rails_dev_ssl 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5eb40c157ca04088a45415622603010c48f8b41f0b2a4d9211f1b70c43b4a466
+  data.tar.gz: 4551e5a7ebe4f1fe7131d66ef45eacb7cb8a0c85f352ceaf0b3e5d3555d1b748
+SHA512:
+  metadata.gz: 061e7139a0fd905fbbc2b99ab65960daec2f7878cc42ae39e128ef205eae1ad80b25c9ff3059ca0d868196dc7bee3c9376804d3f5f729854df56832d67cc381a
+  data.tar.gz: 14228965a9b498f884816934dab64bc53c2e6a4b78c0c864b7b76499dd9f6ebddb26f1e3546425c10d264d6f529a115dacac6adacb3e50664d49928ec7ba2ed3

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.5.3
+before_install: gem install bundler -v 1.17.1

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+# 0.1.0
+
+- Initial working version

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in rails_dev_ssl.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,43 @@
+PATH
+  remote: .
+  specs:
+    rails_dev_ssl (0.1.0)
+      thor (~> 0.20.3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    coderay (1.1.2)
+    diff-lcs (1.3)
+    method_source (0.9.2)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    rake (10.5.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    thor (0.20.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.17)
+  pry (~> 0.12.2)
+  rails_dev_ssl!
+  rake (~> 10.0)
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   1.17.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Bart Agapinan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,76 @@
+# RailsDevSsl
+
+`rails-dev-ssl` is a command line utility that takes some of the work out of generating the SSL certificates for local development.
+
+This utility will help you set up your development machine to serve your Rails API over HTTPS.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rails_dev_ssl', group: :development
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rails_dev_ssl
+
+## Usage
+
+#### Generate certificates
+
+`rails_dev_ssl generate_certificates` will create a new directory in your project folder called "ssl" and ask for information to be added to your local certificate authority. Inside the `ssl` directory will be your config file and `server.crt` and `server.key` files.
+
+#### Configuring puma
+
+If you use puma to serve your app, you can use your new certificates by passing them when calling puma:
+
+```
+puma -C config/puma.rb -b 'ssl://127.0.0.1:<port>?key=./ssl/server.key&cert=./ssl/server.crt'
+```
+
+or in `config/puma.rb`:
+
+```
+ssl_bind '127.0.0.1', '<port>', {
+  key: ./ssl/server.key,
+  cert: ./ssl/server.crt
+}
+```
+
+#### Customization
+
+You can change the certificate directory using `setup <directory>`, for example, `rails_dev_ssl setup lib/ssl` to put the certificates inside your lib directory.
+
+You can generate the `server.crt.cnf` file using the `generate_config` command.
+
+#### Browser warnings
+
+When you use your first self-signed certificate, your browser will warn you about an untrusted certificate authority. You'll need to trust the rootCA you created for your project.
+
+Chrome and Firefox will ask you to add the certificate authority in the app. To use Safari, you'll need to add the CA to your keychain. You can do this with the `add_ca_to_keychain` command.
+
+#### /etc/hosts
+
+You may want to add an entry to your `/etc/hosts` file to include the CN you set in the `generate_config` step. This will allow you to visit the domain in your browser instead of using 127.0.0.1 (for example, https://localhost.ssl/path/to/your/app.)
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+Note that `rake spec` will remove any existing `ssl` directory in your current working directory.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/viamin/rails_dev_ssl.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'rails_dev_ssl'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/rails_dev_ssl

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'rails_dev_ssl'
+
+RailsDevSsl::CLI.start(ARGV)

