r509-ca-http 0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (41) hide show
  1. data/README.md +122 -0
  2. data/Rakefile +38 -0
  3. data/doc/R509.html +117 -0
  4. data/doc/R509/CertificateAuthority.html +117 -0
  5. data/doc/R509/CertificateAuthority/Http.html +131 -0
  6. data/doc/R509/CertificateAuthority/Http/Factory.html +115 -0
  7. data/doc/R509/CertificateAuthority/Http/Factory/CsrFactory.html +189 -0
  8. data/doc/R509/CertificateAuthority/Http/Factory/SpkiFactory.html +189 -0
  9. data/doc/R509/CertificateAuthority/Http/Server.html +133 -0
  10. data/doc/R509/CertificateAuthority/Http/SubjectParser.html +265 -0
  11. data/doc/R509/CertificateAuthority/Http/ValidityPeriodConverter.html +207 -0
  12. data/doc/_index.html +206 -0
  13. data/doc/class_list.html +53 -0
  14. data/doc/css/common.css +1 -0
  15. data/doc/css/full_list.css +57 -0
  16. data/doc/css/style.css +328 -0
  17. data/doc/file.README.html +209 -0
  18. data/doc/file_list.html +55 -0
  19. data/doc/frames.html +28 -0
  20. data/doc/index.html +209 -0
  21. data/doc/js/app.js +214 -0
  22. data/doc/js/full_list.js +173 -0
  23. data/doc/js/jquery.js +4 -0
  24. data/doc/method_list.html +92 -0
  25. data/doc/top-level-namespace.html +112 -0
  26. data/lib/r509/certificateauthority/http/factory.rb +15 -0
  27. data/lib/r509/certificateauthority/http/server.rb +237 -0
  28. data/lib/r509/certificateauthority/http/subjectparser.rb +33 -0
  29. data/lib/r509/certificateauthority/http/validityperiodconverter.rb +16 -0
  30. data/lib/r509/certificateauthority/http/version.rb +7 -0
  31. data/lib/r509/certificateauthority/http/views/test_issue.erb +85 -0
  32. data/lib/r509/certificateauthority/http/views/test_revoke.erb +31 -0
  33. data/lib/r509/certificateauthority/http/views/test_unrevoke.erb +26 -0
  34. data/spec/fixtures/test_ca.cer +22 -0
  35. data/spec/fixtures/test_ca.key +28 -0
  36. data/spec/fixtures/test_config.yaml +18 -0
  37. data/spec/http_spec.rb +250 -0
  38. data/spec/spec_helper.rb +22 -0
  39. data/spec/subject_parser_spec.rb +51 -0
  40. data/spec/validity_period_converter_spec.rb +79 -0
  41. metadata +165 -0
data/README.md ADDED
@@ -0,0 +1,122 @@
1
+ #r509-ca-http
2
+
3
+ r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.
4
+
5
+ ##Requirements/Installation
6
+
7
+ You need r509 and sinatra. For development/tests you need rack-test and rspec.
8
+
9
+ ## API
10
+
11
+ ### GET /1/crl/:ca/get
12
+
13
+ Get the most recently generate CRL for the given ```:ca```.
14
+
15
+ A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.
16
+
17
+ ### GET /1/crl/:ca/generate
18
+
19
+ Explicitly generate and get a new CRL for the given ```:ca```.
20
+
21
+ ### POST /1/certificate/issue
22
+
23
+ Issue a certificate.
24
+
25
+ Required POST parameters:
26
+
27
+ - ca
28
+ - profile
29
+ - validityPeriod (in days)
30
+ - csr (or spki)
31
+ - subject
32
+
33
+ The subject is provided like so:
34
+
35
+ subject[CN]=domain.com&subject[O]=orgname&subject[L]=locality
36
+
37
+ Optional POST parameters:
38
+
39
+ - extensions[subjectAlternativeName]
40
+
41
+ SAN names are provided like so:
42
+
43
+ extensions[subjectAlternativeName][]=domain1.com&extensions[subjectAlternativeName][]=domain2.com
44
+
45
+ The issue method will return the PEM text of the issued certificate.
46
+
47
+ ### POST /1/certificate/revoke
48
+
49
+ Revoke a certificate.
50
+
51
+ Required POST parameters:
52
+
53
+ - ca
54
+ - serial
55
+
56
+ Optional POST parameters:
57
+
58
+ - reason (must be an integer, if it's not provided it defaults to 0)
59
+
60
+ The revoke method returns the newly generated CRL, after revocation.
61
+
62
+ ### POST /1/certificate/unrevoke
63
+
64
+ Unrevoke a certificate. (IE, remove it from the CRL and return its OCSP status to valid.)
65
+
66
+ Required POST parameters:
67
+
68
+ - ca
69
+ - serial
70
+
71
+ The unrevoke method returns the newly generated CRL, after the certificate was removed from it.
