varanus 0.1.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3f1e3b8a3c5d8b1999ab00642afaef76bfa69be3872b9af2ab91af9aa4731bc
-  data.tar.gz: bf2cd9f9449d290133f6a8f21a5c64fb5541d42c6349b0179eaa85af153bf3e9
+  metadata.gz: 72820b52f9184bfc3c35816e39b1c721d0e4eabf6c660b6c4da95d5cdb1bf025
+  data.tar.gz: 3cc5f9ac737e5c375027db08860443b6ece64dac58ad7cf7e515a9f6009e825a
 SHA512:
-  metadata.gz: 6890038fac5dfa28e212cdb119d16ff35bfa5344359df100076ddd533f5226b3b4c00f8302442d24c27ecdd233d9e23991d37ac3ca6400066ff050f168937d2a
-  data.tar.gz: df2e85079624160c161e8d8849c97c0e7287f5e89585dd3a1f9fa2c6fddd100876b72b6fff6e0dc3c028090c7830835c047d8bd22ffbb477c6935ed19d857496
+  metadata.gz: 614b412e36992ee4a7c99f06a26e7e5f3768960200e2d962e8ffd9d0aaf64502dc81643be9c038b151ca44de0dea84a952f8a58b1d67b1379f1cf0806a3fdbd5
+  data.tar.gz: 484a02bacc17c1b26ad7749d10142bf48570a6260b5557267318d25bb3d051ac3a19030f7522ef9684274424d4a7f25d2e863faedf6d64c75932eb1a9fd63af8

data/.gitignore

@@ -6,3 +6,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+/test.rb

data/.rubocop.yml

@@ -1,9 +1,15 @@
 AllCops:
-  TargetRubyVersion: 2.3
+  NewCops: disable
+  TargetRubyVersion: 2.5
 
 Bundler/OrderedGems:
   AutoCorrect: false
 
+Layout/LineLength:
+  Max: 90
+  Exclude:
+    - 'test/**/*'
+
 Metrics/AbcSize:
   Max: 25
   Exclude:
@@ -14,11 +20,6 @@ Metrics/ClassLength:
   Exclude:
     - 'test/**/*'
 
-Metrics/LineLength:
-  Max: 90
-  Exclude:
-    - 'test/**/*'
-
 Metrics/MethodLength:
   Max: 20
   Exclude:
@@ -28,23 +29,12 @@ Naming/FileName:
   Exclude:
     - Gemfile
 
-Naming/UncommunicativeMethodParamName:
-  AllowedNames:
-    - gb
-    - id
-    - ip
-    - os
-    - vm
-
 Style/ClassAndModuleChildren:
-  Enabled: false
+  EnforcedStyle: compact
 
 Style/ConditionalAssignment:
   Enabled: false
 
-Style/FrozenStringLiteralComment:
-  Enabled: false
-
 Style/MethodDefParentheses:
   EnforcedStyle: require_no_parentheses_except_multiline
 
@@ -57,14 +47,5 @@ Style/RescueModifier:
 Style/SymbolArray:
   EnforcedStyle: brackets
 
-Style/TrailingCommaInArguments:
-  EnforcedStyleForMultiline: no_comma
-
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: no_comma
-
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: no_comma
-
 Style/WordArray:
   EnforcedStyle: brackets

data/.travis.yml

@@ -6,10 +6,9 @@ sudo: false
 language: ruby
 cache: bundler
 rvm:
-  - 2.3
-  - 2.4
   - 2.5
   - 2.6
+  - 2.7
 before_install: gem install bundler -v 1.16.5
 before_script:
   - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter

data/CHANGELOG.md

@@ -0,0 +1,20 @@
+### 0.4.0 (2021-01-06)
+* Add Varanus::DCV
+
+### 0.3.1 (2020-10-14)
+* Fix issue when Sectigo reports two identical 'Short Life' certs
+
+### 0.3.0 (2020-08-24)
+* Add support for new 'Short Life' certs
+
+### 0.2.1 (2018-11-13)
+* Increase timeout value for SSL requests
+
+### 0.2.0 (2018-11-09)
+* Added Varanus::SSL::CSR.generate
+* Added Reports
+  * Varanus::Reports#ssl - list of SSL/TLS certs
+  * Varanus::Reports#domains - list of domains validated with DCV
+
+### 0.1.0 (2018-11-07)
+* Initial release

