r509 0.10.0 → 1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ca8c4fec95f6c1bfcee73da8585a30867b18e77f
-  data.tar.gz: a4fd0c67c5479b69f2359aaa61b11eae597c7480
+  metadata.gz: 562903e3dc32d6329ab86cb309e457a5980317c5
+  data.tar.gz: 41cabe1dd8f48dc0ff5fe68ddecc3e165e7e4843
 SHA512:
-  metadata.gz: 68ca9e7f94cb8d122ad0f2ab6ec5584149f0683dc9d9ac6dcd608788db86c807b5d34b9312ea452a88960c275b30003ff8de7c90ca3b39179866acbabacc3cb7
-  data.tar.gz: b04daa9448a25761cb2900dc449f52056ab8d91bfef86f6fa33cbd4ca3c7c61e769fa0988e8b5a6619caad28124d55e4257a488dc2758f3e92eaf57bf861a791
+  metadata.gz: bbad952fef78a95c90ab557a2886064a75c448d02f924219ab4234d2cdc180349413f41afdde9e7b2e68f2d1023a22953d03f094eed874b57e47248f7c24606e
+  data.tar.gz: b59f9c35ea888698344eaddde1c29490d4475755c5da9fba6ffbf756ed3243663489deedb61025b5b23ff30c7f3ac91a248ea89800c3073a00164b4967469787

data/README.mdown

@@ -337,7 +337,7 @@ example_ca:
     key: <add_path>
   ocsp_start_skew_seconds: 3600
   ocsp_validity_hours: 168
-  crl_md: SHA1
+  crl_md: SHA256
   profiles:
     profile:
       subject_item_policy:
@@ -396,7 +396,7 @@ subject.common_name = "newdomain.com"
 subject.organization = "Org 2.0"
 ext = []
 ext << R509::Cert::Extensions::BasicConstraints.new(:ca => false)
-ext << R509::Cert::Extensions::SubjectAlternativeName.new(:names => san_names)
+ext << R509::Cert::Extensions::SubjectAlternativeName.new(:value => san_names)
 # assume config from yaml load above
 ca = R509::CertificateAuthority::Signer.new(config)
 cert = ca.sign(

data/Rakefile

@@ -30,15 +30,14 @@ end
 
 desc "Open an irb session with the lib dir included"
 task :irb do
-  $:.unshift File.expand_path("../../lib", __FILE__)
-  $:.unshift File.expand_path("../", __FILE__)
+  $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
+  $LOAD_PATH.unshift File.expand_path("../", __FILE__)
   require 'r509'
   require 'irb'
   ARGV.clear
   IRB.start
 end
 
-
 desc 'Build yard documentation'
 task :yard do
   puts `yard`

data/bin/r509

@@ -2,29 +2,38 @@
 require 'rubygems'
 require 'r509'
 require 'r509/trollop'
+require 'io/console'
 
-opts = R509::Trollop::options do
+opts = R509::Trollop.options do
   opt :interactive, "Interactive CSR/self-signed certificate generation. Overrides all flags other than keyout and out."
   opt :subject, "X509 subject / delimited. Example: /CN=test.com/O=Org/C=US/ST=Illinois/L=Chicago", :type => :string
-  opt :message_digest, "Message digest to use. sha1, sha224, sha256, sha384, sha512, md5", :type => :string, :default => 'sha1'
+  opt :san, "Subject Alternative Name Example: test.com,*.test.com", :type => :string
+  opt :message_digest, "Message digest to use. sha1, sha224, sha256, sha384, sha512, md5", :type => :string, :default => 'sha256'
   opt :duration, "Self-sign the certificate with the duration (in days) specified.", :type => :integer
   opt :bits, "Bit length of generated key. Ignored for EC.", :type => :integer, :default => 2048
   opt :curve_name, "Name of elliptic curve to use. Only used for EC.", :type => :string, :default => 'secp384r1'
   opt :keyout, "File name to save generated key.", :type => :string
   opt :out, "File name to save generated CSR or self-signed certificate", :type => :string
   opt :type, "Type of key to generate. RSA/DSA/EC", :type => :string, :default => "RSA"
+  opt :password, "Password to encrypt generated key", :type => :string
+  if RUBY_PLATFORM.match('darwin')
+    opt :clipboard, "Copy CSR or certificate to the clipboard", :default => false, :short => :p
+  end
   version "r509 #{R509::VERSION}"
 end
 