72
+
73
+ ## Helper pages
74
+
75
+ These pages are present on the server, for you to work with the CA with a basic web interface. You should _not_ expose these endpoints to anyone.
76
+
77
+ - /test/certificate/issue
78
+
79
+ - /test/certificate/revoke
80
+
81
+ - /test/certificate/unrevoke
82
+
83
+ ## certificate\_authorities (config.yaml)
84
+
85
+ You use the ```config.yaml``` file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.
86
+
87
+ Information about how to construct the YAML can be found at [the official r509 documentation](https://github.com/reaperhulk/r509#config).
88
+
89
+ ## Middleware (config.ru)
90
+
91
+ Running r509-ca-http will let you issue and revoke certificates. But that's not everything you need to do, if you're going to run a CA. You're going to need information about validity, and you may want to save a record of issued certificates to the filesystem.
92
+
93
+ For that, we've created a few pieces of Rack middleware for your use.
94
+
95
+ - [r509-middleware-validity](https://github.com/sirsean/r509-middleware-validity)
96
+ - [r509-middleware-certwriter](https://github.com/sirsean/r509-middleware-certwriter)
97
+
98
+ After installing one or both of them, you'll have to edit your ```config.ru`` and/or ```config.yaml``` files.
99
+
100
+ ## Rake tasks
101
+
102
+ There are a few things you can do with Rake.
103
+
104
+ ```rake spec```
105
+
106
+ Run all the tests.
107
+
108
+ ```rake gem:build```
109
+
110
+ Build a gem file.
111
+
112
+ ```rake gem:install```
113
+
114
+ Install the gem you just built.
115
+
116
+ ```rake gem:uninstall```
117
+
118
+ Uninstall r509-ca-http.
119
+
120
+ ```rake yard```
121
+
122
+ Generate documentation.
data/Rakefile ADDED
@@ -0,0 +1,38 @@
1
+ require 'rubygems'
2
+ require 'rspec/core/rake_task'
3
+ require "#{File.dirname(__FILE__)}/lib/r509/certificateauthority/http/version"
4
+
5
+ task :default => :spec
6
+ RSpec::Core::RakeTask.new(:spec) do
7
+ ENV['RACK_ENV'] = 'test'
8
+ end
9
+
10
+ desc 'Run all rspec tests with rcov (1.8 only)'
11
+ RSpec::Core::RakeTask.new(:rcov) do |t|
12
+ t.rcov_opts = %q[--exclude "spec,gems"]
13
+ t.rcov = true
14
+ end
15
+
16
+ namespace :gem do
17
+ desc 'Build the gem'
18
+ task :build do
19
+ puts `yard`
20
+ puts `gem build r509-ca-http.gemspec`
21
+ end
22
+
23
+ desc 'Install gem'
24
+ task :install do
25
+ puts `gem install r509-ca-http-#{R509::CertificateAuthority::Http::VERSION}.gem`
26
+ end
27
+
28
+ desc 'Uninstall gem'
29
+ task :uninstall do
30
+ puts `gem uninstall r509-ca-http`
31
+ end
32
+ end
33
+
34
+ desc 'Build yard documentation'
35
+ task :yard do
36
+ puts `yard`
37
+ `open doc/index.html`
38
+ end
data/doc/R509.html ADDED
@@ -0,0 +1,117 @@
1
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4
+ <head>
5
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
6
+ <title>
7
+ Module: R509
8
+
9
+ &mdash; Documentation by YARD 0.8.3
10
+
11
+ </title>
12
+
13
+ <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" charset="utf-8" />
14
+
15
+ <link rel="stylesheet" href="css/common.css" type="text/css" media="screen" charset="utf-8" />
16
+
17
+ <script type="text/javascript" charset="utf-8">
18
+ hasFrames = window.top.frames.main ? true : false;
19
+ relpath = '';
20
+ framesUrl = "frames.html#!" + escape(window.location.href);
21
+ </script>
22
+
23
+
24
+ <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
25
+
26
+ <script type="text/javascript" charset="utf-8" src="js/app.js"></script>
27
+
28
+
29
+ </head>
30
+ <body>
31
+ <div id="header">
32
+ <div id="menu">
33
+
34
+ <a href="_index.html">Index (R)</a> &raquo;
35
+
36
+
37
+ <span class="title">R509</span>
38
+
39
+
40
+ <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
41
+ </div>
42
+
43
+ <div id="search">
44
+
45
+ <a class="full_list_link" id="class_list_link"
46
+ href="class_list.html">
47
+ Class List
48
+ </a>
49
+
50
+ <a class="full_list_link" id="method_list_link"
51
+ href="method_list.html">
52
+ Method List
