r509-ca-http 0.1

data/doc/file.README.html

@@ -0,0 +1,209 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
+<title>
+  File: README
+  
+    &mdash; Documentation by YARD 0.8.3
+  
+</title>
+
+  <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" charset="utf-8" />
+
+  <link rel="stylesheet" href="css/common.css" type="text/css" media="screen" charset="utf-8" />
+
+<script type="text/javascript" charset="utf-8">
+  hasFrames = window.top.frames.main ? true : false;
+  relpath = '';
+  framesUrl = "frames.html#!" + escape(window.location.href);
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div id="header">
+      <div id="menu">
+  
+    <a href="_index.html">Index</a> &raquo; 
+    <span class="title">File: README</span>
+  
+
+  <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
+</div>
+
+      <div id="search">
+  
+    <a class="full_list_link" id="class_list_link"
+        href="class_list.html">
+      Class List
+    </a>
+  
+    <a class="full_list_link" id="method_list_link"
+        href="method_list.html">
+      Method List
+    </a>
+  
+    <a class="full_list_link" id="file_list_link"
+        href="file_list.html">
+      File List
+    </a>
+  
+</div>
+      <div class="clear"></div>
+    </div>
+
+    <iframe id="search_frame"></iframe>
+
+    <div id="content"><div id='filecontents'><h1>r509-ca-http</h1>
+
+<p>r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.</p>
+
+<h2>Requirements/Installation</h2>
+
+<p>You need r509 and sinatra. For development/tests you need rack-test and rspec.</p>
+
+<h2>API</h2>
+
+<h3>GET /1/crl/:ca/get</h3>
+
+<p>Get the most recently generate CRL for the given <code>:ca</code>.</p>
+
+<p>A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.</p>
+
+<h3>GET /1/crl/:ca/generate</h3>
+
+<p>Explicitly generate and get a new CRL for the given <code>:ca</code>.</p>
+
+<h3>POST /1/certificate/issue</h3>
+
+<p>Issue a certificate.</p>
+
+<p>Required POST parameters:</p>
+
+<ul>
+<li>ca</li>
+<li>profile</li>
+<li>validityPeriod (in days)</li>
+<li>csr (or spki)</li>
+<li>subject</li>
+</ul>
+
+<p>The subject is provided like so:</p>
+
+<pre class="code ruby"><code><span class='id identifier rubyid_subject'>subject</span><span class='lbracket'>[</span><span class='const'>CN</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_domain'>domain</span><span class='period'>.</span><span class='id identifier rubyid_com'>com</span><span class='op'>&amp;</span><span class='id identifier rubyid_subject'>subject</span><span class='lbracket'>[</span><span class='const'>O</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_orgname'>orgname</span><span class='op'>&amp;</span><span class='id identifier rubyid_subject'>subject</span><span class='lbracket'>[</span><span class='const'>L</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_locality'>locality</span>
+</code></pre>
+
+<p>Optional POST parameters:</p>
+
+<ul>
+<li>extensions[subjectAlternativeName]</li>
+</ul>
+
+<p>SAN names are provided like so:</p>
+
+<pre class="code ruby"><code><span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='id identifier rubyid_subjectAlternativeName'>subjectAlternativeName</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_domain1'>domain1</span><span class='period'>.</span><span class='id identifier rubyid_com'>com</span><span class='op'>&amp;</span><span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='id identifier rubyid_subjectAlternativeName'>subjectAlternativeName</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_domain2'>domain2</span><span class='period'>.</span><span class='id identifier rubyid_com'>com</span>
+</code></pre>
+
+<p>The issue method will return the PEM text of the issued certificate.</p>
+
+<h3>POST /1/certificate/revoke</h3>
+
+<p>Revoke a certificate.</p>
+
+<p>Required POST parameters:</p>
+
+<ul>
+<li>ca</li>
+<li>serial</li>
+</ul>
+
+<p>Optional POST parameters:</p>
+
+<ul>
+<li>reason (must be an integer, if it&#39;s not provided it defaults to 0)</li>
+</ul>
+
+<p>The revoke method returns the newly generated CRL, after revocation.</p>
+
+<h3>POST /1/certificate/unrevoke</h3>
+
+<p>Unrevoke a certificate. (IE, remove it from the CRL and return its OCSP status to valid.)</p>
+
+<p>Required POST parameters:</p>
+
+<ul>
+<li>ca</li>
+<li>serial</li>
+</ul>
+
+<p>The unrevoke method returns the newly generated CRL, after the certificate was removed from it.</p>
+
+<h2>Helper pages</h2>
+
+<p>These pages are present on the server, for you to work with the CA with a basic web interface. You should <em>not</em> expose these endpoints to anyone.</p>
+
+<ul>
+<li><p>/test/certificate/issue</p></li>
+<li><p>/test/certificate/revoke</p></li>
+<li><p>/test/certificate/unrevoke</p></li>
+</ul>
+
+<h2>certificate_authorities (config.yaml)</h2>
+
+<p>You use the <code>config.yaml</code> file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.</p>
+
+<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509#config">the official r509 documentation</a>.</p>
+
+<h2>Middleware (config.ru)</h2>
+
+<p>Running r509-ca-http will let you issue and revoke certificates. But that&#39;s not everything you need to do, if you&#39;re going to run a CA. You&#39;re going to need information about validity, and you may want to save a record of issued certificates to the filesystem.</p>
+
+<p>For that, we&#39;ve created a few pieces of Rack middleware for your use.</p>
+
+<ul>
+<li><a href="https://github.com/sirsean/r509-middleware-validity">r509-middleware-validity</a></li>
+<li><a href="https://github.com/sirsean/r509-middleware-certwriter">r509-middleware-certwriter</a></li>
+</ul>
+
+<p>After installing one or both of them, you&#39;ll have to edit your <code>config.ru`` and/or</code>config.yaml``` files.</p>
+
+<h2>Rake tasks</h2>
+
+<p>There are a few things you can do with Rake.</p>
+
+<p><code>rake spec</code></p>
+
+<p>Run all the tests.</p>
+
+<p><code>rake gem:build</code></p>
+
+<p>Build a gem file.</p>
+
+<p><code>rake gem:install</code></p>
+
+<p>Install the gem you just built.</p>
+
+<p><code>rake gem:uninstall</code></p>
+
+<p>Uninstall r509-ca-http.</p>
+
+<p><code>rake yard</code></p>
+
+<p>Generate documentation.</p>
+</div></div>
+
+    <div id="footer">
+  Generated on Thu Nov  8 14:58:26 2012 by
+  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.8.3 (ruby-1.9.3).
+</div>
+
+  </body>
+</html>