data/lib/rails_dev_ssl.rb

@@ -0,0 +1,181 @@
+# frozen_string_literal: true
+
+require 'rails_dev_ssl/version'
+require 'thor'
+require 'securerandom'
+require 'shellwords'
+require 'tempfile'
+require 'rubygems/user_interaction'
+require 'openssl'
+# require "pry"
+
+module RailsDevSsl
+  class CLI < Thor
+    @@dir = ''
+    @@config = {}
+
+    desc 'setup [directory]', "creates a new ssl directory (defaults to #{File.join(Dir.pwd, 'ssl')}"
+    def setup(dir = File.join(Dir.pwd, 'ssl'))
+      @@dir = dir
+      Dir.mkdir(@@dir) unless Dir.exist?(@@dir)
+    end
+
+    desc 'display_certificate', 'displays the information in your SSL certificate'
+    def display_certificate
+      raise 'Certificate missing. Have you generated the certificate already?' unless File.exist?(File.join(dir, 'server.crt'))
+
+      `openssl x509 -text -in #{File.join(dir, 'server.crt')} -noout`
+    end
+
+    desc 'generate_certificates', 'generate SSL certificates'
+    option :'pem-file', type: :boolean, default: false
+    def generate_certificates
+      raise "Directory (#{dir}) doesn't exist" unless Dir.exist?(dir)
+
+      begin
+        temp_file = password_file
+        safe_path = Shellwords.escape(temp_file.path)
+        generate_ca(safe_path)
+        generate_crt_and_key(options['pem-file'], safe_path)
+      ensure
+        temp_file.close!
+      end
+    end
+
+    desc 'add_ca_to_keychain', 'add certificate to OS X keychain (requires admin privileges)'
+    def add_ca_to_keychain
+      puts 'Adding rootCA.pem to system keychain'
+      `sudo -p 'sudo password:' security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain #{File.join(dir, 'rootCA.pem')}`
+    end
+
+    # desc 'add_hosts_entry', 'add an entry to /etc/hosts to include the domain set in your certificate'
+    # def add_hosts_entry(hosts_file = '/etc/hosts')
+    #   entries = File.readlines(hosts_file).delete_if { |line| line.start_with?('#') }.map { |line| line.split(/\s/) }
+    #   if entries.include?(['127.0.0.1', config['CN']])
+    #     puts "/etc/hosts already contains an entry for #{config['CN']}"
+    #     return
+    #   end
+    #   new_entry = "127.0.0.1\t#{config['CN']}\n"
+    #   `sudo -p 'sudo password:' sh -c "echo #{new_entry} >> /etc/hosts"`
+    # end
+
+    desc 'generate_config', 'configure certificate information'
+    option :'non-interactive', type: :boolean, default: false
+    def generate_config
+      unless options['non-interactive']
+        country = ask("Enter the country of your organization [#{default_config[:C]}]")
+        state = ask("Enter the state of province of your organization [#{default_config[:ST]}]")
+        city = ask("Enter the city of your organization [#{default_config[:L]}]")
+        org = ask("Enter your organization name [#{default_config[:O]}]")
+        email = ask("Enter your email [#{default_config[:emailAddress]}]")
+        domain = ask("Enter your local SSL domain [#{default_config[:CN]}]")
+        @@config = { C: country, ST: state, L: city, O: org, emailAddress: email, CN: domain }
+      end
+      write_config_file
+    end
+
+    desc 'generate_v3_ext_file', 'generate subject alternative name extension file'
+    def generate_v3_ext_file
+      raise 'server.csr.cnf missing. run rails_dev_ssl generate_config first' unless File.exist?(File.join(dir, 'server.csr.cnf'))
+
+      puts "\n*** generating v3.ext"
+      configs = <<~CONFIG
+        authorityKeyIdentifier=keyid,issuer
+        basicConstraints=CA:FALSE
+        keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+        subjectAltName = @alt_names
+
+        [alt_names]
+        DNS.1 = #{config['CN']}
+      CONFIG
+      File.open(File.join(dir, 'v3.ext'), 'w') { |file| file.write(configs) }
+    end
+
+    private
+
+    def ask(question)
+      puts question
+      $stdin.gets.chomp
+    end
+
+    def config
+      @config ||= if File.exist?(File.join(dir, 'server.csr.cnf'))
+                    OpenSSL::Config.load(File.join(dir, 'server.csr.cnf'))['dn']
+                  else
+                    default_config.merge(@@config.delete_if { |_k, v| v == '' })
+      end
+    end
+
+    def default_config
+      {
+        C: 'US',
+        ST: 'California',
+        L: 'San Francisco',
+        O: 'My Organization',
+        emailAddress: 'rails-dev-ssl-user@example.com',
+        CN: 'localhost.ssl'
+      }
+    end
+
+    def dir
+      # TODO: read this from an environment variable
+      setup if @@dir == ''
+      @@dir
+    end
+
+    def generate_ca(password_file_path)
+      puts "\n*** generating rootCA.key"
+      `openssl genrsa -des3 -out #{File.join(dir, 'rootCA.key')} -passout file:#{password_file_path} 2048` unless File.exist?(File.join(dir, 'rootCA.key'))
+
+      puts "\n*** generating rootCA.pem"
+      `openssl req -x509 -new -nodes -key #{File.join(dir, 'rootCA.key')} -sha256 -days 1024 -out #{File.join(dir, 'rootCA.pem')} -passin file:#{password_file_path} -config #{File.join(dir, 'server.csr.cnf')}` unless File.exist?(File.join(dir, 'rootCA.pem'))
+    end
+
+    def generate_crt_and_key(_pem_file = false, password_file_path)
+      puts "\n*** generating server.key"
+      `openssl req -new -sha256 -nodes -out #{File.join(dir, 'server.csr')} -newkey rsa:2048 -keyout #{File.join(dir, 'server.key')} -config #{File.join(dir, 'server.csr.cnf')} -passin file:#{password_file_path}`
+
+      generate_v3_ext_file unless File.exist?(File.join(dir, 'v3.ext'))
+
+      puts "\n*** generating server.crt"
+      `openssl x509 -req -in #{File.join(dir, 'server.csr')} -CA #{File.join(dir, 'rootCA.pem')} -CAkey #{File.join(dir, 'rootCA.key')} -CAcreateserial -out #{File.join(dir, 'server.crt')} -days 500 -sha256 -extfile #{File.join(dir, 'v3.ext')} -passin file:#{password_file_path}`
+      # remove intermediary file
+      File.delete(File.join(dir, 'server.csr'))
+    end
+
+    def password_file(password = temp_password)
+      file = Tempfile.new('some_file')
+      file.write(password)
+      file.close
+      file
+    end
+
+    def temp_password
+      # We don't really care what the password is since this is only used on localhost
+      @temp_password ||= SecureRandom.hex(64)
+    end
+
+    def write_config_file
+      puts "\n*** Writing server.csr.cnf"
+      config_options = <<~CONFIG
+        [req]
+        default_bits = 2048
+        prompt = no
+        default_md = sha256
+        distinguished_name = dn
+
+        [dn]
+        C=#{config[:C]}
+        ST=#{config[:ST]}
+        L=#{config[:L]}
+        O=#{config[:O]}
+        OU=Test Domain
+        emailAddress=#{config[:emailAddress]}
+        CN=#{config[:CN]}
+      CONFIG
+      File.open(File.join(dir, 'server.csr.cnf'), 'w') { |file| file.write(config_options) }
+    end
+  end
+
+  class Error < StandardError; end
+end

