r509-ca-http 0.2.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/README.md +12 -6
- data/doc/R509.html +2 -2
- data/doc/R509/CertificateAuthority.html +2 -2
- data/doc/R509/CertificateAuthority/{Http.html → HTTP.html} +3 -3
- data/doc/R509/CertificateAuthority/{Http → HTTP}/Factory.html +2 -2
- data/doc/R509/CertificateAuthority/{Http/Factory/CsrFactory.html → HTTP/Factory/CSRFactory.html} +2 -2
- data/doc/R509/CertificateAuthority/{Http/Factory/SpkiFactory.html → HTTP/Factory/SPKIFactory.html} +2 -2
- data/doc/R509/CertificateAuthority/{Http → HTTP}/Server.html +2 -2
- data/doc/R509/CertificateAuthority/{Http → HTTP}/SubjectParser.html +4 -4
- data/doc/R509/CertificateAuthority/{Http → HTTP}/ValidityPeriodConverter.html +2 -2
- data/doc/_index.html +2 -2
- data/doc/file.README.html +15 -10
- data/doc/index.html +15 -10
- data/doc/top-level-namespace.html +2 -2
- data/lib/r509/certificateauthority/http/server.rb +28 -13
- data/lib/r509/certificateauthority/http/version.rb +1 -1
- data/spec/fixtures/test_config.yaml +25 -17
- data/spec/http_spec.rb +49 -40
- data/spec/spec_helper.rb +6 -3
- metadata +86 -48
- metadata.gz.sig +0 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 82d99b04e38d9cc8ebfb61eae8abdd48bf707ca4
|
4
|
+
data.tar.gz: 24f2a0b80c757e1a5f4d93276095f8d3d7bd3b85
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 7ad00ec81b2064448527af0b848dd1402536a438fee49f1023e204c438eab30ad357edcc6aadfd0655fadfaac6ce9190d30f038074d78150581a1bd11c81cb76
|
7
|
+
data.tar.gz: 79d2cc8d3fdaa2070f0c245c89d54a94f7259dc9c4dd24f9e062c6d85987fcd0aa1cbe1a3f904356129a2788aaf5c022caaf95a8ca5a09e78c95e08b7b54767d
|
checksums.yaml.gz.sig
ADDED
Binary file
|
data.tar.gz.sig
ADDED
Binary file
|
data/README.md
CHANGED
@@ -1,22 +1,21 @@
|
|
1
|
-
#r509-ca-http
|
1
|
+
#r509-ca-http [![Build Status](https://secure.travis-ci.org/r509/r509-ca-http.png)](http://travis-ci.org/r509/r509-ca-http) [![Coverage Status](https://coveralls.io/repos/r509/r509-ca-http/badge.png)](https://coveralls.io/r/r509/r509-ca-http)
|
2
2
|
|
3
3
|
r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.
|
4
4
|
|
5
5
|
##Requirements/Installation
|
6
6
|
|
7
|
-
You need r509 and sinatra. For development/tests you need rack-test and rspec.
|
7
|
+
You need [r509](https://github.com/r509/r509) and sinatra. For development/tests you need rack-test and rspec.
|
8
8
|
|
9
9
|
## API
|
10
10
|
|
11
11
|
### GET /1/crl/:ca/get
|
12
12
|
|
13
|
-
|
13
|
+
Deprecated; will be removed in a future version. Use generate instead.
|
14
14
|
|
15
|
-
A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.
|
16
15
|
|
17
16
|
### GET /1/crl/:ca/generate
|
18
17
|
|
19
|
-
|
18
|
+
Generate and get a new CRL for the given ```:ca```.
|
20
19
|
|
21
20
|
### POST /1/certificate/issue
|
22
21
|
|
@@ -37,6 +36,7 @@ The subject is provided like so:
|
|
37
36
|
Optional POST parameters:
|
38
37
|
|
39
38
|
- extensions[subjectAlternativeName]
|
39
|
+
- message\_digest
|
40
40
|
|
41
41
|
SAN names are provided like so:
|
42
42
|
|
@@ -44,6 +44,8 @@ SAN names are provided like so:
|
|
44
44
|
|
45
45
|
The issue method will return the PEM text of the issued certificate.
|
46
46
|
|
47
|
+
Please note that all fields subject/extension request fields encoded in a CSR are ignored in favor of the POST parameters.
|
48
|
+
|
47
49
|
### POST /1/certificate/revoke
|
48
50
|
|
49
51
|
Revoke a certificate.
|
@@ -84,7 +86,7 @@ These pages are present on the server, for you to work with the CA with a basic
|
|
84
86
|
|
85
87
|
You use the ```config.yaml``` file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.
|
86
88
|
|
87
|
-
Information about how to construct the YAML can be found at [the official r509 documentation](https://github.com/reaperhulk/r509
|
89
|
+
Information about how to construct the YAML can be found at [the official r509 documentation](https://github.com/reaperhulk/r509).
|
88
90
|
|
89
91
|
## Middleware (config.ru)
|
90
92
|
|
@@ -97,6 +99,10 @@ For that, we've created a few pieces of Rack middleware for your use.
|
|
97
99
|
|
98
100
|
After installing one or both of them, you'll have to edit your ```config.ru`` and/or ```config.yaml``` files.
|
99
101
|
|
102
|
+
##Support
|
103
|
+
|
104
|
+
You can file bugs on GitHub or join the #r509 channel on irc.freenode.net to ask questions.
|
105
|
+
|
100
106
|
## Rake tasks
|
101
107
|
|
102
108
|
There are a few things you can do with Rake.
|
data/doc/R509.html
CHANGED
@@ -108,9 +108,9 @@
|
|
108
108
|
</div>
|
109
109
|
|
110
110
|
<div id="footer">
|
111
|
-
Generated on
|
111
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
112
112
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
113
|
-
0.8.6.1 (ruby-
|
113
|
+
0.8.6.1 (ruby-2.0.0).
|
114
114
|
</div>
|
115
115
|
|
116
116
|
</body>
|
@@ -108,9 +108,9 @@
|
|
108
108
|
</div>
|
109
109
|
|
110
110
|
<div id="footer">
|
111
|
-
Generated on
|
111
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
112
112
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
113
|
-
0.8.6.1 (ruby-
|
113
|
+
0.8.6.1 (ruby-2.0.0).
|
114
114
|
</div>
|
115
115
|
|
116
116
|
</body>
|
@@ -106,7 +106,7 @@
|
|
106
106
|
<dt id="VERSION-constant" class="">VERSION =
|
107
107
|
|
108
108
|
</dt>
|
109
|
-
<dd><pre class="code"><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>0.