data/doc/file_list.html

@@ -0,0 +1,55 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    
+      <link rel="stylesheet" href="css/full_list.css" type="text/css" media="screen" charset="utf-8" />
+    
+      <link rel="stylesheet" href="css/common.css" type="text/css" media="screen" charset="utf-8" />
+    
+
+    
+      <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
+    
+      <script type="text/javascript" charset="utf-8" src="js/full_list.js"></script>
+    
+
+    <base id="base_target" target="_parent" />
+  </head>
+  <body>
+    <script type="text/javascript" charset="utf-8">
+      if (window.top.frames.main) {
+        document.getElementById('base_target').target = 'main';
+        document.body.className = 'frames';
+      }
+    </script>
+    <div id="content">
+      <h1 id="full_list_header">File List</h1>
+      <div id="nav">
+        
+          <span><a target="_self" href="class_list.html">
+            Classes
+          </a></span>
+        
+          <span><a target="_self" href="method_list.html">
+            Methods
+          </a></span>
+        
+          <span><a target="_self" href="file_list.html">
+            Files
+          </a></span>
+        
+      </div>
+      <div id="search">Search: <input type="text" /></div>
+
+      <ul id="full_list" class="file">
+        
+
+  <li class="r1"><a href="index.html" title="README">README</a></li>
+  
+
+      </ul>
+    </div>
+  </body>
+</html>

