ovpn-key 0.8.3 → 0.8.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/functions.rb +16 -26
- data/lib/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0ae3146e987d293da8fbf2880e9696e94d7d51c06db2f63fd2c021d63158dea5
|
4
|
+
data.tar.gz: fbac8d69275b82527304e063db26bdea596186a7dee71acd98d9a3da282a6f59
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2dfbae985471d80c40a7ea2ada9b8dfdd237b3973027c737640e782f0dc8503cc466ee5560d0f3f0456a20c2199fba2407a59202a4bf4c08291ec2a820b02333
|
7
|
+
data.tar.gz: 5451ceb967404146948d348bd63deb7d2bc2e73df9ed93c840c4cf160a1cb6048b923e48ad96b1c121efd64cd5386da6bdca20606dbfa9c69f5bd85b484710a8
|
data/lib/functions.rb
CHANGED
@@ -30,7 +30,7 @@ def unencrypt_ca_key(pass = '')
|
|
30
30
|
begin
|
31
31
|
OpenSSL::PKey::RSA.new File.read('ca.key'), pass
|
32
32
|
rescue OpenSSL::PKey::RSAError
|
33
|
-
# this means
|
33
|
+
# this means pass is wrong, so ask for it
|
34
34
|
OpenSSL::PKey::RSA.new File.read('ca.key'), ask_password('ca')
|
35
35
|
end
|
36
36
|
rescue OpenSSL::PKey::RSAError
|
@@ -54,7 +54,7 @@ def sign_key(type, cn, password)
|
|
54
54
|
certname = type == 'ca' ? 'ca' : cn
|
55
55
|
key = OpenSSL::PKey::RSA.new File.read("#{certname}.key"), password
|
56
56
|
serial = new_serial
|
57
|
-
cert = gen_cert(type, cn, key, serial)
|
57
|
+
cert = gen_cert(type, cn, key.public_key, serial)
|
58
58
|
|
59
59
|
ca_key = type == 'ca' ? key : unencrypt_ca_key
|
60
60
|
cert.sign ca_key, OpenSSL::Digest.new(DIGEST)
|
@@ -63,29 +63,30 @@ def sign_key(type, cn, password)
|
|
63
63
|
File.open("#{certname}.crt", 'w') {|f| f.write cert.to_pem }
|
64
64
|
end
|
65
65
|
|
66
|
-
def gen_cert(type, cn,
|
66
|
+
def gen_cert(type, cn, pubkey, serial)
|
67
67
|
cert = basic_cert(type, cn)
|
68
|
-
cert.public_key =
|
68
|
+
cert.public_key = pubkey
|
69
69
|
cert.serial = serial
|
70
70
|
|
71
71
|
customize_cert(type, cert)
|
72
72
|
end
|
73
73
|
|
74
|
-
# rubocop:disable Metrics/AbcSize
|
75
74
|
def basic_cert(type, cn)
|
76
|
-
# rubocop:enable Metrics/AbcSize
|
77
|
-
subj = OpenSSL::X509::Name.new([['CN', cn]] + REQ.to_a)
|
78
75
|
cert = OpenSSL::X509::Certificate.new
|
79
76
|
|
80
77
|
cert.version = 2
|
81
|
-
cert.subject =
|
78
|
+
cert.subject = OpenSSL::X509::Name.new([['CN', cn]] + REQ.to_a)
|
82
79
|
cert.issuer = OpenSSL::X509::Name.new([['CN', CN_CA]] + REQ.to_a)
|
83
80
|
cert.not_before = Time.now
|
84
|
-
cert.not_after =
|
81
|
+
cert.not_after = time_after_days(EXPIRE[type])
|
85
82
|
|
86
83
|
cert
|
87
84
|
end
|
88
85
|
|
86
|
+
def time_after_days(days)
|
87
|
+
Time.now + days * 86_400 # days to seconds
|
88
|
+
end
|
89
|
+
|
89
90
|
# rubocop:disable Metrics/MethodLength
|
90
91
|
# rubocop:disable Metrics/AbcSize
|
91
92
|
def customize_cert(type, cert)
|
@@ -114,24 +115,17 @@ def customize_cert(type, cert)
|
|
114
115
|
end
|
115
116
|
|
116
117
|
# rubocop:disable Metrics/AbcSize
|
117
|
-
# rubocop:disable Metrics/MethodLength
|
118
118
|
def revoke(certname)
|
119
119
|
# rubocop:enable Metrics/AbcSize
|
120
|
-
# rubocop:enable Metrics/MethodLength
|
121
120
|
crl = OpenSSL::X509::CRL.new(File.read(CRL_FILE))
|
122
121
|
cert = OpenSSL::X509::Certificate.new(File.read("#{certname}.crt"))
|
123
122
|
revoke = OpenSSL::X509::Revoked.new.tap {|rev|
|
124
123
|
rev.serial = cert.serial
|
125
124
|
rev.time = Time.now
|
126
125
|
}
|
127
|
-
crl.next_update =
|
126
|
+
crl.next_update = time_after_days(EXPIRE['crl'])
|
128
127
|
crl.add_revoked(revoke)
|
129
|
-
|
130
|
-
update_crl(crl, '')
|
131
|
-
rescue OpenSSL::PKey::RSAError
|
132
|
-
retry
|
133
|
-
end
|
134
|
-
|
128
|
+
update_crl(crl, '')
|
135
129
|
%w[crt key].each {|ext| File.delete "#{certname}.#{ext}" }
|
136
130
|
end
|
137
131
|
|
@@ -143,22 +137,18 @@ def gen_crl(ca_pass)
|
|
143
137
|
update_crl(crl, ca_pass)
|
144
138
|
end
|
145
139
|
|
146
|
-
# rubocop:disable Metrics/AbcSize
|
147
140
|
def update_crl(crl, ca_pass)
|
148
|
-
# rubocop:enable Metrics/AbcSize
|
149
141
|
ca_key = unencrypt_ca_key(ca_pass)
|
150
142
|
crl.last_update = Time.now
|
151
|
-
crl.next_update =
|
143
|
+
crl.next_update = time_after_days(EXPIRE['crl'])
|
152
144
|
crl.sign(ca_key, OpenSSL::Digest.new(DIGEST))
|
153
145
|
File.open(CRL_FILE, 'w') {|f| f.write crl.to_pem }
|
154
146
|
end
|
155
147
|
|
156
148
|
def new_serial
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
0
|
161
|
-
end + 1
|
149
|
+
File.read(SERIAL_FILE).to_i + 1
|
150
|
+
rescue Errno::ENOENT
|
151
|
+
0
|
162
152
|
end
|
163
153
|
|
164
154
|
def create_dir(name)
|
data/lib/version.rb
CHANGED