|
109
|
+
<dd><pre class="code"><span class='tstring'><span class='tstring_beg'>"</span><span class='tstring_content'>0.3.0</span><span class='tstring_end'>"</span></span></pre></dd>
|
110
110
|
|
111
111
|
</dl>
|
112
112
|
|
@@ -122,9 +122,9 @@
|
|
122
122
|
</div>
|
123
123
|
|
124
124
|
<div id="footer">
|
125
|
-
Generated on
|
125
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
126
126
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
127
|
-
0.8.6.1 (ruby-
|
127
|
+
0.8.6.1 (ruby-2.0.0).
|
128
128
|
</div>
|
129
129
|
|
130
130
|
</body>
|
@@ -106,9 +106,9 @@
|
|
106
106
|
</div>
|
107
107
|
|
108
108
|
<div id="footer">
|
109
|
-
Generated on
|
109
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
110
110
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
111
|
-
0.8.6.1 (ruby-
|
111
|
+
0.8.6.1 (ruby-2.0.0).
|
112
112
|
</div>
|
113
113
|
|
114
114
|
</body>
|
data/doc/R509/CertificateAuthority/{Http/Factory/CsrFactory.html → HTTP/Factory/CSRFactory.html}
RENAMED
@@ -180,9 +180,9 @@
|
|
180
180
|
</div>
|
181
181
|
|
182
182
|
<div id="footer">
|
183
|
-
Generated on
|
183
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
184
184
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
185
|
-
0.8.6.1 (ruby-
|
185
|
+
0.8.6.1 (ruby-2.0.0).
|
186
186
|
</div>
|
187
187
|
|
188
188
|
</body>
|
data/doc/R509/CertificateAuthority/{Http/Factory/SpkiFactory.html → HTTP/Factory/SPKIFactory.html}
RENAMED
@@ -180,9 +180,9 @@
|
|
180
180
|
</div>
|
181
181
|
|
182
182
|
<div id="footer">
|
183
|
-
Generated on
|
183
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
184
184
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
185
|
-
0.8.6.1 (ruby-
|
185
|
+
0.8.6.1 (ruby-2.0.0).
|
186
186
|
</div>
|
187
187
|
|
188
188
|
</body>
|
@@ -124,9 +124,9 @@
|
|
124
124
|
</div>
|
125
125
|
|
126
126
|
<div id="footer">
|
127
|
-
Generated on
|
127
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
128
128
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
129
|
-
0.8.6.1 (ruby-
|
129
|
+
0.8.6.1 (ruby-2.0.0).
|
130
130
|
</div>
|
131
131
|
|
132
132
|
</body>
|
@@ -208,8 +208,8 @@
|
|
208
208
|
|
209
209
|
<span class='id identifier rubyid_subject'>subject</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Subject</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
|
210
210
|
<span class='id identifier rubyid_raw'>raw</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>[&;] *</span><span class='regexp_end'>/n</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_pair'>pair</span><span class='op'>|</span>
|
211
|
-
<span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span> <span class='op'>=</span> <span class='id identifier rubyid_pair'>pair</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'
|
212
|
-
<span class='id identifier rubyid_match'>match</span> <span class='op'>=</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_name'>name</span><span class='
|
211
|
+
<span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span> <span class='op'>=</span> <span class='id identifier rubyid_pair'>pair</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>=</span><span class='tstring_end'>'</span></span><span class='comma'>,</span> <span class='int'>2</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_data'>data</span><span class='op'>|</span> <span class='id identifier rubyid_unescape'>unescape</span><span class='lparen'>(</span><span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
|
212
|
+
<span class='id identifier rubyid_match'>match</span> <span class='op'>=</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_name'>name</span><span class='embexpr_end'>}</span><span class='tstring_content'>\[(.*)\]</span><span class='regexp_end'>/</span></span><span class='rparen'>)</span>
|
213
213
|
<span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_match'>match</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>and</span> <span class='kw'>not</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
|
214
214
|
<span class='id identifier rubyid_subject'>subject</span><span class='lbracket'>[</span><span class='id identifier rubyid_match'>match</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_value'>value</span>
|
215
215
|
<span class='kw'>end</span>
|
@@ -256,9 +256,9 @@
|
|
256
256
|
</div>
|
257
257
|
|
258
258
|
<div id="footer">
|
259
|
-
Generated on
|
259
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
260
260
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
261
|
-
0.8.6.1 (ruby-
|
261
|
+
0.8.6.1 (ruby-2.0.0).
|
262
262
|
</div>
|
263
263
|
|
264
264
|
</body>
|
@@ -198,9 +198,9 @@
|
|
198
198
|
</div>
|
199
199
|
|
200
200
|
<div id="footer">
|
201
|
-
Generated on
|
201
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
202
202
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
203
|
-
0.8.6.1 (ruby-
|
203
|
+
0.8.6.1 (ruby-2.0.0).
|
204
204
|
</div>
|
205
205
|
|
206
206
|
</body>
|
data/doc/_index.html
CHANGED
@@ -197,9 +197,9 @@
|
|
197
197
|
</div>
|
198
198
|
|
199
199
|
<div id="footer">
|
200
|
-
Generated on
|
200
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
201
201
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
202
|
-
0.8.6.1 (ruby-
|
202
|
+
0.8.6.1 (ruby-2.0.0).
|
203
203
|
</div>
|
204
204
|
|
205
205
|
</body>
|
data/doc/file.README.html
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
3
3
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
4
4
|
<head>
|
5
|
-
<meta http-equiv="Content-Type" content="text/html; charset=
|
5
|
+
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
6
6
|
<title>
|
7
7
|
File: README
|
8
8
|
|
@@ -61,25 +61,23 @@
|
|
61
61
|
|
62
62
|
<iframe id="search_frame"></iframe>
|
63
63
|
|
64
|
-
<div id="content"><div id='filecontents'><h1>r509-ca-http
|
64
|
+
<div id="content"><div id='filecontents'><h1>r509-ca-http <a href="http://travis-ci.org/r509/r509-ca-http"><img src="https://secure.travis-ci.org/r509/r509-ca-http.png" alt="Build Status"></a> <a href="https://coveralls.io/r/r509/r509-ca-http"><img src="https://coveralls.io/repos/r509/r509-ca-http/badge.png" alt="Coverage Status"></a></h1>
|
65
65
|
|
66
66
|
<p>r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.</p>
|
67
67
|
|
68
68
|
<h2>Requirements/Installation</h2>
|
69
69
|
|
70
|
-
<p>You need r509 and sinatra. For development/tests you need rack-test and rspec.</p>
|
70
|
+
<p>You need <a href="https://github.com/r509/r509">r509</a> and sinatra. For development/tests you need rack-test and rspec.</p>
|
71
71
|
|
72
72
|
<h2>API</h2>
|
73
73
|
|
74
74
|
<h3>GET /1/crl/:ca/get</h3>
|
75
75
|
|
76
|
-
<p>
|
77
|
-
|
78
|
-
<p>A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.</p>
|
76
|
+
<p>Deprecated; will be removed in a future version. Use generate instead.</p>
|
79
77
|
|
80
78
|
<h3>GET /1/crl/:ca/generate</h3>
|
81
79
|
|
82
|
-
<p>
|
80
|
+
<p>Generate and get a new CRL for the given <code>:ca</code>.</p>
|
83
81
|
|
84
82
|
<h3>POST /1/certificate/issue</h3>
|
85
83
|
|
@@ -104,6 +102,7 @@
|
|
104
102
|
|
105
103
|
<ul>
|
106
104
|
<li>extensions[subjectAlternativeName]</li>
|
105
|
+
<li>message_digest</li>
|
107
106
|
</ul>
|
108
107
|
|
109
108
|
<p>SAN names are provided like so:</p>
|
@@ -113,6 +112,8 @@
|
|
113
112
|
|
114
113
|
<p>The issue method will return the PEM text of the issued certificate.</p>
|
115
114
|
|
115
|
+
<p>Please note that all fields subject/extension request fields encoded in a CSR are ignored in favor of the POST parameters.</p>
|
116
|
+
|
116
117
|
<h3>POST /1/certificate/revoke</h3>
|
117
118
|
|
118
119
|
<p>Revoke a certificate.</p>
|
@@ -159,7 +160,7 @@
|
|
159
160
|
|
160
161
|
<p>You use the <code>config.yaml</code> file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.</p>
|
161
162
|
|
162
|
-
<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509
|
163
|
+
<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509">the official r509 documentation</a>.</p>
|
163
164
|
|
164
165
|
<h2>Middleware (config.ru)</h2>
|
165
166
|
|
@@ -174,6 +175,10 @@
|
|
174
175
|
|
175
176
|
<p>After installing one or both of them, you'll have to edit your <code>config.ru`` and/or</code>config.yaml``` files.</p>
|
176
177
|
|
178
|
+
<h2>Support</h2>
|
179
|
+
|
180
|
+
<p>You can file bugs on GitHub or join the #r509 channel on irc.freenode.net to ask questions.</p>
|
181
|
+
|
177
182
|
<h2>Rake tasks</h2>
|
178
183
|
|
179
184
|
<p>There are a few things you can do with Rake.</p>
|
@@ -200,9 +205,9 @@
|
|
200
205
|
</div></div>
|
201
206
|
|
202
207
|
<div id="footer">
|
203
|
-
Generated on
|
208
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
204
209
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
205
|
-
0.8.6.1 (ruby-
|
210
|
+
0.8.6.1 (ruby-2.0.0).
|
206
211
|
</div>
|
207
212
|
|
208
213
|
</body>
|
data/doc/index.html
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
3
3
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
4
4
|
<head>
|
5
|
-
<meta http-equiv="Content-Type" content="text/html; charset=
|
5
|
+
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
6
6
|
<title>
|
7
7
|
File: README
|
8
8
|
|
@@ -61,25 +61,23 @@
|
|
61
61
|
|
62
62
|
<iframe id="search_frame"></iframe>
|
63
63
|
|
64
|
-
<div id="content"><div id='filecontents'><h1>r509-ca-http
|
64
|
+
<div id="content"><div id='filecontents'><h1>r509-ca-http <a href="http://travis-ci.org/r509/r509-ca-http"><img src="https://secure.travis-ci.org/r509/r509-ca-http.png" alt="Build Status"></a> <a href="https://coveralls.io/r/r509/r509-ca-http"><img src="https://coveralls.io/repos/r509/r509-ca-http/badge.png" alt="Coverage Status"></a></h1>
|
65
65
|
|
66
66
|
<p>r509-ca-http is an HTTP server that runs a certificate authority, for signing SSL certificates. It supports issuance and revocation, and is intended to be part of a complete certificate authority for use in production environments.</p>
|
67
67
|
|
68
68
|
<h2>Requirements/Installation</h2>
|
69
69
|
|
70
|
-
<p>You need r509 and sinatra. For development/tests you need rack-test and rspec.</p>
|
70
|
+
<p>You need <a href="https://github.com/r509/r509">r509</a> and sinatra. For development/tests you need rack-test and rspec.</p>
|
71
71
|
|
72
72
|
<h2>API</h2>
|
73
73
|
|
74
74
|
<h3>GET /1/crl/:ca/get</h3>
|
75
75
|
|
76
|
-
<p>
|
77
|
-
|
78
|
-
<p>A new CRL is generated when a certificate is revoked or unrevoked, or if you explicitly generate it.</p>
|
76
|
+
<p>Deprecated; will be removed in a future version. Use generate instead.</p>
|
79
77
|
|
80
78
|
<h3>GET /1/crl/:ca/generate</h3>
|
81
79
|
|
82
|
-
<p>
|
80
|
+
<p>Generate and get a new CRL for the given <code>:ca</code>.</p>
|
83
81
|
|
84
82
|
<h3>POST /1/certificate/issue</h3>
|
85
83
|
|
@@ -104,6 +102,7 @@
|
|
104
102
|
|
105
103
|
<ul>
|
106
104
|
<li>extensions[subjectAlternativeName]</li>
|
105
|
+
<li>message_digest</li>
|
107
106
|
</ul>
|
108
107
|
|
109
108
|
<p>SAN names are provided like so:</p>
|
@@ -113,6 +112,8 @@
|
|
113
112
|
|
114
113
|
<p>The issue method will return the PEM text of the issued certificate.</p>
|
115
114
|
|
115
|
+
<p>Please note that all fields subject/extension request fields encoded in a CSR are ignored in favor of the POST parameters.</p>
|
116
|
+
|
116
117
|
<h3>POST /1/certificate/revoke</h3>
|
117
118
|
|
118
119
|
<p>Revoke a certificate.</p>
|
@@ -159,7 +160,7 @@
|
|
159
160
|
|
160
161
|
<p>You use the <code>config.yaml</code> file to specify information about your certificate authority. You can operate multiple certificate authorities, each of which can have multiple profiles, with one instance of r509-ca-http.</p>
|
161
162
|
|
162
|
-
<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509
|
163
|
+
<p>Information about how to construct the YAML can be found at <a href="https://github.com/reaperhulk/r509">the official r509 documentation</a>.</p>
|
163
164
|
|
164
165
|
<h2>Middleware (config.ru)</h2>
|
165
166
|
|
@@ -174,6 +175,10 @@
|
|
174
175
|
|
175
176
|
<p>After installing one or both of them, you'll have to edit your <code>config.ru`` and/or</code>config.yaml``` files.</p>
|
176
177
|
|
178
|
+
<h2>Support</h2>
|
179
|
+
|
180
|
+
<p>You can file bugs on GitHub or join the #r509 channel on irc.freenode.net to ask questions.</p>
|
181
|
+
|
177
182
|
<h2>Rake tasks</h2>
|
178
183
|
|
179
184
|
<p>There are a few things you can do with Rake.</p>
|
@@ -200,9 +205,9 @@
|
|
200
205
|
</div></div>
|
201
206
|
|
202
207
|
<div id="footer">
|
203
|
-
Generated on
|
208
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
204
209
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
205
|
-
0.8.6.1 (ruby-
|
210
|
+
0.8.6.1 (ruby-2.0.0).
