RubyGems - ruby_scep - Versions diffs - 0.1.0 → 0.2.0 - Mend

ruby_scep 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/example_server/application.rb +3 -1
data/lib/ruby_scep/pki_message.rb +13 -6
data/lib/ruby_scep/pki_operation.rb +6 -3
data/lib/ruby_scep/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 21d583fad0aab1365951300aaa682ada282a3e89
-  data.tar.gz: b67e773f8d760d5edeef761007f6eac24ceb2bec
+  metadata.gz: e56f6b4dabd8c397c018cff11445b01131357cd9
+  data.tar.gz: 0755147776bfb23f488df0fa74a42edaf653cdd1
 SHA512:
-  metadata.gz: 40ab20bc9faf28782f58e726fb3cd9836afd431714aa1de335b95849506f168cb76e235ca1bd5391f95b8278fc7382d2cb57c869186bd516444a55330ff44728
-  data.tar.gz: 768b1540be23d55cc95bd2c7dbd44e896a44e1642254b9068343b3e4b2944ec26bc55a57e3ae2a264c2573b45310260b8759bc85a52c5d6610c52ab0c1a601cf
+  metadata.gz: a1a3200871284c45cb92a1758b5f45557cbda828115df9f7e6fee4f7414c99a3c877b4a3e4312e46f853e251d0801a0fcbfe383d31b7c036103c96c4ea344da8
+  data.tar.gz: d6221c48fab32c5481ad2df14cc487119ca37e88f43fb24b0487fa39cb8ef0fcc2776e76bb07f05f7e2ebfb8f2c406206ebb5df8ac3f98b39d4468162c22f588

data/example_server/application.rb CHANGED Viewed

@@ -34,7 +34,9 @@ post '/scep' do
   p 'post scep'
   if params['operation'] == 'PKIOperation'
     content_type 'application/x-pki-message'
-    RubyScep::PkiOperation.build_response(request.body.read)
+    pki_message = RubyScep::PkiOperation.build_response(request.body.read)
+    # pki_message.device_certificate is now available and ready to be persisted for later use
+    pki_message.enrollment_response
   else
     'Invalid Action'
   end

data/lib/ruby_scep/pki_message.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module RubyScep
     SCEP_PKI_STATUSES = { 'SUCCESS' => 0, 'FAILURE' => 2, 'PENDING' => 3 }
     SCEP_FAIL_INFOS = { 'badAlg' => 0, 'badMessageCheck' => 1, 'badRequest' => 2, 'badTime' => 3, 'badCertId' => 4 }
-    attr_accessor :p7
+    attr_accessor :p7, :device_certificate, :enrollment_response
     def initialize(asn1, p7)
       signed_attributes = retrieve_signed_attributes(asn1)
@@ -58,10 +58,11 @@ module RubyScep
     #     c. signed (unencrypted) data (aka 2. enveloped data)
     #     d. ca certificate
     #     e. digital signature
-    def build_enrollment_response(csr)
-      degenerate_sequence = build_degenerate_sequence(csr)
+    def build_enrollment_response!(csr)
+      generate_device_certificate!(csr)
+      degenerate_sequence = build_degenerate_sequence
       enveloped_data_sequence = build_enveloped_data_sequence(degenerate_sequence)
-      build_signed_data_sequence(enveloped_data_sequence)
+      @enrollment_response = build_signed_data_sequence(enveloped_data_sequence)
     end
     private
@@ -74,10 +75,16 @@ module RubyScep
       end
     end
-    def build_degenerate_sequence(csr)
+    # Generates and sets the certificate the device will use to identify itself to the MDM server.
+    # The certificate will be embedded in the PKIMessage response to complete the SCEP process.
+    def generate_device_certificate!(csr)
       certificate = CertificateBuilder.build(csr)
       certificate.sign(RubyScep.configuration.ca_key, OpenSSL::Digest::SHA1.new)
-      PkiMessage::Degenerate.new(certificate).to_der
+      @device_certificate = certificate
+    end
+    def build_degenerate_sequence
+      PkiMessage::Degenerate.new(@device_certificate).to_der
     end
     def build_enveloped_data_sequence(degenerate_sequence)

data/lib/ruby_scep/pki_operation.rb CHANGED Viewed

@@ -3,12 +3,15 @@ module RubyScep
   class PkiOperation
     class << self
       # @param raw_csr [String] The binary encoded CSR
-      # @return DER-encoded [String], PkiMessage represented in an OpenSSL::ASN1 structure containing the
-      #   device's MDM certificate to be installed
+      # @return pki_message [PkiMessage], PkiMessage with the following attributes set:
+      #   @enrollment_response: represented in an OpenSSL::ASN1 structure containing the
+      #     device's MDM certificate to be installed
+      #   @device_certificate: the certificate the device will use to identify itself to the MDM server
       def build_response(raw_csr)
         pki_message = parse_pki_message(raw_csr)
         csr = decrypt_pki_envelope(pki_message)
-        pki_message.build_enrollment_response(csr)
+        pki_message.build_enrollment_response!(csr)
+        pki_message
       end
       private

data/lib/ruby_scep/version.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module RubyScep
   module Version
-    STRING = '0.1.0'
+    STRING = '0.2.0'
     module_function

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby_scep
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Christophe Valentin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-09-06 00:00:00.000000000 Z
+date: 2017-09-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec