varanus 0.7.1 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 271baf219a1247e588a20aba506a76e26668bad6c6ab55546f75fa697d04e3ff
-  data.tar.gz: 00c5bc35eeb4b56fdc94b18d969c7ac498ffc87a948db20fdc989fc4e90cf8d6
+  metadata.gz: 9c5717bc294e05caa49007dbf36c638ecf3a1d3e192aee421e51a73fec58246c
+  data.tar.gz: 54f6feea0b5b692d415dd2f9d5eff9d0d088f29e26d54a700467494f11904048
 SHA512:
-  metadata.gz: 70898c1f830700b0a2865656143c452dfeae4b9846e9c1b4730c5cd359d2c4f786e167758581d2028fc2c60588480382066cecc932d03b7355accb84ff21a0c3
-  data.tar.gz: de4d6791505e36cbaa157a0004e2405b90f1067c0953a892a0efb6fc622b671744779603620b3c142413043e4063cbd411cf2629acb3256a7fccc308e8be93ee
+  metadata.gz: 246eeabfd08d59b01f5b8e6cca4d5ec8b4c7a73223ee34d8ac86a1d459d286fdf965ed410a381b2312ab72e97f3c0b65dc0da77c8b31776e53253f10b9003a05
+  data.tar.gz: cdf0e60e8894b50e55f81901f0d441a7a3edf376856de12ea4a0bfc845267c3026926dcafabec14e7aebaf1292a25e6c8c0e76cbdfd9f346a9b18a3828021543

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: varanus
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.8.0
 platform: ruby
 authors:
 - Sean Dilda
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-31 00:00:00.000000000 Z
+date: 2024-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -189,36 +189,12 @@ email:
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
-- ".codeclimate.yml"
-- ".gitignore"
-- ".rubocop.yml"
-- ".travis.yml"
-- CHANGELOG.md
-- Gemfile
-- Gemfile.lock
-- LICENSE.txt
-- README.md
-- Rakefile
-- bin/console
-- bin/setup
-- docker-compose.yml
-- lib/varanus.rb
-- lib/varanus/dcv.rb
-- lib/varanus/domain.rb
-- lib/varanus/error.rb
-- lib/varanus/organization.rb
-- lib/varanus/reports.rb
-- lib/varanus/rest_resource.rb
-- lib/varanus/ssl.rb
-- lib/varanus/ssl/csr.rb
-- lib/varanus/version.rb
-- varanus.gemspec
+files: []
 homepage: https://github.com/duke-automation/varanus
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -233,8 +209,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.3.27
+signing_key:
 specification_version: 4
 summary: Interface for Sectigo's (formerly Comodo CA) API.
 test_files: []

data/.codeclimate.yml

@@ -1,4 +0,0 @@
-plugins:
-  rubocop:
-    enabled: true
-    channel: rubocop-0-59

data/.gitignore

@@ -1,9 +0,0 @@
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-/test.rb

data/.rubocop.yml

@@ -1,51 +0,0 @@
-AllCops:
-  NewCops: disable
-  TargetRubyVersion: 2.5
-
-Bundler/OrderedGems:
-  AutoCorrect: false
-
-Layout/LineLength:
-  Max: 90
-  Exclude:
-    - 'test/**/*'
-
-Metrics/AbcSize:
-  Max: 25
-  Exclude:
-    - 'test/**/*'
-
-Metrics/ClassLength:
-  Max: 125
-  Exclude:
-    - 'test/**/*'
-
-Metrics/MethodLength:
-  Max: 20
-  Exclude:
-    - 'test/**/*'
-
-Naming/FileName:
-  Exclude:
-    - Gemfile
-
-Style/ClassAndModuleChildren:
-  EnforcedStyle: compact
-
-Style/ConditionalAssignment:
-  Enabled: false
-
-Style/MethodDefParentheses:
-  EnforcedStyle: require_no_parentheses_except_multiline
-
-Style/NumericPredicate:
-  EnforcedStyle: comparison
-
-Style/RescueModifier:
-  AutoCorrect: false
-
-Style/SymbolArray:
-  EnforcedStyle: brackets
-
-Style/WordArray:
-  EnforcedStyle: brackets

