ssltool 0.0.6 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/console +4 -2
- data/bin/ssltool-filter-certs +1 -1
- data/lib/ssltool/certificate.rb +1 -1
- data/lib/ssltool/chain_resolution.rb +2 -2
- data/lib/ssltool/key_helper.rb +19 -1
- data/lib/ssltool/pem_scanner.rb +13 -0
- metadata +1 -1
data/bin/console
CHANGED
|
@@ -6,8 +6,10 @@ require "yaml"
|
|
|
6
6
|
|
|
7
7
|
require_relative "../lib/ssltool/certificate_store"
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
|
|
9
|
+
include SSLTool
|
|
10
|
+
|
|
11
|
+
$all = Certificate.scan(IO.read("var/all-the-certs.pem")) rescue []
|
|
12
|
+
$store = CertificateStore.new("file://#{File.dirname(__FILE__)}/../var/pools")
|
|
11
13
|
$trusted = $store.trusted_pool
|
|
12
14
|
$pool = $store.intermediate_pool
|
|
13
15
|
$excluded = $store.excluded_pool
|
data/bin/ssltool-filter-certs
CHANGED
data/lib/ssltool/certificate.rb
CHANGED
|
@@ -17,9 +17,9 @@ module SSLTool
|
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def initialize(original_chain, certificate_store)
|
|
20
|
-
@original_chain = original_chain.
|
|
20
|
+
@original_chain = original_chain.uniq.freeze
|
|
21
21
|
@certificate_store = certificate_store
|
|
22
|
-
@domain_certs, @other_certs = original_chain.partition(&:for_domain_name?)
|
|
22
|
+
@domain_certs, @other_certs = @original_chain.partition(&:for_domain_name?)
|
|
23
23
|
@original_chain.empty? and raise ZeroCertsChainResolutionError
|
|
24
24
|
case @domain_certs.length
|
|
25
25
|
when 1; # pass
|
data/lib/ssltool/key_helper.rb
CHANGED
|
@@ -4,10 +4,21 @@ require_relative 'pem_scanner'
|
|
|
4
4
|
|
|
5
5
|
module SSLTool
|
|
6
6
|
module KeyHelper
|
|
7
|
+
|
|
8
|
+
class KeyNotPresentError < ArgumentError; end
|
|
9
|
+
|
|
10
|
+
class KeyNotFoundError < StandardError
|
|
11
|
+
attr_reader :cert, :keys
|
|
12
|
+
def initialize(cert, keys)
|
|
13
|
+
@cert, @keys = cert, keys
|
|
14
|
+
super("None of the given #{keys.length} keys match the certificate #{cert.subject}.")
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
7
18
|
extend self
|
|
8
19
|
|
|
9
20
|
def scan(s)
|
|
10
|
-
|
|
21
|
+
PEMScanner.keys_from(s)
|
|
11
22
|
end
|
|
12
23
|
|
|
13
24
|
def keys(*pems)
|
|
@@ -18,5 +29,12 @@ module SSLTool
|
|
|
18
29
|
keys.find { |key| cert.check_private_key(key) }
|
|
19
30
|
end
|
|
20
31
|
|
|
32
|
+
def find_private_key_for_certificate!(cert, keys)
|
|
33
|
+
raise KeyNotPresentError if keys.empty?
|
|
34
|
+
key = find_private_key_for_certificate(cert, keys)
|
|
35
|
+
return key if key
|
|
36
|
+
raise KeyNotFoundError.new(cert, keys)
|
|
37
|
+
end
|
|
38
|
+
|
|
21
39
|
end
|
|
22
40
|
end
|
data/lib/ssltool/pem_scanner.rb
CHANGED
|
@@ -10,6 +10,19 @@ module SSLTool
|
|
|
10
10
|
-----END.*?-----
|
|
11
11
|
)/x
|
|
12
12
|
|
|
13
|
+
class << self
|
|
14
|
+
alias_method :[], :new
|
|
15
|
+
alias_method :scan, :new
|
|
16
|
+
|
|
17
|
+
def keys_from(s)
|
|
18
|
+
scan(s).keys
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def certs_from(s)
|
|
22
|
+
scan(s).certs
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
13
26
|
def initialize(s)
|
|
14
27
|
s = s.dup.force_encoding('BINARY').gsub(/\r\n?/, "\n").gsub(/\s+\n/, "\n")
|
|
15
28
|
@pem_strings, @garbage_strings = s.split(RX_PEM_BLOCK).map(&:strip).reject(&:empty?).partition { |s| s =~ RX_PEM_BLOCK }
|