-if opts[:interactive] == true or opts[:subject].nil? then
-  if opts[:type].upcase == "RSA" or opts[:type].upcase == "DSA"
+opts[:duration] = opts[:duration].to_i
+subject = []
+
+if opts[:interactive] == true || opts[:subject].nil?
+  if opts[:type].upcase == "RSA" || opts[:type].upcase == "DSA"
     print "CSR Bit Length (2048):"
     bit_length = gets.chomp
-    bit_length = (bit_length.to_i > 0)? bit_length.to_i : 2048
+    opts[:bits] = (bit_length.to_i > 0) ? bit_length.to_i : 2048
   elsif opts[:type].upcase == "EC"
     print "Curve Name (secp384r1):"
     curve_name = gets.chomp
-    curve_name = (not curve_name.empty?)? curve_name : 'secp384r1'
+    opts[:curve_name] = (!curve_name.empty?) ? curve_name : 'secp384r1'
   else
     puts "Invalid key type specified. RSA/DSA/EC"
     exit
@@ -42,115 +51,103 @@ if opts[:interactive] == true or opts[:subject].nil? then
     else R509::MessageDigest::DEFAULT_MD
   end
 
-  subject = []
   print "C (US): "
   c = gets.chomp
-  c = c.empty? ? 'US':c;
-  subject.push ['C',c]
+  c = c.empty? ? 'US' : c
+  subject.push ['C', c]
 
   print "ST (Illinois): "
   st = gets.chomp
-  st = st.empty? ? 'Illinois':st;
-  subject.push ['ST',st]
+  st = st.empty? ? 'Illinois' : st
+  subject.push ['ST', st]
 
   print "L (Chicago): "
   l = gets.chomp
-  l = l.empty? ? 'Chicago':l;
-  subject.push ['L',l]
+  l = l.empty? ? 'Chicago' : l
+  subject.push ['L', l]
 
   print "O (r509 LLC): "
   o = gets.chomp
-  o = o.empty? ? 'r509 LLC':o;
-  subject.push ['O',o]
+  o = o.empty? ? 'r509 LLC' : o
+  subject.push ['O', o]
 
   print "OU (null by default): "
   ou = gets.chomp
-  if(!ou.empty?) then
-    subject.push ['OU',ou]
+  unless ou.empty?
+    subject.push ['OU', ou]
   end
 
   print "CN: "
-  subject.push ['CN',gets.chomp]
+  subject.push ['CN', gets.chomp]
   print "SAN Domains (comma separated):"
-  san_domains = []
-  san_domains = gets.chomp.split(',').collect { |domain| domain.strip }
-  csr = R509::CSR.new(
-    :subject => subject,
-    :bit_length => bit_length,
-    :type => opts[:type].upcase,
-    :curve_name => curve_name,
-    :san_names => san_domains,
-    :message_digest => opts[:message_digest]
-  )
+  opts[:san] = gets.chomp
 
-  selfsign = 0
   print "Self-signed cert duration in days (null disables self-sign):"
-  selfsign_input = gets.chomp
-  if selfsign_input.to_i > 0
-    selfsign = selfsign_input.to_i
+  opts[:duration] = gets.chomp.to_i
+
+  print "Password to encrypt generated key (empty disables encryption):"
+  password = STDIN.noecho(&:gets).chomp
+  puts ""
+  unless password.empty?
+    print "Retype password:"
+    password_confirm = STDIN.noecho(&:gets).chomp
+    puts ""
+    unless password == password_confirm
+      puts "Passwords do not match."
+      exit
+    end
+    opts[:password] = password
   end
-elsif not opts[:subject].nil?
-  subject = OpenSSL::X509::Name.new
-  opts[:subject].chomp.split('/').each { |item|
-    if item != '' then
-      value = item.split('=')
-      subject.add_entry(value[0],value[1])
+else
+  opts[:subject].chomp.split('/').each do |item|
+    if item != ''
+      subject.push item.split('=')[0..1]
     end
-  }
-  csr = R509::CSR.new(
-    :subject => subject,
-    :bit_length => opts[:bits],
-    :type => opts[:type].upcase,
-    :curve_name => opts[:curve_name],
-    :message_digest => opts[:message_digest]
-  )
-  selfsign = opts[:duration] || 0
+  end
 end
 
+csr_or_cert = csr = R509::CSR.new(
+  :subject => subject,
+  :bit_length => opts[:bits],
+  :type => opts[:type].upcase,
+  :curve_name => opts[:curve_name],
+  :san_names => (opts[:san] || "").split(',').map { |domain| domain.strip },
+  :message_digest => opts[:message_digest]
+)
+
+# for self signed, outputting the cert (not the csr)
+selfsign = opts[:duration]
 if selfsign > 0
-  cert = R509::CertificateAuthority::Signer.selfsign(
+  csr_or_cert = R509::CertificateAuthority::Signer.selfsign(
     :csr => csr,
-    :not_after => Time.now.to_i+86400*selfsign,
+    :not_after => Time.now.to_i + 86400 * selfsign,
     :message_digest => opts[:message_digest]
   )
-  if opts[:keyout].nil?
-    puts csr.key.to_pem
-  else
-    csr.key.write_pem(opts[:keyout])
-  end
-  if opts[:out].nil?
-    puts cert.to_pem
-  else
-    cert.write_pem(opts[:out])
-  end
+end
 
-  puts cert.subject
-  if not cert.san.nil?
-    puts "SAN(s): "+cert.san.names.map { |n| n.value }.join(", ")
-  end
-else
-  if opts[:keyout].nil?
-    puts csr.key.to_pem
+if opts[:keyout]
+  if opts[:password]
+    csr.key.write_encrypted_pem(opts[:keyout], "aes256", opts[:password])
   else
     csr.key.write_pem(opts[:keyout])
   end
-
-  if opts[:out].nil?
-    puts csr.to_pem
+else
+  if opts[:password]
+    puts csr.key.to_encrypted_pem("aes256", opts[:password])
   else
-    csr.write_pem(opts[:out])
+    puts csr.key.to_pem
   end
+end
 
-  puts csr.subject
-  if not csr.san.nil?
-    puts "SAN(s): "+csr.san.names.map{|n| n.value}.join(", ")
-  end
+if opts[:out]
+  csr_or_cert.write_pem(opts[:out])
+else
+  puts csr_or_cert.to_pem
 end
 
-if RUBY_PLATFORM.match('darwin') != nil then
-  if selfsign > 0
-    IO.popen('pbcopy','w').puts cert
-  else
-    IO.popen('pbcopy','w').puts csr
-  end
+puts csr_or_cert.subject
+puts "SAN(s): #{csr_or_cert.san.names.map { |n| n.value }.join(", ")}" if csr_or_cert.san
+
+if opts[:clipboard]
+  IO.popen('pbcopy', 'w').puts csr_or_cert
 end

data/bin/r509-parse

@@ -2,7 +2,7 @@
 require 'rubygems'
 require 'r509'
 
-if ARGV[0].nil? then
+if ARGV[0].nil?
   puts "CSR and certificate parsing using r509 v#{R509::VERSION}."
   puts "Usage: r509-parse <cert or csr>"
 else
@@ -10,16 +10,16 @@ else
     csr = R509::CSR.load_from_file ARGV[0]
   rescue
   end
-  if not csr.nil?
+  if csr
     puts "Subject: #{csr.subject}"
     puts "Algorithm: #{csr.signature_algorithm}"
-      puts "SAN Names: #{csr.san.names.map { |n| n.value }.join(" , ")}"
+    puts "SAN Names: #{csr.san.names.map { |n| n.value }.join(" , ")}"
   else
     begin
       cert = R509::Cert.load_from_file ARGV[0]
     rescue
     end
-    if not cert.nil?
+    if cert
       puts "Subject: #{cert.subject}"
       puts "Issuer: #{cert.issuer}"
       puts "Algorithm: #{cert.signature_algorithm}"

data/doc/R509.html

@@ -1,12 +1,12 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<!DOCTYPE html>
+<html>
   <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>
   Module: R509
   
-    &mdash; Documentation by YARD 0.8.6.1
+    &mdash; Documentation by YARD 0.9.5
   
 </title>
 
@@ -15,9 +15,8 @@
   <link rel="stylesheet" href="css/common.css" type="text/css" charset="utf-8" />
 
 <script type="text/javascript" charset="utf-8">
-  hasFrames = window.top.frames.main ? true : false;
+  pathId = "R509";
   relpath = '';
-  framesUrl = "frames.html#!" + escape(window.location.href);
 </script>
 
 
@@ -28,63 +27,65 @@
 
   </head>
   <body>
-    <div id="header">
-      <div id="menu">
+    <div class="nav_wrap">
+      <iframe id="nav" src="class_list.html"></iframe>
+      <div id="resizer"></div>
+    </div>
+
+    <div id="main" tabindex="-1">
+      <div id="header">
+        <div id="menu">
   
     <a href="_index.html">Index (R)</a> &raquo;
     
     
     <span class="title">R509</span>
   
-
-  <div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
 </div>
 
-      <div id="search">
+        <div id="search">
   
     <a class="full_list_link" id="class_list_link"
         href="class_list.html">
-      Class List
-    </a>
-  
-    <a class="full_list_link" id="method_list_link"
-        href="method_list.html">
-      Method List
-    </a>
-  
-    <a class="full_list_link" id="file_list_link"
-        href="file_list.html">
-      File List
+
+        <svg width="24" height="24">
+          <rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
+        </svg>
     </a>
   
