ovpn-key 0.8.3 → 0.8.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/functions.rb +16 -26
  3. data/lib/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f649f93527c7712d821cd815cca027fcb048f2313c8c68993abee8f2c5705c1b
4
- data.tar.gz: b989f0b2f6dac9564ec407073f50e6cfc7d3578a57f8ee4c7f107682e80c6e4c
3
+ metadata.gz: 0ae3146e987d293da8fbf2880e9696e94d7d51c06db2f63fd2c021d63158dea5
4
+ data.tar.gz: fbac8d69275b82527304e063db26bdea596186a7dee71acd98d9a3da282a6f59
5
5
  SHA512:
6
- metadata.gz: 1e614802f5bd70e6885bb122a0f74d43c88d18d45a2a0b433f2de46dead191a4eb3e3a7563f16fc2757714924f56f7b3191740dcdf079d7783424cdfaf981b63
7
- data.tar.gz: e357e4d4dd0995f6982b44ed5a6a1985c8dd08482a3064d5386d156a8624f78c6ed598cddffe0d31770ac66214685753d8228718426dcd3951429c872404fa82
6
+ metadata.gz: 2dfbae985471d80c40a7ea2ada9b8dfdd237b3973027c737640e782f0dc8503cc466ee5560d0f3f0456a20c2199fba2407a59202a4bf4c08291ec2a820b02333
7
+ data.tar.gz: 5451ceb967404146948d348bd63deb7d2bc2e73df9ed93c840c4cf160a1cb6048b923e48ad96b1c121efd64cd5386da6bdca20606dbfa9c69f5bd85b484710a8
data/lib/functions.rb CHANGED
@@ -30,7 +30,7 @@ def unencrypt_ca_key(pass = '')
30
30
  begin
31
31
  OpenSSL::PKey::RSA.new File.read('ca.key'), pass
32
32
  rescue OpenSSL::PKey::RSAError
33
- # this means the file is encrypted or pass is wrong
33
+ # this means pass is wrong, so ask for it
34
34
  OpenSSL::PKey::RSA.new File.read('ca.key'), ask_password('ca')
35
35
  end
36
36
  rescue OpenSSL::PKey::RSAError
@@ -54,7 +54,7 @@ def sign_key(type, cn, password)
54
54
  certname = type == 'ca' ? 'ca' : cn
55
55
  key = OpenSSL::PKey::RSA.new File.read("#{certname}.key"), password
56
56
  serial = new_serial
57
- cert = gen_cert(type, cn, key, serial)
57
+ cert = gen_cert(type, cn, key.public_key, serial)
58
58
 
59
59
  ca_key = type == 'ca' ? key : unencrypt_ca_key
60
60
  cert.sign ca_key, OpenSSL::Digest.new(DIGEST)
@@ -63,29 +63,30 @@ def sign_key(type, cn, password)
63
63
  File.open("#{certname}.crt", 'w') {|f| f.write cert.to_pem }
64
64
  end
65
65
 
66
- def gen_cert(type, cn, key, serial)
66
+ def gen_cert(type, cn, pubkey, serial)
67
67
  cert = basic_cert(type, cn)
68
- cert.public_key = key.public_key
68
+ cert.public_key = pubkey
69
69
  cert.serial = serial
70
70
 
71
71
  customize_cert(type, cert)
72
72
  end
73
73
 
74
- # rubocop:disable Metrics/AbcSize
75
74
  def basic_cert(type, cn)
76
- # rubocop:enable Metrics/AbcSize
77
- subj = OpenSSL::X509::Name.new([['CN', cn]] + REQ.to_a)
78
75
  cert = OpenSSL::X509::Certificate.new
79
76
 
80
77
  cert.version = 2
81
- cert.subject = subj
78
+ cert.subject = OpenSSL::X509::Name.new([['CN', cn]] + REQ.to_a)
82
79
  cert.issuer = OpenSSL::X509::Name.new([['CN', CN_CA]] + REQ.to_a)
83
80
  cert.not_before = Time.now
84
- cert.not_after = Time.now + EXPIRE[type] * 86_400 # days to seconds
81
+ cert.not_after = time_after_days(EXPIRE[type])
85
82
 
86
83
  cert
87
84
  end
88
85
 
86
+ def time_after_days(days)
87
+ Time.now + days * 86_400 # days to seconds
88
+ end
89
+
89
90
  # rubocop:disable Metrics/MethodLength
90
91
  # rubocop:disable Metrics/AbcSize
91
92
  def customize_cert(type, cert)
@@ -114,24 +115,17 @@ def customize_cert(type, cert)
114
115
  end
115
116
 
116
117
  # rubocop:disable Metrics/AbcSize
117
- # rubocop:disable Metrics/MethodLength
118
118
  def revoke(certname)
119
119
  # rubocop:enable Metrics/AbcSize
120
- # rubocop:enable Metrics/MethodLength
121
120
  crl = OpenSSL::X509::CRL.new(File.read(CRL_FILE))
122
121
  cert = OpenSSL::X509::Certificate.new(File.read("#{certname}.crt"))
123
122
  revoke = OpenSSL::X509::Revoked.new.tap {|rev|
124
123
  rev.serial = cert.serial
125
124
  rev.time = Time.now
126
125
  }
127
- crl.next_update = Time.now + EXPIRE['crl'] * 86_400 # days to seconds
126
+ crl.next_update = time_after_days(EXPIRE['crl'])
128
127
  crl.add_revoked(revoke)
129
- begin
130
- update_crl(crl, '')
131
- rescue OpenSSL::PKey::RSAError
132
- retry
133
- end
134
-
128
+ update_crl(crl, '')
135
129
  %w[crt key].each {|ext| File.delete "#{certname}.#{ext}" }
136
130
  end
137
131
 
@@ -143,22 +137,18 @@ def gen_crl(ca_pass)
143
137
  update_crl(crl, ca_pass)
144
138
  end
145
139
 
146
- # rubocop:disable Metrics/AbcSize
147
140
  def update_crl(crl, ca_pass)
148
- # rubocop:enable Metrics/AbcSize
149
141
  ca_key = unencrypt_ca_key(ca_pass)
150
142
  crl.last_update = Time.now
151
- crl.next_update = Time.now + EXPIRE['crl'] * 86_400 # days to seconds
143
+ crl.next_update = time_after_days(EXPIRE['crl'])
152
144
  crl.sign(ca_key, OpenSSL::Digest.new(DIGEST))
153
145
  File.open(CRL_FILE, 'w') {|f| f.write crl.to_pem }
154
146
  end
155
147
 
156
148
  def new_serial
157
- begin
158
- File.read(SERIAL_FILE).to_i
159
- rescue Errno::ENOENT
160
- 0
161
- end + 1
149
+ File.read(SERIAL_FILE).to_i + 1
150
+ rescue Errno::ENOENT
151
+ 0
162
152
  end
163
153
 
164
154
  def create_dir(name)
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- ::VERSION = '0.8.3'
3
+ ::VERSION = '0.8.4'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ovpn-key
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.3
4
+ version: 0.8.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vasily Korytov