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }

data/Gemfile.lock

@@ -1,61 +1,93 @@
 PATH
   remote: .
   specs:
-    varanus (0.1.0)
+    varanus (0.4.0)
       faraday
       faraday_middleware
+      savon (~> 2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
-    ast (2.4.0)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    docile (1.3.1)
-    faraday (0.15.3)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    akami (1.3.1)
+      gyoku (>= 0.4.0)
+      nokogiri
+    ast (2.4.1)
+    builder (3.2.4)
+    crack (0.4.5)
+      rexml
+    docile (1.3.4)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
-    faraday_middleware (0.12.2)
-      faraday (>= 0.7.4, < 1.0)
-    hashdiff (0.3.7)
-    jaro_winkler (1.5.1)
-    json (2.1.0)
-    metaclass (0.0.4)
-    minitest (5.11.3)
+      ruby2_keywords
+    faraday-net_http (1.0.0)
+    faraday_middleware (1.0.0)
+      faraday (~> 1.0)
+    gyoku (1.3.1)
+      builder (>= 2.1.2)
+    hashdiff (1.0.1)
+    httpi (2.4.5)
+      rack
+      socksify
+    minitest (5.14.3)
     minitest-rg (5.2.0)
       minitest (~> 5.0)
-    mocha (1.7.0)
-      metaclass (~> 0.0.1)
-    multipart-post (2.0.0)
-    parallel (1.12.1)
-    parser (2.5.3.0)
-      ast (~> 2.4.0)
-    powerpack (0.1.2)
-    public_suffix (3.0.3)
+    mocha (1.12.0)
+    multipart-post (2.1.1)
+    nokogiri (1.11.1-x86_64-linux)
+      racc (~> 1.4)
+    nori (2.6.0)
+    parallel (1.20.1)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
+    public_suffix (4.0.6)
+    racc (1.5.2)
+    rack (2.2.3)
     rainbow (3.0.0)
     rake (10.5.0)
-    rubocop (0.60.0)
-      jaro_winkler (~> 1.5.1)
+    regexp_parser (2.0.3)
+    rexml (3.2.4)
+    rubocop (1.7.0)
       parallel (~> 1.10)
-      parser (>= 2.5, != 2.5.1.1)
-      powerpack (~> 0.1)
+      parser (>= 2.7.1.5)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (~> 1.4.0)
-    ruby-progressbar (1.10.0)
-    safe_yaml (1.0.4)
-    simplecov (0.16.1)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (1.4.0)
+      parser (>= 2.7.1.5)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.2)
+    savon (2.12.1)
+      akami (~> 1.2)
+      builder (>= 2.1.2)
+      gyoku (~> 1.2)
+      httpi (~> 2.3)
+      nokogiri (>= 1.8.1)
+      nori (~> 2.4)
+      wasabi (~> 3.4)
+    simplecov (0.21.1)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    unicode-display_width (1.4.0)
-    webmock (3.4.2)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.2)
+    socksify (1.7.1)
+    unicode-display_width (1.7.0)
+    wasabi (3.6.1)
+      addressable
+      httpi (~> 2.0)
+      nokogiri (>= 1.4.2)
+    webmock (3.11.0)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
-      hashdiff
-    yard (0.9.16)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    yard (0.9.26)
 
 PLATFORMS
   ruby
@@ -73,4 +105,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   1.17.1
+   1.17.3

data/README.md

@@ -7,24 +7,29 @@ Support for Sectigo's other APIs (S/MIME, code signing, device certificates, etc
 be added at a later date.  Merge requests to add some of this functionality would be
 greatly appreciated.
 
-## Installation
+[![Build Status](https://travis-ci.org/duke-automation/varanus.svg?branch=master)](https://travis-ci.org/duke-automation/varanus)
+[![Gem Version](https://badge.fury.io/rb/varanus.svg)](http://badge.fury.io/rb/varanus)
+[![Maintainability](https://api.codeclimate.com/v1/badges/593ef1aa2ba757b5374f/maintainability)](https://codeclimate.com/github/duke-automation/varanus/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/593ef1aa2ba757b5374f/test_coverage)](https://codeclimate.com/github/duke-automation/varanus/test_coverage)
 
