quick_cert 2.0
Sign up to get free protection for your applications and to get access to all the features.
- data.tar.gz.sig +0 -0
- data/.document +3 -0
- data/History.txt +11 -0
- data/Manifest.txt +13 -0
- data/README.txt +28 -0
- data/Rakefile +10 -0
- data/bin/quick_cert +16 -0
- data/lib/.document +1 -0
- data/lib/quick_cert.rb +332 -0
- data/lib/quick_cert/defaults.rb +28 -0
- data/sample/DRb_README.txt +57 -0
- data/sample/drbssl_c.rb +30 -0
- data/sample/drbssl_s.rb +37 -0
- data/sample/qc_config +17 -0
- metadata +105 -0
- metadata.gz.sig +0 -0
data.tar.gz.sig
ADDED
Binary file
|
data/.document
ADDED
data/History.txt
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
=== 2.0 / 2009-04-16
|
2
|
+
|
3
|
+
* 2 minor enhancements:
|
4
|
+
* Released as a gem
|
5
|
+
* Reorganized for Hoe
|
6
|
+
|
7
|
+
* 3 discoveries:
|
8
|
+
* CVS is odd after not using it for so long
|
9
|
+
* My ruby style hasn't changed much in the past five years
|
10
|
+
* I still don't know how OpenSSL works
|
11
|
+
|
data/Manifest.txt
ADDED
data/README.txt
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
= quick_cert
|
2
|
+
|
3
|
+
* http://seattlerb.rubyforge.org/quick_cert
|
4
|
+
* http://rubyforge.org/projects/seattlerb
|
5
|
+
|
6
|
+
== DESCRIPTION
|
7
|
+
|
8
|
+
quick_cert allows you to quickly and easily create SSL certificates. It uses
|
9
|
+
a simple configuration file to generate self-signed client and server
|
10
|
+
certificates.
|
11
|
+
|
12
|
+
== FEATURES/PROBLEMS
|
13
|
+
|
14
|
+
* I'm still not sure how it works nearly five years later
|
15
|
+
* My Ruby style from five years ago is largely unchanged
|
16
|
+
|
17
|
+
== SYNOPSIS
|
18
|
+
|
19
|
+
See QuickCert in the RDoc.
|
20
|
+
|
21
|
+
== REQUIREMENTS
|
22
|
+
|
23
|
+
* OpenSSL
|
24
|
+
|
25
|
+
== INSTALL
|
26
|
+
|
27
|
+
* sudo gem install quick_cert
|
28
|
+
|
data/Rakefile
ADDED
data/bin/quick_cert
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
#!/usr/bin/env ruby -w
|
2
|
+
|
3
|
+
require 'quick_cert'
|
4
|
+
|
5
|
+
# get configuration
|
6
|
+
CA = {}
|
7
|
+
CERTS = []
|
8
|
+
load ARGV.shift || 'qc_config'
|
9
|
+
require 'quick_cert/defaults'
