varanus 0.5.0 → 0.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/Gemfile.lock +1 -1
- data/lib/varanus/domain.rb +4 -0
- data/lib/varanus/reports.rb +7 -8
- data/lib/varanus/ssl/csr.rb +3 -1
- data/lib/varanus/ssl.rb +59 -1
- data/lib/varanus/version.rb +1 -1
- data/lib/varanus.rb +1 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 271baf219a1247e588a20aba506a76e26668bad6c6ab55546f75fa697d04e3ff
|
|
4
|
+
data.tar.gz: 00c5bc35eeb4b56fdc94b18d969c7ac498ffc87a948db20fdc989fc4e90cf8d6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 70898c1f830700b0a2865656143c452dfeae4b9846e9c1b4730c5cd359d2c4f786e167758581d2028fc2c60588480382066cecc932d03b7355accb84ff21a0c3
|
|
7
|
+
data.tar.gz: de4d6791505e36cbaa157a0004e2405b90f1067c0953a892a0efb6fc622b671744779603620b3c142413043e4063cbd411cf2629acb3256a7fccc308e8be93ee
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
### Version 0.7.1 (2022-01-31)
|
|
2
|
+
* Varanus::SSL#certificate_types_standard - also exclude 'Extended Validation'
|
|
3
|
+
|
|
4
|
+
### Version 0.7.0 (2020-02-03)
|
|
5
|
+
* Add Varanus::Domain#report
|
|
6
|
+
|
|
7
|
+
### Version 0.6.0 (2020-02-01)
|
|
8
|
+
* Add Varanus::SSL#report
|
|
9
|
+
* Varanus::Reports (Varanus#reports) is now deprecated.
|
|
10
|
+
|
|
11
|
+
### Version 0.5.1 (2021-01-28)
|
|
12
|
+
* Varanus::SSL::CSR - support EC certs
|
|
13
|
+
|
|
1
14
|
### Version 0.5.0 (2021-01-26)
|
|
2
15
|
* Add Varanus::Domain
|
|
3
16
|
* Add Varanus::SSL#list and Varanus::SSL#info
|
data/Gemfile.lock
CHANGED
data/lib/varanus/domain.rb
CHANGED
data/lib/varanus/reports.rb
CHANGED
|
@@ -18,20 +18,19 @@ class Varanus::Reports
|
|
|
18
18
|
@varanus = varanus
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
# DEPRECATED: Please use Varanus::Domain#list_with_info instead.
|
|
21
22
|
def domains
|
|
23
|
+
warn 'DEPRECATION WARNING: Varanus::Reports#domains is deprecated. ' \
|
|
24
|
+
'Use Varanus::Domain#report instead'
|
|
22
25
|
r = soap_call :get_domain_report, {}
|
|
23
26
|
format_results r[:report_row_domains]
|
|
24
27
|
end
|
|
25
28
|
|
|
26
|
-
#
|
|
27
|
-
# @param [opts] [Hash]
|
|
28
|
-
# @option opts [String, Array] :orgs Name(s) of organizations (departments) to limit
|
|
29
|
-
# the report to. If this is unset, results from all departments are returned.
|
|
30
|
-
# @option opts [Symbol] :status (:any) One of :any, :requested, :downloaded, :revoked,
|
|
31
|
-
# :expired, :pending_download, :not_enrolled. :downloaded and :pending_download
|
|
32
|
-
# mean the cert has been enrolled/signed.
|
|
33
|
-
# @return [Array<Hash>]
|
|
29
|
+
# DEPRECATED: Please use Varanus::SSL#report instead.
|
|
34
30
|
def ssl opts = {}
|
|
31
|
+
warn 'DEPRECATION WARNING: Varanus::Reports#ssl is deprecated. ' \
|
|
32
|
+
'Use Varanus::SSL#report instead'
|
|
33
|
+
|
|
35
34
|
msg = { organizationNames: nil, certificateStatus: 0 }
|
|
36
35
|
|
|
37
36
|
msg[:organizationNames] = Array(opts[:orgs]).join(',') if opts.include? :orgs
|
data/lib/varanus/ssl/csr.rb
CHANGED
|
@@ -28,7 +28,7 @@ class Varanus::SSL::CSR
|
|
|
28
28
|
request.add_attribute names_to_san_attribute(names)
|
|
29
29
|
request.public_key = key.public_key
|
|
30
30
|
|
|
31
|
-
request.sign(key, OpenSSL::Digest
|
|
31
|
+
request.sign(key, OpenSSL::Digest.new('SHA256'))
|
|
32
32
|
|
|
33
33
|
[key, Varanus::SSL::CSR.new(request)]
|
|
34
34
|
end
|
|
@@ -87,6 +87,8 @@ class Varanus::SSL::CSR
|
|
|
87
87
|
@request.public_key.n.num_bytes * 8
|
|
88
88
|
when OpenSSL::PKey::DSA
|
|
89
89
|
@request.public_key.p.num_bytes * 8
|
|
90
|
+
when OpenSSL::PKey::EC
|
|
91
|
+
@request.public_key.group.degree
|
|
90
92
|
else
|
|
91
93
|
raise "Unknown public key type: #{@request.public_key.class}"
