varanus 0.3.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 230026bcb2def2b083ca884cd2302daf51407b6d57aa212c66d208d29a335b11
-  data.tar.gz: 69728f0eb64f2735e32bfa4b1d77e8bd4fde87b47f3f6e029a7ccbe441d85f3f
+  metadata.gz: 0b74f92a4981ac8294eb1fe84c4361f1dc3a175be3735f7d485f7b5edd9963aa
+  data.tar.gz: 5a38ba280217b30fe842a99786acf761f081d135f1180cb3950bfbab5f50904a
 SHA512:
-  metadata.gz: 6708842c8291bedf4b3d71d29b7437aba40ea1d1148e090f023eff5ba130abe8e74f278c95a67d39ca8346e37574a576f693e9caee946b02a68f58e4811ac636
-  data.tar.gz: 6db3621c1415feafb91eb3eb46407a240942f142d5b5aea3024bd44c644bf2232d73155c5908da51f7e85f6affc23533626e281d12848c8cd9293b4265517695
+  metadata.gz: 02ece0e219a9f47fe84ec8faaf406194f13082a1797793c23760643b8547140307fc243550e7d36d1d8412ca586850d0535a419a2dc50a9b7b90a4e4f660af67
+  data.tar.gz: 80435d29c565a99a191a85938ae4a505b01c68a38c608d063e9c10809d4eae1c2a8cad9872a9cc3f5b518a9e1084e7c625a40f287e66e1c17900ae659200095c

data/.travis.yml

@@ -6,10 +6,9 @@ sudo: false
 language: ruby
 cache: bundler
 rvm:
-  - 2.3
-  - 2.4
   - 2.5
   - 2.6
+  - 2.7
 before_install: gem install bundler -v 1.16.5
 before_script:
   - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter

data/CHANGELOG.md

@@ -1,3 +1,21 @@
+### Version 0.6.0 (2020-02-01)
+* Add Varanus::SSL#report
+* Varanus::Reports (Varanus#reports) is now deprecated.
+
+### Version 0.5.1 (2021-01-28)
+* Varanus::SSL::CSR - support EC certs
+
+### Version 0.5.0 (2021-01-26)
+* Add Varanus::Domain
+* Add Varanus::SSL#list and Varanus::SSL#info
+* Add Varanus::Organization
+
+### 0.4.0 (2021-01-06)
+* Add Varanus::DCV
+
+### 0.3.1 (2020-10-14)
+* Fix issue when Sectigo reports two identical 'Short Life' certs
+
 ### 0.3.0 (2020-08-24)
 * Add support for new 'Short Life' certs
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    varanus (0.3.0)
+    varanus (0.6.0)
       faraday
       faraday_middleware
       savon (~> 2.0)
@@ -9,61 +9,61 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
     akami (1.3.1)
       gyoku (>= 0.4.0)
       nokogiri
     ast (2.4.1)
-    builder (3.2.3)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    docile (1.3.1)
-    faraday (0.15.3)
+    builder (3.2.4)
+    crack (0.4.5)
+      rexml
+    docile (1.3.4)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
-    faraday_middleware (0.12.2)
-      faraday (>= 0.7.4, < 1.0)
+      ruby2_keywords
+    faraday-net_http (1.0.0)
+    faraday_middleware (1.0.0)
+      faraday (~> 1.0)
     gyoku (1.3.1)
       builder (>= 2.1.2)
-    hashdiff (0.3.7)
-    httpi (2.4.4)
+    hashdiff (1.0.1)
+    httpi (2.4.5)
       rack
       socksify
-    json (2.1.0)
-    metaclass (0.0.4)
-    mini_portile2 (2.3.0)
-    minitest (5.11.3)
+    minitest (5.14.3)
     minitest-rg (5.2.0)
       minitest (~> 5.0)
-    mocha (1.7.0)
-      metaclass (~> 0.0.1)
-    multipart-post (2.0.0)
-    nokogiri (1.8.5)
-      mini_portile2 (~> 2.3.0)
+    mocha (1.12.0)
+    multipart-post (2.1.1)
+    nokogiri (1.11.1-x86_64-linux)
+      racc (~> 1.4)
     nori (2.6.0)
-    parallel (1.19.2)
-    parser (2.7.1.4)
+    parallel (1.20.1)
+    parser (3.0.0.0)
       ast (~> 2.4.1)
-    public_suffix (3.0.3)
-    rack (2.0.6)
+    public_suffix (4.0.6)
+    racc (1.5.2)
+    rack (2.2.3)
     rainbow (3.0.0)
     rake (10.5.0)
-    regexp_parser (1.7.1)
+    regexp_parser (2.0.3)
     rexml (3.2.4)
-    rubocop (0.89.1)
+    rubocop (1.7.0)
       parallel (~> 1.10)
-      parser (>= 2.7.1.1)
+      parser (>= 2.7.1.5)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.7)
+      regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 0.3.0, < 1.0)
+      rubocop-ast (>= 1.2.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (0.3.0)
-      parser (>= 2.7.1.4)
-    ruby-progressbar (1.10.1)
-    safe_yaml (1.0.4)
-    savon (2.12.0)
+    rubocop-ast (1.4.0)
+      parser (>= 2.7.1.5)
+    ruby-progressbar (1.11.0)
+    ruby2_keywords (0.0.2)
+    savon (2.12.1)
       akami (~> 1.2)
       builder (>= 2.1.2)
       gyoku (~> 1.2)
@@ -71,21 +71,23 @@ GEM
       nokogiri (>= 1.8.1)
       nori (~> 2.4)
       wasabi (~> 3.4)
-    simplecov (0.16.1)
+    simplecov (0.21.1)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.2)
     socksify (1.7.1)
     unicode-display_width (1.7.0)
-    wasabi (3.5.0)
+    wasabi (3.6.1)
+      addressable
       httpi (~> 2.0)
       nokogiri (>= 1.4.2)
-    webmock (3.4.2)
+    webmock (3.11.0)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
-      hashdiff
-    yard (0.9.16)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    yard (0.9.26)
 