|
206
211
|
</div>
|
207
212
|
|
208
213
|
</body>
|
@@ -103,9 +103,9 @@
|
|
103
103
|
</div>
|
104
104
|
|
105
105
|
<div id="footer">
|
106
|
-
Generated on
|
106
|
+
Generated on Sun Jan 26 14:20:49 2014 by
|
107
107
|
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
|
108
|
-
0.8.6.1 (ruby-
|
108
|
+
0.8.6.1 (ruby-2.0.0).
|
109
109
|
</div>
|
110
110
|
|
111
111
|
</body>
|
@@ -22,13 +22,16 @@ module R509
|
|
22
22
|
|
23
23
|
crls = {}
|
24
24
|
certificate_authorities = {}
|
25
|
+
options_builders = {}
|
25
26
|
config_pool.names.each do |name|
|
26
27
|
crls[name] = R509::CRL::Administrator.new(config_pool[name])
|
28
|
+
options_builders[name] = R509::CertificateAuthority::OptionsBuilder.new(config_pool[name])
|
27
29
|
certificate_authorities[name] = R509::CertificateAuthority::Signer.new(config_pool[name])
|
28
30
|
end
|
29
31
|
|
30
32
|
set :crls, crls
|
31
33
|
set :certificate_authorities, certificate_authorities
|
34
|
+
set :options_builders, options_builders
|
32
35
|
set :subject_parser, R509::CertificateAuthority::HTTP::SubjectParser.new
|
33
36
|
set :validity_period_converter, R509::CertificateAuthority::HTTP::ValidityPeriodConverter.new
|
34
37
|
set :csr_factory, R509::CertificateAuthority::HTTP::Factory::CSRFactory.new
|
@@ -46,6 +49,9 @@ module R509
|
|
46
49
|
def ca(name)
|
47
50
|
settings.certificate_authorities[name]
|
48
51
|
end
|
52
|
+
def builder(name)
|
53
|
+
settings.options_builders[name]
|
54
|
+
end
|
49
55
|
def subject_parser
|
50
56
|
settings.subject_parser
|
51
57
|
end
|
@@ -78,13 +84,13 @@ module R509
|
|
78
84
|
end
|
79
85
|
|
80
86
|
get '/1/crl/:ca/get/?' do
|
81
|
-
log.info "Get CRL for #{params[:ca]}"
|
87
|
+
log.info "DEPRECATED: Get CRL for #{params[:ca]}"
|
82
88
|
|
83
89
|
if not crl(params[:ca])
|
84
90
|
raise ArgumentError, "CA not found"
|
85
91
|
end
|
86
92
|
|
87
|
-
crl(params[:ca]).to_pem
|
93
|
+
crl(params[:ca]).generate_crl.to_pem
|
88
94
|
end
|
89
95
|
|
90
96
|
get '/1/crl/:ca/generate/?' do
|
@@ -94,7 +100,7 @@ module R509
|
|
94
100
|
raise ArgumentError, "CA not found"
|
95
101
|
end
|
96
102
|
|
97
|
-
crl(params[:ca]).generate_crl
|
103
|
+
crl(params[:ca]).generate_crl.to_pem
|
98
104
|
end
|
99
105
|
|
100
106
|
post '/1/certificate/issue/?' do
|
@@ -128,39 +134,48 @@ module R509
|
|
128
134
|
raise ArgumentError, "Must provide a subject"
|
129
135
|
end
|
130
136
|
|
137
|
+
extensions = []
|
131
138
|
if params.has_key?("extensions") and params["extensions"].has_key?("subjectAlternativeName")
|
132
139
|
san_names = params["extensions"]["subjectAlternativeName"].select { |name| not name.empty? }
|
140
|
+
if not san_names.empty?
|
141
|
+
extensions.push(R509::Cert::Extensions::SubjectAlternativeName.new(:value => R509::ASN1.general_name_parser(san_names)))
|
142
|
+
end
|
133
143
|
elsif params.has_key?("extensions") and params["extensions"].has_key?("dNSNames")
|
134
144
|
san_names = R509::ASN1::GeneralNames.new
|
135
145
|
params["extensions"]["dNSNames"].select{ |name| not name.empty? }.each do |name|
|
136
146
|
san_names.create_item(:tag => 2, :value => name.strip)
|
137
147
|
end
|
138
|
-
|
139
|
-
|
148
|
+
if not san_names.names.empty?
|
149
|
+
extensions.push(R509::Cert::Extensions::SubjectAlternativeName.new(:value => san_names))
|
150
|
+
end
|
140
151
|
end
|
141
152
|
|
142
153
|
validity_period = validity_period_converter.convert(params["validityPeriod"])
|
143
154
|
|
144
155
|
if params.has_key?("csr")
|
145
156
|
csr = csr_factory.build(:csr => params["csr"])
|
146
|
-
|
157
|
+
signer_opts = builder(params["ca"]).build_and_enforce(
|
147
158
|
:csr => csr,
|
148
159
|
:profile_name => params["profile"],
|
149
160
|
:subject => subject,
|
150
|
-
:
|
161
|
+
:extensions => extensions,
|
162
|
+
:message_digest => params["message_digest"],
|
151
163
|
:not_before => validity_period[:not_before],
|
152
|
-
:not_after => validity_period[:not_after]
|
164
|
+
:not_after => validity_period[:not_after],
|
153
165
|
)
|
166
|
+
cert = ca(params["ca"]).sign(signer_opts)
|
154
167
|
elsif params.has_key?("spki")
|
155
168
|
spki = spki_factory.build(:spki => params["spki"], :subject => subject)
|
156
|
-
|
169
|
+
signer_opts = builder(params["ca"]).build_and_enforce(
|
157
170
|
:spki => spki,
|
158
171
|
:profile_name => params["profile"],
|
159
172
|
:subject => subject,
|
160
|
-
:
|
173
|
+
:extensions => extensions,
|
174
|
+
:message_digest => params["message_digest"],
|
161
175
|
:not_before => validity_period[:not_before],
|
162
|
-
:not_after => validity_period[:not_after]
|
176
|
+
:not_after => validity_period[:not_after],
|
163
177
|
)
|
178
|
+
cert = ca(params["ca"]).sign(signer_opts)
|
164
179
|
else
|
165
180
|
raise ArgumentError, "Must provide a CSR or SPKI"
|
166
181
|
end
|
@@ -193,7 +208,7 @@ module R509
|
|
193
208
|
|
194
209
|
crl(ca).revoke_cert(serial, reason)
|
195
210
|
|
196
|
-
crl(ca).