data/.travis.yml

@@ -1,18 +0,0 @@
----
-env:
-  global:
-    - CC_TEST_REPORTER_ID=11ec0aee76479858801566bb43fd7d76eced4cbb2432bcead71db59dae21eaae
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.5
-  - 2.6
-  - 2.7
-before_install: gem install bundler -v 1.16.5
-before_script:
-  - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-  - chmod +x ./cc-test-reporter
-  - ./cc-test-reporter before-build
-after_script:
-  - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT

data/CHANGELOG.md

@@ -1,38 +0,0 @@
-### Version 0.7.1 (2022-01-31)
-* Varanus::SSL#certificate_types_standard - also exclude 'Extended Validation'
-
-### Version 0.7.0 (2020-02-03)
-* Add Varanus::Domain#report
-
-### Version 0.6.0 (2020-02-01)
-* Add Varanus::SSL#report
-* Varanus::Reports (Varanus#reports) is now deprecated.
-
-### Version 0.5.1 (2021-01-28)
-* Varanus::SSL::CSR - support EC certs
-
-### Version 0.5.0 (2021-01-26)
-* Add Varanus::Domain
-* Add Varanus::SSL#list and Varanus::SSL#info
-* Add Varanus::Organization
-
-### 0.4.0 (2021-01-06)
-* Add Varanus::DCV
-
-### 0.3.1 (2020-10-14)
-* Fix issue when Sectigo reports two identical 'Short Life' certs
-
-### 0.3.0 (2020-08-24)
-* Add support for new 'Short Life' certs
-
-### 0.2.1 (2018-11-13)
-* Increase timeout value for SSL requests
-
-### 0.2.0 (2018-11-09)
-* Added Varanus::SSL::CSR.generate
-* Added Reports
-  * Varanus::Reports#ssl - list of SSL/TLS certs
-  * Varanus::Reports#domains - list of domains validated with DCV
-
-### 0.1.0 (2018-11-07)
-* Initial release

data/Gemfile

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
-
-# Specify your gem's dependencies in varanus.gemspec
-gemspec

data/Gemfile.lock

@@ -1,108 +0,0 @@
-PATH
-  remote: .
-  specs:
-    varanus (0.7.1)
-      faraday
-      faraday_middleware
-      savon (~> 2.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    addressable (2.7.0)
-      public_suffix (>= 2.0.2, < 5.0)
-    akami (1.3.1)
-      gyoku (>= 0.4.0)
-      nokogiri
-    ast (2.4.1)
-    builder (3.2.4)
-    crack (0.4.5)
-      rexml
-    docile (1.3.4)
-    faraday (1.3.0)
-      faraday-net_http (~> 1.0)
-      multipart-post (>= 1.2, < 3)
-      ruby2_keywords
-    faraday-net_http (1.0.0)
-    faraday_middleware (1.0.0)
-      faraday (~> 1.0)
-    gyoku (1.3.1)
-      builder (>= 2.1.2)
-    hashdiff (1.0.1)
-    httpi (2.4.5)
-      rack
-      socksify
-    minitest (5.14.3)
-    minitest-rg (5.2.0)
-      minitest (~> 5.0)
-    mocha (1.12.0)
-    multipart-post (2.1.1)
-    nokogiri (1.11.1-x86_64-linux)
-      racc (~> 1.4)
-    nori (2.6.0)
-    parallel (1.20.1)
-    parser (3.0.0.0)
-      ast (~> 2.4.1)
-    public_suffix (4.0.6)
-    racc (1.5.2)
-    rack (2.2.3)
-    rainbow (3.0.0)
-    rake (10.5.0)
-    regexp_parser (2.0.3)
-    rexml (3.2.4)
-    rubocop (1.7.0)
-      parallel (~> 1.10)
-      parser (>= 2.7.1.5)
-      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.2.0, < 2.0)
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (1.4.0)
-      parser (>= 2.7.1.5)
-    ruby-progressbar (1.11.0)
-    ruby2_keywords (0.0.2)
-    savon (2.12.1)
-      akami (~> 1.2)
-      builder (>= 2.1.2)
-      gyoku (~> 1.2)
-      httpi (~> 2.3)
-      nokogiri (>= 1.8.1)
-      nori (~> 2.4)
-      wasabi (~> 3.4)
-    simplecov (0.21.1)
-      docile (~> 1.1)
-      simplecov-html (~> 0.11)
-      simplecov_json_formatter (~> 0.1)
-    simplecov-html (0.12.3)
-    simplecov_json_formatter (0.1.2)
-    socksify (1.7.1)
-    unicode-display_width (1.7.0)
-    wasabi (3.6.1)
-      addressable
-      httpi (~> 2.0)
-      nokogiri (>= 1.4.2)
-    webmock (3.11.0)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff (>= 0.4.0, < 2.0.0)
-    yard (0.9.26)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.16)
-  minitest (~> 5.0)
-  minitest-rg
-  mocha
-  rake (~> 10.0)
-  rubocop
-  simplecov
-  varanus!
-  webmock
-  yard
-
-BUNDLED WITH
-   1.17.3

