varanus 0.5.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/Gemfile.lock +1 -1
- data/lib/varanus/domain.rb +4 -0
- data/lib/varanus/reports.rb +7 -8
- data/lib/varanus/ssl/csr.rb +3 -1
- data/lib/varanus/ssl.rb +59 -1
- data/lib/varanus/version.rb +1 -1
- data/lib/varanus.rb +1 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 271baf219a1247e588a20aba506a76e26668bad6c6ab55546f75fa697d04e3ff
|
|
4
|
+
data.tar.gz: 00c5bc35eeb4b56fdc94b18d969c7ac498ffc87a948db20fdc989fc4e90cf8d6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 70898c1f830700b0a2865656143c452dfeae4b9846e9c1b4730c5cd359d2c4f786e167758581d2028fc2c60588480382066cecc932d03b7355accb84ff21a0c3
|
|
7
|
+
data.tar.gz: de4d6791505e36cbaa157a0004e2405b90f1067c0953a892a0efb6fc622b671744779603620b3c142413043e4063cbd411cf2629acb3256a7fccc308e8be93ee
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
### Version 0.7.1 (2022-01-31)
|
|
2
|
+
* Varanus::SSL#certificate_types_standard - also exclude 'Extended Validation'
|
|
3
|
+
|
|
4
|
+
### Version 0.7.0 (2020-02-03)
|
|
5
|
+
* Add Varanus::Domain#report
|
|
6
|
+
|
|
7
|
+
### Version 0.6.0 (2020-02-01)
|
|
8
|
+
* Add Varanus::SSL#report
|
|
9
|
+
* Varanus::Reports (Varanus#reports) is now deprecated.
|
|
10
|
+
|
|
11
|
+
### Version 0.5.1 (2021-01-28)
|
|
12
|
+
* Varanus::SSL::CSR - support EC certs
|
|
13
|
+
|
|
1
14
|
### Version 0.5.0 (2021-01-26)
|
|
2
15
|
* Add Varanus::Domain
|
|
3
16
|
* Add Varanus::SSL#list and Varanus::SSL#info
|
data/Gemfile.lock
CHANGED
data/lib/varanus/domain.rb
CHANGED
data/lib/varanus/reports.rb
CHANGED
|
@@ -18,20 +18,19 @@ class Varanus::Reports
|
|
|
18
18
|
@varanus = varanus
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
# DEPRECATED: Please use Varanus::Domain#list_with_info instead.
|
|
21
22
|
def domains
|
|
23
|
+
warn 'DEPRECATION WARNING: Varanus::Reports#domains is deprecated. ' \
|
|
24
|
+
'Use Varanus::Domain#report instead'
|
|
22
25
|
r = soap_call :get_domain_report, {}
|
|
23
26
|
format_results r[:report_row_domains]
|
|
24
27
|
end
|
|
25
28
|
|
|
26
|
-
#
|
|
27
|
-
# @param [opts] [Hash]
|
|
28
|
-
# @option opts [String, Array] :orgs Name(s) of organizations (departments) to limit
|
|
29
|
-
# the report to. If this is unset, results from all departments are returned.
|
|
30
|
-
# @option opts [Symbol] :status (:any) One of :any, :requested, :downloaded, :revoked,
|
|
31
|
-
# :expired, :pending_download, :not_enrolled. :downloaded and :pending_download
|
|
32
|
-
# mean the cert has been enrolled/signed.
|
|
33
|
-
# @return [Array<Hash>]
|
|
29
|
+
# DEPRECATED: Please use Varanus::SSL#report instead.
|
|
34
30
|
def ssl opts = {}
|
|
31
|
+
warn 'DEPRECATION WARNING: Varanus::Reports#ssl is deprecated. ' \
|
|
32
|
+
'Use Varanus::SSL#report instead'
|
|
33
|
+
|
|
35
34
|
msg = { organizationNames: nil, certificateStatus: 0 }
|
|
36
35
|
|
|
37
36
|
msg[:organizationNames] = Array(opts[:orgs]).join(',') if opts.include? :orgs
|
data/lib/varanus/ssl/csr.rb
CHANGED
|
@@ -28,7 +28,7 @@ class Varanus::SSL::CSR
|
|
|
28
28
|
request.add_attribute names_to_san_attribute(names)
|
|
29
29
|
request.public_key = key.public_key
|
|
30
30
|
|
|
31
|
-
request.sign(key, OpenSSL::Digest
|
|
31
|
+
request.sign(key, OpenSSL::Digest.new('SHA256'))
|
|
32
32
|
|
|
33
33
|
[key, Varanus::SSL::CSR.new(request)]
|
|
34
34
|
end
|
|
@@ -87,6 +87,8 @@ class Varanus::SSL::CSR
|
|
|
87
87
|
@request.public_key.n.num_bytes * 8
|
|
88
88
|
when OpenSSL::PKey::DSA
|
|
89
89
|
@request.public_key.p.num_bytes * 8
|
|
90
|
+
when OpenSSL::PKey::EC
|
|
91
|
+
@request.public_key.group.degree
|
|
90
92
|
else
|
|
91
93
|
raise "Unknown public key type: #{@request.public_key.class}"