 PLATFORMS
   ruby

data/lib/varanus.rb

@@ -14,8 +14,40 @@ class Varanus
     @password = password
   end
 
-  # Retrieve Reports instance
-  # @return [Varanus::Reports]
+  # :nodoc:
+  def connection
+    @connection ||= Faraday.new(url: 'https://cert-manager.com/api',
+                                request: { timeout: 300 }) do |conn|
+      conn.request :json
+      conn.response :json, content_type: /\bjson$/
+
+      conn.headers['login'] = @username
+      conn.headers['password'] = @password
+      conn.headers['customerUri'] = @customer_uri
+
+      conn.adapter Faraday.default_adapter
+    end
+  end
+
+  # Retrive DCV instance
+  # @return [Varanus::DCV]
+  def dcv
+    @dcv ||= DCV.new(self)
+  end
+
+  # Retrieve Domain instance
+  # @return [Varanus::Domain]
+  def domain
+    @domain ||= Domain.new(self)
+  end
+
+  # Retrieve Organization instance
+  # @return [Varanus::Organization]
+  def organization
+    @organization ||= Organization.new(self)
+  end
+
+  # DEPRECATED
   def reports
     @reports ||= Reports.new(self)
   end
@@ -35,6 +67,10 @@ require 'savon'
 
 # Require other files in this gem
 require 'varanus/error'
+require 'varanus/rest_resource'
+require 'varanus/dcv'
+require 'varanus/domain'
+require 'varanus/organization'
 require 'varanus/reports'
 require 'varanus/ssl'
 require 'varanus/ssl/csr'

data/lib/varanus/dcv.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+# An connection to the DCV API.  This should not be initialized directly.  Instead,
+# use Varanus#dcv
+class Varanus::DCV < Varanus::RestResource
+  # Returns an Array of DCV information about searched for domains.
+  # This method will automatically page through all results
+  # @param opts [Hash] - all opts are optional
+  # @option opts [String] :domain Domain to search for
+  # @option opts [Integer] :org ID of organization
+  # @option opts [Integer] :department ID of department
+  # @option opts [String] :dcvStatus
+  # @option opts [String] :orderStatus
+  # @option opts [Integer] :expiresIn Expires in (days)
+  #
+  # Results will included an extra 'expiration_date_obj' if 'expirationDate' is in the
+  # response
+  def search opts = {}
+    get_with_size_and_position('dcv/v2/validation', opts).map(&method(:_format_status))
+  end
+
+  # Start domain validation process.  This must be called before #submit is called
+  # @option domain [String] domain to validate
+  # @option type [String] Type of validation. Must be one of 'http', 'https', 'cname',
+  #                       or 'email'
+  def start domain, type
+    post("dcv/v1/validation/start/domain/#{type}", domain: domain)
+  end
+
+  # Retrieve DCV status for a single domain
+  # Result will included an extra 'expiration_date_obj' if 'expirationDate' is in the
+  # response
+  def status domain
+    _format_status(post('dcv/v2/validation/status', domain: domain))
+  end
+
+  # Submit domain validation for verficiation.  This must be called after #start
+  # @option domain [String] domain to validate
+  # @option type [String] Type of validation. Must be one of 'http', 'https', 'cname',
+  #                       or 'email'
+  # @option email_address [String] This is required of +type+ is 'email'. Otherwise, it is
+  #                                ignored.
+  def submit domain, type, email_address = nil
+    if type.to_s == 'email'
+      raise ArgumentError, 'email_address must be specified' if email_address.nil?
+
+      post('dcv/v1/validation/submit/domain/email', domain: domain,
+                                                    email: email_address)
+    else
+      post("dcv/v1/validation/submit/domain/#{type}", domain: domain)
+    end
+  end
+
+  private
+
+  def _format_status status
+    return status unless status['expirationDate']
+
+    status.merge('expiration_date_obj' =>
+                   Date.strptime(status['expirationDate'], '%Y-%m-%d'))
+  end
+end

