openssl-stdlib 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/openssl-stdlib.rb +145 -0
- data/lib/openssl-stdlib/error.rb +7 -0
- metadata +44 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 26f97a3e5cd688aa67259549886d5e3b96b08bc4a1d4e85f88dffe5fa289e614
|
|
4
|
+
data.tar.gz: a22fbc03f31e4da16dc310e9010a0bed989b5fe6ce7c04be178b60fc944d6c8b
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: e297b381cf1426f26584bb5d17149788781bb81af3141f50a398ef0570573a8a25bc3c2716103483f3fc67781c53ef9e37310f88c0c74307f8bcde48b36149b8
|
|
7
|
+
data.tar.gz: 2a95cb0f6fa29f625b220ce20aaf4d5632b695dee19a8799a1f4188efaf03e033bccd160819476732d428c8c1566fb6501e0c482b4c32804e2d2859312f676ab
|
|
@@ -0,0 +1,145 @@
|
|
|
1
|
+
require_relative('openssl-stdlib/error')
|
|
2
|
+
require 'openssl'
|
|
3
|
+
module Stdlib
|
|
4
|
+
class Certificate
|
|
5
|
+
|
|
6
|
+
def self.sign_csr(key, csr, serial = nil, version = 3, valid_duration = nil)
|
|
7
|
+
|
|
8
|
+
csr_cert = OpenSSL::X509::Certificate.new
|
|
9
|
+
|
|
10
|
+
rand = Random.new
|
|
11
|
+
csr_cert.serial = serial ||= random.rand(1..100)
|
|
12
|
+
csr_cert.version = version
|
|
13
|
+
csr_cert.not_before = Time.now
|
|
14
|
+
csr_cert.not_after = Time.now + (valid_duration ||= 60 * 24 * 365 * 5)
|
|
15
|
+
|
|
16
|
+
csr_cert.subject = csr.subject
|
|
17
|
+
csr_cert.public_key = csr.public_key
|
|
18
|
+
csr_cert.issuer = ca_cert.subject
|
|
19
|
+
|
|
20
|
+
extension_factory = OpenSSL::X509::ExtensionFactory.new
|
|
21
|
+
extension_factory.subject_certificate = csr_cert
|
|
22
|
+
extension_factory.issuer_certificate = ca_cert
|
|
23
|
+
|
|
24
|
+
csr_cert.add_extension extension_factory.create_extension('basicConstraints', 'CA:FALSE')
|
|
25
|
+
|
|
26
|
+
csr_cert.add_extension extension_factory.create_extension(
|
|
27
|
+
'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature')
|
|
28
|
+
|
|
29
|
+
csr_cert.add_extension extension_factory.create_extension('subjectKeyIdentifier', 'hash')
|
|
30
|
+
|
|
31
|
+
csr_cert.sign ca_key, OpenSSL::Digest::SHA1.new
|
|
32
|
+
|
|
33
|
+
open 'csr_cert.pem', 'w' do |io|
|
|
34
|
+
io.write csr_cert.to_pem
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def self.create_csr(key, name)
|
|
39
|
+
|
|
40
|
+
raise Stdlib::Error.new('No suitable key was provided') if key.nil? or ! key.is_a?(OpenSSL::PKey::RSA)
|
|
41
|
+
raise Stdlib::Error.new('No suitable name was provided') if name.nil? or ! name.is_a?(String) or name.size < 1
|
|
42
|
+
|
|
43
|
+
csr = OpenSSL::X509::Request.new
|
|
44
|
+
csr.version = 0
|
|
45
|
+
csr.subject = name
|
|
46
|
+
csr.public_key = key.public_key
|
|
47
|
+
csr.sign key, OpenSSL::Digest::SHA1.new
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def self.generate_key(file = nil, pass = nil, key_size = 2048)
|
|
51
|
+
return OpenSSL::PKey::RSA.new key_size if file == nil
|
|
52
|
+
return OpenSSL::PKey::RSA.new File.read(file), pass if File.readable?(file) and pass != nil
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def self.generate_ca(key, cn, dc, version = 3, serial = nil, valid_duration = nil)
|
|
56
|
+
|
|
57
|
+
raise Stdlib::Error.new('No key was supplied to the certificate') if key.nil? or ! key.is_a?(OpenSSL::PKey::RSA)
|
|
58
|
+
raise Stdlib::Error.new('No CN was supplied to the certificate') if cn.nil?
|
|
59
|
+
raise Stdlib::Error.new('No DC array was supplied to the certificate') if dc.nil?