|
211
|
+
crl(ca).generate_crl.to_pem
|
197
212
|
end
|
198
213
|
|
199
214
|
post '/1/certificate/unrevoke/?' do
|
@@ -213,7 +228,7 @@ module R509
|
|
213
228
|
|
214
229
|
crl(ca).unrevoke_cert(serial.to_i)
|
215
230
|
|
216
|
-
crl(ca).
|
231
|
+
crl(ca).generate_crl.to_pem
|
217
232
|
end
|
218
233
|
|
219
234
|
get '/test/certificate/issue/?' do
|
@@ -1,17 +1,25 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
1
|
+
---
|
2
|
+
certificate_authorities:
|
3
|
+
test_ca:
|
4
|
+
ca_cert:
|
5
|
+
cert: test_ca.cer
|
6
|
+
key: test_ca.key
|
7
|
+
profiles:
|
8
|
+
server:
|
9
|
+
basic_constraints:
|
10
|
+
:ca: false
|
11
|
+
key_usage:
|
12
|
+
:value:
|
13
|
+
- digitalSignature
|
14
|
+
- keyEncipherment
|
15
|
+
extended_key_usage:
|
16
|
+
:value:
|
17
|
+
- serverAuth
|
18
|
+
crl_distribution_points:
|
19
|
+
:value:
|
20
|
+
- :type: URI
|
21
|
+
:value: http://crl.domain.com/test_ca.crl
|
22
|
+
default_md: SHA1
|
23
|
+
allowed_mds:
|
24
|
+
- SHA1
|
25
|
+
- SHA256
|
data/spec/http_spec.rb
CHANGED
@@ -11,8 +11,9 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
11
11
|
before :each do
|
12
12
|
@crls = { "test_ca" => double("crl") }
|
13
13
|
@certificate_authorities = { "test_ca" => double("test_ca") }
|
14
|
+
@options_builders = { "test_ca" => double("options_builder") }
|
14
15
|
@subject_parser = double("subject parser")
|
15
|
-
|
16
|
+
#@validity_period_converter = double("validity period converter")
|
16
17
|
@csr_factory = double("csr factory")
|
17
18
|
@spki_factory = double("spki factory")
|
18
19
|
end
|
@@ -21,18 +22,21 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
21
22
|
@app ||= R509::CertificateAuthority::HTTP::Server
|
22
23
|
@app.send(:set, :crls, @crls)
|
23
24
|
@app.send(:set, :certificate_authorities, @certificate_authorities)
|
25
|
+
@app.send(:set, :options_builders, @options_builders)
|
24
26
|
@app.send(:set, :subject_parser, @subject_parser)
|
25
|
-
|
27
|
+
#@app.send(:set, :validity_period_converter, @validity_period_converter)
|
26
28
|
@app.send(:set, :csr_factory, @csr_factory)
|
27
29
|
@app.send(:set, :spki_factory, @spki_factory)
|
28
30
|
end
|
29
31
|
|
30
32
|
context "get CRL" do
|
31
33
|
it "gets the CRL" do
|
32
|
-
|
34
|
+
crl = double('crl')
|
35
|
+
crl.should_receive(:to_pem).and_return("generated crl")
|
36
|
+
@crls["test_ca"].should_receive(:generate_crl).and_return(crl)
|
33
37
|
get "/1/crl/test_ca/get"
|
34
38
|
last_response.should be_ok
|
35
|
-
last_response.content_type.should match
|
39
|
+
last_response.content_type.should match(/text\/plain/)
|
36
40
|
last_response.body.should == "generated crl"
|
37
41
|
end
|
38
42
|
it "when CA is not found" do
|
@@ -44,7 +48,9 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
44
48
|
|
45
49
|
context "generate CRL" do
|
46
50
|
it "generates the CRL" do
|
47
|
-
|
51
|
+
crl = double('crl')
|
52
|
+
crl.should_receive(:to_pem).and_return("generated crl")
|
53
|
+
@crls["test_ca"].should_receive(:generate_crl).and_return(crl)
|
48
54
|
get "/1/crl/test_ca/generate"
|
49
55
|
last_response.should be_ok
|
50
56
|
last_response.body.should == "generated crl"
|
@@ -96,10 +102,10 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
96
102
|
it "fails to issue" do
|
97
103
|
csr = double("csr")
|
98
104
|
@csr_factory.should_receive(:build).with({:csr => "csr"}).and_return(csr)
|
99
|
-
|
105
|
+
#@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
100
106
|
subject = R509::Subject.new [["CN", "domain.com"]]
|
101
107
|
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
102
|
-
@
|
108
|
+
@options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :extensions => [], :subject => subject, :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_raise(R509::R509Error.new("failed to issue because of: good reason"))
|
103
109
|
|
104
110
|
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
|
105
111
|
last_response.should_not be_ok
|
@@ -108,11 +114,12 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
108
114
|
it "issues a CSR with no SAN extensions" do
|
109
115
|
csr = double("csr")
|
110
116
|
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
111
|
-
|
117
|
+
#@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
112
118
|
subject = R509::Subject.new [["CN", "domain.com"]]
|
113
119
|
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
114
120
|
cert = double("cert")
|
115
|
-
@
|
121
|
+
@options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :extensions => [], :subject => subject, :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :profile_name => "profile", :subject => subject, :message_digest => "SHA1", :not_before=> kind_of(Time), :not_after => kind_of(Time) )
|
122
|
+
@certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
|
116
123
|
cert.should_receive(:to_pem).and_return("signed cert")
|
117
124
|
|
118
125
|
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr"
|
@@ -122,11 +129,12 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
122
129
|
it "issues a CSR with SAN extensions" do
|
123
130
|
csr = double("csr")
|
124
131
|
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
125
|
-
|
132
|
+
#@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
126
133
|
subject = R509::Subject.new [["CN", "domain.com"]]
|
127
134
|
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
128
135
|
cert = double("cert")
|
129
|
-
@
|
136
|
+
@options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :extensions => kind_of(Array), :subject => subject, :extensions => kind_of(Array), :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :profile_name => "profile", :subject => subject, :message_digest => "SHA1", :not_before=> kind_of(Time), :not_after => kind_of(Time) )
