ovpn-key 0.8.1 → 0.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 314eca1d302d14375dbba738bbd66ffcc29bd00d5b77e45705a415e9aadbd5aa
-  data.tar.gz: '042730556841b7e05cf523bf57d9a57b7b987d12e15e1308b110fafbf5ab3dac'
+  metadata.gz: af60a802bc319338bb17b74b6add7c6cd78d7bdc7a96021ad105a0928a59d491
+  data.tar.gz: 3b9aef64a304187f18a963ebf703a360f5790c9705af15864372796abdb353c8
 SHA512:
-  metadata.gz: 82736489c4feba97e504de91c939c3cdb074a988effa3972f07a7e2e674cbdac81af8a1ad7ae89f17c2fa35ed8afa69dbfaaf7bb504baac4ea971ed04aabd824
-  data.tar.gz: 7f8d4f05ec4d4a64c4231e4d575a69c7d6bc03180b6538ed2542486792692ff24145ab058644b6bdce50570ed627a8177b38a8837743c7ac4faa031cfbd89099
+  metadata.gz: bf1d15c25d12102fa3ac5429e40fae565e6ebeb2bc4fe32edea884eca9e9ffbe58bb5a15ce979a7d5403ef0ce67ceca28e38d7da5ea54f0890d1938e4ef6015a
+  data.tar.gz: 5855147ac84b0a8dc29b02b65d730a39caa46ad755ed69f92b845770d115478956045b99f40159abdb221ec2e5799abca1abd75c698a236612cfe4c10cf78421

data/bin/ovpn-key

@@ -15,7 +15,9 @@ CRL_FILE = 'crl.pem'
 SERIAL_FILE = 'serial'
 
 options = {}
+# rubocop:disable Metrics/BlockLength
 OptionParser.new do |opts|
+  # rubocop:enable Metrics/BlockLength
   opts.banner = "Usage: #{File.basename $PROGRAM_NAME} <options> [--nopass]"
   opts.on('--init [directory]', 'Init a CA directory (defaults to current)') do |v|
     options[:init] = v || '.'

data/lib/functions.rb

@@ -26,6 +26,17 @@ def ask_password(name)
   password
 end
 
+def unencrypt_ca_key
+  begin
+    OpenSSL::PKey::RSA.new File.read('ca.key'), ''
+  rescue OpenSSL::PKey::RSAError
+    # this means the file is encrypted
+    OpenSSL::PKey::RSA.new File.read('ca.key'), ask_password('ca')
+  end
+rescue OpenSSL::PKey::RSAError
+  retry
+end
+
 def gen_and_sign(type, certname, password)
   gen_key(certname, password)
   sign_key(type, certname, password)
@@ -39,36 +50,47 @@ def gen_key(certname, password)
 end
 
 # type is one of: 'ca', 'server', 'client'
-# rubocop:disable Naming/MethodParameterName
 def sign_key(type, cn, password)
-  # rubocop:enable Naming/MethodParameterName
   certname = type == 'ca' ? 'ca' : cn
   key = OpenSSL::PKey::RSA.new File.read("#{certname}.key"), password
-  subj = OpenSSL::X509::Name.new([['CN', cn]] + REQ.to_a)
-  serial = begin
-    File.read(SERIAL_FILE).to_i
-  rescue Errno::ENOENT
-    0
-  end + 1
+  serial = new_serial
+  cert = gen_cert(type, cn, key, serial)
+
+  ca_key = type == 'ca' ? key : unencrypt_ca_key
+  cert.sign ca_key, OpenSSL::Digest.new(DIGEST)
+
+  File.open(SERIAL_FILE, 'w') {|f| f.write serial }
+  File.open("#{certname}.crt", 'w') {|f| f.write cert.to_pem }
+end
+
+def gen_cert(type, cn, key, serial)
+  cert = basic_cert(type, cn)
+  cert.public_key = key.public_key
+  cert.serial = serial
+
+  customize_cert(type, cert)
+end
 