-Add this line to your application's Gemfile:
+## Usage
+
+#### Generate and sign SSL cert
 
 ```ruby
-gem 'varanus'
+key, csr = Varanus::SSL::CSR.generate(['example.com'])
+varanus = Varanus.new(customer_uri, username, password)
+id = varanus.ssl.sign csr, org_id
+begin
+  cert = varanus.ssl.collect id
+rescue Varanus::Error::StillProcessing
+  sleep 1
+  retry
+end
+puts key
+puts cert
 ```
 
-And then execute:
-
-    $ bundle
-
-Or install it yourself as:
-
-    $ gem install varanus
-
-## Usage
-
 #### Sign SSL cert from CSR
 
 ```ruby
@@ -46,6 +51,18 @@ puts cert
 Varanus.new(customer_uri, username, password).ssl.revoke(id)
 ```
 
+#### Reports
+
+Report on all SSL certs
+```ruby
+pp Varanus.new(customer_uri, usernams, password).reports.ssl
+```
+
+Report on all domains (DCV status)
+```ruby
+pp Varanus.new(customer_uri, usernams, password).reports.domains
+```
+
 #### Authentication
 
 Authentication requires the same credentials you use to login to cert-manager.com as well as the ```customer_uri```.  If your URL to log into cert-manager.com is https://cert-manager.com/customer/MyCompany then your ```customer_uri``` will be ```'MyCompany'```
@@ -56,6 +73,22 @@ Signing a cert requires specifying an ```org_id```.  Each department in cert-man
 
 To find the ```org_id```, log into cert-manager.com, go to **Settings** -> **Departments**, then click to edit the department you are interested in.  The value you want is in the **OrgID** field.
 
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'varanus'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install varanus
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bundler/gem_tasks'
 require 'rake/testtask'
 

data/bin/console

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'bundler/setup'
 require 'varanus'

data/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3'
 services:
   console:
-    image: ruby:2.3
+    image: ruby:2.5
     volumes:
       - .:/app:z
     hostname: varanus-dev

data/lib/varanus.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Interface for Sectigo's (formerly Comodo CA) API.
 class Varanus
   attr_reader :customer_uri, :username, :password
@@ -12,6 +14,33 @@ class Varanus
     @password = password
   end
 
+  # :nodoc:
+  def connection
+    @connection ||= Faraday.new(url: 'https://cert-manager.com/api',
+                                request: { timeout: 300 }) do |conn|
+      conn.request :json
+      conn.response :json, content_type: /\bjson$/
+
+      conn.headers['login'] = @username
+      conn.headers['password'] = @password
+      conn.headers['customerUri'] = @customer_uri
+
+      conn.adapter Faraday.default_adapter
+    end
+  end
+
+  # Retrive DCV instance
+  # @return [Varanus::DCV]
+  def dcv
+    @dcv ||= DCV.new(self)
+  end
+
+  # Retrieve Reports instance
+  # @return [Varanus::Reports]
+  def reports
+    @reports ||= Reports.new(self)
+  end
+
   # Retrive SSL instance
   # @return [Varanus::SSL]
   def ssl
@@ -23,9 +52,13 @@ end
 require 'faraday'
 require 'faraday_middleware'
 require 'openssl'
+require 'savon'
 
 # Require other files in this gem
 require 'varanus/error'
+require 'varanus/rest_resource'
+require 'varanus/dcv'
+require 'varanus/reports'
 require 'varanus/ssl'
 require 'varanus/ssl/csr'
 require 'varanus/version'