data/lib/varanus/domain.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+# A connection to the Domain API
+class Varanus::Domain < Varanus::RestResource
+  # Create a new domain.  The domain may need to be manually approved after this is
+  # called.
+  # +name+ is the domain
+  # +delegations+ is an Array of Hashes.  Each Hash should have an 'orgId' and
+  #                                       'certTypes' key
+  # opts may include the following keys:
+  #  - :description - optional - String
+  #  - :active - optional - Boolean (defaults to +true+)
+  #  - :allow_subdomains - optional - set to +false+ if you don't want to allow sub
+  #                                   domains for this entry
+  #
+  # @returns [String] - URL for newly created domain
+  def create domain, delegations, opts = {}
+    opts = opts.dup
+    allow_subdomains = opts.delete(:allow_subdomains)
+    domain = "*.#{domain}" if allow_subdomains != false && !domain.start_with?('*.')
+
+    result = @varanus.connection.post('domain/v1',
+                                      opts.merge(name: domain, delegations: delegations))
+    check_result result
+    result.headers['Location']
+  end
+
+  # Return info on domain.  +id+ must be the id returned by #list
+  def info id
+    get("domain/v1/#{id}")
+  end
+
+  def list opts = {}
+    get_with_size_and_position('domain/v1', opts)
+  end
+
+  def list_with_info opts = {}
+    domains = list(opts)
+    domains.map! { |domain| info(domain['id']) }
+    domains
+  end
+end

data/lib/varanus/organization.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# A connection to the Organization API
+class Varanus::Organization < Varanus::RestResource
+  # Return info on organization.
+  def info id
+    get("organization/v1/#{id}")
+  end
+
+  def list
+    get('organization/v1')
+  end
+end

data/lib/varanus/reports.rb

@@ -18,20 +18,19 @@ class Varanus::Reports
     @varanus = varanus
   end
 
+  # DEPRECATED: Please use Varanus::Domain#list_with_info instead.
   def domains
+    warn 'DEPRECATION WARNING: Varanus::Reports#domains is deprecated.  ' \
+         'Use Varanus::Domain#list_with_info instead'
     r = soap_call :get_domain_report, {}
     format_results r[:report_row_domains]
   end
 
-  # Return report on SSL request
-  # @param [opts] [Hash]
-  # @option opts [String, Array] :orgs Name(s) of organizations (departments) to limit
-  #   the report to.  If this is unset, results from all departments are returned.
-  # @option opts [Symbol] :status (:any) One of :any, :requested, :downloaded, :revoked,
-  #   :expired, :pending_download, :not_enrolled.    :downloaded and :pending_download
-  #   mean the cert has been enrolled/signed.
-  # @return [Array<Hash>]
+  # DEPRECATED: Please use Varanus::SSL#report instead.
   def ssl opts = {}
+    warn 'DEPRECATION WARNING: Varanus::Reports#ssl is deprecated.  ' \
+         'Use Varanus::SSL#report instead'
+
     msg = { organizationNames: nil, certificateStatus: 0 }
 