+# rubocop:disable Metrics/AbcSize
+def basic_cert(type, cn)
+  # rubocop:enable Metrics/AbcSize
+  subj = OpenSSL::X509::Name.new([['CN', cn]] + REQ.to_a)
   cert = OpenSSL::X509::Certificate.new
+
   cert.version = 2
-  cert.serial = serial
-  cert.not_before = Time.now
-  cert.not_after =
-    Time.now +
-    case type
-    when 'ca'
-      EXPIRE['ca']
-    when 'server'
-      EXPIRE['server']
-    when 'client'
-      EXPIRE['client']
-      # days to seconds
-    end * 86_400
-  cert.public_key = key.public_key
   cert.subject = subj
   cert.issuer = OpenSSL::X509::Name.new([['CN', CN_CA]] + REQ.to_a)
+  cert.not_before = Time.now
+  cert.not_after = Time.now + EXPIRE[type] * 86_400 # days to seconds
+
+  cert
+end
+
+# rubocop:disable Metrics/MethodLength
+# rubocop:disable Metrics/AbcSize
+def customize_cert(type, cert)
+  # rubocop:enable Metrics/AbcSize
+  # rubocop:enable Metrics/MethodLength
 
   ef = OpenSSL::X509::ExtensionFactory.new nil, cert
   ef.issuer_certificate = cert
@@ -80,7 +102,6 @@ def sign_key(type, cn, password)
   case type
   when 'ca'
     cert.add_extension ef.create_extension('keyUsage', 'cRLSign,keyCertSign')
-    cert.sign key, OpenSSL::Digest.new(DIGEST)
   when 'server'
     cert.add_extension ef.create_extension('keyUsage', 'keyEncipherment,digitalSignature')
     cert.add_extension ef.create_extension('extendedKeyUsage', 'serverAuth')
@@ -88,20 +109,15 @@ def sign_key(type, cn, password)
     cert.add_extension ef.create_extension('keyUsage', 'digitalSignature')
     cert.add_extension ef.create_extension('extendedKeyUsage', 'clientAuth')
   end
-  unless type == 'ca'
-    ca_key = begin
-      OpenSSL::PKey::RSA.new File.read('ca.key'), ask_password('ca')
-    rescue OpenSSL::PKey::RSAError
-      retry
-    end
-    cert.sign ca_key, OpenSSL::Digest.new(DIGEST)
-  end
 
-  File.open(SERIAL_FILE, 'w') {|f| f.write serial }
-  File.open("#{certname}.crt", 'w') {|f| f.write cert.to_pem }
+  cert
 end
 
+# rubocop:disable Metrics/AbcSize
+# rubocop:disable Metrics/MethodLength
 def revoke(certname)
+  # rubocop:enable Metrics/AbcSize
+  # rubocop:enable Metrics/MethodLength
   crl = OpenSSL::X509::CRL.new(File.read(CRL_FILE))
   cert = OpenSSL::X509::Certificate.new(File.read("#{certname}.crt"))
   revoke = OpenSSL::X509::Revoked.new.tap {|rev|
@@ -127,7 +143,9 @@ def gen_crl(ca_pass)
   update_crl(crl, ca_pass)
 end
 
+# rubocop:disable Metrics/AbcSize
 def update_crl(crl, ca_pass)
+  # rubocop:enable Metrics/AbcSize
   ca_key = OpenSSL::PKey::RSA.new File.read('ca.key'), ca_pass
   crl.last_update = Time.now
   crl.next_update = Time.now + EXPIRE['crl'] * 86_400 # days to seconds
@@ -136,6 +154,14 @@ def update_crl(crl, ca_pass)
   File.open(CRL_FILE, 'w') {|f| f.write crl.to_pem }
 end
 
+def new_serial
+  begin
+    File.read(SERIAL_FILE).to_i
+  rescue Errno::ENOENT
+    0
+  end + 1
+end
+
 def create_dir(name)
   return if Dir.exist? name
 

data/lib/version.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-::VERSION = '0.8.1'
+::VERSION = '0.8.2'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ovpn-key
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.8.2
 platform: ruby
 authors:
 - Vasily Korytov