trocla 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6a30592b5fe0cb877e7020fb82130f82f268092f
-  data.tar.gz: 66ffb4cc0e40748893b4d5252bae9dbc0ab5ef92
+  metadata.gz: 2e1b4a70e3f5d9a045b4c945df80608031e28494
+  data.tar.gz: 00399faf99af08b4b59692436ce47393c92f965e
 SHA512:
-  metadata.gz: fd70d9212f4e9c3edf09fd8fcc18b21cb5be10cb1bcd0a0425619d09e9d26102d86fc6a3b298cf53039396f476dc14fd1de28fe52db7285020e4f38bc3fb8717
-  data.tar.gz: 264bbb90b3ee22407c239633d2fe949e9634aab726c13cf10c2b79346ad91add53f6f98f7a8a608b98881e7d4e5d1807a6c1ce3533e65060fddef15b2d35a9ec
+  metadata.gz: e49851f86f6cef4a4bb949395cfccf7dd51a607c5a244f6a5cdb34df73102cb56f20046c9bb9fd78e972ae75d616564d47cad7164ce49a35303b895e6d4f4844
+  data.tar.gz: 2479cafecbaa81311a1fdba714dc4b176cd8d0962a854ef0779e9ac435a2014ebdfcf1c8bb18df1befefe6ba1e39f26d036e62840a70682e918f31d4d336f342

data/CHANGELOG.md

@@ -0,0 +1,57 @@
+# Changelog
+
+## to 0.2.2
+
+1. Bugfix to render output correctly also on an already existing set
+1. Fix tests not working around midnight, due to timezone differences
+
+## to 0.2.1
+
+1. New Feature: Introduce a way to render specific formats, mainly this allows you to control the output of a specific format. See the x509 format for more information.
+
+## to 0.2.0
+
+1. New feature profiles: Introduce profiles to make it easy to have a default set of properties. See the profiles section for more information.
+1. New feature expiration: Make it possible that keys can have an expiration. See the expiration section for more information.
+1. Increase default password length to 16.
+1. Add a console safe password charset. It should provide a subset of chars that are easier to type on a physical keyboard.
+1. Fix a bug with encryptions while deleting all formats.
+1. Introduce pluggable stores, so in the future we are able to talk to different backends and not only moneta. For testing and inspiration a simple in memory storage backend was added.
+1. CHANGE: moneta's configuration for `adapter` & `adapter_options` now live under store_options in the configuration file. Till 0.3.0 old configuration entries will still be accepted.
+1. CHANGE: ssl_options is now known as encryption_options. Till 0.3.0 old configuration entries will still be accepted.
+1. Improve randomness when creating a serial number.
+1. Add a new charset: hexadecimal
+1. Add support for name constraints within the x509 format
+1. Clarify documentation of the set action, as well as introduce `--no-format` for the set action.
+
+## to 0.1.3
+
+1. CHANGE: Self signed certificates are no longer CAs by default, actually they have never been due to a bug. If you want that a certificate is also a CA, you *must* pass `become_ca: true` to the options hash. But this makes it actually possible, that you can even have certificate chains. Thanks for initial hint to [Adrien Bréfort](https://github.com/abrefort)
+1. Default keysize is now 4096
+1. SECURITY: Do not increment serial, rather choose a random one.
+1. Fixing setting of altnames, was not possible due to bug, till now.
+1. Add extended tests for the x509 format, that describe all the internal specialities and should give an idea how it can be used.
+1. Add cli option to list all formats
+
+## to 0.1.1
+
+1. fix storing data longer that public Keysize -11. Thanks [Timo Goebel](https://github.com/timogoebel)
+1. add a numeric only charset. Thanks [Jonas Genannt](https://github.com/hggh)
+1. fix reading key expire time. Thanks [asquelt](https://github.com/asquelt)
+
+## to 0.1.0
+
+1. Supporting encryption of the backends. Many thanks to Thomas Gelf
+1. Adding a windows safe password charset
+
+## to 0.0.12
+
+1. change from sha1 signature for the x509 format to sha2
+1. Fix an issue where shellsafe characters might have already been initialized with shell-unsafe characters. Plz review any shell-safe character passwords regarding this problem. See the [fix](https://github.com/duritong/trocla/pull/19) for more information. Thanks [asquelt](https://github.com/asquelt) for the fix.
+
+## to 0.0.8
+
+1. be sure to update as well the moneta gem, trocla now uses the official moneta releases and supports current avaiable versions.
+1. Options for moneta's backends have changed. For example, if you are using the yaml-backend you will likely need to change the adapter option `:path:` to `:file:` to match moneta's new API.
+1. **IMPORTANT:** If you are using the yaml backend you need to migrate the current data *before* using the new trocla version! You can migrate the datastore by using the following two sed commands: `sed -i 's/^\s\{3\}/ /' /PATH/TO/trocla_data.yaml` && `sed -i '/^\s\{2\}value\:/d' /PATH/TO/trocla_data.yaml`.
+1. **SECURITY:** Previous versions of trocla used quite a simple random generator. Especially in combination with the puppet `fqdn_rand` function, you likely have very predictable random passwords and I recommend you to regenerate all randomly generated passwords! Now!