data/lib/varanus/dcv.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+# An connection to the DCV API.  This should not be initialized directly.  Instead,
+# use Varanus#dcv
+class Varanus::DCV < Varanus::RestResource
+  # Returns an Array of DCV information about searched for domains.
+  # This method will automatically page through all results
+  # @param opts [Hash] - all opts are optional
+  # @option opts [String] :domain Domain to search for
+  # @option opts [Integer] :org ID of organization
+  # @option opts [Integer] :department ID of department
+  # @option opts [String] :dcvStatus
+  # @option opts [String] :orderStatus
+  # @option opts [Integer] :expiresIn Expires in (days)
+  #
+  # Results will included an extra 'expiration_date_obj' if 'expirationDate' is in the
+  # response
+  def search opts = {}
+    get_with_size_and_position('dcv/v2/validation', opts).map(&method(:_format_status))
+  end
+
+  # Start domain validation process.  This must be called before #submit is called
+  # @option domain [String] domain to validate
+  # @option type [String] Type of validation. Must be one of 'http', 'https', 'cname',
+  #                       or 'email'
+  def start domain, type
+    post("dcv/v1/validation/start/domain/#{type}", domain: domain)
+  end
+
+  # Retrieve DCV status for a single domain
+  # Result will included an extra 'expiration_date_obj' if 'expirationDate' is in the
+  # response
+  def status domain
+    _format_status(post('dcv/v2/validation/status', domain: domain))
+  end
+
+  # Submit domain validation for verficiation.  This must be called after #start
+  # @option domain [String] domain to validate
+  # @option type [String] Type of validation. Must be one of 'http', 'https', 'cname',
+  #                       or 'email'
+  # @option email_address [String] This is required of +type+ is 'email'. Otherwise, it is
+  #                                ignored.
+  def submit domain, type, email_address = nil
+    if type.to_s == 'email'
+      raise ArgumentError, 'email_address must be specified' if email_address.nil?
+
+      post('dcv/v1/validation/submit/domain/email', domain: domain,
+                                                    email: email_address)
+    else
+      post("dcv/v1/validation/submit/domain/#{type}", domain: domain)
+    end
+  end
+
+  private
+
+  def _format_status status
+    return status unless status['expirationDate']
+
+    status.merge('expiration_date_obj' =>
+                   Date.strptime(status['expirationDate'], '%Y-%m-%d'))
+  end
+end

data/lib/varanus/error.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Error returned from the Sectigo API
 class Varanus::Error < StandardError
   # @return [Integer] Code associated with error

data/lib/varanus/reports.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+# An connection to the Reports API.  This should not be initialized directly.  Instead,
+# use Varanus#reports
+class Varanus::Reports
+  SSL_CERT_STATUSES = {
+    any: 0,
+    requested: 1,
+    downloaded: 2,
+    revoked: 3,
+    expired: 4,
+    pending_download: 5,
+    not_enrolled: 6
+  }.freeze
+
+  # @note Do not call this directly.  Use {Varanus#reports} to initialize
+  def initialize varanus
+    @varanus = varanus
+  end
+
+  def domains
+    r = soap_call :get_domain_report, {}
+    format_results r[:report_row_domains]
+  end
+
+  # Return report on SSL request
+  # @param [opts] [Hash]
+  # @option opts [String, Array] :orgs Name(s) of organizations (departments) to limit
+  #   the report to.  If this is unset, results from all departments are returned.
+  # @option opts [Symbol] :status (:any) One of :any, :requested, :downloaded, :revoked,
+  #   :expired, :pending_download, :not_enrolled.    :downloaded and :pending_download
+  #   mean the cert has been enrolled/signed.
+  # @return [Array<Hash>]
+  def ssl opts = {}
+    msg = { organizationNames: nil, certificateStatus: 0 }
+
+    msg[:organizationNames] = Array(opts[:orgs]).join(',') if opts.include? :orgs
+    if opts.include? :status
+      msg[:certificateStatus] = SSL_CERT_STATUSES[opts[:status]]
+      raise ArgumentError, 'Invalid status' if msg[:certificateStatus].nil?
+    end
+
+    r = soap_call :get_SSL_report, msg
+    format_results r[:reports]
+  end
+
+  private
+
+  def format_results results
+    if results.is_a? Hash
+      [results]
+    else
+      results.to_a
+    end
+  end
+
+  def savon
+    @savon ||= Savon.client(
+      namespace: 'http://report.ws.epki.comodo.com/',
+      endpoint: 'https://cert-manager.com:443/ws/ReportService',
+      log: false
+    )
+  end
+
+  def soap_call func, opts = {}
+    msg = opts.dup
+    msg[:authData] = { customerLoginUri: @varanus.customer_uri, login: @varanus.username,
+                       password: @varanus.password }
+
+    result = savon.call func, message: msg
+    result.body[(func.to_s.downcase + '_response').to_sym][:return]
+  end
+end