data/doc/frames.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+	<title>Documentation by YARD 0.8.3</title>
+</head>
+<script type="text/javascript" charset="utf-8">
+window.onload = function() {
+  var match = window.location.hash.match(/^#!(.+)/);
+  var name = 'index.html';
+  if (match) {
+    name = unescape(match[1]);
+  }
+  document.writeln('<frameset cols="20%,*">' +
+    '<frame name="list" src="class_list.html" />' +
+    '<frame name="main" src="' + name + '" />' +
+    '</frameset>');
+}
+</script>
+<noscript>
+  <frameset cols="20%,*">
+    <frame name="list" src="class_list.html" />
+    <frame name="main" src="index.html" />
+  </frameset>
+</noscript>
+</html>

data/doc/index.html

@@ -0,0 +1,209 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
+<title>
+  File: README
+  
+    &mdash; Documentation by YARD 0.8.3
+  
+</title>
+
+  <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" charset="utf-8" />
+
+  <link rel="stylesheet" href="css/common.css" type="text/css" media="screen" charset="utf-8" />
+
+<script type="text/javascript" charset="utf-8">
+  hasFrames = window.top.frames.main ? true : false;
+  relpath = '';
+  framesUrl = "frames.html#!" + escape(window.location.href);
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div id="header">
+      <div id="menu">
+  
+    <a href="_index.html">Index</a> &raquo; 
+    <span class="title">File: README</span>
+  
+
+  <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
+</div>
+
+      <div id="search">
+  
+    <a class="full_list_link" id="class_list_link"
+        href="class_list.html">
+      Class List
+    </a>
+  
+    <a class="full_list_link" id="method_list_link"
+        href="method_list.html">
+      Method List
+    </a>
+  
+    <a class="full_list_link" id="file_list_link"
+        href="file_list.html">
+      File List
+    </a>
+  
+</div>
+      <div class="clear"></div>
+    </div>
+
+    <iframe id="search_frame"></iframe>
+
+    <div id="content"><div id='filecontents'><h1>r509-ca-http</h1>
+
+<p>r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.</p>
+
+<h2>Requirements/Installation</h2>
+
+<p>You need r509 and sinatra. For development/tests you need rack-test and rspec.</p>
+
+<h2>API</h2>
+
+<h3>GET /1/crl/:ca/get</h3>
+
+<p>Get the most recently generate CRL for the given <code>:ca</code>.</p>
+
+<p>A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.</p>
+
+<h3>GET /1/crl/:ca/generate</h3>
+
+<p>Explicitly generate and get a new CRL for the given <code>:ca</code>.</p>
+
+<h3>POST /1/certificate/issue</h3>
+
+<p>Issue a certificate.</p>
+
+<p>Required POST parameters:</p>
+
+<ul>
+<li>ca</li>
+<li>profile</li>
+<li>validityPeriod (in days)</li>
+<li>csr (or spki)</li>
+<li>subject</li>
+</ul>
+
+<p>The subject is provided like so:</p>
+
+<pre class="code ruby"><code><span class='id identifier rubyid_subject'>subject</span><span class='lbracket'>[</span><span class='const'>CN</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_domain'>domain</span><span class='period'>.</span><span class='id identifier rubyid_com'>com</span><span class='op'>&amp;</span><span class='id identifier rubyid_subject'>subject</span><span class='lbracket'>[</span><span class='const'>O</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_orgname'>orgname</span><span class='op'>&amp;</span><span class='id identifier rubyid_subject'>subject</span><span class='lbracket'>[</span><span class='const'>L</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_locality'>locality</span>
+</code></pre>
+
+<p>Optional POST parameters:</p>