|
10
|
+
|
11
|
+
qc = QuickCert.new CA, $DEBUG
|
12
|
+
|
13
|
+
CERTS.each do |cert_config|
|
14
|
+
qc.create_cert cert_config
|
15
|
+
end
|
16
|
+
|
data/lib/.document
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
quick_cert.rb
|
data/lib/quick_cert.rb
ADDED
@@ -0,0 +1,332 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
|
3
|
+
##
|
4
|
+
# :main: README.txt
|
5
|
+
#
|
6
|
+
# QuickCert allows you to quickly and easily create SSL certificates. It uses
|
7
|
+
# a simple configuration file to generate self-signed client and server
|
8
|
+
# certificates.
|
9
|
+
#
|
10
|
+
# QuickCert is a compilation of NAKAMURA Hiroshi's post
|
11
|
+
# {[ruby-talk:89917]}[http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/89917]
|
12
|
+
#
|
13
|
+
# the example scripts referenced in the above post, and gen_csr.rb from Ruby's
|
14
|
+
# OpenSSL examples.
|
15
|
+
#
|
16
|
+
# A simple QuickCert configuration file looks like:
|
17
|
+
#
|
18
|
+
# full_hostname = `hostname`.strip
|
19
|
+
# domainname = full_hostname.split('.')[1..-1].join('.')
|
20
|
+
# hostname = full_hostname.split('.')[0]
|
21
|
+
#
|
22
|
+
# CA[:hostname] = hostname
|
23
|
+
# CA[:domainname] = domainname
|
24
|
+
# CA[:CA_dir] = File.join Dir.pwd, "CA"
|
25
|
+
# CA[:password] = '1234'
|
26
|
+
#
|
27
|
+
# CERTS << {
|
28
|
+
# :type => 'server',
|
29
|
+
# :hostname => 'uriel',
|
30
|
+
# :password => '5678',
|
31
|
+
# }
|
32
|
+
#
|
33
|
+
# CERTS << {
|
34
|
+
# :type => 'client',
|
35
|
+
# :user => 'drbrain',
|
36
|
+
# :email => 'drbrain@segment7.net',
|
37
|
+
# }
|
38
|
+
#
|
39
|
+
# This configuration will create a Certificate Authority in a 'CA' directory
|
40
|
+
# in the current directory, a server certificate with password '5678' for the
|
41
|
+
# server 'uriel' in a directory named 'uriel', and a client certificate for
|
42
|
+
# drbrain in the directory 'drbrain' with no password.
|
43
|
+
#
|
44
|
+
# There are additional SSL knobs you can tweak in the qc_defaults.rb file.
|
45
|
+
# (See `gem which quick_cert/defaults`).
|
46
|
+
#
|
47
|
+
# To generate the certificates, simply create a qc_config file where you want
|
48
|
+
# the certificate directories to be created, then run QuickCert.
|
49
|
+
|
50
|
+
class QuickCert
|
51
|
+
|
52
|
+
##
|
53
|
+
# QuickCert Version
|
54
|
+
|
55
|
+
VERSION = "2.0"
|
56
|
+
|
57
|
+
##
|
58
|
+
# Creates a new QuickCert instance using the Certificate Authority described
|
59
|
+
# in +ca_config+. If there is no CA at ca_config[:CA_dir], then QuickCert
|
60
|
+
# will initialize a new one. Prints out debugging info if +debug+ is true.
|
61
|
+
|
62
|
+
def initialize(ca_config, debug = false)
|
63
|
+
@ca_config = ca_config
|
64
|
+
@debug = debug
|
65
|
+
|
66
|
+
create_ca
|
67
|
+
end
|
68
|
+
|
69
|
+
##
|
70
|
+
# Creates a new certificate from +cert_config+ that is signed
|
71
|
+
# by the CA.
|
72
|
+
|
73
|
+
def create_cert(cert_config)
|
74
|
+
cert_keypair = create_key cert_config
|
75
|
+
cert_csr = create_csr cert_config, cert_keypair
|
76
|
+
sign_cert cert_config, cert_keypair, cert_csr
|
77
|
+
end
|
78
|
+
|
79
|
+
##
|
80
|
+
# Creates a new Certificate Authority from @ca_config if it
|
81
|
+
# does not already exist at ca_config[:CA_dir].
|
82
|
+
|
83
|
+
def create_ca
|
84
|
+
return if File.exist? @ca_config[:CA_dir]
|
85
|
+
|
86
|
+
Dir.mkdir @ca_config[:CA_dir]
|
87
|
+
|
88
|
+
Dir.mkdir File.join(@ca_config[:CA_dir], 'private'), 0700
|
89
|
+
Dir.mkdir File.join(@ca_config[:CA_dir], 'newcerts')
|
90
|
+
Dir.mkdir File.join(@ca_config[:CA_dir], 'crl')
|
91
|
+
|
92
|
+