data/lib/varanus/rest_resource.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+# An abstract class for rest resources
+# Rest resources should not be initialized directly.  They should be created by methods
+# on Varanus
+class Varanus::RestResource
+  # :nodoc:
+  def initialize varanus
+    @varanus = varanus
+  end
+
+  private
+
+  def check_result result
+    body = result.body
+    return unless body.is_a?(Hash)
+    return if body['code'].nil?
+
+    klass = Varanus::Error
+    if body['code'] == 0 && body['description'] =~ /process/
+      klass = Varanus::Error::StillProcessing
+    end
+
+    raise klass.new(body['code'], body['description'])
+  end
+
+  def get path, *args
+    result = @varanus.connection.get(path, *args)
+    check_result result
+    result.body
+  end
+
+  # Performs multiple GETs with varying positions to ensure all results are returned.
+  def get_with_size_and_position path, opts = {}
+    size = opts[:size] || 200
+    position = opts[:position] || 0
+
+    results = []
+    loop do
+      params = { size: size, position: position }.merge(opts)
+      new_results = get(path, params)
+      results += new_results
+      break if new_results.length < size
+
+      position += size
+    end
+
+    results
+  end
+
+  def post path, *args
+    result = @varanus.connection.post(path, *args)
+    check_result result
+    result.body
+  end
+end

data/lib/varanus/ssl.rb

@@ -1,34 +1,40 @@
+# frozen_string_literal: true
+
 # An connection to the SSL/TSL API.  This should not be initialized directly.  Instead,
 # use Varanus#ssl
-class Varanus::SSL
-  # @note Do not call this directly.  Use {Varanus#ssl} to initialize
-  def initialize varanus
-    @varanus = varanus
-  end
-
+class Varanus::SSL < Varanus::RestResource
   # Returns the option from #certificate_types that best matches the csr.
   # @param csr [Varanus::SSL::CSR]
   # @return [Hash] The option from {#certificate_types} that best matches the csr
-  def certificate_type_from_csr csr
-    # first exclude certificate types we don't want
-    types = certificate_types.reject do |ct|
-      ct['name'] =~ /\b(?:EV|ECC|AMT|Elite)\b/
-    end
-    if csr.all_names.any? { |n| n.start_with?('*.') }
-      types.find { |ct| ct['name'] =~ /Wildcard.+SSL/i }
-    elsif csr.subject_alt_names.any?
-      types.find { |ct| ct['name'] =~ /Multi.?Domain.+SSL/i }
-    else
-      types.find do |ct|
-        ct['name'] =~ /\bSSL\b/ && ct['name'] !~ /(?:Multi.?Domain|Wildcard)/i
-      end
+  def certificate_type_from_csr csr, days = nil
+    types = certificate_types_standard(days)
+    return types.first if types.length <= 1
+
+    regexp = cert_type_regexp(csr)
+    typ = types.find { |ct| ct['name'] =~ regexp } if regexp
+    return typ unless typ.nil?
+
+    types.find do |ct|
+      ct['name'] =~ /\bSSL\b/ && ct['name'] !~ /(?:Multi.?Domain|Wildcard)/i
     end
   end
 
   # Certificate types that can be used to sign a cert
   # @return [Array<Hash>]
   def certificate_types
-    @certificate_types ||= get('types')
+    @certificate_types ||= get('ssl/v1/types')
+  end
+
+  # Return Array of certificate types based on standard sorting.
+  # @param days [Integer] if present, only include types that support the given day count
+  # @return [Array<Hash>]
+  def certificate_types_standard days = nil
+    types = certificate_types.reject do |ct|
+      ct['name'] =~ /\b(?:EV|ECC|AMT|Elite)\b/
+    end
+    types = types.select! { |t| t['terms'].include? days } unless days.nil?
+
+    types
   end
 
   # Retrieves the cert.
@@ -46,7 +52,7 @@ class Varanus::SSL
   # @raise [Varanus::Error::StillProcessing] Cert is still being signed
   # @return [String] Certificate
   def collect id, type = 'x509'
-    get("collect/#{id}/#{type}")
+    get("ssl/v1/collect/#{id}/#{type}")
   end
 
   # Revoke an ssl cert
@@ -54,7 +60,7 @@ class Varanus::SSL
   # @param reason [String] Reason for revoking. Sectigo's API will return an error if it
   #   is blank.
   def revoke id, reason
-    post("revoke/#{id}", reason: reason)
+    post("ssl/v1/revoke/#{id}", reason: reason)
     nil
   end
 
