r509-ca-http 0.1

data/README.md

@@ -0,0 +1,122 @@
+#r509-ca-http
+
+r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.
+
+##Requirements/Installation
+
+You need r509 and sinatra. For development/tests you need rack-test and rspec.
+
+## API
+
+### GET /1/crl/:ca/get
+
+Get the most recently generate CRL for the given ```:ca```.
+
+A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.
+
+### GET /1/crl/:ca/generate
+
+Explicitly generate and get a new CRL for the given ```:ca```.
+
+### POST /1/certificate/issue
+
+Issue a certificate.
+
+Required POST parameters:
+
+- ca
+- profile
+- validityPeriod (in days)
+- csr (or spki)
+- subject
+
+The subject is provided like so:
+
+    subject[CN]=domain.com&subject[O]=orgname&subject[L]=locality
+
+Optional POST parameters:
+
+- extensions[subjectAlternativeName]
+
+SAN names are provided like so:
+
+    extensions[subjectAlternativeName][]=domain1.com&extensions[subjectAlternativeName][]=domain2.com
+
+The issue method will return the PEM text of the issued certificate.
+
+### POST /1/certificate/revoke
+
+Revoke a certificate.
+
+Required POST parameters:
+
+- ca
+- serial
+
+Optional POST parameters:
+
+- reason (must be an integer, if it's not provided it defaults to 0)
+
+The revoke method returns the newly generated CRL, after revocation.
+
+### POST /1/certificate/unrevoke
+
+Unrevoke a certificate. (IE, remove it from the CRL and return its OCSP status to valid.)
+
+Required POST parameters:
+
+- ca
+- serial
+
+The unrevoke method returns the newly generated CRL, after the certificate was removed from it.
+
+## Helper pages
+
+These pages are present on the server, for you to work with the CA with a basic web interface. You should _not_ expose these endpoints to anyone.
+
+- /test/certificate/issue
+
+- /test/certificate/revoke
+
+- /test/certificate/unrevoke
+
+## certificate\_authorities (config.yaml)
+
+You use the ```config.yaml``` file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.
+
+Information about how to construct the YAML can be found at [the official r509 documentation](https://github.com/reaperhulk/r509#config).
+
+## Middleware (config.ru)
+
+Running r509-ca-http will let you issue and revoke certificates. But that's not everything you need to do, if you're going to run a CA. You're going to need information about validity, and you may want to save a record of issued certificates to the filesystem.
+
+For that, we've created a few pieces of Rack middleware for your use.
+
+- [r509-middleware-validity](https://github.com/sirsean/r509-middleware-validity)
+- [r509-middleware-certwriter](https://github.com/sirsean/r509-middleware-certwriter)
+
+After installing one or both of them, you'll have to edit your ```config.ru`` and/or ```config.yaml``` files.
+
+## Rake tasks
+
+There are a few things you can do with Rake.
+
+```rake spec```
+
+Run all the tests.
+
+```rake gem:build```
+
+Build a gem file.
+
+```rake gem:install```
+
+Install the gem you just built.
+
+```rake gem:uninstall```
+
+Uninstall r509-ca-http.
+
+```rake yard```
+
+Generate documentation.

data/Rakefile

@@ -0,0 +1,38 @@
+require 'rubygems'
+require 'rspec/core/rake_task'
+require "#{File.dirname(__FILE__)}/lib/r509/certificateauthority/http/version"
+
+task :default => :spec
+RSpec::Core::RakeTask.new(:spec) do
+    ENV['RACK_ENV'] = 'test'
+end
+
+desc 'Run all rspec tests with rcov (1.8 only)'
+RSpec::Core::RakeTask.new(:rcov) do |t|
+    t.rcov_opts =  %q[--exclude "spec,gems"]
+    t.rcov = true
+end
+
+namespace :gem do
+    desc 'Build the gem'
+    task :build do
+        puts `yard`
+        puts `gem build r509-ca-http.gemspec`
+    end
+
+    desc 'Install gem'
+    task :install do
+        puts `gem install r509-ca-http-#{R509::CertificateAuthority::Http::VERSION}.gem`
+    end
+
+    desc 'Uninstall gem'
+    task :uninstall do
+        puts `gem uninstall r509-ca-http`
+    end
+end
+
+desc 'Build yard documentation'
+task :yard do
+    puts `yard`
+    `open doc/index.html`
+end