open @ca_config[:serial_file], 'w' do |f| f << '1' end
|
93
|
+
|
94
|
+
warn "Generating CA keypair" if @debug
|
95
|
+
keypair = OpenSSL::PKey::RSA.new @ca_config[:ca_rsa_key_length]
|
96
|
+
|
97
|
+
cert = OpenSSL::X509::Certificate.new
|
98
|
+
name = @ca_config[:name].dup << ['CN', 'CA']
|
99
|
+
cert.subject = cert.issuer = OpenSSL::X509::Name.new(name)
|
100
|
+
cert.not_before = Time.now
|
101
|
+
cert.not_after = Time.now + @ca_config[:ca_cert_days] * 24 * 60 * 60
|
102
|
+
cert.public_key = keypair.public_key
|
103
|
+
cert.serial = 0x0
|
104
|
+
cert.version = 2 # X509v3
|
105
|
+
|
106
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
107
|
+
ef.subject_certificate = cert
|
108
|
+
ef.issuer_certificate = cert
|
109
|
+
cert.extensions = [
|
110
|
+
ef.create_extension("basicConstraints", "CA:TRUE", true),
|
111
|
+
ef.create_extension("nsComment", "Ruby/OpenSSL Generated Certificate"),
|
112
|
+
ef.create_extension("subjectKeyIdentifier", "hash"),
|
113
|
+
ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
|
114
|
+
]
|
115
|
+
cert.add_extension ef.create_extension("authorityKeyIdentifier",
|
116
|
+
"keyid:always,issuer:always")
|
117
|
+
cert.sign keypair, OpenSSL::Digest::SHA1.new
|
118
|
+
|
119
|
+
keypair_export = keypair.export OpenSSL::Cipher::DES.new(:EDE3, :CBC),
|
120
|
+
@ca_config[:password]
|
121
|
+
|
122
|
+
warn "Writing keypair to #{@ca_config[:keypair_file]}" if @debug
|
123
|
+
open @ca_config[:keypair_file], "w", 0400 do |fp|
|
124
|
+
fp << keypair_export
|
125
|
+
end
|
126
|
+
|
127
|
+
warn "Writing cert to #{@ca_config[:cert_file]}" if @debug
|
128
|
+
open @ca_config[:cert_file], "w", 0644 do |f|
|
129
|
+
f << cert.to_pem
|
130
|
+
end
|
131
|
+
|
132
|
+
warn "Done generating certificate for #{cert.subject}" if @debug
|
133
|
+
end
|
134
|
+
|
135
|
+
##
|
136
|
+
# Creates a new RSA key from +cert_config+.
|
137
|
+
|
138
|
+
def create_key(cert_config)
|
139
|
+
dest = cert_config[:hostname] || cert_config[:user]
|
140
|
+
keypair_file = File.join dest, (dest + "_keypair.pem")
|
141
|
+
Dir.mkdir dest, 0700
|
142
|
+
|
143
|
+
warn "Generating RSA keypair" if @debug
|
144
|
+
keypair = OpenSSL::PKey::RSA.new 1024
|
145
|
+
|
146
|
+
if cert_config[:password].nil? then
|
147
|
+
open keypair_file, "w", 0400 do |f|
|
148
|
+
f << keypair.to_pem
|
149
|
+
end
|
150
|
+
else
|
151
|
+
keypair_export = keypair.export OpenSSL::Cipher::DES.new(:EDE3, :CBC),
|
152
|
+
cert_config[:password]
|
153
|
+
|
154
|
+
warn "Writing keypair to #{keypair_file}" if @debug
|
155
|
+
open keypair_file, "w", 0400 do |f|
|
156
|
+
f << keypair_export
|
157
|
+
end
|
158
|
+
|
159
|
+
end
|
160
|
+
|
161
|
+
keypair_file
|
162
|
+
end
|
163
|
+
|
164
|
+
##
|
165
|
+
# Creates a new Certificate Signing Request for the keypair in
|
166
|
+
# +keypair_file+, generating and saving new keypair if nil.
|
167
|
+
|
168
|
+
def create_csr(cert_config, keypair_file = nil)
|
169
|
+
keypair = nil
|
170
|
+
dest = cert_config[:hostname] || cert_config[:user]
|
171
|
+
csr_file = File.join dest, "csr_#{dest}.pem"
|
172
|
+
|
173
|
+
name = @ca_config[:name].dup
|
174
|
+
|
175
|
+
case cert_config[:type]
|
176
|
+
when 'server' then
|
177
|
+
name << ['OU', 'CA']
|
178
|
+
name << ['CN', cert_config[:hostname]]
|
179
|
+
when 'client' then
|
180
|
+
name << ['CN', cert_config[:user]]
|
181
|
+
name << ['emailAddress', cert_config[:email]]
|
182
|
+
end
|
183
|
+
|
184
|
+
name = OpenSSL::X509::Name.new name
|
185
|
+
|
186
|
+
if File.exist? keypair_file then
|
187
|
+
keypair = OpenSSL::PKey::RSA.new File.read(keypair_file),
|
188
|
+
cert_config[:password]
|
189
|
+
else
|
190
|
+
keypair = create_key cert_config
|
191
|
+
end
|
192
|
+
|
193
|
+
warn "Generating CSR for #{name}" if @debug
|
194
|
+
|
195
|
+
req = OpenSSL::X509::Request.new
|
196
|
+
req.version = 0
|
197
|
+
req.subject = name
|
198
|
+
req.public_key = keypair.public_key
|
199
|
+
req.sign keypair, OpenSSL::Digest::MD5.new
|
200
|
+
|
201
|
+
warn "Writing CSR to #{csr_file}" if @debug
|
202
|
+
open csr_file, "w" do |f|
|
203
|
+
f << req.to_pem
|
204
|
+
end
|
205
|
+
|
206
|
+
csr_file
|
207
|
+
end
|
208
|
+
|
209
|
+
##
|
210
|
+
# Signs the certificate described in +cert_config+ and
|
211
|
+
# +csr_file+, saving it to +cert_file+.
|
212
|
+
|
213
|
+
def sign_cert(cert_config, cert_file, csr_file)
|
214
|
+
csr = OpenSSL::X509::Request.new File.read(csr_file)
|
215
|
+
|
216
|
+
raise "CSR sign verification failed." unless csr.verify csr.public_key
|
217
|
+
|
218
|
+
raise "Key length too short" if
|
219
|
+
csr.public_key.n.num_bits < @ca_config[:cert_key_length_min]
|
220
|
+
|
221
|
+
raise "Key length too long" if
|
222
|
+
csr.public_key.n.num_bits > @ca_config[:cert_key_length_max]
|
223
|
+
|
224
|
+
raise "DN does not match" if
|
225
|
+
csr.subject.to_a[0, @ca_config[:name].size] != @ca_config[:name]
|
226
|
+
|
227
|
+
# Only checks signature here. You must verify CSR according to your
|
228
|
+
# CP/CPS.
|
229
|
+
|
230
|
+
# CA setup
|
231
|
+
|
232
|
+
warn "Reading CA cert from #{@ca_config[:cert_file]}" if @debug
|
233
|
+
ca = OpenSSL::X509::Certificate.new File.read(@ca_config[:cert_file])
|
234
|
+
|
235
|
+
warn "Reading CA keypair from #{@ca_config[:keypair_file]}" if @debug
|
236
|
+
ca_keypair = OpenSSL::PKey::RSA.new File.read(@ca_config[:keypair_file]),
|
237
|
+
@ca_config[:password]
|
238
|
+
|
239
|
+
serial = File.read(@ca_config[:serial_file]).chomp.hex
|
240
|
+
open @ca_config[:serial_file], "w" do |f|
|
241
|
+
f << "%04X" % (serial + 1)
|
242
|
+
end
|
243
|
+
|
244
|
+
warn "Generating cert" if @debug
|
245
|
+
|
246
|
+
cert = OpenSSL::X509::Certificate.new
|
247
|
+
from = Time.now
|
248
|
+
cert.subject = csr.subject
|
249
|
+
cert.issuer = ca.subject
|
250
|
+
cert.not_before = from
|
251
|
+
cert.not_after = from + @ca_config[:cert_days] * 24 * 60 * 60
|
252
|
+
cert.public_key = csr.public_key
|
253
|
+
cert.serial = serial
|
254
|
+
cert.version = 2 # X509v3
|
255
|
+
|
256
|
+
basic_constraint = nil
|
257
|
+
key_usage = []
|
258
|
+
ext_key_usage = []
|
259
|
+
|
260
|
+
case cert_config[:type]
|
261
|
+
when "ca" then
|
262
|
+
basic_constraint = "CA:TRUE"
|
263
|
+
key_usage << "cRLSign" << "keyCertSign"
|
264
|
+
when "terminalsubca" then
|
265
|
+
basic_constraint = "CA:TRUE,pathlen:0"
|
266
|
+
key_usage << "cRLSign" << "keyCertSign"
|
267
|
+
when "server" then
|
268
|
+
basic_constraint = "CA:FALSE"
|
269
|
+
key_usage << "digitalSignature" << "keyEncipherment"
|
270
|
+
ext_key_usage << "serverAuth"
|
271
|
+
when "ocsp" then
|
272
|
+
basic_constraint = "CA:FALSE"
|
273
|
+
key_usage << "nonRepudiation" << "digitalSignature"
|
274
|
+
ext_key_usage << "serverAuth" << "OCSPSigning"
|
275
|
+
when "client" then
|
276
|
+