|
137
|
+
@certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
|
130
138
|
cert.should_receive(:to_pem).and_return("signed cert")
|
131
139
|
|
132
140
|
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
|
@@ -136,15 +144,12 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
136
144
|
it "issues a CSR with dNSNames" do
|
137
145
|
csr = double("csr")
|
138
146
|
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
139
|
-
|
147
|
+
#@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
140
148
|
subject = R509::Subject.new [["CN", "domain.com"]]
|
141
149
|
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
142
|
-
general_names = double("general names")
|
143
|
-
R509::ASN1::GeneralNames.should_receive(:new).and_return(general_names)
|
144
|
-
general_names.should_receive(:create_item).with(:tag => 2, :value => "domain1.com")
|
145
|
-
general_names.should_receive(:create_item).with(:tag => 2, :value => "domain2.com")
|
146
150
|
cert = double("cert")
|
147
|
-
@
|
151
|
+
@options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :subject => subject, :extensions => kind_of(Array), :message_digest =>nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :profile_name => "profile", :subject => subject, :message_digest => "SHA1")
|
152
|
+
@certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
|
148
153
|
cert.should_receive(:to_pem).and_return("signed cert")
|
149
154
|
|
150
155
|
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[dNSNames][]" => ["domain1.com","domain2.com"]
|
@@ -154,11 +159,12 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
154
159
|
it "issues a CSR with both SAN names and dNSNames provided (and ignore the dNSNames)" do
|
155
160
|
csr = double("csr")
|
156
161
|
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
157
|
-
|
162
|
+
#@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
158
163
|
subject = R509::Subject.new [["CN", "domain.com"]]
|
159
164
|
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
160
165
|
cert = double("cert")
|
161
|
-
@
|
166
|
+
@options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :subject => subject, :extensions => kind_of(Array), :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr)
|
167
|
+
@certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
|
162
168
|
cert.should_receive(:to_pem).and_return("signed cert")
|
163
169
|
|
164
170
|
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"], "extensions[dNSNames][]" => ["domain3.com", "domain4.com"]
|
@@ -166,13 +172,14 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
166
172
|
last_response.body.should == "signed cert"
|
167
173
|
end
|
168
174
|
it "issues an SPKI without SAN extensions" do
|
169
|
-
|
175
|
+
#@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
170
176
|
subject = R509::Subject.new [["CN", "domain.com"]]
|
171
177
|
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
172
178
|
spki = double("spki")
|
173
179
|
@spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
|
174
180
|
cert = double("cert")
|
175
|
-
@
|
181
|
+
@options_builders["test_ca"].should_receive(:build_and_enforce).with(:spki => spki, :profile_name => "profile", :extensions => [], :subject => subject, :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:spki => spki, :not_before=> kind_of(Time), :not_after => kind_of(Time) )
|
182
|
+
@certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
|
176
183
|
cert.should_receive(:to_pem).and_return("signed cert")
|
177
184
|
|
178
185
|
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki"
|
@@ -180,13 +187,14 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
180
187
|
last_response.body.should == "signed cert"
|
181
188
|
end
|
182
189
|
it "issues an SPKI with SAN extensions" do
|
183
|
-
|
190
|
+
#@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
184
191
|
subject = R509::Subject.new [["CN", "domain.com"]]
|
185
192
|
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
186
193
|
spki = double("spki")
|
187
194
|
@spki_factory.should_receive(:build).with(:spki => "spki", :subject => subject).and_return(spki)
|
188
195
|
cert = double("cert")
|
189
|
-
@
|
196
|
+
@options_builders["test_ca"].should_receive(:build_and_enforce).with(:spki => spki, :profile_name => "profile", :extensions => kind_of(Array), :subject => subject, :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:spki => spki, :not_before=> kind_of(Time), :not_after => kind_of(Time) )
|
197
|
+
@certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
|
190
198
|
cert.should_receive(:to_pem).and_return("signed cert")
|
191
199
|
|
192
200
|
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "spki" => "spki", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com"]
|
@@ -196,11 +204,12 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
196
204
|
it "when there are empty SAN names" do
|
197
205
|
csr = double("csr")
|
198
206
|
@csr_factory.should_receive(:build).with(:csr => "csr").and_return(csr)
|
199
|
-
|
207
|
+
#@validity_period_converter.should_receive(:convert).with("365").and_return({:not_before => 1, :not_after => 2})
|
200
208
|
subject = R509::Subject.new [["CN", "domain.com"]]
|
201
209
|
@subject_parser.should_receive(:parse).with(anything, "subject").and_return(subject)
|
202
210
|
cert = double("cert")
|
203
|
-
@
|
211
|
+
@options_builders["test_ca"].should_receive(:build_and_enforce).with(:csr => csr, :profile_name => "profile", :subject => subject, :extensions => kind_of(Array), :message_digest => nil, :not_before=> kind_of(Time), :not_after => kind_of(Time) ).and_return(:csr => csr, :not_before=> kind_of(Time), :not_after => kind_of(Time) )
|
212
|
+