data/LICENSE.txt

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2018 Duke University
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

data/README.md

@@ -1,104 +0,0 @@
-# Varanus
-
-This gem provides an interface to Sectigo's (formerly Comodo CA) APIs for working
-with SSL/TLS certificates as well as its reporting API.
-
-Support for Sectigo's other APIs (S/MIME, code signing, device certificates, etc) may
-be added at a later date.  Merge requests to add some of this functionality would be
-greatly appreciated.
-
-[![Build Status](https://travis-ci.org/duke-automation/varanus.svg?branch=master)](https://travis-ci.org/duke-automation/varanus)
-[![Gem Version](https://badge.fury.io/rb/varanus.svg)](http://badge.fury.io/rb/varanus)
-[![Maintainability](https://api.codeclimate.com/v1/badges/593ef1aa2ba757b5374f/maintainability)](https://codeclimate.com/github/duke-automation/varanus/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/593ef1aa2ba757b5374f/test_coverage)](https://codeclimate.com/github/duke-automation/varanus/test_coverage)
-
-## Usage
-
-#### Generate and sign SSL cert
-
-```ruby
-key, csr = Varanus::SSL::CSR.generate(['example.com'])
-varanus = Varanus.new(customer_uri, username, password)
-id = varanus.ssl.sign csr, org_id
-begin
-  cert = varanus.ssl.collect id
-rescue Varanus::Error::StillProcessing
-  sleep 1
-  retry
-end
-puts key
-puts cert
-```
-
-#### Sign SSL cert from CSR
-
-```ruby
-csr = File.read('/path/to/file.csr')
-varanus = Varanus.new(customer_uri, username, password)
-id = varanus.ssl.sign csr, org_id
-begin
-  cert = varanus.ssl.collect id
-rescue Varanus::Error::StillProcessing
-  sleep 1
-  retry
-end
-puts cert
-```
-
-#### Revoke SSL cert
-
-```ruby
-Varanus.new(customer_uri, username, password).ssl.revoke(id)
-```
-
-#### Reports
-
-Report on all SSL certs
-```ruby
-pp Varanus.new(customer_uri, usernams, password).reports.ssl
-```
-
-Report on all domains (DCV status)
-```ruby
-pp Varanus.new(customer_uri, usernams, password).reports.domains
-```
-
-#### Authentication
-
-Authentication requires the same credentials you use to login to cert-manager.com as well as the ```customer_uri```.  If your URL to log into cert-manager.com is https://cert-manager.com/customer/MyCompany then your ```customer_uri``` will be ```'MyCompany'```
-
-#### Finding Organization Id (org_id)
-
-Signing a cert requires specifying an ```org_id```.  Each department in cert-manager.com has an associated ```org_id```.
-
-To find the ```org_id```, log into cert-manager.com, go to **Settings** -> **Departments**, then click to edit the department you are interested in.  The value you want is in the **OrgID** field.
-
-## Installation
-
-Add this line to your application's Gemfile:
-
-```ruby
-gem 'varanus'
-```
-
-And then execute:
-
-    $ bundle
-
-Or install it yourself as:
-
-    $ gem install varanus
-
-## Development
-
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
-
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
-
-## Contributing
-
-Bug reports and pull requests are welcome on GitHub at https://github.com/duke-automation/varanus.
-
-## License
-
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-
-require 'bundler/gem_tasks'
-require 'rake/testtask'
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'test'
-  t.libs << 'lib'
-  t.test_files = FileList['test/**/*_test.rb']
-end
-
-task default: :test