basic_constraint = "CA:FALSE"
|
277
|
+
key_usage << "nonRepudiation" << "digitalSignature" << "keyEncipherment"
|
278
|
+
ext_key_usage << "clientAuth" << "emailProtection"
|
279
|
+
else
|
280
|
+
raise "unknonw cert type \"#{cert_config[:type]}\""
|
281
|
+
end
|
282
|
+
|
283
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
284
|
+
ef.subject_certificate = cert
|
285
|
+
ef.issuer_certificate = ca
|
286
|
+
ex = []
|
287
|
+
ex << ef.create_extension("basicConstraints", basic_constraint, true)
|
288
|
+
ex << ef.create_extension("nsComment",
|
289
|
+
"Ruby/OpenSSL Generated Certificate")
|
290
|
+
ex << ef.create_extension("subjectKeyIdentifier", "hash")
|
291
|
+
#ex << ef.create_extension("nsCertType", "client, email")
|
292
|
+
unless key_usage.empty? then
|
293
|
+
ex << ef.create_extension("keyUsage", key_usage.join(","))
|
294
|
+
end
|
295
|
+
#ex << ef.create_extension("authorityKeyIdentifier",
|
296
|
+
# "keyid:always,issuer:always")
|
297
|
+
#ex << ef.create_extension("authorityKeyIdentifier", "keyid:always")
|
298
|
+
unless ext_key_usage.empty? then
|
299
|
+
ex << ef.create_extension("extendedKeyUsage", ext_key_usage.join(","))
|
300
|
+
end
|
301
|
+
|
302
|
+
if @ca_config[:cdp_location] then
|
303
|
+
ex << ef.create_extension("crlDistributionPoints",
|
304
|
+
@ca_config[:cdp_location])
|
305
|
+
end
|
306
|
+
|
307
|
+
if @ca_config[:ocsp_location] then
|
308
|
+
ex << ef.create_extension("authorityInfoAccess",
|
309
|
+
"OCSP;" << @ca_config[:ocsp_location])
|
310
|
+
end
|
311
|
+
cert.extensions = ex
|
312
|
+
cert.sign ca_keypair, OpenSSL::Digest::SHA1.new
|
313
|
+
|
314
|
+
backup_cert_file = @ca_config[:new_certs_dir] + "/cert_#{cert.serial}.pem"
|
315
|
+
warn "Writing backup cert to #{backup_cert_file}" if @debug
|
316
|
+
open backup_cert_file, "w", 0644 do |f|
|
317
|
+
f << cert.to_pem
|
318
|
+
end
|
319
|
+
|
320
|
+
# Write cert
|
321
|
+
dest = cert_config[:hostname] || cert_config[:user]
|
322
|
+
cert_file = File.join dest, "cert_#{dest}.pem"
|
323
|
+
warn "Writing cert to #{cert_file}" if @debug
|
324
|
+
open cert_file, "w", 0644 do |f|
|
325
|
+
f << cert.to_pem
|
326
|
+
end
|
327
|
+
|
328
|
+
cert_file
|
329
|
+
end
|
330
|
+
|
331
|
+
end
|
332
|
+
|
@@ -0,0 +1,28 @@
|
|
1
|
+
CA[:CA_dir] ||= Dir.pwd
|
2
|
+
|
3
|
+
CA[:keypair_file] ||= File.join CA[:CA_dir], "private/cakeypair.pem"
|
4
|
+
CA[:cert_file] ||= File.join CA[:CA_dir], "cacert.pem"
|
5
|
+
CA[:serial_file] ||= File.join CA[:CA_dir], "serial"
|
6
|
+
CA[:new_certs_dir] ||= File.join CA[:CA_dir], "newcerts"
|
7
|
+
CA[:new_keypair_dir] ||= File.join CA[:CA_dir], "private/keypair_backup"
|
8
|
+
CA[:crl_dir] ||= File.join CA[:CA_dir], "crl"
|
9
|
+
|
10
|
+
CA[:ca_cert_days] ||= 5 * 365 # five years
|
11
|
+
CA[:ca_rsa_key_length] ||= 2048
|
12
|
+
|
13
|
+
CA[:cert_days] ||= 365 # one year
|
14
|
+
CA[:cert_key_length_min] ||= 1024
|
15
|
+
CA[:cert_key_length_max] ||= 2048
|
16
|
+
|
17
|
+
CA[:crl_file] ||= File.join CA[:crl_dir], "#{CA[:hostname]}.crl"
|
18
|
+
CA[:crl_pem_file] ||= File.join CA[:crl_dir], "#{CA[:hostname]}.pem"
|
19
|
+
CA[:crl_days] ||= 14
|
20
|
+
|
21
|
+
if CA[:name].nil?
|
22
|
+
CA[:name] = [
|
23
|
+
['C', 'US', OpenSSL::ASN1::PRINTABLESTRING],
|
24
|
+
['O', CA[:domainname], OpenSSL::ASN1::UTF8STRING],
|
25
|
+
['OU', CA[:hostname], OpenSSL::ASN1::UTF8STRING],
|
26
|
+
]
|
27
|
+
end
|
28
|
+
|
@@ -0,0 +1,57 @@
|
|
1
|
+
Here's a quick primer on how to get use DRb over SSL with QuickCert.
|
2
|
+
|
3
|
+
1. Modify qc_config to suit. The host I'm writing this on is named 'uriel',
|
4
|
+
and my email address is 'drbrain@segment7.net', so I filled in the proper
|
5
|
+
entries in the server and client certs.
|
6
|
+
|
7
|
+
full_hostname = `hostname`.strip
|
8
|
+
domainname = full_hostname.split('.')[1..-1].join('.')
|
9
|
+
hostname = full_hostname.split('.')[0]
|
10
|
+
|
11
|
+
CA[:hostname] = hostname
|
12
|
+
CA[:domainname] = domainname
|
13
|
+
CA[:CA_dir] = File.join Dir.pwd, "CA"
|
14
|
+
CA[:password] = '1234'
|
15
|
+
|
16
|
+
CERTS << {
|
17
|
+
:type => 'server',
|
18
|
+
:hostname => 'uriel',
|
19
|
+
:password => '5678',
|
20
|
+
}
|
21
|
+
|
22
|
+
CERTS << {
|
23
|
+
:type => 'client',
|
24
|
+
:user => 'drbrain',
|
25
|
+
:email => 'drbrain@segment7.net',
|
26
|
+
}
|
27
|
+
|
28
|
+
2. Generate the certificates
|
29
|
+
|
30
|
+
quick_cert
|
31
|
+
|
32
|
+
3. Setup the DRb server to use the proper certificates. They are already
|
33
|
+
setup for 'uriel', so you'll have to edit drbssl_s.rb to match your
|
34
|
+
configuration.
|
35
|
+
|
36
|
+
cd uriel
|
37
|
+
ln -s ../drbssl_s.rb
|
38
|
+
ln -s ../CA/cacert.pem
|
39
|
+
vi drbssl_s.rb
|
40
|
+
|
41
|
+
4. Start the DRb server. You'll need the server certificate's passphrase.
|
42
|
+
|
43
|
+
ruby drbssl_s.rb
|
44
|
+
|
45
|
+
5. Setup the DRb client to use the proper certificates. They are already
|
46
|
+
setup for 'drbrain@segment7.net', so you'll have to edit drbssl_c.rb to
|
47
|
+
match your configuration.
