sus-fixtures-openssl 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 36794229edbdabba437a99a67421f8f986bb6492000697855047556b26bc400e
+  data.tar.gz: e8af0f9ca4310e18780457220b11ad5618b9d898de6680bd48efcdca9aa9ef45
+SHA512:
+  metadata.gz: 543d9dcdc89a4ce34788a6d3db553957382dd4b1c48b759379d8176025af57d7e0a8e4fbfc8ef4b6e8da2b3a5dc2c23d7a870781f5270a855bc417111109e2c0
+  data.tar.gz: ccb5dd75795f33098acc61115ff99487184b69d3f44e4bd2226f38bff28fbd4030acf4519c1f291ae770d9b8764da0e1c908a35af26eb77a7f8f92f73b0f70d8

data/lib/sus/fixtures/openssl/certificate_authority_context.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2023, by Samuel Williams.
+
+require 'openssl'
+
+module Sus
+	module Fixtures
+		module OpenSSL
+			module CertificateAuthorityContext
+				# This key size is generally considered insecure, but it's fine for testing.
+				def certificate_authority_key
+					@certificate_authority_key ||= ::OpenSSL::PKey::RSA.new(2048)
+				end
+				
+				def certificate_authority_name
+					@certificate_authority_name ||= ::OpenSSL::X509::Name.parse("O=TestCA/CN=localhost")
+				end
+				
+				# The certificate authority is used for signing and validating the certificate which is used for communciation:
+				def certificate_authority_certificate
+					@certificate_authority_certificate ||= ::OpenSSL::X509::Certificate.new.tap do |certificate|
+						certificate.subject = certificate_authority_name
+						# We use the same issuer as the subject, which makes this certificate self-signed:
+						certificate.issuer = certificate_authority_name
+						
+						certificate.public_key = certificate_authority_key.public_key
+						
+						certificate.serial = 1
+						certificate.version = 2
+						
+						certificate.not_before = Time.now
+						certificate.not_after = Time.now + 3600
+						
+						extension_factory = ::OpenSSL::X509::ExtensionFactory.new
+						extension_factory.subject_certificate = certificate
+						extension_factory.issuer_certificate = certificate
+						certificate.add_extension extension_factory.create_extension("basicConstraints", "CA:TRUE", true)
+						certificate.add_extension extension_factory.create_extension("keyUsage", "keyCertSign, cRLSign", true)
+						certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
+						certificate.add_extension extension_factory.create_extension("authorityKeyIdentifier", "keyid:always", false)
+						
+						certificate.sign certificate_authority_key, ::OpenSSL::Digest::SHA256.new
+					end
+				end
+				
+				def certificate_store
+					@certificate_store ||= ::OpenSSL::X509::Store.new.tap do |certificates|
+						certificates.add_cert(certificate_authority_certificate)
+					end
+				end
+			end
+		end
+	end
+end

data/lib/sus/fixtures/openssl/host_certificates_context.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2023, by Samuel Williams.
+
+require_relative 'certificate_authority_context'
+
+module Sus
+	module Fixtures
+		module OpenSSL
+			module HostCertificatesContext
+				include CertificateAuthorityContext
+			
+				def keys
+					@keys ||= Hash[
+						hosts.collect{|name| [name, ::OpenSSL::PKey::RSA.new(2048)]}
+					]
+				end
+				
+				# The certificate used for actual communication:
+				def certificates
+					@certificates ||= Hash[
+						hosts.collect do |name|
+							certificate_name = ::OpenSSL::X509::Name.parse("O=Test/CN=#{name}")
+							
+							certificate = ::OpenSSL::X509::Certificate.new
+							certificate.subject = certificate_name
+							certificate.issuer = certificate_authority_certificate.subject
+							
+							certificate.public_key = keys[name].public_key
+							
+							certificate.serial = 2
+							certificate.version = 2
+							
+							certificate.not_before = Time.now
+							certificate.not_after = Time.now + 3600
+							
+							extension_factory = ::OpenSSL::X509::ExtensionFactory.new
+							extension_factory.subject_certificate = certificate
+							extension_factory.issuer_certificate = certificate_authority_certificate
+							certificate.add_extension extension_factory.create_extension("keyUsage", "digitalSignature", true)
+							certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
+							
+							certificate.sign certificate_authority_key, ::OpenSSL::Digest::SHA256.new
+							
+							[name, certificate]
+						end
+					]
+				end
+				
+				def server_context
+					@server_context ||= ::OpenSSL::SSL::SSLContext.new.tap do |context|
+						context.servername_cb = Proc.new do |socket, name|
+							if hosts.include? name
+								socket.hostname = name
+								
+								::OpenSSL::SSL::SSLContext.new.tap do |context|
+									context.cert = certificates[name]
+									context.key = keys[name]
+								end
+							end
+						end
+					end
+				end
+				
+				def client_context
+					@client_context ||= ::OpenSSL::SSL::SSLContext.new.tap do |context|
+						context.cert_store = certificate_store
+						context.verify_mode = ::OpenSSL::SSL::VERIFY_PEER
+					end
+				end
+			end
+		end
+	end
+end