@certificate_authorities["test_ca"].should_receive(:sign).and_return(cert)
|
204
213
|
cert.should_receive(:to_pem).and_return("signed cert")
|
205
214
|
|
206
215
|
post "/1/certificate/issue", "ca" => "test_ca", "profile" => "profile", "subject" => "subject", "validityPeriod" => 365, "csr" => "csr", "extensions[subjectAlternativeName][]" => ["domain1.com","domain2.com","",""]
|
@@ -227,18 +236,18 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
227
236
|
end
|
228
237
|
it "when serial is given but not reason" do
|
229
238
|
@crls["test_ca"].should_receive(:revoke_cert).with("12345", nil).and_return(nil)
|
230
|
-
|
231
|
-
@crls["test_ca"].should_receive(:
|
232
|
-
|
239
|
+
crl_obj = double("crl-obj")
|
240
|
+
@crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
|
241
|
+
crl_obj.should_receive(:to_pem).and_return("generated crl")
|
233
242
|
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345"
|
234
243
|
last_response.should be_ok
|
235
244
|
last_response.body.should == "generated crl"
|
236
245
|
end
|
237
246
|
it "when serial and reason are given" do
|
238
247
|
@crls["test_ca"].should_receive(:revoke_cert).with("12345", "1").and_return(nil)
|
239
|
-
|
240
|
-
@crls["test_ca"].should_receive(:
|
241
|
-
|
248
|
+
crl_obj = double("crl-obj")
|
249
|
+
@crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
|
250
|
+
crl_obj.should_receive(:to_pem).and_return("generated crl")
|
242
251
|
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "1"
|
243
252
|
last_response.should be_ok
|
244
253
|
last_response.body.should == "generated crl"
|
@@ -251,18 +260,18 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
251
260
|
end
|
252
261
|
it "when reason is not an integer" do
|
253
262
|
@crls["test_ca"].should_receive(:revoke_cert).with("12345", "foo").and_return(nil)
|
254
|
-
|
255
|
-
@crls["test_ca"].should_receive(:
|
256
|
-
|
263
|
+
crl_obj = double("crl-obj")
|
264
|
+
@crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
|
265
|
+
crl_obj.should_receive(:to_pem).and_return("generated crl")
|
257
266
|
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => "foo"
|
258
267
|
last_response.should be_ok
|
259
268
|
last_response.body.should == "generated crl"
|
260
269
|
end
|
261
270
|
it "when reason is an empty string" do
|
262
271
|
@crls["test_ca"].should_receive(:revoke_cert).with("12345", nil).and_return(nil)
|
263
|
-
|
264
|
-
@crls["test_ca"].should_receive(:
|
265
|
-
|
272
|
+
crl_obj = double("crl-obj")
|
273
|
+
@crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
|
274
|
+
crl_obj.should_receive(:to_pem).and_return("generated crl")
|
266
275
|
post "/1/certificate/revoke", "ca" => "test_ca", "serial" => "12345", "reason" => ""
|
267
276
|
last_response.should be_ok
|
268
277
|
last_response.body.should == "generated crl"
|
@@ -287,9 +296,9 @@ describe R509::CertificateAuthority::HTTP::Server do
|
|
287
296
|
end
|
288
297
|
it "when serial is given" do
|
289
298
|
@crls["test_ca"].should_receive(:unrevoke_cert).with(12345).and_return(nil)
|
290
|
-
|
291
|
-
@crls["test_ca"].should_receive(:
|
292
|
-
|
299
|
+
crl_obj = double("crl-obj")
|
300
|
+
@crls["test_ca"].should_receive(:generate_crl).and_return(crl_obj)
|
301
|
+
crl_obj.should_receive(:to_pem).and_return("generated crl")
|
293
302
|
post "/1/certificate/unrevoke", "ca" => "test_ca", "serial" => "12345"
|
294
303
|
last_response.should be_ok
|
295
304
|
last_response.body.should == "generated crl"
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,93 +1,135 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: r509-ca-http
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
5
|
-
prerelease:
|
4
|
+
version: 0.3.0
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Sean Schulte
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
|
-
cert_chain:
|
12
|
-
|
10
|
+
cert_chain:
|
11
|
+
- |
|
12
|
+
-----BEGIN CERTIFICATE-----
|
13
|
+
MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRYwFAYDVQQDDA1wYXVs
|
14
|
+
Lmwua2VocmVyMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZ
|
15
|
+
FgNjb20wHhcNMTMxMjA2MDAzNTU0WhcNMTQxMjA2MDAzNTU0WjBEMRYwFAYDVQQD
|
16
|
+
DA1wYXVsLmwua2VocmVyMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJ
|
17
|
+
k/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLVC6U
|
18
|
+
0ZyX4C4HllJxHW0Uq39bvRvfNXc0RXMSvIRklxjupx3EICVATpAJzg4qBxbpxRTe
|
19
|
+
XcsmuYfaZAriSH2M97C2sBJnVEAr63ws2vmBQKw9cXHV3RjQTeqQUTQudE790DTI
|
20
|
+
7pc1ObprB4pM2j3O6JtPVzmJ/PGACjtyg4bys6bx7JQJW5liunK26mS6w6mAAcAV
|
21
|
+
scAz7oh6fmOI0OSS45l3ycOEh5sb42cZzs7TNzcvVmEppTRa4wBP4/eDTuohxlPH
|
22
|
+
skuIPWcdU6YTo2LWwqEaGgUItj8lRqXGDcEZ1FhKyZ6HUD3l1zPGxojW8BKr0Svj
|
23
|
+
/cMP+y0YH5OeoD+vAgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
|
24
|
+
BgNVHQ4EFgQURv1xuy9aKzcxwxkGiL/e4UYCWGowIgYDVR0RBBswGYEXcGF1bC5s
|
25
|
+
LmtlaHJlckBnbWFpbC5jb20wIgYDVR0SBBswGYEXcGF1bC5sLmtlaHJlckBnbWFp
|
26
|
+
bC5jb20wDQYJKoZIhvcNAQEFBQADggEBADsnINhvXWJ8r7U02fzbmOitcDZOlCnN
|
27
|
+
jtyYfzDbYtEnQCpBCHhpNC8SVI3OUgGJbrb5Debs0f1UxrYsGn0u8LsLu6xmst+D
|
28
|
+
zZdxtzvnsqowLw2dCzXow0CGwBGcWq38Wqn0v/ez3otQBj2GGGV0jyLUoRWfMwTK
|
29
|
+
dqbGuJ0s/ZORipbl4jdfucPbrGPQHmf8/H8w0/kH7tBnhcyGI1exBSQexiu2qRqP
|
30
|
+
wQ9nsK5DoJSWf5vG8Xu/TEnv2Gu8z6T4wBrbIr20EYu6lb0i5ekGhrHOcaPRI6X9
|
31
|
+
lYMLMTFSyjE66v5QiUlZ9V4oV6O/MPS9fXPxog3TCsYpgfsgA+RlO8I=
|
32
|
+
-----END CERTIFICATE-----
|
33
|
+
date: 2014-01-26 00:00:00.000000000 Z
|
13
34
|
dependencies:
|
14
35
|
- !ruby/object:Gem::Dependency
|
15
36
|
name: r509
|
16
|
-
requirement:
|
17
|
-
none: false
|
37
|
+
requirement: !ruby/object:Gem::Requirement
|
18
38
|
requirements:
|
19
39
|
- - ~>
|
20
40
|
- !ruby/object:Gem::Version
|
21
|
-
version: 0.