|
48
|
+
|
49
|
+
cd drbrain
|
50
|
+
ln -s ../drbssl_c.rb
|
51
|
+
ln -s ../CA/cacert.pem
|
52
|
+
vi drbssl_c.rb
|
53
|
+
|
54
|
+
6. Start the DRb client. Then type your name and hit enter. You will get
|
55
|
+
back a message "Hello, <your name>"
|
56
|
+
|
57
|
+
./drbssl_c.rb
|
data/sample/drbssl_c.rb
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'drb'
|
4
|
+
require 'drb/ssl'
|
5
|
+
|
6
|
+
send_cert = true
|
7
|
+
there = ARGV.shift || "drbssl://localhost:3456"
|
8
|
+
|
9
|
+
config = Hash.new
|
10
|
+
config[:SSLVerifyMode] = OpenSSL::SSL::VERIFY_PEER
|
11
|
+
config[:SSLCACertificateFile] = "CA/cacert.pem"
|
12
|
+
config[:SSLVerifyCallback] = lambda { |ok, store|
|
13
|
+
p :SSLVerifyCallback_args => [ok, store.error_string]
|
14
|
+
ok
|
15
|
+
}
|
16
|
+
|
17
|
+
if send_cert then
|
18
|
+
config[:SSLPrivateKey] = OpenSSL::PKey::RSA.new File.read("user/user_keypair.pem")
|
19
|
+
config[:SSLCertificate] = OpenSSL::X509::Certificate.new File.read("user/cert_user.pem")
|
20
|
+
end
|
21
|
+
|
22
|
+
DRb.start_service(nil,nil,config)
|
23
|
+
h = DRbObject.new(nil, there)
|
24
|
+
|
25
|
+
loop do
|
26
|
+
print "ok, say your name: "
|
27
|
+
$stdout.flush
|
28
|
+
line = gets.chomp
|
29
|
+
p h.hello(line)
|
30
|
+
end
|
data/sample/drbssl_s.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'drb'
|
4
|
+
require 'drb/ssl'
|
5
|
+
|
6
|
+
require_client_cert = true
|
7
|
+
here = ARGV.shift || "drbssl://localhost:3456"
|
8
|
+
|
9
|
+
class HelloWorld
|
10
|
+
include DRbUndumped
|
11
|
+
|
12
|
+
def hello(name)
|
13
|
+
"Hello, #{name}, from an SSL-encrypted server!"
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
puts "PSSST! Password is 5678"
|
18
|
+
|
19
|
+
config = Hash.new
|
20
|
+
config[:verbose] = true
|
21
|
+
config[:SSLPrivateKey] = OpenSSL::PKey::RSA.new File.read("host/host_keypair.pem")
|
22
|
+
config[:SSLCertificate] =
|
23
|
+
OpenSSL::X509::Certificate.new File.read("host/cert_host.pem")
|
24
|
+
|
25
|
+
if require_client_cert then
|
26
|
+
config[:SSLVerifyMode] = OpenSSL::SSL::VERIFY_PEER |
|
27
|
+
OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
|
28
|
+
config[:SSLCACertificateFile] = "CA/cacert.pem"
|
29
|
+
config[:SSLVerifyCallback] = proc do |ok, store|
|
30
|
+
p :SSLVerifyCallback_args => [ok, store.error_string]
|
31
|
+
ok
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
DRb.start_service(here, HelloWorld.new, config)
|
36
|
+
puts DRb.uri
|
37
|
+
DRb.thread.join
|
data/sample/qc_config
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
CA[:hostname] = 'host'
|
2
|
+
CA[:domainname] = 'host.example.com'
|
3
|
+
CA[:CA_dir] = File.join Dir.pwd, "CA"
|
4
|
+
CA[:password] = '1234'
|
5
|
+
|
6
|
+
CERTS << {
|
7
|
+
:type => 'server',
|
8
|
+
:hostname => 'host',
|
9
|
+
:password => '5678',
|
10
|
+
}
|
11
|
+
|
12
|
+
CERTS << {
|
13
|
+
:type => 'client',
|
14
|
+
:user => 'user',
|
15
|
+
:email => 'user@example.com',
|
16
|
+
}
|
17
|
+
|
metadata
ADDED
@@ -0,0 +1,105 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: quick_cert
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: "2.0"
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Eric Hodel
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain:
|
11
|
+
- |
|
12
|
+
-----BEGIN CERTIFICATE-----
|
13
|
+