@@ -73,6 +79,7 @@ class Varanus::SSL
   #   specified, lowest allowed for the cert type will be used)
   # @return [Integer] Id of SSL cert.
   def sign csr, org_id, opts = {}
+    opts[:days] ||= opts[:years] * 365 unless opts[:years].nil?
     csr = Varanus::SSL::CSR.new(csr) unless csr.is_a?(Varanus::SSL::CSR)
     cert_type_id = opts_to_cert_type_id opts, csr
     args = {
@@ -85,41 +92,17 @@ class Varanus::SSL
       comments: opts[:comments].to_s[0, 1024],
       externalRequester: opts[:external_requester].to_s[0, 512]
     }
-    post('enroll', args)['sslId']
+    post('ssl/v1/enroll', args)['sslId']
   end
 
   private
 
-  def check_result result
-    body = result.body
-    return unless body.is_a?(Hash)
-    return if body['code'].nil?
-
-    klass = Varanus::Error
-    if body['code'] == 0 && body['description'] =~ /process/
-      klass = Varanus::Error::StillProcessing
-    end
-
-    raise klass.new(body['code'], body['description'])
-  end
-
-  def connection
-    @connection ||= Faraday.new(url: 'https://cert-manager.com/api/ssl/v1') do |conn|
-      conn.request :json
-      conn.response :json, content_type: /\bjson$/
+  def cert_type_regexp csr
+    return /Wildcard.+SSL/i if csr.all_names.any? { |n| n.start_with?('*.') }
 
-      conn.headers['login'] = @varanus.username
-      conn.headers['password'] = @varanus.password
-      conn.headers['customerUri'] = @varanus.customer_uri
+    return /Multi.?Domain.+SSL/i if csr.subject_alt_names.any?
 
-      conn.adapter Faraday.default_adapter
-    end
-  end
-
-  def get path
-    result = connection.get(path)
-    check_result result
-    result.body
+    nil
   end
 
   def opts_to_cert_type_id opts, csr
@@ -129,19 +112,12 @@ class Varanus::SSL
     when String
       certificate_types.find { |ct| ct['name'] == opts[:cert_type] }['id']
     else
-      certificate_type_from_csr(csr)['id']
+      certificate_type_from_csr(csr, opts[:days])['id']
     end
   end
 
-  def post path, *args
-    result = connection.post(path, *args)
-    check_result result
-    result.body
-  end
-
   def opts_to_term opts, cert_type_id
     term = opts[:days]
-    term ||= opts[:years] * 365 unless opts[:years].nil?
     term ||= certificate_types.find { |ct| ct['id'] == cert_type_id }['terms'].min
     term
   end

data/lib/varanus/ssl/csr.rb

@@ -1,23 +1,70 @@
+# frozen_string_literal: true
+
 # Wrapper class around a OpenSSL::X509::Request
 # Provides helper functions to make reading information from the CSR easier
 class Varanus::SSL::CSR
+  # Key size used when calling {.generate}
+  DEFAULT_KEY_SIZE = 4096
+
+  # Generate a CSR
+  # @param names [Array<String>] List of DNS names.  The first one will be the CN
+  # @param key [OpenSSL::PKey::RSA, OpenSSL::PKey::DSA, nil] Secret key for the cert.
+  #   A DSA key will be generated if +nil+ is passed in.
+  # @param subject [Hash] Options for the subject of the cert.  By default only CN will
+  #   be set
+  # @return [Array(OpenSSL::PKey::PKey, Varanus::SSL::CSR)] The private key for the cert
+  #   and CSR
+  def self.generate names, key = nil, subject = {}
+    raise ArgumentError, 'names cannot be empty' if names.empty?
+
+    subject = subject.dup
+    subject['CN'] = names.first
+
+    key ||= OpenSSL::PKey::DSA.new(DEFAULT_KEY_SIZE)
+
+    request = OpenSSL::X509::Request.new
+    request.version = 0
+    request.subject = OpenSSL::X509::Name.parse subject.map { |k, v| "/#{k}=#{v}" }.join
+    request.add_attribute names_to_san_attribute(names)
+    request.public_key = key.public_key
+
+    request.sign(key, OpenSSL::Digest::SHA256.new)
+
+    [key, Varanus::SSL::CSR.new(request)]
+  end
+
+  # :nodoc:
+  # Create a Subject Alternate Names attribute from an Array of dns names
+  def self.names_to_san_attribute names
+    ef = OpenSSL::X509::ExtensionFactory.new
+    name_str = names.map { |n| "DNS:#{n}" }.join(', ')
+    ext = ef.create_extension('subjectAltName', name_str, false)
+    seq = OpenSSL::ASN1::Sequence([ext])
+    ext_req = OpenSSL::ASN1::Set([seq])
+    OpenSSL::X509::Attribute.new('extReq', ext_req)
+  end
+
   # Common Name (CN) for cert.
   # @return [String]
   attr_reader :cn
 