data/doc/R509.html

@@ -0,0 +1,117 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>
+  Module: R509
+  
+    &mdash; Documentation by YARD 0.8.3
+  
+</title>
+
+  <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" charset="utf-8" />
+
+  <link rel="stylesheet" href="css/common.css" type="text/css" media="screen" charset="utf-8" />
+
+<script type="text/javascript" charset="utf-8">
+  hasFrames = window.top.frames.main ? true : false;
+  relpath = '';
+  framesUrl = "frames.html#!" + escape(window.location.href);
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div id="header">
+      <div id="menu">
+  
+    <a href="_index.html">Index (R)</a> &raquo;
+    
+    
+    <span class="title">R509</span>
+  
+
+  <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
+</div>
+
+      <div id="search">
+  
+    <a class="full_list_link" id="class_list_link"
+        href="class_list.html">
+      Class List
+    </a>
+  
+    <a class="full_list_link" id="method_list_link"
+        href="method_list.html">
+      Method List
+    </a>
+  
+    <a class="full_list_link" id="file_list_link"
+        href="file_list.html">
+      File List
+    </a>
+  
+</div>
+      <div class="clear"></div>
+    </div>
+
+    <iframe id="search_frame"></iframe>
+
+    <div id="content"><h1>Module: R509
+  
+  
+  
+</h1>
+
+<dl class="box">
+  
+  
+    
+  
+    
+  
+  
+  
+    <dt class="r1 last">Defined in:</dt>
+    <dd class="r1 last">lib/r509/certificateauthority/http/server.rb<span class="defines">,<br />
+  lib/r509/certificateauthority/http/version.rb,<br /> lib/r509/certificateauthority/http/subjectparser.rb</span>
+</dd>
+  
+</dl>
+<div class="clear"></div>
+
+<h2>Defined Under Namespace</h2>
+<p class="children">
+  
+    
+      <strong class="modules">Modules:</strong> <span class='object_link'><a href="R509/CertificateAuthority.html" title="R509::CertificateAuthority (module)">CertificateAuthority</a></span>
+    
+  
+    
+  
+</p>
+
+
+
+
+
+
+
+
+
+</div>
+
+    <div id="footer">
+  Generated on Thu Nov  8 14:58:26 2012 by
+  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.8.3 (ruby-1.9.3).
+</div>
+
+  </body>
+</html>

data/doc/R509/CertificateAuthority.html

@@ -0,0 +1,117 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>
+  Module: R509::CertificateAuthority
+  
+    &mdash; Documentation by YARD 0.8.3
+  
+</title>
+
+  <link rel="stylesheet" href="../css/style.css" type="text/css" media="screen" charset="utf-8" />
+
+  <link rel="stylesheet" href="../css/common.css" type="text/css" media="screen" charset="utf-8" />
+
+<script type="text/javascript" charset="utf-8">
+  hasFrames = window.top.frames.main ? true : false;
+  relpath = '../';
+  framesUrl = "../frames.html#!" + escape(window.location.href);
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="../js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="../js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div id="header">
+      <div id="menu">
+  
+    <a href="../_index.html">Index (C)</a> &raquo;
+    <span class='title'><span class='object_link'><a href="../R509.html" title="R509 (module)">R509</a></span></span>
+     &raquo; 
+    <span class="title">CertificateAuthority</span>
+  
+
+  <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
+</div>
+
+      <div id="search">
+  
+    <a class="full_list_link" id="class_list_link"
+        href="../class_list.html">
+      Class List
+    </a>
+  
+    <a class="full_list_link" id="method_list_link"
+        href="../method_list.html">
+      Method List
+    </a>
+  
+    <a class="full_list_link" id="file_list_link"
+        href="../file_list.html">
+      File List
+    </a>
+  
+</div>
+      <div class="clear"></div>
+    </div>
+
+    <iframe id="search_frame"></iframe>
+
+    <div id="content"><h1>Module: R509::CertificateAuthority
+  
+  
+  
+</h1>
+
+<dl class="box">
+  
+  
+    
+  
+    
+  
+  
+  
+    <dt class="r1 last">Defined in:</dt>
+    <dd class="r1 last">lib/r509/certificateauthority/http/server.rb<span class="defines">,<br />
+  lib/r509/certificateauthority/http/version.rb,<br /> lib/r509/certificateauthority/http/subjectparser.rb</span>
+</dd>
+  
+</dl>
+<div class="clear"></div>
+
+<h2>Defined Under Namespace</h2>
+<p class="children">
+  
+    
+      <strong class="modules">Modules:</strong> <span class='object_link'><a href="CertificateAuthority/Http.html" title="R509::CertificateAuthority::Http (module)">Http</a></span>
+    
+  
+    
+  
+</p>
+
+
+
+
+
+
+
+
+
+</div>
+
+    <div id="footer">
+  Generated on Thu Nov  8 14:58:26 2012 by
+  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.8.3 (ruby-1.9.3).
+</div>
+
+  </body>
+</html>

