pkcs7-cryptographer 1.0.1 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a02040b2706a005f695860704e338946e5cb68c6dcbf92fc7a2bb9c17b9425b2
-  data.tar.gz: 52a840fb9394002e9400e31a0d4960b0fefcfcab4466ce2535c3afcd2915932a
+  metadata.gz: d8e03b7542f2787153a2243935c5a0c748abae6fec0e066ce08ee158f21cf75f
+  data.tar.gz: 25baf89c080fb55f909e3d92d22e1ec05810e2ed91d00d47e83e0f6460c75f32
 SHA512:
-  metadata.gz: 83d51e4785b3eff57409208a09956c29826e2dde08c75a7b87e340f70b129f2f80614b4c5792e159618354ae97059eff2febd58a01ce08c460758fba0feb9e52
-  data.tar.gz: 139e5b0e31cdfeed9c67468f92a21dc2f9f36bc3f207fe941df54194e199f43b2681e79072b5e1ea67f33696dd5422c4bf34595377845ea579cccb22487f85fe
+  metadata.gz: 527dc589baa95742d7b81d825373efac10f136791f5d97e4970565a3e01e5e5f2c004731d13b59150174858865c295b93ffb8e8210c9ebb714eb0d9840254935
+  data.tar.gz: 4e5595dca5adeb1daa3b58a00aeaeb463011c6e86e2a2036a1ba4afeba1268d141d8cf04212be08abdd287636aa6838a1bde49ad0ddd17ea6e647a1718b30895

data/Gemfile.lock

@@ -1,15 +1,26 @@
 PATH
   remote: .
   specs:
-    pkcs7-cryptographer (1.0.1)
+    pkcs7-cryptographer (1.1.1)
+      activesupport (>= 6.1.4.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
+    activesupport (6.1.4.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     ast (2.4.2)
     coderay (1.1.3)
+    concurrent-ruby (1.1.9)
     diff-lcs (1.4.4)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
     method_source (1.0.0)
+    minitest (5.14.4)
     parallel (1.20.1)
     parser (3.0.0.0)
       ast (~> 2.4.1)
@@ -50,7 +61,11 @@ GEM
       rubocop (~> 1.0)
       rubocop-ast (>= 1.1.0)
     ruby-progressbar (1.11.0)
+    timecop (0.9.4)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
     unicode-display_width (2.0.0)
+    zeitwerk (2.4.2)
 
 PLATFORMS
   x86_64-darwin-19
@@ -64,6 +79,7 @@ DEPENDENCIES
   rubocop (= 1.12.0)
   rubocop-rake (= 0.5.1)
   rubocop-rspec (= 2.2.0)
+  timecop (= 0.9.4)
 
 BUNDLED WITH
    2.2.3

data/lib/pkcs7/cryptographer/initializers.rb

@@ -21,6 +21,10 @@ module PKCS7
         wrap_in_class_or_return(key, OpenSSL::PKey::RSA)
       end
 
+      def certificate_signing_request(request)
+        wrap_in_class_or_return(request, OpenSSL::X509::Request)
+      end
+
       def pkcs7(pkcs7)
         wrap_in_class_or_return(pkcs7, OpenSSL::PKCS7)
       end

data/lib/pkcs7/cryptographer/version.rb

@@ -2,6 +2,6 @@
 
 module PKCS7
   class Cryptographer
-    VERSION = "1.0.1"
+    VERSION = "1.1.1"
   end
 end

data/lib/pkcs7/cryptographer.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "openssl"
+require "active_support/all"
 require_relative "cryptographer/version"
 require_relative "cryptographer/initializers"
 
@@ -17,6 +18,10 @@ module PKCS7
   class Cryptographer
     include PKCS7::Cryptographer::Initializers
 
+    # CONSTANS
+    # --------------------------------------------------------------------------
+    CYPHER_ALGORITHM = "aes-256-cbc"
+
     # PUBLIC METHODS
     # --------------------------------------------------------------------------
 
@@ -76,13 +81,29 @@ module PKCS7
       signed_data.data
     end
 
+    def sign_certificate(
+      csr:,
+      key:,
+      certificate:,
+      valid_until: Time.current + 10.years
+    )
+      valid_until.to_time.utc
+      check_csr(csr)
+
+      sign_csr(csr, key, certificate, valid_until)
+    end
+
     private
 
-    def encrypt(public_certificate, signed_data)
+    def encrypt(
+      public_certificate,
+      signed_data,
+      cypher_algorithm = CYPHER_ALGORITHM
+    )
       OpenSSL::PKCS7.encrypt(
         [public_certificate],
         signed_data.to_der,
-        OpenSSL::Cipher.new("aes-256-cbc"),
+        OpenSSL::Cipher.new(cypher_algorithm),
         OpenSSL::PKCS7::BINARY
       )
     end
@@ -95,5 +116,41 @@ module PKCS7
         OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOCHAIN
       )
     end
+
+    def check_csr(signing_request)
+      csr = OpenSSL::X509::Request.new signing_request
+      raise "CSR can not be verified" unless csr.verify(csr.public_key)
+    end
+
+    def sign_csr(request, key, issuer_certificate, valid_until)
+      request = certificate_signing_request(request)
+      key = rsa_key(key)
+      issuer_certificate = x509_certificate(issuer_certificate)
+
+      csr_cert = build_certificate_from_csr(
+        request,
+        issuer_certificate,
+        valid_until
+      )
+      csr_cert.sign(key, OpenSSL::Digest.new("SHA1")) # TODO: review this one
+      x509_certificate(csr_cert.to_pem)
+    end
+
+    def build_certificate_from_csr(
+      signing_request,
+      issuer_certificate,
+      valid_until
+    )
+      certificate = OpenSSL::X509::Certificate.new
+      certificate.serial = Time.now.to_i
+      certificate.version = 2 # TODO: Check what to put here
+      certificate.not_before = Time.current
+      certificate.not_after = valid_until
+      certificate.subject = signing_request.subject
+      certificate.public_key = signing_request.public_key
+      certificate.issuer = issuer_certificate.subject
+
+      certificate
+    end
   end
 end

data/pkcs7-cryptographer.gemspec

@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
     "Utility to encrypt and decrypt messages using OpenSSL::PKCS7"
   spec.homepage      = "https://github.com/dmuneras/pkcs7-cryptographer"
   spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.4.0")
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.5.0")
 
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = "https://github.com/dmuneras/pkcs7-cryptographer"
@@ -27,6 +27,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
+  spec.add_dependency "activesupport", ">= 6.1.4.1"
+
   spec.add_development_dependency "bundler", ">= 2"
   spec.add_development_dependency "pry"
   spec.add_development_dependency "rake", "~> 13.0"
@@ -34,4 +36,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rubocop", "1.12.0"
   spec.add_development_dependency "rubocop-rake", "0.5.1"
   spec.add_development_dependency "rubocop-rspec", "2.2.0"
+  spec.add_development_dependency "timecop", "0.9.4"
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: pkcs7-cryptographer
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.1
 platform: ruby
 authors:
 - Daniel Munera Sanchez
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-04-23 00:00:00.000000000 Z
+date: 2021-09-20 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.4.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.1.4.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +122,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.2.0
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.4
 description: Utility to encrypt and decrypt messages using OpenSSL::PKCS7
 email:
 - dmunera119@gmail.com
@@ -146,7 +174,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="