+  # OpenSSL::X509::Request representation of CSR
+  # @return [OpenSSL::X509::Request]
+  attr_reader :request
+
   # @param csr [String, OpenSSL::X509::Request]
   def initialize csr
     if csr.is_a? OpenSSL::X509::Request
-      @req = csr
+      @request = csr
       @text = csr.to_s
     else
       @text = csr.to_s
-      @req = OpenSSL::X509::Request.new @text
+      @request = OpenSSL::X509::Request.new @text
     end
 
-    raise 'Improperly signed CSR' unless @req.verify @req.public_key
+    raise 'Improperly signed CSR' unless @request.verify @request.public_key
 
-    cn_ref = @req.subject.to_a.find { |a| a[0] == 'CN' }
+    cn_ref = @request.subject.to_a.find { |a| a[0] == 'CN' }
     @cn = cn_ref && cn_ref[1].downcase
 
     _parse_sans
@@ -35,13 +82,13 @@ class Varanus::SSL::CSR
   # Key size for the cert
   # @return [Integer]
   def key_size
-    case @req.public_key
+    case @request.public_key
     when OpenSSL::PKey::RSA
-      @req.public_key.n.num_bytes * 8
+      @request.public_key.n.num_bytes * 8
     when OpenSSL::PKey::DSA
-      @req.public_key.p.num_bytes * 8
+      @request.public_key.p.num_bytes * 8
     else
-      raise "Unknown public key type: #{@req.public_key.class}"
+      raise "Unknown public key type: #{@request.public_key.class}"
     end
   end
 
@@ -59,7 +106,7 @@ class Varanus::SSL::CSR
   private
 
   def _parse_sans
-    extensions = @req.attributes.select { |at| at.oid == 'extReq' }
+    extensions = @request.attributes.select { |at| at.oid == 'extReq' }
     sans_extensions = extensions.flat_map do |extension|
       extension.value.value[0].value
                .select { |ext| ext.first.value == 'subjectAltName' }

data/lib/varanus/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Varanus
-  VERSION = '0.1.0'.freeze
+  VERSION = '0.4.0'
 end

data/varanus.gemspec

@@ -1,8 +1,9 @@
+# frozen_string_literal: true
+
 lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'varanus/version'
 
-# rubocop:disable Metrics/BlockLength
 Gem::Specification.new do |spec|
   spec.name          = 'varanus'
   spec.version       = Varanus::VERSION
@@ -26,7 +27,7 @@ Gem::Specification.new do |spec|
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
   spec.require_paths = ['lib']
-  spec.required_ruby_version = '>= 2.3.0'
+  spec.required_ruby_version = '>= 2.5.0'
 
   spec.add_development_dependency 'bundler', '~> 1.16'
   spec.add_development_dependency 'minitest', '~> 5.0'
@@ -40,5 +41,5 @@ Gem::Specification.new do |spec|
 
   spec.add_runtime_dependency 'faraday'
   spec.add_runtime_dependency 'faraday_middleware'
+  spec.add_runtime_dependency 'savon', '~> 2.0'
 end
-# rubocop:enable Metrics/BlockLength

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: varanus
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Sean Dilda
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-07 00:00:00.000000000 Z
+date: 2021-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -164,6 +164,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: savon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 description: |
   This gem provides an interface to Sectigo's (formerly Comodo CA) APIs for working
   with SSL/TLS certificates as well as its reporting API.
@@ -180,6 +194,7 @@ files:
 - ".gitignore"
 - ".rubocop.yml"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -189,7 +204,10 @@ files:
 - bin/setup
 - docker-compose.yml
 - lib/varanus.rb
+- lib/varanus/dcv.rb
 - lib/varanus/error.rb
+- lib/varanus/reports.rb
+- lib/varanus/rest_resource.rb
 - lib/varanus/ssl.rb
 - lib/varanus/ssl/csr.rb
 - lib/varanus/version.rb
@@ -206,15 +224,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.8
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Interface for Sectigo's (formerly Comodo CA) API.