data/bin/console

@@ -1,15 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require 'bundler/setup'
-require 'varanus'
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require 'irb'
-IRB.start(__FILE__)

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/docker-compose.yml

@@ -1,11 +0,0 @@
-version: '3'
-services:
-  console:
-    image: ruby:2.5
-    volumes:
-      - .:/app:z
-    hostname: varanus-dev
-    working_dir: /app
-    stdin_open: true
-    tty: true
-    command: bash -c './bin/setup && ./bin/console'

data/lib/varanus/dcv.rb

@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-
-# An connection to the DCV API.  This should not be initialized directly.  Instead,
-# use Varanus#dcv
-class Varanus::DCV < Varanus::RestResource
-  # Returns an Array of DCV information about searched for domains.
-  # This method will automatically page through all results
-  # @param opts [Hash] - all opts are optional
-  # @option opts [String] :domain Domain to search for
-  # @option opts [Integer] :org ID of organization
-  # @option opts [Integer] :department ID of department
-  # @option opts [String] :dcvStatus
-  # @option opts [String] :orderStatus
-  # @option opts [Integer] :expiresIn Expires in (days)
-  #
-  # Results will included an extra 'expiration_date_obj' if 'expirationDate' is in the
-  # response
-  def search opts = {}
-    get_with_size_and_position('dcv/v2/validation', opts).map(&method(:_format_status))
-  end
-
-  # Start domain validation process.  This must be called before #submit is called
-  # @option domain [String] domain to validate
-  # @option type [String] Type of validation. Must be one of 'http', 'https', 'cname',
-  #                       or 'email'
-  def start domain, type
-    post("dcv/v1/validation/start/domain/#{type}", domain: domain)
-  end
-
-  # Retrieve DCV status for a single domain
-  # Result will included an extra 'expiration_date_obj' if 'expirationDate' is in the
-  # response
-  def status domain
-    _format_status(post('dcv/v2/validation/status', domain: domain))
-  end
-
-  # Submit domain validation for verficiation.  This must be called after #start
-  # @option domain [String] domain to validate
-  # @option type [String] Type of validation. Must be one of 'http', 'https', 'cname',
-  #                       or 'email'
-  # @option email_address [String] This is required of +type+ is 'email'. Otherwise, it is
-  #                                ignored.
-  def submit domain, type, email_address = nil
-    if type.to_s == 'email'
-      raise ArgumentError, 'email_address must be specified' if email_address.nil?
-
-      post('dcv/v1/validation/submit/domain/email', domain: domain,
-                                                    email: email_address)
-    else
-      post("dcv/v1/validation/submit/domain/#{type}", domain: domain)
-    end
-  end
-
-  private
-
-  def _format_status status
-    return status unless status['expirationDate']
-
-    status.merge('expiration_date_obj' =>
-                   Date.strptime(status['expirationDate'], '%Y-%m-%d'))
-  end
-end