     msg[:organizationNames] = Array(opts[:orgs]).join(',') if opts.include? :orgs

data/lib/varanus/rest_resource.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+# An abstract class for rest resources
+# Rest resources should not be initialized directly.  They should be created by methods
+# on Varanus
+class Varanus::RestResource
+  # :nodoc:
+  def initialize varanus
+    @varanus = varanus
+  end
+
+  private
+
+  def check_result result
+    body = result.body
+    return unless body.is_a?(Hash)
+    return if body['code'].nil?
+
+    klass = Varanus::Error
+    if body['code'] == 0 && body['description'] =~ /process/
+      klass = Varanus::Error::StillProcessing
+    end
+
+    raise klass.new(body['code'], body['description'])
+  end
+
+  def get path, *args
+    result = @varanus.connection.get(path, *args)
+    check_result result
+    result.body
+  end
+
+  # Performs multiple GETs with varying positions to ensure all results are returned.
+  def get_with_size_and_position path, opts = {}
+    size = opts[:size] || 200
+    position = opts[:position] || 0
+
+    results = []
+    loop do
+      params = { size: size, position: position }.merge(opts)
+      new_results = get(path, params)
+      results += new_results
+      break if new_results.length < size
+
+      position += size
+    end
+
+    results
+  end
+
+  def post path, *args
+    result = @varanus.connection.post(path, *args)
+    check_result result
+    result.body
+  end
+end

data/lib/varanus/ssl.rb

@@ -2,11 +2,23 @@
 
 # An connection to the SSL/TSL API.  This should not be initialized directly.  Instead,
 # use Varanus#ssl
-class Varanus::SSL
-  # @note Do not call this directly.  Use {Varanus#ssl} to initialize
-  def initialize varanus
-    @varanus = varanus
-  end
+class Varanus::SSL < Varanus::RestResource
+  # rubocop:disable Style/MutableConstant
+  # These constants are frozen, rubocop is failing to detect the freeze.
+  # See https://github.com/rubocop-hq/rubocop/issues/4406
+  REPORT_CERT_STATUS = { any: 0, requested: 1, issued: 2, revoked: 3, expired: 4 }
+  REPORT_CERT_STATUS.default_proc = proc { |_h, k|
+    raise ArgumentError, "Unknown certificateStatus: #{k.inspect}"
+  }
+  REPORT_CERT_STATUS.freeze
+
+  REPORT_CERT_DATE_ATTR = { revocation_date: 2, expiration_date: 3, request_date: 4,
+                            issue_date: 5 }
+  REPORT_CERT_DATE_ATTR.default_proc = proc { |_h, k|
+    raise ArgumentError, "Unknown certificateDateAttribute: #{k.inspect}"
+  }
+  REPORT_CERT_DATE_ATTR.freeze
+  # rubocop:enable Style/MutableConstant
 
   # Returns the option from #certificate_types that best matches the csr.
   # @param csr [Varanus::SSL::CSR]
@@ -16,7 +28,8 @@ class Varanus::SSL
     return types.first if types.length <= 1
 
     regexp = cert_type_regexp(csr)
-    return types.find { |ct| ct['name'] =~ regexp } if regexp
+    typ = types.find { |ct| ct['name'] =~ regexp } if regexp
+    return typ unless typ.nil?
 
     types.find do |ct|
       ct['name'] =~ /\bSSL\b/ && ct['name'] !~ /(?:Multi.?Domain|Wildcard)/i
@@ -26,7 +39,7 @@ class Varanus::SSL
   # Certificate types that can be used to sign a cert
   # @return [Array<Hash>]
   def certificate_types
-    @certificate_types ||= get('types')
+    @certificate_types ||= get('ssl/v1/types')
   end
 
   # Return Array of certificate types based on standard sorting.
@@ -56,7 +69,37 @@ class Varanus::SSL
   # @raise [Varanus::Error::StillProcessing] Cert is still being signed
   # @return [String] Certificate
   def collect id, type = 'x509'
-    get("collect/#{id}/#{type}")
+    get("ssl/v1/collect/#{id}/#{type}")
+  end
+
+  # Returns info on the SSL certificate of the given name
+  def info id
+    get("ssl/v1/#{id}")
+  end
+
+  # List certs ids and serial numbers
+  def list opts = {}
+    get_with_size_and_position('ssl/v1', opts)
+  end
+
+  # Return a report (list) of SSL certs based on the options.
+  # The report includes a full set of details about the certs, not just the id/cn/serial
+  # +opts+ can include:
+  # (all are optional)
+  # - :organizationIds - Array - ids of organization/departments to include certs for
+  # - :certificateStatus - :any, :requested, :issued, :revoked, or :expired
+  # - :certificateDateAttribute - Specifies what fields :from and/or :to refer to.
+  #                               Can be: :revocation_date, :expiration_date,
+  #                                       :request_date, or :issue_date
+  # - :from - Date - based on :certificateDateAttribute
+  # - :to - Date - based on :certificateDateAttribute
+  def report opts = { certificateStatus: :any }
+    # Default is to request any certificate status since the API call will fail if no
+    # options are passed
+    opts = { certificateStatus: :any } if opts.empty?
+    opts = _parse_report_opts(opts)
+
+    post('report/v1/ssl-certificates', opts)['reports']
   end
 