|
|
92
94
|
end
|
data/lib/varanus/ssl.rb
CHANGED
|
@@ -3,6 +3,23 @@
|
|
|
3
3
|
# An connection to the SSL/TSL API. This should not be initialized directly. Instead,
|
|
4
4
|
# use Varanus#ssl
|
|
5
5
|
class Varanus::SSL < Varanus::RestResource
|
|
6
|
+
# rubocop:disable Style/MutableConstant
|
|
7
|
+
# These constants are frozen, rubocop is failing to detect the freeze.
|
|
8
|
+
# See https://github.com/rubocop-hq/rubocop/issues/4406
|
|
9
|
+
REPORT_CERT_STATUS = { any: 0, requested: 1, issued: 2, revoked: 3, expired: 4 }
|
|
10
|
+
REPORT_CERT_STATUS.default_proc = proc { |_h, k|
|
|
11
|
+
raise ArgumentError, "Unknown certificateStatus: #{k.inspect}"
|
|
12
|
+
}
|
|
13
|
+
REPORT_CERT_STATUS.freeze
|
|
14
|
+
|
|
15
|
+
REPORT_CERT_DATE_ATTR = { revocation_date: 2, expiration_date: 3, request_date: 4,
|
|
16
|
+
issue_date: 5 }
|
|
17
|
+
REPORT_CERT_DATE_ATTR.default_proc = proc { |_h, k|
|
|
18
|
+
raise ArgumentError, "Unknown certificateDateAttribute: #{k.inspect}"
|
|
19
|
+
}
|
|
20
|
+
REPORT_CERT_DATE_ATTR.freeze
|
|
21
|
+
# rubocop:enable Style/MutableConstant
|
|
22
|
+
|
|
6
23
|
# Returns the option from #certificate_types that best matches the csr.
|
|
7
24
|
# @param csr [Varanus::SSL::CSR]
|
|
8
25
|
# @return [Hash] The option from {#certificate_types} that best matches the csr
|
|
@@ -30,7 +47,7 @@ class Varanus::SSL < Varanus::RestResource
|
|
|
30
47
|
# @return [Array<Hash>]
|
|
31
48
|
def certificate_types_standard days = nil
|
|
32
49
|
types = certificate_types.reject do |ct|
|
|
33
|
-
ct['name'] =~ /\b(?:EV|ECC|AMT|Elite)\b/
|
|
50
|
+
ct['name'] =~ /\b(?:EV|Extended Validation|ECC|AMT|Elite)\b/
|
|
34
51
|
end
|
|
35
52
|
types = types.select! { |t| t['terms'].include? days } unless days.nil?
|
|
36
53
|
|
|
@@ -60,10 +77,31 @@ class Varanus::SSL < Varanus::RestResource
|
|
|
60
77
|
get("ssl/v1/#{id}")
|
|
61
78
|
end
|
|
62
79
|
|
|
80
|
+
# List certs ids and serial numbers
|
|
63
81
|
def list opts = {}
|
|
64
82
|
get_with_size_and_position('ssl/v1', opts)
|
|
65
83
|
end
|
|
66
84
|
|
|
85
|
+
# Return a report (list) of SSL certs based on the options.
|
|
86
|
+
# The report includes a full set of details about the certs, not just the id/cn/serial
|
|
87
|
+
# +opts+ can include:
|
|
88
|
+
# (all are optional)
|
|
89
|
+
# - :organizationIds - Array - ids of organization/departments to include certs for
|
|
90
|
+
# - :certificateStatus - :any, :requested, :issued, :revoked, or :expired
|
|
91
|
+
# - :certificateDateAttribute - Specifies what fields :from and/or :to refer to.
|
|
92
|
+
# Can be: :revocation_date, :expiration_date,
|
|
93
|
+
# :request_date, or :issue_date
|
|
94
|
+
# - :from - Date - based on :certificateDateAttribute
|
|
95
|
+
# - :to - Date - based on :certificateDateAttribute
|
|
96
|
+
def report opts = { certificateStatus: :any }
|
|
97
|
+
# Default is to request any certificate status since the API call will fail if no
|
|
98
|
+
# options are passed
|
|
99
|
+
opts = { certificateStatus: :any } if opts.empty?
|
|
100
|
+
opts = _parse_report_opts(opts)
|
|
101
|
+
|
|
102
|
+
post('report/v1/ssl-certificates', opts)['reports']
|
|
103
|
+
end
|
|
104
|
+
|
|
67
105
|
# Revoke an ssl cert
|
|
68
106
|
# @param id [Integer] As returned by {#sign}
|
|
69
107
|
# @param reason [String] Reason for revoking. Sectigo's API will return an error if it
|
|
@@ -130,4 +168,24 @@ class Varanus::SSL < Varanus::RestResource
|
|
|
130
168
|
term ||= certificate_types.find { |ct| ct['id'] == cert_type_id }['terms'].min
|
|
131
169
|
term
|
|
132
170
|
end
|
|
171
|
+
|
|
172
|
+
def _parse_report_opts user_opts
|
|
173
|
+
api_opts = {}
|
|
174
|
+
user_opts.each do |key, val|
|
|
175
|
+
case key
|
|
176
|
+
when :organizationIds, :certificateRequestSource, :serialNumberFormat
|
|
177
|
+
api_opts[key] = val
|
|
178
|
+
when :from, :to
|
|
179
|
+
api_opts[key] = val.strftime('%Y-%m-%d')
|
|
180
|
+
when :certificateStatus
|
|
181
|
+
api_opts[key] = REPORT_CERT_STATUS[val]
|
|
182
|
+
when :certificateDateAttribute
|
|
183
|
+
api_opts[key] = REPORT_CERT_DATE_ATTR[val]
|
|
184
|
+
else
|
|
185
|
+
raise ArgumentError, "Unknown key: #{key.inspect}"
|
|
186
|
+
end
|
|
187
|
+
end
|
|
188
|
+
|
|
189
|
+
api_opts
|
|
190
|
+
end
|
|
133
191
|
end
|
data/lib/varanus/version.rb
CHANGED
data/lib/varanus.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: varanus
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sean Dilda
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-01-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|