data/README.md

@@ -308,60 +308,10 @@ encryption_options:
 
 ## Update & Changes
 
-### to 0.2.1
-
-1. New Feature: Introduce a way to render specific formats, mainly this allows you to control the output of a specific format. See the x509 format for more information.
-
-### to 0.2.0
-
-1. New feature profiles: Introduce profiles to make it easy to have a default set of properties. See the profiles section for more information.
-1. New feature expiration: Make it possible that keys can have an expiration. See the expiration section for more information.
-1. Increase default password length to 16.
-1. Add a console safe password charset. It should provide a subset of chars that are easier to type on a physical keyboard.
-1. Fix a bug with encryptions while deleting all formats.
-1. Introduce pluggable stores, so in the future we are able to talk to different backends and not only moneta. For testing and inspiration a simple in memory storage backend was added.
-1. CHANGE: moneta's configuration for `adapter` & `adapter_options` now live under store_options in the configuration file. Till 0.3.0 old configuration entries will still be accepted.
-1. CHANGE: ssl_options is now known as encryption_options. Till 0.3.0 old configuration entries will still be accepted.
-1. Improve randomness when creating a serial number.
-1. Add a new charset: hexadecimal
-1. Add support for name constraints within the x509 format
-1. Clarify documentation of the set action, as well as introduce `--no-format` for the set action.
-
-### to 0.1.3
-
-1. CHANGE: Self signed certificates are no longer CAs by default, actually they have never been due to a bug. If you want that a certificate is also a CA, you *must* pass `become_ca: true` to the options hash. But this makes it actually possible, that you can even have certificate chains. Thanks for initial hint to [Adrien Bréfort](https://github.com/abrefort)
-1. Default keysize is now 4096
-1. SECURITY: Do not increment serial, rather choose a random one.
-1. Fixing setting of altnames, was not possible due to bug, till now.
-1. Add extended tests for the x509 format, that describe all the internal specialities and should give an idea how it can be used.
-1. Add cli option to list all formats
-
-### to 0.1.1
-
-1. fix storing data longer that public Keysize -11. Thanks [Timo Goebel](https://github.com/timogoebel)
-1. add a numeric only charset. Thanks [Jonas Genannt](https://github.com/hggh)
-1. fix reading key expire time. Thanks [asquelt](https://github.com/asquelt)
-
-### to 0.1.0
-
-1. Supporting encryption of the backends. Many thanks to Thomas Gelf
-1. Adding a windows safe password charset
-
-### to 0.0.12
-
-1. change from sha1 signature for the x509 format to sha2
-1. Fix an issue where shellsafe characters might have already been initialized with shell-unsafe characters. Plz review any shell-safe character passwords regarding this problem. See the [fix](https://github.com/duritong/trocla/pull/19) for more information. Thanks [asquelt](https://github.com/asquelt) for the fix.
-
-### to 0.0.8
-
-1. be sure to update as well the moneta gem, trocla now uses the official moneta releases and supports current avaiable versions.
-1. Options for moneta's backends have changed. For example, if you are using the yaml-backend you will likely need to change the adapter option `:path:` to `:file:` to match moneta's new API.
-1. **IMPORTANT:** If you are using the yaml backend you need to migrate the current data *before* using the new trocla version! You can migrate the datastore by using the following two sed commands: `sed -i 's/^\s\{3\}/ /' /PATH/TO/trocla_data.yaml` && `sed -i '/^\s\{2\}value\:/d' /PATH/TO/trocla_data.yaml`.
-1. **SECURITY:** Previous versions of trocla used quite a simple random generator. Especially in combination with the puppet `fqdn_rand` function, you likely have very predictable random passwords and I recommend you to regenerate all randomly generated passwords! Now!
-1. We now support reading passwords from files, which means that you can now also easily add multi-line passwords. Have a look at the documentation above.
+See [Changelog](CHANGELOG.md)
 