53
+ </a>
54
+
55
+ <a class="full_list_link" id="file_list_link"
56
+ href="file_list.html">
57
+ File List
58
+ </a>
59
+
60
+ </div>
61
+ <div class="clear"></div>
62
+ </div>
63
+
64
+ <iframe id="search_frame"></iframe>
65
+
66
+ <div id="content"><h1>Module: R509
67
+
68
+
69
+
70
+ </h1>
71
+
72
+ <dl class="box">
73
+
74
+
75
+
76
+
77
+
78
+
79
+
80
+
81
+ <dt class="r1 last">Defined in:</dt>
82
+ <dd class="r1 last">lib/r509/certificateauthority/http/server.rb<span class="defines">,<br />
83
+ lib/r509/certificateauthority/http/version.rb,<br /> lib/r509/certificateauthority/http/subjectparser.rb</span>
84
+ </dd>
85
+
86
+ </dl>
87
+ <div class="clear"></div>
88
+
89
+ <h2>Defined Under Namespace</h2>
90
+ <p class="children">
91
+
92
+
93
+ <strong class="modules">Modules:</strong> <span class='object_link'><a href="R509/CertificateAuthority.html" title="R509::CertificateAuthority (module)">CertificateAuthority</a></span>
94
+
95
+
96
+
97
+
98
+ </p>
99
+
100
+
101
+
102
+
103
+
104
+
105
+
106
+
107
+
108
+ </div>
109
+
110
+ <div id="footer">
111
+ Generated on Thu Nov 8 14:58:26 2012 by
112
+ <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
113
+ 0.8.3 (ruby-1.9.3).
114
+ </div>
115
+
116
+ </body>
117
+ </html>
@@ -0,0 +1,117 @@
1
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4
+ <head>
5
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
6
+ <title>
7
+ Module: R509::CertificateAuthority
8
+
9
+ &mdash; Documentation by YARD 0.8.3
10
+
11
+ </title>
12
+
13
+ <link rel="stylesheet" href="../css/style.css" type="text/css" media="screen" charset="utf-8" />
14
+
15
+ <link rel="stylesheet" href="../css/common.css" type="text/css" media="screen" charset="utf-8" />
16
+
17
+ <script type="text/javascript" charset="utf-8">
18
+ hasFrames = window.top.frames.main ? true : false;
19
+ relpath = '../';
20
+ framesUrl = "../frames.html#!" + escape(window.location.href);
21
+ </script>
22
+
23
+
24
+ <script type="text/javascript" charset="utf-8" src="../js/jquery.js"></script>
25
+
26
+ <script type="text/javascript" charset="utf-8" src="../js/app.js"></script>
27
+
28
+
29
+ </head>
30
+ <body>
31
+ <div id="header">
32
+ <div id="menu">
33
+
34
+ <a href="../_index.html">Index (C)</a> &raquo;
35
+ <span class='title'><span class='object_link'><a href="../R509.html" title="R509 (module)">R509</a></span></span>
36
+ &raquo;
37
+ <span class="title">CertificateAuthority</span>
38
+
39
+
40
+ <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
41
+ </div>
42
+
43
+ <div id="search">
44
+
45
+ <a class="full_list_link" id="class_list_link"
46
+ href="../class_list.html">
47
+ Class List
48
+ </a>
49
+
50
+ <a class="full_list_link" id="method_list_link"
51
+ href="../method_list.html">
52
+ Method List
53
+ </a>
54
+
55
+ <a class="full_list_link" id="file_list_link"
56
+ href="../file_list.html">
57
+ File List
58
+ </a>
59
+
60
+ </div>
61
+ <div class="clear"></div>
62
+ </div>
63
+
64
+ <iframe id="search_frame"></iframe>
65
+
66
+ <div id="content"><h1>Module: R509::CertificateAuthority
67
+
68
+
69
+
70
+ </h1>
71
+
72
+ <dl class="box">
73
+
74
+
75
+
76
+
77
+
78
+
79
+
80
+
81
+ <dt class="r1 last">Defined in:</dt>
82
+ <dd class="r1 last">lib/r509/certificateauthority/http/server.rb<span class="defines">,<br />
83
+ lib/r509/certificateauthority/http/version.rb,<br /> lib/r509/certificateauthority/http/subjectparser.rb</span>
84
+ </dd>
85
+
86
+ </dl>
87
+ <div class="clear"></div>
88
+
89
+ <h2>Defined Under Namespace</h2>
90
+ <p class="children">
91
+
92
+
93
+ <strong class="modules">Modules:</strong> <span class='object_link'><a href="CertificateAuthority/Http.html" title="R509::CertificateAuthority::Http (module)">Http</a></span>
94
+
95
+
96
+
97
+
98
+ </p>
99
+
100
+
101
+
102
+
103
+
104
+
105
+
106
+
107
+
108
+ </div>
109
+
110
+ <div id="footer">
111
+ Generated on Thu Nov 8 14:58:26 2012 by
112
+ <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
113
+ 0.8.3 (ruby-1.9.3).