data/doc/R509/CertificateAuthority/Http.html

@@ -0,0 +1,131 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>
+  Module: R509::CertificateAuthority::Http
+  
+    &mdash; Documentation by YARD 0.8.3
+  
+</title>
+
+  <link rel="stylesheet" href="../../css/style.css" type="text/css" media="screen" charset="utf-8" />
+
+  <link rel="stylesheet" href="../../css/common.css" type="text/css" media="screen" charset="utf-8" />
+
+<script type="text/javascript" charset="utf-8">
+  hasFrames = window.top.frames.main ? true : false;
+  relpath = '../../';
+  framesUrl = "../../frames.html#!" + escape(window.location.href);
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="../../js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="../../js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div id="header">
+      <div id="menu">
+  
+    <a href="../../_index.html">Index (H)</a> &raquo;
+    <span class='title'><span class='object_link'><a href="../../R509.html" title="R509 (module)">R509</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../CertificateAuthority.html" title="R509::CertificateAuthority (module)">CertificateAuthority</a></span></span>
+     &raquo; 
+    <span class="title">Http</span>
+  
+
+  <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
+</div>
+
+      <div id="search">
+  
+    <a class="full_list_link" id="class_list_link"
+        href="../../class_list.html">
+      Class List
+    </a>
+  
+    <a class="full_list_link" id="method_list_link"
+        href="../../method_list.html">
+      Method List
+    </a>
+  
+    <a class="full_list_link" id="file_list_link"
+        href="../../file_list.html">
+      File List
+    </a>
+  
+</div>
+      <div class="clear"></div>
+    </div>
+
+    <iframe id="search_frame"></iframe>
+
+    <div id="content"><h1>Module: R509::CertificateAuthority::Http
+  
+  
+  
+</h1>
+
+<dl class="box">
+  
+  
+    
+  
+    
+  
+  
+  
+    <dt class="r1 last">Defined in:</dt>
+    <dd class="r1 last">lib/r509/certificateauthority/http/server.rb<span class="defines">,<br />
+  lib/r509/certificateauthority/http/factory.rb,<br /> lib/r509/certificateauthority/http/version.rb,<br /> lib/r509/certificateauthority/http/subjectparser.rb,<br /> lib/r509/certificateauthority/http/validityperiodconverter.rb</span>
+</dd>
+  
+</dl>
+<div class="clear"></div>
+
+<h2>Defined Under Namespace</h2>
+<p class="children">
+  
+    
+      <strong class="modules">Modules:</strong> <span class='object_link'><a href="Http/Factory.html" title="R509::CertificateAuthority::Http::Factory (module)">Factory</a></span>
+    
+  
+    
+      <strong class="classes">Classes:</strong> <span class='object_link'><a href="Http/Server.html" title="R509::CertificateAuthority::Http::Server (class)">Server</a></span>, <span class='object_link'><a href="Http/SubjectParser.html" title="R509::CertificateAuthority::Http::SubjectParser (class)">SubjectParser</a></span>, <span class='object_link'><a href="Http/ValidityPeriodConverter.html" title="R509::CertificateAuthority::Http::ValidityPeriodConverter (class)">ValidityPeriodConverter</a></span>
+    
+  
+</p>
+
+  <h2>Constant Summary</h2>
+  
+    <dl class="constants">
+      
+        <dt id="VERSION-constant" class="">VERSION =
+          
+        </dt>
+        <dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>0.1</span><span class='tstring_end'>&quot;</span></span></pre></dd>
+      
+    </dl>
+  
+
+
+
+
+
+
+
+
+
+</div>
+
+    <div id="footer">
+  Generated on Thu Nov  8 14:58:26 2012 by
+  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.8.3 (ruby-1.9.3).
+</div>
+
+  </body>
+</html>