|
41
|
+
version: 0.10.0
|
22
42
|
type: :runtime
|
23
43
|
prerelease: false
|
24
|
-
version_requirements:
|
44
|
+
version_requirements: !ruby/object:Gem::Requirement
|
45
|
+
requirements:
|
46
|
+
- - ~>
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: 0.10.0
|
25
49
|
- !ruby/object:Gem::Dependency
|
26
50
|
name: sinatra
|
27
|
-
requirement:
|
28
|
-
none: false
|
51
|
+
requirement: !ruby/object:Gem::Requirement
|
29
52
|
requirements:
|
30
|
-
- -
|
53
|
+
- - '>='
|
31
54
|
- !ruby/object:Gem::Version
|
32
55
|
version: '0'
|
33
56
|
type: :runtime
|
34
57
|
prerelease: false
|
35
|
-
version_requirements:
|
58
|
+
version_requirements: !ruby/object:Gem::Requirement
|
59
|
+
requirements:
|
60
|
+
- - '>='
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: '0'
|
36
63
|
- !ruby/object:Gem::Dependency
|
37
64
|
name: dependo
|
38
|
-
requirement:
|
39
|
-
none: false
|
65
|
+
requirement: !ruby/object:Gem::Requirement
|
40
66
|
requirements:
|
41
|
-
- -
|
67
|
+
- - '>='
|
42
68
|
- !ruby/object:Gem::Version
|
43
69
|
version: '0'
|
44
70
|
type: :runtime
|
45
71
|
prerelease: false
|
46
|
-
version_requirements:
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - '>='
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
47
77
|
- !ruby/object:Gem::Dependency
|
48
78
|
name: rspec
|
49
|
-
requirement:
|
50
|
-
none: false
|
79
|
+
requirement: !ruby/object:Gem::Requirement
|
51
80
|
requirements:
|
52
|
-
- -
|
81
|
+
- - '>='
|
53
82
|
- !ruby/object:Gem::Version
|
54
83
|
version: '0'
|
55
84
|
type: :development
|
56
85
|
prerelease: false
|
57
|
-
version_requirements:
|
86
|
+
version_requirements: !ruby/object:Gem::Requirement
|
87
|
+
requirements:
|
88
|
+
- - '>='
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: '0'
|
58
91
|
- !ruby/object:Gem::Dependency
|
59
92
|
name: rack-test
|
60
|
-
requirement:
|
61
|
-
none: false
|
93
|
+
requirement: !ruby/object:Gem::Requirement
|
62
94
|
requirements:
|
63
|
-
- -
|
95
|
+
- - '>='
|
64
96
|
- !ruby/object:Gem::Version
|
65
97
|
version: '0'
|
66
98
|
type: :development
|
67
99
|
prerelease: false
|
68
|
-
version_requirements:
|
100
|
+
version_requirements: !ruby/object:Gem::Requirement
|
101
|
+
requirements:
|
102
|
+
- - '>='
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: '0'
|
69
105
|
- !ruby/object:Gem::Dependency
|
70
106
|
name: rake
|
71
|
-
requirement:
|
72
|
-
none: false
|
107
|
+
requirement: !ruby/object:Gem::Requirement
|
73
108
|
requirements:
|
74
|
-
- -
|
109
|
+
- - '>='
|
75
110
|
- !ruby/object:Gem::Version
|
76
111
|
version: '0'
|
77
112
|
type: :development
|
78
113
|
prerelease: false
|
79
|
-
version_requirements:
|
114
|
+
version_requirements: !ruby/object:Gem::Requirement
|
115
|
+
requirements:
|
116
|
+
- - '>='
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: '0'
|
80
119
|
- !ruby/object:Gem::Dependency
|
81
120
|
name: simplecov
|
82
|
-
requirement:
|
83
|
-
none: false
|
121
|
+
requirement: !ruby/object:Gem::Requirement
|
84
122
|
requirements:
|
85
|
-
- -
|
123
|
+
- - '>='
|
86
124
|
- !ruby/object:Gem::Version
|
87
125
|
version: '0'
|
88
126
|
type: :development
|
89
127
|
prerelease: false
|
90
|
-
version_requirements:
|
128
|
+
version_requirements: !ruby/object:Gem::Requirement
|
129
|
+
requirements:
|
130
|
+
- - '>='
|
131
|
+
- !ruby/object:Gem::Version
|
132
|
+
version: '0'
|
91
133
|
description: A HTTP CA API for r509
|
92
134
|
email: sirsean@gmail.com
|
93
135
|
executables: []
|
@@ -124,42 +166,38 @@ files:
|
|
124
166
|
- doc/js/full_list.js
|
125
167
|
- doc/js/jquery.js
|
126
168
|
- doc/method_list.html
|
127
|
-
- doc/R509/CertificateAuthority/
|
128
|
-
- doc/R509/CertificateAuthority/
|
129
|
-
- doc/R509/CertificateAuthority/
|
130
|
-
- doc/R509/CertificateAuthority/
|
131
|
-
- doc/R509/CertificateAuthority/
|
132
|
-
- doc/R509/CertificateAuthority/
|
133
|
-
- doc/R509/CertificateAuthority/
|
169
|
+
- doc/R509/CertificateAuthority/HTTP/Factory/CSRFactory.html
|
170
|
+
- doc/R509/CertificateAuthority/HTTP/Factory/SPKIFactory.html
|
171
|
+
- doc/R509/CertificateAuthority/HTTP/Factory.html
|
172
|
+
- doc/R509/CertificateAuthority/HTTP/Server.html
|
173
|
+
- doc/R509/CertificateAuthority/HTTP/SubjectParser.html
|
174
|
+
- doc/R509/CertificateAuthority/HTTP/ValidityPeriodConverter.html
|
175
|
+
- doc/R509/CertificateAuthority/HTTP.html
|
134
176
|
- doc/R509/CertificateAuthority.html
|
135
177
|
- doc/R509.html
|
136
178
|
- doc/top-level-namespace.html
|
137
179
|
homepage: http://vikinghammer.com
|
138
180
|
licenses: []
|
181
|
+
metadata: {}
|
139
182
|
post_install_message:
|
140
183
|
rdoc_options: []
|
141
184
|
require_paths:
|
142
185
|
- lib
|
143
186
|
required_ruby_version: !ruby/object:Gem::Requirement
|
144
|
-
none: false
|
145
187
|
requirements:
|
146
|
-
- -
|
188
|
+
- - '>='
|
147
189
|
- !ruby/object:Gem::Version
|
148
190
|
version: 1.9.3
|
149
191
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
150
|
-
none: false
|
151
192
|
requirements:
|
152
|
-
- -
|
193
|
+
- - '>='
|
153
194
|
- !ruby/object:Gem::Version
|
154
195
|
version: '0'
|
155
|
-
segments:
|
156
|
-
- 0
|
157
|
-
hash: 2820993732791311661
|
158
196
|
requirements: []
|
159
197
|
rubyforge_project:
|
160
|
-
rubygems_version:
|
198
|
+
rubygems_version: 2.0.3
|
161
199
|
signing_key:
|
162
|
-
specification_version:
|
200
|
+
specification_version: 4
|
163
201
|
summary: A (relatively) simple certificate authority API written to work with r509
|
164
202
|
test_files: []
|
165
203
|
has_rdoc:
|
metadata.gz.sig
ADDED
Binary file
|