data/lib/varanus/domain.rb

@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-
-# A connection to the Domain API
-class Varanus::Domain < Varanus::RestResource
-  # Create a new domain.  The domain may need to be manually approved after this is
-  # called.
-  # +name+ is the domain
-  # +delegations+ is an Array of Hashes.  Each Hash should have an 'orgId' and
-  #                                       'certTypes' key
-  # opts may include the following keys:
-  #  - :description - optional - String
-  #  - :active - optional - Boolean (defaults to +true+)
-  #  - :allow_subdomains - optional - set to +false+ if you don't want to allow sub
-  #                                   domains for this entry
-  #
-  # @returns [String] - URL for newly created domain
-  def create domain, delegations, opts = {}
-    opts = opts.dup
-    allow_subdomains = opts.delete(:allow_subdomains)
-    domain = "*.#{domain}" if allow_subdomains != false && !domain.start_with?('*.')
-
-    result = @varanus.connection.post('domain/v1',
-                                      opts.merge(name: domain, delegations: delegations))
-    check_result result
-    result.headers['Location']
-  end
-
-  # Return info on domain.  +id+ must be the id returned by #list
-  def info id
-    get("domain/v1/#{id}")
-  end
-
-  def list opts = {}
-    get_with_size_and_position('domain/v1', opts)
-  end
-
-  def list_with_info opts = {}
-    domains = list(opts)
-    domains.map! { |domain| info(domain['id']) }
-    domains
-  end
-
-  def report
-    post('report/v1/domains', {})['reports']
-  end
-end

data/lib/varanus/error.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-# Error returned from the Sectigo API
-class Varanus::Error < StandardError
-  # @return [Integer] Code associated with error
-  attr_reader :code
-
-  def initialize code, msg
-    @code = code
-    super(msg)
-  end
-end
-
-# Certificate is still being signed.
-class Varanus::Error::StillProcessing < Varanus::Error; end

data/lib/varanus/organization.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-# A connection to the Organization API
-class Varanus::Organization < Varanus::RestResource
-  # Return info on organization.
-  def info id
-    get("organization/v1/#{id}")
-  end
-
-  def list
-    get('organization/v1')
-  end
-end

data/lib/varanus/reports.rb

@@ -1,72 +0,0 @@
-# frozen_string_literal: true
-
-# An connection to the Reports API.  This should not be initialized directly.  Instead,
-# use Varanus#reports
-class Varanus::Reports
-  SSL_CERT_STATUSES = {
-    any: 0,
-    requested: 1,
-    downloaded: 2,
-    revoked: 3,
-    expired: 4,
-    pending_download: 5,
-    not_enrolled: 6
-  }.freeze
-
-  # @note Do not call this directly.  Use {Varanus#reports} to initialize
-  def initialize varanus
-    @varanus = varanus
-  end
-
-  # DEPRECATED: Please use Varanus::Domain#list_with_info instead.
-  def domains
-    warn 'DEPRECATION WARNING: Varanus::Reports#domains is deprecated.  ' \
-         'Use Varanus::Domain#report instead'
-    r = soap_call :get_domain_report, {}
-    format_results r[:report_row_domains]
-  end
-
-  # DEPRECATED: Please use Varanus::SSL#report instead.
-  def ssl opts = {}
-    warn 'DEPRECATION WARNING: Varanus::Reports#ssl is deprecated.  ' \
-         'Use Varanus::SSL#report instead'
-
-    msg = { organizationNames: nil, certificateStatus: 0 }
-
-    msg[:organizationNames] = Array(opts[:orgs]).join(',') if opts.include? :orgs
-    if opts.include? :status
-      msg[:certificateStatus] = SSL_CERT_STATUSES[opts[:status]]
-      raise ArgumentError, 'Invalid status' if msg[:certificateStatus].nil?
-    end
-
-    r = soap_call :get_SSL_report, msg
-    format_results r[:reports]
-  end
-
-  private
-
-  def format_results results
-    if results.is_a? Hash
-      [results]
-    else
-      results.to_a
-    end
-  end
-
-  def savon
-    @savon ||= Savon.client(
-      namespace: 'http://report.ws.epki.comodo.com/',
-      endpoint: 'https://cert-manager.com:443/ws/ReportService',
-      log: false
-    )
-  end
-
-  def soap_call func, opts = {}
-    msg = opts.dup
-    msg[:authData] = { customerLoginUri: @varanus.customer_uri, login: @varanus.username,
-                       password: @varanus.password }
-
-    result = savon.call func, message: msg
-    result.body[(func.to_s.downcase + '_response').to_sym][:return]
-  end
-end