data/lib/sus/fixtures/openssl/invalid_certificate_context.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2023, by Samuel Williams.
+
+require_relative 'valid_certificate_context'
+
+module Sus
+	module Fixtures
+		module OpenSSL
+			module InvalidCertificateContext
+				include ValidCertificateContext
+				
+				def invalid_key
+					@invalid_key ||= ::OpenSSL::PKey::RSA.new(2048)
+				end
+				
+				# The certificate used for actual communication:
+				def certificate
+					@certificate ||= ::OpenSSL::X509::Certificate.new.tap do |certificate|
+						certificate.subject = certificate_name
+						certificate.issuer = certificate_authority_certificate.subject
+						
+						certificate.public_key = key.public_key
+						
+						certificate.serial = 2
+						certificate.version = 2
+						
+						# We set the validity period to the past, so the certificate is invalid:
+						certificate.not_before = Time.now - 3600
+						certificate.not_after = Time.now
+						
+						extension_factory = ::OpenSSL::X509::ExtensionFactory.new()
+						extension_factory.subject_certificate = certificate
+						extension_factory.issuer_certificate = certificate_authority_certificate
+						certificate.add_extension extension_factory.create_extension("keyUsage", "digitalSignature", true)
+						certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
+						
+						certificate.sign invalid_key, ::OpenSSL::Digest::SHA256.new
+					end
+				end
+			end
+		end
+	end
+end

data/lib/sus/fixtures/openssl/valid_certificate_context.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2023, by Samuel Williams.
+
+require_relative 'certificate_authority_context'
+
+module Sus
+	module Fixtures
+		module OpenSSL
+			module ValidCertificateContext
+				include CertificateAuthorityContext
+				
+				# The private key to use on the server side:
+				def key
+					@key ||= ::OpenSSL::PKey::RSA.new(2048)
+				end
+				
+				def certificate_name
+					::OpenSSL::X509::Name.parse("O=Test/CN=localhost")
+				end
+				
+				# The certificate used for actual communication:
+				def certificate
+					@certificate ||= ::OpenSSL::X509::Certificate.new.tap do |certificate|
+						certificate.subject = certificate_name
+						certificate.issuer = certificate_authority_certificate.subject
+						
+						certificate.public_key = key.public_key
+						
+						certificate.serial = 2
+						certificate.version = 2
+						
+						# The certificate is valid for one hour:
+						certificate.not_before = Time.now
+						certificate.not_after = Time.now + 3600
+						
+						extension_factory = ::OpenSSL::X509::ExtensionFactory.new()
+						extension_factory.subject_certificate = certificate
+						extension_factory.issuer_certificate = certificate_authority_certificate
+						certificate.add_extension extension_factory.create_extension("keyUsage", "digitalSignature", true)
+						certificate.add_extension extension_factory.create_extension("subjectKeyIdentifier", "hash")
+						
+						certificate.sign certificate_authority_key, ::OpenSSL::Digest::SHA256.new
+					end
+				end
+			end
+		end
+	end
+end