|
|
92
94
|
end
|
data/lib/varanus/ssl.rb
CHANGED
|
@@ -3,6 +3,23 @@
|
|
|
3
3
|
# An connection to the SSL/TSL API. This should not be initialized directly. Instead,
|
|
4
4
|
# use Varanus#ssl
|
|
5
5
|
class Varanus::SSL < Varanus::RestResource
|
|
6
|
+
# rubocop:disable Style/MutableConstant
|
|
7
|
+
# These constants are frozen, rubocop is failing to detect the freeze.
|
|
8
|
+
# See https://github.com/rubocop-hq/rubocop/issues/4406
|
|
9
|
+
REPORT_CERT_STATUS = { any: 0, requested: 1, issued: 2, revoked: 3, expired: 4 }
|
|
10
|
+
REPORT_CERT_STATUS.default_proc = proc { |_h, k|
|
|
11
|
+
raise ArgumentError, "Unknown certificateStatus: #{k.inspect}"
|
|
12
|
+
}
|
|
13
|
+
REPORT_CERT_STATUS.freeze
|
|
14
|
+
|
|
15
|
+
REPORT_CERT_DATE_ATTR = { revocation_date: 2, expiration_date: 3, request_date: 4,
|
|
16
|
+
issue_date: 5 }
|
|
17
|
+
REPORT_CERT_DATE_ATTR.default_proc = proc { |_h, k|
|
|
18
|
+
raise ArgumentError, "Unknown certificateDateAttribute: #{k.inspect}"
|
|
19
|
+
}
|
|
20
|
+
REPORT_CERT_DATE_ATTR.freeze
|
|
21
|
+
# rubocop:enable Style/MutableConstant
|
|
22
|
+
|
|
6
23
|
# Returns the option from #certificate_types that best matches the csr.
|
|
7
24
|
# @param csr [Varanus::SSL::CSR]
|
|
8
25
|
# @return [Hash] The option from {#certificate_types} that best matches the csr
|
|
@@ -30,7 +47,7 @@ class Varanus::SSL < Varanus::RestResource
|
|
|
30
47
|
# @return [Array<Hash>]
|
|
31
48
|
def certificate_types_standard days = nil
|
|
32
49
|
types = certificate_types.reject do |ct|
|
|
33
|
-
ct['name'] =~ /\b(?:EV|ECC|AMT|Elite)\b/
|
|
50
|
+
ct['name'] =~ /\b(?:EV|Extended Validation|ECC|AMT|Elite)\b/
|
|
34
51
|
end
|
|
35
52
|
types = types.select! { |t| t['terms'].include? days } unless days.nil?
|
|
36
53
|
|
|
@@ -60,10 +77,31 @@ class Varanus::SSL < Varanus::RestResource
|
|
|
60
77
|
get("ssl/v1/#{id}")
|
|
61
78
|
end
|
|
62
79
|
|
|
80
|
+
# List certs ids and serial numbers
|
|
63
81
|
def list opts = {}
|
|
64
82
|
get_with_size_and_position('ssl/v1', opts)
|
|
65
83
|
end
|
|
66
84
|
|
|
85
|
+
# Return a report (list) of SSL certs based on the options.
|
|
86
|
+
# The report includes a full set of details about the certs, not just the id/cn/serial
|
|
87
|
+
# +opts+ can include:
|
|
88
|
+
# (all are optional)
|
|
89
|
+
# - :organizationIds - Array - ids of organization/departments to include certs for
|
|
90
|
+
# - :certificateStatus - :any, :requested, :issued, :revoked, or :expired
|
|
91
|
+
# - :certificateDateAttribute - Specifies what fields :from and/or :to refer to.
|
|
92
|
+
# Can be: :revocation_date, :expiration_date,
|
|
93
|
+
# :request_date, or :issue_date
|
|
94
|
+
# - :from - Date - based on :certificateDateAttribute
|
|
95
|
+
# - :to - Date - based on :certificateDateAttribute
|
|
96
|
+
def report opts = { certificateStatus: :any }
|
|
97
|
+
# Default is to request any certificate status since the API call will fail if no
|
|
98
|
+
# options are passed
|
|
99
|
+
opts = { certificateStatus: :any } if opts.empty?
|
|
100
|
+
opts = _parse_report_opts(opts)
|
|
101
|
+
|
|
102
|
+
post('report/v1/ssl-certificates', opts)['reports']
|
|
103
|
+
end
|
|
104
|
+
|
|
67
105
|
# Revoke an ssl cert
|
|
68
106
|
# @param id [Integer] As returned by {#sign}
|
|
69
107
|
# @param reason [String] Reason for revoking. Sectigo's API will return an error if it
|
|
@@ -130,4 +168,24 @@ class Varanus::SSL < Varanus::RestResource
|
|
|
130
168
|
term ||= certificate_types.find { |ct| ct['id'] == cert_type_id }['terms'].min
|
|
131
169
|
term
|
|
132
170
|
end
|
|
171
|
+
|
|
172
|
+
def _parse_report_opts user_opts
|
|
173
|
+
api_opts = {}
|
|
174
|
+
user_opts.each do |key, val|
|
|
175
|
+
case key
|
|
176
|
+
when :organizationIds, :certificateRequestSource, :serialNumberFormat
|
|
177
|
+
api_opts[key] = val
|
|
178
|
+
when :from, :to
|
|
179
|
+
api_opts[key] = val.strftime('%Y-%m-%d')
|
|
180
|
+
when :certificateStatus
|
|
181
|
+
api_opts[key] = REPORT_CERT_STATUS[val]
|
|
182
|
+
when :certificateDateAttribute
|
|
183
|
+
api_opts[key] = REPORT_CERT_DATE_ATTR[val]
|
|
184
|
+
else
|
|
185
|
+
raise ArgumentError, "Unknown key: #{key.inspect}"
|
|
186
|
+
end
|
|
187
|
+
end
|
|
188
|
+
|
|
189
|
+
api_opts
|
|
190
|
+
end
|
|
133
191
|
end
|
data/lib/varanus/version.rb
CHANGED
data/lib/varanus.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: varanus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sean Dilda
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-01-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|