 ## Contributing to trocla
- 
+
 * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
 * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
 * Fork the project

data/ext/redhat/rubygem-trocla.spec

@@ -2,7 +2,7 @@
 %global gem_name trocla
 
 Name: rubygem-%{gem_name}
-Version: 0.2.0
+Version: 0.2.1
 Release: 1%{?dist}
 Summary: Trocla a simple password generator and storage
 Group: Development/Languages
@@ -15,7 +15,9 @@ Requires: rubygem-highline
 BuildRequires: rubygem-moneta = 0.7.20
 BuildRequires: rubygem-bcrypt
 BuildRequires: rubygem-highline
+%if 0%{?rhel} >= 7
 BuildRequires: ruby(release)
+%endif
 BuildRequires: rubygems-devel
 BuildRequires: ruby
 # BuildRequires: rubygem(mocha)
@@ -89,6 +91,7 @@ popd
 %{gem_instdir}/.rspec
 %exclude %{gem_instdir}/.travis.yml
 %exclude %{gem_instdir}/.rspec
+%exclude %{gem_instdir}/ext/redhat/%{name}.spec
 %license %{gem_instdir}/LICENSE.txt
 %{gem_instdir}/bin
 %{gem_libdir}
@@ -103,6 +106,7 @@ popd
 %doc %{gem_instdir}/.document
 %{gem_instdir}/Gemfile
 %doc %{gem_instdir}/README.md
+%doc %{gem_instdir}/CHANGELOG.md
 %{gem_instdir}/Rakefile
 %{gem_instdir}/spec
 %{gem_instdir}/trocla.gemspec

data/lib/VERSION

@@ -1,4 +1,4 @@
 major:0
 minor:2
-patch:1
+patch:2
 build:

data/lib/trocla.rb

@@ -24,11 +24,11 @@ class Trocla
 
     raise "Format #{format} is not supported! Supported formats: #{Trocla::Formats.all.join(', ')}" unless Trocla::Formats::available?(format)
 
-    unless (password=get_password(key,format)).nil?
+    unless (password=get_password(key,format,options)).nil?
       return password
     end
 
-    plain_pwd = get_password(key,'plain')
+    plain_pwd = get_password(key,'plain',options)
     if options['random'] && plain_pwd.nil?
       plain_pwd = Trocla::Util.random_str(options['length'].to_i,options['charset'])
       set_password(key,'plain',plain_pwd,options) unless format == 'plain'

data/spec/trocla/formats/x509_spec.rb

@@ -42,7 +42,7 @@ describe "Trocla::Format::X509" do
       # default size
       # https://stackoverflow.com/questions/13747212/determine-key-size-from-public-key-pem-format
       expect(cert.public_key.n.num_bytes * 8).to eq(4096)
-      expect((Date.parse(cert.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       # it's a self signed cert and NOT a CA
       expect(verify(cert,cert)).to be false
 