data/lib/sus/fixtures/openssl/verified_certificate_context.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2023, by Samuel Williams.
+
+require_relative 'certificate_authority_context'
+
+module Sus
+	module Fixtures
+		module OpenSSL
+			module VerifiedCertificateContext
+				def server_context
+					::OpenSSL::SSL::SSLContext.new.tap do |context|
+						context.cert = certificate
+						context.key = key
+					end
+				end
+
+				def client_context
+					::OpenSSL::SSL::SSLContext.new.tap do |context|
+						context.cert_store = certificate_store
+						context.verify_mode = ::OpenSSL::SSL::VERIFY_PEER
+					end
+				end
+			end
+		end
+	end
+end

data/lib/sus/fixtures/openssl/version.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2023, by Samuel Williams.
+
+module Sus
+	module Fixtures
+		module OpenSSL
+			VERSION = "0.1.0"
+		end
+	end
+end

data/lib/sus/fixtures/openssl.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2023, by Samuel Williams.
+
+require_relative 'openssl/version'
+
+require_relative 'openssl/certificate_authority_context'
+require_relative 'openssl/host_certificates_context'
+require_relative 'openssl/valid_certificate_context'
+require_relative 'openssl/invalid_certificate_context'
+require_relative 'openssl/verified_certificate_context'

data/license.md

@@ -0,0 +1,21 @@
+# MIT License
+
+Copyright, 2023, by Samuel Williams.  
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/readme.md

@@ -0,0 +1,43 @@
+# Sus::Fixtures::OpenSSL
+
+Provides a convenient fixture for setting up client and server SSL sockets.
+
+[![Development Status](https://github.com/ioquatix/sus-fixtures-openssl/workflows/Test/badge.svg)](https://github.com/ioquatix/sus-fixtures-openssl/actions?workflow=Test)
+
+## Installation
+
+``` bash
+$ bundle add sus-fixtures-openssl
+```
+
+## Usage
+
+``` ruby
+include Sus::Fixtures::OpenSSL::HostCertificatesContext
+
+it 'can create a secure connection' do
+	# Use `server_context` to create a server socket:
+	server_socket = OpenSSL::SSL::SSLSocket.new(socket, server_context)
+	
+	# Use `client_context` to create a client socket:
+	client_socket = OpenSSL::SSL::SSLSocket.new(socket, client_context)
+end
+```
+
+## Contributing
+
+We welcome contributions to this project.
+
+1.  Fork it.
+2.  Create your feature branch (`git checkout -b my-new-feature`).
+3.  Commit your changes (`git commit -am 'Add some feature'`).
+4.  Push to the branch (`git push origin my-new-feature`).
+5.  Create new Pull Request.
+
+### Developer Certificate of Origin
+
+This project uses the [Developer Certificate of Origin](https://developercertificate.org/). All contributors to this project must agree to this document to have their contributions accepted.
+
+### Contributor Covenant
+
+This project is governed by [Contributor Covenant](https://www.contributor-covenant.org/). All contributors and participants agree to abide by its terms.

data.tar.gz.sig

@@ -0,0 +1,2 @@
+%m�U*la�5#6f���\c��"v傯GO賆7�,{ě���
+or�-϶4*�D�9�r��k���f��l����Sz��7�l6����
�
E������:�/.�'���3���y��ۉŃǤ9D�nH�{�,m�t#��ߴ(7HbO�N����ݫ	��w���d�id�P�UT��<�,�

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: sus-fixtures-openssl
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Samuel Williams
+autorequire:
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIE2DCCA0CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBhMRgwFgYDVQQDDA9zYW11
+  ZWwud2lsbGlhbXMxHTAbBgoJkiaJk/IsZAEZFg1vcmlvbnRyYW5zZmVyMRIwEAYK
+  CZImiZPyLGQBGRYCY28xEjAQBgoJkiaJk/IsZAEZFgJuejAeFw0yMjA4MDYwNDUz
+  MjRaFw0zMjA4MDMwNDUzMjRaMGExGDAWBgNVBAMMD3NhbXVlbC53aWxsaWFtczEd
+  MBsGCgmSJomT8ixkARkWDW9yaW9udHJhbnNmZXIxEjAQBgoJkiaJk/IsZAEZFgJj
+  bzESMBAGCgmSJomT8ixkARkWAm56MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
+  igKCAYEAomvSopQXQ24+9DBB6I6jxRI2auu3VVb4nOjmmHq7XWM4u3HL+pni63X2
+  9qZdoq9xt7H+RPbwL28LDpDNflYQXoOhoVhQ37Pjn9YDjl8/4/9xa9+NUpl9XDIW
+  sGkaOY0eqsQm1pEWkHJr3zn/fxoKPZPfaJOglovdxf7dgsHz67Xgd/ka+Wo1YqoE
+  e5AUKRwUuvaUaumAKgPH+4E4oiLXI4T1Ff5Q7xxv6yXvHuYtlMHhYfgNn8iiW8WN
+  XibYXPNP7NtieSQqwR/xM6IRSoyXKuS+ZNGDPUUGk8RoiV/xvVN4LrVm9upSc0ss
+  RZ6qwOQmXCo/lLcDUxJAgG95cPw//sI00tZan75VgsGzSWAOdjQpFM0l4dxvKwHn
+  tUeT3ZsAgt0JnGqNm2Bkz81kG4A2hSyFZTFA8vZGhp+hz+8Q573tAR89y9YJBdYM
+  zp0FM4zwMNEUwgfRzv1tEVVUEXmoFCyhzonUUw4nE4CFu/sE3ffhjKcXcY//qiSW
+  xm4erY3XAgMBAAGjgZowgZcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
+  BBYEFO9t7XWuFf2SKLmuijgqR4sGDlRsMC4GA1UdEQQnMCWBI3NhbXVlbC53aWxs
+  aWFtc0BvcmlvbnRyYW5zZmVyLmNvLm56MC4GA1UdEgQnMCWBI3NhbXVlbC53aWxs
+  aWFtc0BvcmlvbnRyYW5zZmVyLmNvLm56MA0GCSqGSIb3DQEBCwUAA4IBgQB5sxkE
+  cBsSYwK6fYpM+hA5B5yZY2+L0Z+27jF1pWGgbhPH8/FjjBLVn+VFok3CDpRqwXCl
+  xCO40JEkKdznNy2avOMra6PFiQyOE74kCtv7P+Fdc+FhgqI5lMon6tt9rNeXmnW/
+  c1NaMRdxy999hmRGzUSFjozcCwxpy/LwabxtdXwXgSay4mQ32EDjqR1TixS1+smp
+  8C/NCWgpIfzpHGJsjvmH2wAfKtTTqB9CVKLCWEnCHyCaRVuKkrKjqhYCdmMBqCws
+  JkxfQWC+jBVeG9ZtPhQgZpfhvh+6hMhraUYRQ6XGyvBqEUe+yo6DKIT3MtGE2+CP
+  eX9i9ZWBydWb8/rvmwmX2kkcBbX0hZS1rcR593hGc61JR6lvkGYQ2MYskBveyaxt
+  Q2K9NVun/S785AP05vKkXZEFYxqG6EW012U4oLcFl5MySFajYXRYbuUpH6AY+HP8
+  voD0MPg1DssDLKwXyt1eKD/+Fq0bFWhwVM/1XiAXL7lyYUyOq24KHgQ2Csg=
+  -----END CERTIFICATE-----
+date: 2023-08-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+description:
+email:
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/sus/fixtures/openssl.rb
+- lib/sus/fixtures/openssl/certificate_authority_context.rb
+- lib/sus/fixtures/openssl/host_certificates_context.rb
+- lib/sus/fixtures/openssl/invalid_certificate_context.rb
+- lib/sus/fixtures/openssl/valid_certificate_context.rb
+- lib/sus/fixtures/openssl/verified_certificate_context.rb
+- lib/sus/fixtures/openssl/version.rb
+- license.md
+- readme.md
+homepage: https://github.com/ioquatix/sus-fixtures-openssl
+licenses:
+- MIT
+metadata:
+  funding_uri: https://github.com/sponsors/ioquatix/
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key:
+specification_version: 4
+summary: Test fixtures for running with OpenSSL.
+test_files: []