|
|
60
|
+
|
|
61
|
+
dclist = String.new
|
|
62
|
+
dc.each do |d|
|
|
63
|
+
dclist = dclist + "/DC=#{d}"
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
name = OpenSSL::X509::Name.parse "CN=#{cn}#{dclist}"
|
|
67
|
+
|
|
68
|
+
random = Random.new
|
|
69
|
+
cert = OpenSSL::X509::Certificate.new
|
|
70
|
+
cert.version = version
|
|
71
|
+
cert.serial = serial ||= random.rand(1..100)
|
|
72
|
+
cert.not_before = Time.now
|
|
73
|
+
cert.not_after = Time.now + (valid_duration ||= 60 * 24 * 365 * 5)
|
|
74
|
+
|
|
75
|
+
cert.public_key = key.public_key
|
|
76
|
+
cert.subject = name
|
|
77
|
+
cert.issuer = name
|
|
78
|
+
|
|
79
|
+
extension_factory = OpenSSL::X509::ExtensionFactory.new
|
|
80
|
+
extension_factory.subject_certificate = cert
|
|
81
|
+
extension_factory.issuer_certificate = cert
|
|
82
|
+
|
|
83
|
+
cert.add_extension extension_factory.create_extension('subjectKeyIdentifier', 'hash')
|
|
84
|
+
|
|
85
|
+
cert.add_extension extension_factory.create_extension(
|
|
86
|
+
'keyUsage', 'cRLSign,keyCertSign', true)
|
|
87
|
+
|
|
88
|
+
cert.sign key, OpenSSL::Digest::SHA1.new
|
|
89
|
+
|
|
90
|
+
cert
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def self.generate_certificate(key, cn, dc, version = 3, serial = nil, valid_duration = nil)
|
|
94
|
+
|
|
95
|
+
raise Stdlib::Error.new('No key was supplied to the certificate') if key.nil? or ! key.is_a?(OpenSSL::PKey::RSA)
|
|
96
|
+
raise Stdlib::Error.new('No CN was supplied to the certificate') if cn.nil?
|
|
97
|
+
raise Stdlib::Error.new('No DC array was supplied to the certificate') if dc.nil?
|
|
98
|
+
|
|
99
|
+
dclist = String.new
|
|
100
|
+
dc.each do |d|
|
|
101
|
+
dclist = dclist + "/DC=#{d}"
|
|
102
|
+
end
|
|
103
|
+
|
|
104
|
+
name = OpenSSL::X509::Name.parse "CN=#{cn}#{dclist}"
|
|
105
|
+
|
|
106
|
+
random = Random.new
|
|
107
|
+
cert = OpenSSL::X509::Certificate.new
|
|
108
|
+
cert.version = version
|
|
109
|
+
cert.serial = serial ||= random.rand(1..100)
|
|
110
|
+
cert.not_before = Time.now
|
|
111
|
+
cert.not_after = Time.now + (valid_duration ||= 60 * 24 * 365 * 5)
|
|
112
|
+
|
|
113
|
+
cert.public_key = key.public_key
|
|
114
|
+
cert.subject = name
|
|
115
|
+
cert
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def self.sign_certificate(key, cert, digest, cert_name)
|
|
119
|
+
|
|
120
|
+
raise Stdlib::Error.new('No key was supplied to sign the certificate') if key.nil? or ! key.is_a?(OpenSSL::PKey::RSA)
|
|
121
|
+
raise Stdlib::Error.new('No certificate was supplied to sign') if cert.nil? or ! cert.is_a?(OpenSSL::X509::Certificate)
|
|
122
|
+
raise Stdlib::Error.new('No digest was supplied to encrypt the certficate') if digest.nil? or ! digest.is_a?(OpenSSL::Digest)
|
|
123
|
+
raise Stdlib::Error.new('No name was supplied to encrypt the certficate') if cert_name.nil? or ! cert_name.is_a?(OpenSSL::X509::Name)
|
|
124
|
+
|
|
125
|
+
cert.issuer = cert_name
|
|
126
|
+
cert.sign key, digest
|
|
127
|
+
|
|
128
|
+
cert
|
|
129
|
+
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
def self.save_certificate(certificate, path)
|
|
133
|
+
open path, 'w' do |io| io.write certificate.to_pem end
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
def self.load_certificate(path)
|
|
137
|
+
|
|
138
|
+
file = File.absolute_path(path)
|
|
139
|
+
|
|
140
|
+
cert = OpenSSL::X509::Certificate.new File.read path
|
|
141
|
+
raise Stdlib::Error.new('file path does not lead to a certificate') if ! cert.is_a?(OpenSSL::X509::Certificate)
|
|
142
|
+
cert
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: openssl-stdlib
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.3
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Eric Anderson
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2018-12-13 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description:
|
|
14
|
+
email:
|
|
15
|
+
executables: []
|
|
16
|
+
extensions: []
|
|
17
|
+
extra_rdoc_files: []
|
|
18
|
+
files:
|
|
19
|
+
- lib/openssl-stdlib.rb
|
|
20
|
+
- lib/openssl-stdlib/error.rb
|
|
21
|
+
homepage:
|
|
22
|
+
licenses: []
|
|
23
|
+
metadata: {}
|
|
24
|
+
post_install_message:
|
|
25
|
+
rdoc_options: []
|
|
26
|
+
require_paths:
|
|
27
|
+
- lib
|
|
28
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
29
|
+
requirements:
|
|
30
|
+
- - ">="
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '0'
|
|
33
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
34
|
+
requirements:
|
|
35
|
+
- - ">="
|
|
36
|
+
- !ruby/object:Gem::Version
|
|
37
|
+
version: '0'
|
|
38
|
+
requirements: []
|
|
39
|
+
rubyforge_project:
|
|
40
|
+
rubygems_version: 2.7.6
|
|
41
|
+
signing_key:
|
|
42
|
+
specification_version: 4
|
|
43
|
+
summary: stdlib for openssl certificaes
|
|
44
|
+
test_files: []
|