@@ -60,7 +60,7 @@ describe "Trocla::Format::X509" do
       ca = OpenSSL::X509::Certificate.new(ca_str)
       # selfsigned?
       expect(ca.issuer.to_s).to eq(ca.subject.to_s)
-      expect((Date.parse(ca.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(ca.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       expect(verify(ca,ca)).to be true
 
       v = ca.extensions.find{|e| e.oid == 'basicConstraints' }.value
@@ -80,7 +80,7 @@ describe "Trocla::Format::X509" do
       cert_str = @trocla.password('mycert', 'x509', cert_options)
       cert = OpenSSL::X509::Certificate.new(cert_str)
       expect(cert.issuer.to_s).to eq(@ca.subject.to_s)
-      expect((Date.parse(cert.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       expect(verify(@ca,cert)).to be true
 
       v = cert.extensions.find{|e| e.oid == 'basicConstraints' }.value
@@ -100,6 +100,14 @@ describe "Trocla::Format::X509" do
       expect(cert_str).to match(/-----BEGIN CERTIFICATE-----/)
       expect(cert_str).not_to match(/-----BEGIN RSA PRIVATE KEY-----/)
     end
+    it 'supports fetching only the cert even a second time' do
+      cert_str = @trocla.password('mycert', 'x509', cert_options.merge('render' => {'certonly' => true }))
+      expect(cert_str).to match(/-----BEGIN CERTIFICATE-----/)
+      expect(cert_str).not_to match(/-----BEGIN RSA PRIVATE KEY-----/)
+      cert_str = @trocla.password('mycert', 'x509', cert_options.merge('render' => {'certonly' => true }))
+      expect(cert_str).to match(/-----BEGIN CERTIFICATE-----/)
+      expect(cert_str).not_to match(/-----BEGIN RSA PRIVATE KEY-----/)
+    end
 
     it 'does not simply increment the serial' do
       cert_str = @trocla.password('mycert', 'x509', cert_options)
@@ -118,7 +126,7 @@ describe "Trocla::Format::X509" do
       }))
       cert = OpenSSL::X509::Certificate.new(cert_str)
       expect(cert.issuer.to_s).to eq(@ca.subject.to_s)
-      expect((Date.parse(cert.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       expect(verify(@ca,cert)).to be true
 
       expect(cert.extensions.find{|e| e.oid == 'basicConstraints' }.value).to eq('CA:TRUE')
@@ -134,7 +142,7 @@ describe "Trocla::Format::X509" do
       }))
       ca2 = OpenSSL::X509::Certificate.new(ca2_str)
       expect(ca2.issuer.to_s).to eq(@ca.subject.to_s)
-      expect((Date.parse(ca2.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(ca2.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       pending_for(:engine => 'jruby',:reason => 'NameConstraints verification seem to be broken in jRuby: https://github.com/jruby/jruby/issues/3502') do
         expect(verify(@ca,ca2)).to be true
       end
@@ -154,7 +162,7 @@ describe "Trocla::Format::X509" do
       valid_cert = OpenSSL::X509::Certificate.new(valid_cert_str)
       expect(valid_cert.issuer.to_s).to eq(ca2.subject.to_s)
       expect(verify([@ca,ca2],valid_cert)).to be true
-      expect((Date.parse(valid_cert.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(valid_cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
 
       false_cert_str = @trocla.password('myfalseexamplecert','x509', {
         'subject'  => '/C=ZZ/O=Trocla Inc./CN=foo.example.net/emailAddress=example@example.com',
@@ -164,7 +172,7 @@ describe "Trocla::Format::X509" do
       false_cert = OpenSSL::X509::Certificate.new(false_cert_str)
       expect(false_cert.issuer.to_s).to eq(ca2.subject.to_s)
       expect(verify([@ca,ca2],false_cert)).to be false
-      expect((Date.parse(false_cert.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(false_cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
     end
 