data/lib/rails_dev_ssl/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module RailsDevSsl
+  VERSION = '0.1.0'
+end

data/rails_dev_ssl.gemspec

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rails_dev_ssl/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'rails_dev_ssl'
+  spec.version       = RailsDevSsl::VERSION
+  spec.authors       = ['Bart Agapinan']
+  spec.email         = ['bart@sonic.net']
+
+  spec.summary       = 'Use SSL for rails development'
+  spec.description   = 'Generate SSL certificates for your rails development environment'
+  spec.homepage      = 'https://github.com/viamin/rails_dev_ssl'
+  spec.license       = 'MIT'
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['homepage_uri'] = spec.homepage
+    spec.metadata['source_code_uri'] = 'https://github.com/viamin/rails_dev_ssl'
+    spec.metadata['changelog_uri'] = 'https://github.com/viamin/rails_dev_ssl/blob/master/CHANGELOG.md'
+  else
+    raise 'RubyGems 2.0 or newer is required to protect against ' \
+      'public gem pushes.'
+  end
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'thor', '~> 0.20.3'
+
+  spec.add_development_dependency 'bundler', '~> 1.17'
+  spec.add_development_dependency 'pry', '~> 0.12.2'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: rails_dev_ssl
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Bart Agapinan
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-12-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.20.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.20.3
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.12.2
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Generate SSL certificates for your rails development environment
+email:
+- bart@sonic.net
+executables:
+- rails_dev_ssl
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/rails_dev_ssl
+- lib/rails_dev_ssl.rb
+- lib/rails_dev_ssl/version.rb
+- rails_dev_ssl.gemspec
+homepage: https://github.com/viamin/rails_dev_ssl
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/viamin/rails_dev_ssl
+  source_code_uri: https://github.com/viamin/rails_dev_ssl
+  changelog_uri: https://github.com/viamin/rails_dev_ssl/blob/master/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Use SSL for rails development
+test_files: []