114
+ </div>
115
+
116
+ </body>
117
+ </html>
@@ -0,0 +1,131 @@
1
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4
+ <head>
5
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
6
+ <title>
7
+ Module: R509::CertificateAuthority::Http
8
+
9
+ &mdash; Documentation by YARD 0.8.3
10
+
11
+ </title>
12
+
13
+ <link rel="stylesheet" href="../../css/style.css" type="text/css" media="screen" charset="utf-8" />
14
+
15
+ <link rel="stylesheet" href="../../css/common.css" type="text/css" media="screen" charset="utf-8" />
16
+
17
+ <script type="text/javascript" charset="utf-8">
18
+ hasFrames = window.top.frames.main ? true : false;
19
+ relpath = '../../';
20
+ framesUrl = "../../frames.html#!" + escape(window.location.href);
21
+ </script>
22
+
23
+
24
+ <script type="text/javascript" charset="utf-8" src="../../js/jquery.js"></script>
25
+
26
+ <script type="text/javascript" charset="utf-8" src="../../js/app.js"></script>
27
+
28
+
29
+ </head>
30
+ <body>
31
+ <div id="header">
32
+ <div id="menu">
33
+
34
+ <a href="../../_index.html">Index (H)</a> &raquo;
35
+ <span class='title'><span class='object_link'><a href="../../R509.html" title="R509 (module)">R509</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../CertificateAuthority.html" title="R509::CertificateAuthority (module)">CertificateAuthority</a></span></span>
36
+ &raquo;
37
+ <span class="title">Http</span>
38
+
39
+
40
+ <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
41
+ </div>
42
+
43
+ <div id="search">
44
+
45
+ <a class="full_list_link" id="class_list_link"
46
+ href="../../class_list.html">
47
+ Class List
48
+ </a>
49
+
50
+ <a class="full_list_link" id="method_list_link"
51
+ href="../../method_list.html">
52
+ Method List
53
+ </a>
54
+
55
+ <a class="full_list_link" id="file_list_link"
56
+ href="../../file_list.html">
57
+ File List
58
+ </a>
59
+
60
+ </div>
61
+ <div class="clear"></div>
62
+ </div>
63
+
64
+ <iframe id="search_frame"></iframe>
65
+
66
+ <div id="content"><h1>Module: R509::CertificateAuthority::Http
67
+
68
+
69
+
70
+ </h1>
71
+
72
+ <dl class="box">
73
+
74
+
75
+
76
+
77
+
78
+
79
+
80
+
81
+ <dt class="r1 last">Defined in:</dt>
82
+ <dd class="r1 last">lib/r509/certificateauthority/http/server.rb<span class="defines">,<br />
83
+ lib/r509/certificateauthority/http/factory.rb,<br /> lib/r509/certificateauthority/http/version.rb,<br /> lib/r509/certificateauthority/http/subjectparser.rb,<br /> lib/r509/certificateauthority/http/validityperiodconverter.rb</span>
84
+ </dd>
85
+
86
+ </dl>
87
+ <div class="clear"></div>
88
+
89
+ <h2>Defined Under Namespace</h2>
90
+ <p class="children">
91
+
92
+
93
+ <strong class="modules">Modules:</strong> <span class='object_link'><a href="Http/Factory.html" title="R509::CertificateAuthority::Http::Factory (module)">Factory</a></span>
94
+
95
+
96
+
97
+ <strong class="classes">Classes:</strong> <span class='object_link'><a href="Http/Server.html" title="R509::CertificateAuthority::Http::Server (class)">Server</a></span>, <span class='object_link'><a href="Http/SubjectParser.html" title="R509::CertificateAuthority::Http::SubjectParser (class)">SubjectParser</a></span>, <span class='object_link'><a href="Http/ValidityPeriodConverter.html" title="R509::CertificateAuthority::Http::ValidityPeriodConverter (class)">ValidityPeriodConverter</a></span>
98
+
99
+
100
+ </p>
101
+
102
+ <h2>Constant Summary</h2>
103
+
104
+ <dl class="constants">
105
+
106
+ <dt id="VERSION-constant" class="">VERSION =
107
+
108
+ </dt>
109
+ <dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>0.1</span><span class='tstring_end'>&quot;</span></span></pre></dd>
110
+
111
+ </dl>
112
+
113
+
114
+
115
+
116
+
117
+
118
+
119
+
120
+
121
+
122
+ </div>
123
+
124
+ <div id="footer">
125
+ Generated on Thu Nov 8 14:58:26 2012 by
126
+ <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
127
+ 0.8.3 (ruby-1.9.3).
128
+ </div>
129
+
130
+ </body>
131
+ </html>