MIIDNjCCAh6gAwIBAgIBADANBgkqhkiG9w0BAQUFADBBMRAwDgYDVQQDDAdkcmJy
|
14
|
+
YWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZFgNu
|
15
|
+
ZXQwHhcNMDcxMjIxMDIwNDE0WhcNMDgxMjIwMDIwNDE0WjBBMRAwDgYDVQQDDAdk
|
16
|
+
cmJyYWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZ
|
17
|
+
FgNuZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbbgLrGLGIDE76
|
18
|
+
LV/cvxdEzCuYuS3oG9PrSZnuDweySUfdp/so0cDq+j8bqy6OzZSw07gdjwFMSd6J
|
19
|
+
U5ddZCVywn5nnAQ+Ui7jMW54CYt5/H6f2US6U0hQOjJR6cpfiymgxGdfyTiVcvTm
|
20
|
+
Gj/okWrQl0NjYOYBpDi+9PPmaH2RmLJu0dB/NylsDnW5j6yN1BEI8MfJRR+HRKZY
|
21
|
+
mUtgzBwF1V4KIZQ8EuL6I/nHVu07i6IkrpAgxpXUfdJQJi0oZAqXurAV3yTxkFwd
|
22
|
+
g62YrrW26mDe+pZBzR6bpLE+PmXCzz7UxUq3AE0gPHbiMXie3EFE0oxnsU3lIduh
|
23
|
+
sCANiQ8BAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
|
24
|
+
BBS5k4Z75VSpdM0AclG2UvzFA/VW5DANBgkqhkiG9w0BAQUFAAOCAQEAHagT4lfX
|
25
|
+
kP/hDaiwGct7XPuVGbrOsKRVD59FF5kETBxEc9UQ1clKWngf8JoVuEoKD774dW19
|
26
|
+
bU0GOVWO+J6FMmT/Cp7nuFJ79egMf/gy4gfUfQMuvfcr6DvZUPIs9P/TlK59iMYF
|
27
|
+
DIOQ3DxdF3rMzztNUCizN4taVscEsjCcgW6WkUJnGdqlu3OHWpQxZBJkBTjPCoc6
|
28
|
+
UW6on70SFPmAy/5Cq0OJNGEWBfgD9q7rrs/X8GGwUWqXb85RXnUVi/P8Up75E0ag
|
29
|
+
14jEc90kN+C7oI/AGCBN0j6JnEtYIEJZibjjDJTSMWlUKKkj30kq7hlUC2CepJ4v
|
30
|
+
x52qPcexcYZR7w==
|
31
|
+
-----END CERTIFICATE-----
|
32
|
+
|
33
|
+
date: 2009-04-16 00:00:00 -07:00
|
34
|
+
default_executable:
|
35
|
+
dependencies:
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: hoe
|
38
|
+
type: :development
|
39
|
+
version_requirement:
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
requirements:
|
42
|
+
- - ">="
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
version: 1.12.1
|
45
|
+
version:
|
46
|
+
description: |-
|
47
|
+
quick_cert allows you to quickly and easily create SSL certificates. It uses
|
48
|
+
a simple configuration file to generate self-signed client and server
|
49
|
+
certificates.
|
50
|
+
email:
|
51
|
+
- drbrain@segment7.net
|
52
|
+
executables:
|
53
|
+
- quick_cert
|
54
|
+
extensions: []
|
55
|
+
|
56
|
+
extra_rdoc_files:
|
57
|
+
- History.txt
|
58
|
+
- Manifest.txt
|
59
|
+
- README.txt
|
60
|
+
- sample/DRb_README.txt
|
61
|
+
files:
|
62
|
+
- .document
|
63
|
+
- History.txt
|
64
|
+
- Manifest.txt
|
65
|
+
- README.txt
|
66
|
+
- Rakefile
|
67
|
+
- bin/quick_cert
|
68
|
+
- lib/.document
|
69
|
+
- lib/quick_cert.rb
|
70
|
+
- lib/quick_cert/defaults.rb
|
71
|
+
- sample/DRb_README.txt
|
72
|
+
- sample/drbssl_c.rb
|
73
|
+
- sample/drbssl_s.rb
|
74
|
+
- sample/qc_config
|
75
|
+
has_rdoc: true
|
76
|
+
homepage: http://seattlerb.rubyforge.org/quick_cert
|
77
|
+
licenses: []
|
78
|
+
|
79
|
+
post_install_message:
|
80
|
+
rdoc_options:
|
81
|
+
- --main
|
82
|
+
- README.txt
|
83
|
+
require_paths:
|
84
|
+
- lib
|
85
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: "0"
|
90
|
+
version:
|
91
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
92
|
+
requirements:
|
93
|
+
- - ">="
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: "0"
|
96
|
+
version:
|
97
|
+
requirements: []
|
98
|
+
|
99
|
+
rubyforge_project: seattlerb
|
100
|
+
rubygems_version: 1.3.2
|
101
|
+
signing_key:
|
102
|
+
specification_version: 3
|
103
|
+
summary: quick_cert allows you to quickly and easily create SSL certificates
|
104
|
+
test_files: []
|
105
|
+
|
metadata.gz.sig
ADDED
Binary file
|