+
+<ul>
+<li>extensions[subjectAlternativeName]</li>
+</ul>
+
+<p>SAN names are provided like so:</p>
+
+<pre class="code ruby"><code><span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='id identifier rubyid_subjectAlternativeName'>subjectAlternativeName</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_domain1'>domain1</span><span class='period'>.</span><span class='id identifier rubyid_com'>com</span><span class='op'>&amp;</span><span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='id identifier rubyid_subjectAlternativeName'>subjectAlternativeName</span><span class='rbracket'>]</span><span class='lbracket'>[</span><span class='rbracket'>]</span><span class='op'>=</span><span class='id identifier rubyid_domain2'>domain2</span><span class='period'>.</span><span class='id identifier rubyid_com'>com</span>
+</code></pre>
+
+<p>The issue method will return the PEM text of the issued certificate.</p>
+
+<h3>POST /1/certificate/revoke</h3>
+
+<p>Revoke a certificate.</p>
+
+<p>Required POST parameters:</p>
+
+<ul>
+<li>ca</li>
+<li>serial</li>
+</ul>
+
+<p>Optional POST parameters:</p>
+
+<ul>
+<li>reason (must be an integer, if it&#39;s not provided it defaults to 0)</li>
+</ul>
+
+<p>The revoke method returns the newly generated CRL, after revocation.</p>
+
+<h3>POST /1/certificate/unrevoke</h3>
+
+<p>Unrevoke a certificate. (IE, remove it from the CRL and return its OCSP status to valid.)</p>
+
+<p>Required POST parameters:</p>
+
+<ul>
+<li>ca</li>
+<li>serial</li>
+</ul>
+
+<p>The unrevoke method returns the newly generated CRL, after the certificate was removed from it.</p>
+
+<h2>Helper pages</h2>
+
+<p>These pages are present on the server, for you to work with the CA with a basic web interface. You should <em>not</em> expose these endpoints to anyone.</p>
+
+<ul>
+<li><p>/test/certificate/issue</p></li>
+<li><p>/test/certificate/revoke</p></li>
+<li><p>/test/certificate/unrevoke</p></li>
+</ul>
+
+<h2>certificate_authorities (config.yaml)</h2>
+
+<p>You use the <code>config.yaml</code> file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.</p>
+
+<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509#config">the official r509 documentation</a>.</p>
+
+<h2>Middleware (config.ru)</h2>
+
+<p>Running r509-ca-http will let you issue and revoke certificates. But that&#39;s not everything you need to do, if you&#39;re going to run a CA. You&#39;re going to need information about validity, and you may want to save a record of issued certificates to the filesystem.</p>
+
+<p>For that, we&#39;ve created a few pieces of Rack middleware for your use.</p>
+
+<ul>
+<li><a href="https://github.com/sirsean/r509-middleware-validity">r509-middleware-validity</a></li>
+<li><a href="https://github.com/sirsean/r509-middleware-certwriter">r509-middleware-certwriter</a></li>
+</ul>
+
+<p>After installing one or both of them, you&#39;ll have to edit your <code>config.ru`` and/or</code>config.yaml``` files.</p>
+
+<h2>Rake tasks</h2>
+
+<p>There are a few things you can do with Rake.</p>
+
+<p><code>rake spec</code></p>
+
+<p>Run all the tests.</p>
+
+<p><code>rake gem:build</code></p>
+
+<p>Build a gem file.</p>
+
+<p><code>rake gem:install</code></p>
+
+<p>Install the gem you just built.</p>
+
+<p><code>rake gem:uninstall</code></p>
+
+<p>Uninstall r509-ca-http.</p>
+
+<p><code>rake yard</code></p>
+
+<p>Generate documentation.</p>
+</div></div>
+
+    <div id="footer">
+  Generated on Thu Nov  8 14:58:26 2012 by
+  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.8.3 (ruby-1.9.3).
+</div>
+
+  </body>
+</html>