?
199
+ display_help
200
+ exit 1
201
+ end
202
+ @sel_config = @config[@active_config]
203
+ if @sel_config == nil
204
+ puts "Help, I can't seem to find the config your asking for in #{@config_file}".colorize(:red)
205
+ exit 1
206
+ end
207
+ generateKey
208
+ generateCSR
209
+ process_new_certificates
metadata ADDED
@@ -0,0 +1,133 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: oggcert
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.1
5
+ platform: ruby
6
+ authors:
7
+ - Dr. Ogg
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-05-20 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: colorize
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 0.8.1
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: 0.8.1
27
+ - !ruby/object:Gem::Dependency
28
+ name: console_table
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 0.3.0
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 0.3.0
41
+ - !ruby/object:Gem::Dependency
42
+ name: fileutils
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.2'
48
+ - - ">="
49
+ - !ruby/object:Gem::Version
50
+ version: 1.2.0
51
+ type: :runtime
52
+ prerelease: false
53
+ version_requirements: !ruby/object:Gem::Requirement
54
+ requirements:
55
+ - - "~>"
56
+ - !ruby/object:Gem::Version
57
+ version: '1.2'
58
+ - - ">="
59
+ - !ruby/object:Gem::Version
60
+ version: 1.2.0
61
+ - !ruby/object:Gem::Dependency
62
+ name: json
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - "~>"
66
+ - !ruby/object:Gem::Version
67
+ version: '2.2'
68
+ - - ">="
69
+ - !ruby/object:Gem::Version
70
+ version: 2.2.0
71
+ type: :runtime
72
+ prerelease: false
73
+ version_requirements: !ruby/object:Gem::Requirement
74
+ requirements:
75
+ - - "~>"
76
+ - !ruby/object:Gem::Version
77
+ version: '2.2'
78
+ - - ">="
79
+ - !ruby/object:Gem::Version
80
+ version: 2.2.0
81
+ - !ruby/object:Gem::Dependency
82
+ name: openssl
83
+ requirement: !ruby/object:Gem::Requirement
84
+ requirements:
85
+ - - "~>"
86
+ - !ruby/object:Gem::Version
87
+ version: '2.1'
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ version: 2.1.2
91
+ type: :runtime
92
+ prerelease: false
93
+ version_requirements: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - "~>"
96
+ - !ruby/object:Gem::Version
97
+ version: '2.1'
98
+ - - ">="
99
+ - !ruby/object:Gem::Version
100
+ version: 2.1.2
101
+ description:
102
+ email: ogg@sr375.com
103
+ executables:
104
+ - oggcert
105
+ extensions: []
106
+ extra_rdoc_files: []
107
+ files:
108
+ - bin/oggcert
109
+ homepage: https://github.com/DoctorOgg/oggcert
110
+ licenses:
111
+ - GPL-2.0
112
+ metadata: {}
113
+ post_install_message:
114
+ rdoc_options: []
115
+ require_paths:
116
+ - lib
117
+ required_ruby_version: !ruby/object:Gem::Requirement
118
+ requirements:
119
+ - - ">="
120
+ - !ruby/object:Gem::Version
121
+ version: '0'
122
+ required_rubygems_version: !ruby/object:Gem::Requirement
123
+ requirements:
124
+ - - ">="
125
+ - !ruby/object:Gem::Version
126
+ version: '0'
127
+ requirements: []
128
+ rubyforge_project:
129
+ rubygems_version: 2.6.13
130
+ signing_key:
131
+ specification_version: 4
132
+ summary: Cert Mangment tools
133
+ test_files: []