     it 'supports simple name constraints for CAs with leading dots' do
@@ -174,7 +182,7 @@ describe "Trocla::Format::X509" do
       }))
       ca2 = OpenSSL::X509::Certificate.new(ca2_str)
       expect(ca2.issuer.to_s).to eq(@ca.subject.to_s)
-      expect((Date.parse(ca2.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(ca2.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       pending_for(:engine => 'jruby',:reason => 'NameConstraints verification seem to be broken in jRuby: https://github.com/jruby/jruby/issues/3502') do
         expect(verify(@ca,ca2)).to be true
       end
@@ -191,7 +199,7 @@ describe "Trocla::Format::X509" do
       })
       valid_cert = OpenSSL::X509::Certificate.new(valid_cert_str)
       expect(valid_cert.issuer.to_s).to eq(ca2.subject.to_s)
-      expect((Date.parse(valid_cert.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(valid_cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       # workaround broken openssl
       if %x{openssl version} =~ /1\.0\.[2-9]/
         expect(verify([@ca,ca2],valid_cert)).to be true
@@ -207,7 +215,7 @@ describe "Trocla::Format::X509" do
       })
       false_cert = OpenSSL::X509::Certificate.new(false_cert_str)
       expect(false_cert.issuer.to_s).to eq(ca2.subject.to_s)
-      expect((Date.parse(false_cert.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(false_cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       expect(verify([@ca,ca2],false_cert)).to be false
     end
 
@@ -217,7 +225,7 @@ describe "Trocla::Format::X509" do
       }))
       ca2 = OpenSSL::X509::Certificate.new(ca2_str)
       expect(ca2.issuer.to_s).to eq(@ca.subject.to_s)
-      expect((Date.parse(ca2.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(ca2.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       expect(verify(@ca,ca2)).to be true
 
       cert2_str = @trocla.password('mycert', 'x509', {
@@ -227,7 +235,7 @@ describe "Trocla::Format::X509" do
       })
       cert2 = OpenSSL::X509::Certificate.new(cert2_str)
       expect(cert2.issuer.to_s).to eq(ca2.subject.to_s)
-      expect((Date.parse(cert2.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(cert2.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       skip_for(:engine => 'jruby',:reason => 'Chained CA validation seems to be broken on jruby atm.') do
         expect(verify([@ca,ca2],cert2)).to be true
       end
@@ -258,7 +266,7 @@ describe "Trocla::Format::X509" do
       hash_match = (defined?(RUBY_ENGINE) &&RUBY_ENGINE == 'jruby') ? 'RSA-SHA1' : 'sha1WithRSAEncryption'
       expect(cert.signature_algorithm).to eq(hash_match)
       expect(cert.not_before).to be < Time.now
-      expect((Date.parse(cert.not_after.to_s) - Date.today).to_i).to eq(3650)
+      expect((Date.parse(cert.not_after.localtime.to_s) - Date.today).to_i).to eq(3650)
       # https://stackoverflow.com/questions/13747212/determine-key-size-from-public-key-pem-format
       expect(cert.public_key.n.num_bytes * 8).to eq(2048)
       expect(verify(@ca,cert)).to be true
@@ -278,7 +286,7 @@ describe "Trocla::Format::X509" do
       cert_str = @trocla.password('mycert', 'x509', co)
       cert = OpenSSL::X509::Certificate.new(cert_str)
       expect(cert.issuer.to_s).to eq(@ca.subject.to_s)
-      expect((Date.parse(cert.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       expect(verify(@ca,cert)).to be true
       expect(cert.extensions.find{|e| e.oid == 'subjectAltName' }).to be_nil
     end
@@ -299,7 +307,7 @@ describe "Trocla::Format::X509" do
         expect(cert.subject.to_s).not_to match(/#{field}=#{co[field]}/)
       end
       expect(cert.subject.to_s).not_to match(/(Email|emailAddress)=#{co['emailAddress']}/)
-      expect((Date.parse(cert.not_after.to_s) - Date.today).to_i).to eq(365)
+      expect((Date.parse(cert.not_after.localtime.to_s) - Date.today).to_i).to eq(365)
       expect(verify(@ca,cert)).to be true
     end
   end

data/trocla.gemspec

@@ -2,11 +2,11 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: trocla 0.2.1 ruby lib
+# stub: trocla 0.2.2 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "trocla"
-  s.version = "0.2.1"
+  s.version = "0.2.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
@@ -23,6 +23,7 @@ Gem::Specification.new do |s|
     ".document",
     ".rspec",
     ".travis.yml",
+    "CHANGELOG.md",
     "Gemfile",
     "LICENSE.txt",
     "README.md",

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: trocla
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - mh
@@ -121,6 +121,7 @@ files:
 - ".document"
 - ".rspec"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md