   # Revoke an ssl cert
@@ -64,7 +107,7 @@ class Varanus::SSL
   # @param reason [String] Reason for revoking. Sectigo's API will return an error if it
   #   is blank.
   def revoke id, reason
-    post("revoke/#{id}", reason: reason)
+    post("ssl/v1/revoke/#{id}", reason: reason)
     nil
   end
 
@@ -96,7 +139,7 @@ class Varanus::SSL
       comments: opts[:comments].to_s[0, 1024],
       externalRequester: opts[:external_requester].to_s[0, 512]
     }
-    post('enroll', args)['sslId']
+    post('ssl/v1/enroll', args)['sslId']
   end
 
   private
@@ -109,39 +152,6 @@ class Varanus::SSL
     nil
   end
 
-  def check_result result
-    body = result.body
-    return unless body.is_a?(Hash)
-    return if body['code'].nil?
-
-    klass = Varanus::Error
-    if body['code'] == 0 && body['description'] =~ /process/
-      klass = Varanus::Error::StillProcessing
-    end
-
-    raise klass.new(body['code'], body['description'])
-  end
-
-  def connection
-    @connection ||= Faraday.new(url: 'https://cert-manager.com/api/ssl/v1',
-                                request: { timeout: 300 }) do |conn|
-      conn.request :json
-      conn.response :json, content_type: /\bjson$/
-
-      conn.headers['login'] = @varanus.username
-      conn.headers['password'] = @varanus.password
-      conn.headers['customerUri'] = @varanus.customer_uri
-
-      conn.adapter Faraday.default_adapter
-    end
-  end
-
-  def get path
-    result = connection.get(path)
-    check_result result
-    result.body
-  end
-
   def opts_to_cert_type_id opts, csr
     case opts[:cert_type]
     when Integer
@@ -153,15 +163,29 @@ class Varanus::SSL
     end
   end
 
-  def post path, *args
-    result = connection.post(path, *args)
-    check_result result
-    result.body
-  end
-
   def opts_to_term opts, cert_type_id
     term = opts[:days]
     term ||= certificate_types.find { |ct| ct['id'] == cert_type_id }['terms'].min
     term
   end
+
+  def _parse_report_opts user_opts
+    api_opts = {}
+    user_opts.each do |key, val|
+      case key
+      when :organizationIds, :certificateRequestSource, :serialNumberFormat
+        api_opts[key] = val
+      when :from, :to
+        api_opts[key] = val.strftime('%Y-%m-%d')
+      when :certificateStatus
+        api_opts[key] = REPORT_CERT_STATUS[val]
+      when :certificateDateAttribute
+        api_opts[key] = REPORT_CERT_DATE_ATTR[val]
+      else
+        raise ArgumentError, "Unknown key: #{key.inspect}"
+      end
+    end
+
+    api_opts
+  end
 end

data/lib/varanus/ssl/csr.rb

@@ -87,6 +87,8 @@ class Varanus::SSL::CSR
       @request.public_key.n.num_bytes * 8
     when OpenSSL::PKey::DSA
       @request.public_key.p.num_bytes * 8
+    when OpenSSL::PKey::EC
+      @request.public_key.group.degree
     else
       raise "Unknown public key type: #{@request.public_key.class}"
     end

data/lib/varanus/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class Varanus
-  VERSION = '0.3.0'
+  VERSION = '0.6.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: varanus
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Sean Dilda
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-24 00:00:00.000000000 Z
+date: 2021-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -204,8 +204,12 @@ files:
 - bin/setup
 - docker-compose.yml
 - lib/varanus.rb
+- lib/varanus/dcv.rb
+- lib/varanus/domain.rb
 - lib/varanus/error.rb
+- lib/varanus/organization.rb
 - lib/varanus/reports.rb
+- lib/varanus/rest_resource.rb
 - lib/varanus/ssl.rb
 - lib/varanus/ssl/csr.rb
 - lib/varanus/version.rb