 </div>
-      <div class="clear"></div>
-    </div>
+        <div class="clear"></div>
+      </div>
 
-    <iframe id="search_frame"></iframe>
+      <iframe id="search_frame" src="class_list.html"></iframe>
 
-    <div id="content"><h1>Module: R509
+      <div id="content"><h1>Module: R509
   
   
   
 </h1>
+<div class="box_info">
+  
 
-<dl class="box">
   
   
-    
   
-    
   
   
+
+  
+
   
-    <dt class="r1 last">Defined in:</dt>
-    <dd class="r1 last">lib/r509.rb<span class="defines">,<br />
-  lib/r509/csr.rb,<br /> lib/r509/spki.rb,<br /> lib/r509/cert.rb,<br /> lib/r509/asn1.rb,<br /> lib/r509/config.rb,<br /> lib/r509/engine.rb,<br /> lib/r509/version.rb,<br /> lib/r509/subject.rb,<br /> lib/r509/trollop.rb,<br /> lib/r509/helpers.rb,<br /> lib/r509/io_helpers.rb,<br /> lib/r509/exceptions.rb,<br /> lib/r509/oid_mapper.rb,<br /> lib/r509/private_key.rb,<br /> lib/r509/message_digest.rb,<br /> lib/r509/crl/signed_list.rb,<br /> lib/r509/config/ca_config.rb,<br /> lib/r509/crl/reader_writer.rb,<br /> lib/r509/crl/administrator.rb,<br /> lib/r509/config/cert_profile.rb,<br /> lib/r509/cert/extensions/base.rb,<br /> lib/r509/cert/extensions/key_usage.rb,<br /> lib/r509/config/subject_item_policy.rb,<br /> lib/r509/cert/extensions/ocsp_no_check.rb,<br /> lib/r509/cert/extensions/name_constraints.rb,<br /> lib/r509/cert/extensions/validation_mixin.rb,<br /> lib/r509/cert/extensions/basic_constraints.rb,<br /> lib/r509/cert/extensions/extended_key_usage.rb,<br /> lib/r509/cert/extensions/policy_constraints.rb,<br /> lib/r509/cert/extensions/inhibit_any_policy.rb,<br /> lib/r509/cert/extensions/certificate_policies.rb,<br /> lib/r509/cert/extensions/authority_info_access.rb,<br /> lib/r509/cert/extensions/subject_key_identifier.rb,<br /> lib/r509/cert/extensions/crl_distribution_points.rb,<br /> lib/r509/cert/extensions/subject_alternative_name.rb,<br /> lib/r509/cert/extensions/authority_key_identifier.rb</span>
+  <dl>
+    <dt>Defined in:</dt>
+    <dd>lib/r509.rb<span class="defines">,<br />
+  lib/r509/csr.rb,<br /> lib/r509/spki.rb,<br /> lib/r509/asn1.rb,<br /> lib/r509/cert.rb,<br /> lib/r509/engine.rb,<br /> lib/r509/config.rb,<br /> lib/r509/version.rb,<br /> lib/r509/trollop.rb,<br /> lib/r509/subject.rb,<br /> lib/r509/helpers.rb,<br /> lib/r509/exceptions.rb,<br /> lib/r509/oid_mapper.rb,<br /> lib/r509/io_helpers.rb,<br /> lib/r509/private_key.rb,<br /> lib/r509/message_digest.rb,<br /> lib/r509/crl/signed_list.rb,<br /> lib/r509/config/ca_config.rb,<br /> lib/r509/crl/administrator.rb,<br /> lib/r509/crl/reader_writer.rb,<br /> lib/r509/config/cert_profile.rb,<br /> lib/r509/cert/extensions/base.rb,<br /> lib/r509/crl/sqlite_reader_writer.rb,<br /> lib/r509/cert/extensions/key_usage.rb,<br /> lib/r509/config/subject_item_policy.rb,<br /> lib/r509/cert/extensions/ocsp_no_check.rb,<br /> lib/r509/cert/extensions/name_constraints.rb,<br /> lib/r509/cert/extensions/validation_mixin.rb,<br /> lib/r509/cert/extensions/basic_constraints.rb,<br /> lib/r509/cert/extensions/policy_constraints.rb,<br /> lib/r509/cert/extensions/inhibit_any_policy.rb,<br /> lib/r509/cert/extensions/extended_key_usage.rb,<br /> lib/r509/cert/extensions/certificate_policies.rb,<br /> lib/r509/cert/extensions/authority_info_access.rb,<br /> lib/r509/cert/extensions/subject_key_identifier.rb,<br /> lib/r509/cert/extensions/crl_distribution_points.rb,<br /> lib/r509/cert/extensions/authority_key_identifier.rb,<br /> lib/r509/cert/extensions/subject_alternative_name.rb</span>
 </dd>
+  </dl>
   
