ovpn-key 0.8.3 → 0.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/functions.rb +16 -26
  3. data/lib/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f649f93527c7712d821cd815cca027fcb048f2313c8c68993abee8f2c5705c1b
4
- data.tar.gz: b989f0b2f6dac9564ec407073f50e6cfc7d3578a57f8ee4c7f107682e80c6e4c
3
+ metadata.gz: 0ae3146e987d293da8fbf2880e9696e94d7d51c06db2f63fd2c021d63158dea5
4
+ data.tar.gz: fbac8d69275b82527304e063db26bdea596186a7dee71acd98d9a3da282a6f59
5
5
  SHA512:
6
- metadata.gz: 1e614802f5bd70e6885bb122a0f74d43c88d18d45a2a0b433f2de46dead191a4eb3e3a7563f16fc2757714924f56f7b3191740dcdf079d7783424cdfaf981b63
7
- data.tar.gz: e357e4d4dd0995f6982b44ed5a6a1985c8dd08482a3064d5386d156a8624f78c6ed598cddffe0d31770ac66214685753d8228718426dcd3951429c872404fa82
6
+ metadata.gz: 2dfbae985471d80c40a7ea2ada9b8dfdd237b3973027c737640e782f0dc8503cc466ee5560d0f3f0456a20c2199fba2407a59202a4bf4c08291ec2a820b02333
7
+ data.tar.gz: 5451ceb967404146948d348bd63deb7d2bc2e73df9ed93c840c4cf160a1cb6048b923e48ad96b1c121efd64cd5386da6bdca20606dbfa9c69f5bd85b484710a8
data/lib/functions.rb CHANGED
@@ -30,7 +30,7 @@ def unencrypt_ca_key(pass = '')
30
30
  begin
31
31
  OpenSSL::PKey::RSA.new File.read('ca.key'), pass
32
32
  rescue OpenSSL::PKey::RSAError
33
- # this means the file is encrypted or pass is wrong
33
+ # this means pass is wrong, so ask for it
34
34
  OpenSSL::PKey::RSA.new File.read('ca.key'), ask_password('ca')
35
35
  end
36
36
  rescue OpenSSL::PKey::RSAError
@@ -54,7 +54,7 @@ def sign_key(type, cn, password)
54
54
  certname = type == 'ca' ? 'ca' : cn
55
55
  key = OpenSSL::PKey::RSA.new File.read("#{certname}.key"), password
56
56
  serial = new_serial
57
- cert = gen_cert(type, cn, key, serial)
57
+ cert = gen_cert(type, cn, key.public_key, serial)
58
58
 
59
59
  ca_key = type == 'ca' ? key : unencrypt_ca_key
60
60
  cert.sign ca_key, OpenSSL::Digest.new(DIGEST)
@@ -63,29 +63,30 @@ def sign_key(type, cn, password)
63
63
  File.open("#{certname}.crt", 'w') {|f| f.write cert.to_pem }
64
64
  end
65
65
 
66
- def gen_cert(type, cn, key, serial)
66
+ def gen_cert(type, cn, pubkey, serial)
67
67
  cert = basic_cert(type, cn)
68
- cert.public_key = key.public_key
68
+ cert.public_key = pubkey
69
69
  cert.serial = serial
70
70
 
71
71
  customize_cert(type, cert)
72
72
  end
73
73
 
74
- # rubocop:disable Metrics/AbcSize
75
74
  def basic_cert(type, cn)
76
- # rubocop:enable Metrics/AbcSize
77
- subj = OpenSSL::X509::Name.new([['CN', cn]] + REQ.to_a)
78
75
  cert = OpenSSL::X509::Certificate.new
79
76
 
80
77
  cert.version = 2
81
- cert.subject = subj
78
+ cert.subject = OpenSSL::X509::Name.new([['CN', cn]] + REQ.to_a)
82
79
  cert.issuer = OpenSSL::X509::Name.new([['CN', CN_CA]] + REQ.to_a)
83
80
  cert.not_before = Time.now
84
- cert.not_after = Time.now + EXPIRE[type] * 86_400 # days to seconds
81
+ cert.not_after = time_after_days(EXPIRE[type])
85
82
 
86
83
  cert
87
84
  end
88
85
 
86
+ def time_after_days(days)
87
+ Time.now + days * 86_400 # days to seconds
88
+ end
89
+
89
90
  # rubocop:disable Metrics/MethodLength
90
91
  # rubocop:disable Metrics/AbcSize
91
92
  def customize_cert(type, cert)
@@ -114,24 +115,17 @@ def customize_cert(type, cert)
114
115
  end
115
116
 
116
117
  # rubocop:disable Metrics/AbcSize
117
- # rubocop:disable Metrics/MethodLength
118
118
  def revoke(certname)
119
119
  # rubocop:enable Metrics/AbcSize
120
- # rubocop:enable Metrics/MethodLength
121
120
  crl = OpenSSL::X509::CRL.new(File.read(CRL_FILE))
122
121
  cert = OpenSSL::X509::Certificate.new(File.read("#{certname}.crt"))
123
122
  revoke = OpenSSL::X509::Revoked.new.tap {|rev|
124
123
  rev.serial = cert.serial
125
124
  rev.time = Time.now
126
125
  }
127
- crl.next_update = Time.now + EXPIRE['crl'] * 86_400 # days to seconds
126
+ crl.next_update = time_after_days(EXPIRE['crl'])
128
127
  crl.add_revoked(revoke)
129
- begin
130
- update_crl(crl, '')
131
- rescue OpenSSL::PKey::RSAError
132
- retry
133
- end
134
-
128
+ update_crl(crl, '')
135
129
  %w[crt key].each {|ext| File.delete "#{certname}.#{ext}" }
136
130
  end
137
131
 
@@ -143,22 +137,18 @@ def gen_crl(ca_pass)
143
137
  update_crl(crl, ca_pass)
144
138
  end
145
139
 
146
- # rubocop:disable Metrics/AbcSize
147
140
  def update_crl(crl, ca_pass)
148
- # rubocop:enable Metrics/AbcSize
149
141
  ca_key = unencrypt_ca_key(ca_pass)
150
142
  crl.last_update = Time.now
151
- crl.next_update = Time.now + EXPIRE['crl'] * 86_400 # days to seconds
143
+ crl.next_update = time_after_days(EXPIRE['crl'])
152
144
  crl.sign(ca_key, OpenSSL::Digest.new(DIGEST))
153
145
  File.open(CRL_FILE, 'w') {|f| f.write crl.to_pem }
154
146
  end
155
147
 
156
148
  def new_serial
157
- begin
158
- File.read(SERIAL_FILE).to_i
159
- rescue Errno::ENOENT
160
- 0
161
- end + 1
149
+ File.read(SERIAL_FILE).to_i + 1
150
+ rescue Errno::ENOENT
151
+ 0
162
152
  end
163
153
 
164
154
  def create_dir(name)
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- ::VERSION = '0.8.3'
3
+ ::VERSION = '0.8.4'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ovpn-key
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.3
4
+ version: 0.8.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vasily Korytov