-</dl>
-<div class="clear"></div>
+</div>
 
 <h2>Overview</h2><div class="docstring">
   <div class="discussion">
@@ -111,11 +112,10 @@
 </p>
 
   <h2>Constant Summary</h2>
-  
-    <dl class="constants">
-      
-        <dt id="VERSION-constant" class="">VERSION =
-          <div class="docstring">
+  <dl class="constants">
+    
+      <dt id="VERSION-constant" class="">VERSION =
+        <div class="docstring">
   <div class="discussion">
     
 <p>The version of the r509 gem</p>
@@ -127,11 +127,10 @@
   
 
 </div>
-        </dt>
-        <dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>0.10.0</span><span class='tstring_end'>&quot;</span></span></pre></dd>
-      
-    </dl>
-  
+      </dt>
+      <dd><pre class="code"><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>1.0</span><span class='tstring_end'>&quot;</span></span></pre></dd>
+    
+  </dl>
 
 
 
@@ -142,7 +141,7 @@
   
     <h2>
       Class Method Summary
-      <small>(<a href="#" class="summary_toggle">collapse</a>)</small>
+      <small><a href="#" class="summary_toggle">collapse</a></small>
     </h2>
 
     <ul class="summary">
@@ -150,7 +149,7 @@
         <li class="public ">
   <span class="summary_signature">
     
-      <a href="#ec_supported%3F-class_method" title="ec_supported? (class method)">+ (Boolean) <strong>ec_supported?</strong> </a>
+      <a href="#ec_supported%3F-class_method" title="ec_supported? (class method)">.<strong>ec_supported?</strong>  &#x21d2; Boolean </a>
     
 
     
@@ -174,7 +173,7 @@
         <li class="public ">
   <span class="summary_signature">
     
-      <a href="#print_debug-class_method" title="print_debug (class method)">+ (nil) <strong>print_debug</strong> </a>
+      <a href="#print_debug-class_method" title="print_debug (class method)">.<strong>print_debug</strong>  &#x21d2; nil </a>
     
 
     
@@ -207,7 +206,7 @@
       <div class="method_details first">
   <h3 class="signature first" id="ec_supported?-class_method">
   
-    + (<tt>Boolean</tt>) <strong>ec_supported?</strong> 
+    .<strong>ec_supported?</strong>  &#x21d2; <tt>Boolean</tt> 
   
 
   
@@ -243,15 +242,15 @@
       <pre class="lines">
 
 
-33
 34
-35</pre>
+35
+36</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509.rb', line 33</span>
+      <pre class="code"><span class="info file"># File 'lib/r509.rb', line 34</span>
 
 <span class='kw'>def</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_ec_supported?'>ec_supported?</span>
-  <span class='lparen'>(</span><span class='kw'>not</span> <span class='kw'>defined?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>EC</span><span class='op'>::</span><span class='const'>UNSUPPORTED</span><span class='rparen'>)</span><span class='rparen'>)</span>
+  <span class='lparen'>(</span><span class='op'>!</span><span class='kw'>defined?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>EC</span><span class='op'>::</span><span class='const'>UNSUPPORTED</span><span class='rparen'>)</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -261,7 +260,7 @@
       <div class="method_details ">
   <h3 class="signature " id="print_debug-class_method">
   
-    + (<tt>nil</tt>) <strong>print_debug</strong> 
+    .<strong>print_debug</strong>  &#x21d2; <tt>nil</tt> 
   
 
   
@@ -297,15 +296,15 @@
       <pre class="lines">
 
 
-25
 26
 27
 28
 29
-30</pre>
+30
+31</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509.rb', line 25</span>
+      <pre class="code"><span class="info file"># File 'lib/r509.rb', line 26</span>
 
 <span class='kw'>def</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_print_debug'>print_debug</span>
   <span class='id identifier rubyid_puts'>puts</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>r509 v</span><span class='embexpr_beg'>#{</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>VERSION</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
@@ -322,11 +321,12 @@
 
 </div>
 
-    <div id="footer">
-  Generated on Sun Jan 26 13:37:25 2014 by
+      <div id="footer">
+  Generated on Tue Dec  6 17:27:38 2016 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.6.1 (ruby-2.0.0).
+  0.9.5 (ruby-2.4.0).
 </div>
 
+    </div>
   </body>
 </html>