data/lib/varanus/rest_resource.rb

@@ -1,56 +0,0 @@
-# frozen_string_literal: true
-
-# An abstract class for rest resources
-# Rest resources should not be initialized directly.  They should be created by methods
-# on Varanus
-class Varanus::RestResource
-  # :nodoc:
-  def initialize varanus
-    @varanus = varanus
-  end
-
-  private
-
-  def check_result result
-    body = result.body
-    return unless body.is_a?(Hash)
-    return if body['code'].nil?
-
-    klass = Varanus::Error
-    if body['code'] == 0 && body['description'] =~ /process/
-      klass = Varanus::Error::StillProcessing
-    end
-
-    raise klass.new(body['code'], body['description'])
-  end
-
-  def get path, *args
-    result = @varanus.connection.get(path, *args)
-    check_result result
-    result.body
-  end
-
-  # Performs multiple GETs with varying positions to ensure all results are returned.
-  def get_with_size_and_position path, opts = {}
-    size = opts[:size] || 200
-    position = opts[:position] || 0
-
-    results = []
-    loop do
-      params = { size: size, position: position }.merge(opts)
-      new_results = get(path, params)
-      results += new_results
-      break if new_results.length < size
-
-      position += size
-    end
-
-    results
-  end
-
-  def post path, *args
-    result = @varanus.connection.post(path, *args)
-    check_result result
-    result.body
-  end
-end

data/lib/varanus/ssl/csr.rb

@@ -1,131 +0,0 @@
-# frozen_string_literal: true
-
-# Wrapper class around a OpenSSL::X509::Request
-# Provides helper functions to make reading information from the CSR easier
-class Varanus::SSL::CSR
-  # Key size used when calling {.generate}
-  DEFAULT_KEY_SIZE = 4096
-
-  # Generate a CSR
-  # @param names [Array<String>] List of DNS names.  The first one will be the CN
-  # @param key [OpenSSL::PKey::RSA, OpenSSL::PKey::DSA, nil] Secret key for the cert.
-  #   A DSA key will be generated if +nil+ is passed in.
-  # @param subject [Hash] Options for the subject of the cert.  By default only CN will
-  #   be set
-  # @return [Array(OpenSSL::PKey::PKey, Varanus::SSL::CSR)] The private key for the cert
-  #   and CSR
-  def self.generate names, key = nil, subject = {}
-    raise ArgumentError, 'names cannot be empty' if names.empty?
-
-    subject = subject.dup
-    subject['CN'] = names.first
-
-    key ||= OpenSSL::PKey::DSA.new(DEFAULT_KEY_SIZE)
-
-    request = OpenSSL::X509::Request.new
-    request.version = 0
-    request.subject = OpenSSL::X509::Name.parse subject.map { |k, v| "/#{k}=#{v}" }.join
-    request.add_attribute names_to_san_attribute(names)
-    request.public_key = key.public_key
-
-    request.sign(key, OpenSSL::Digest.new('SHA256'))
-
-    [key, Varanus::SSL::CSR.new(request)]
-  end
-
-  # :nodoc:
-  # Create a Subject Alternate Names attribute from an Array of dns names
-  def self.names_to_san_attribute names
-    ef = OpenSSL::X509::ExtensionFactory.new
-    name_str = names.map { |n| "DNS:#{n}" }.join(', ')
-    ext = ef.create_extension('subjectAltName', name_str, false)
-    seq = OpenSSL::ASN1::Sequence([ext])
-    ext_req = OpenSSL::ASN1::Set([seq])
-    OpenSSL::X509::Attribute.new('extReq', ext_req)
-  end
-
-  # Common Name (CN) for cert.
-  # @return [String]
-  attr_reader :cn
-
-  # OpenSSL::X509::Request representation of CSR
-  # @return [OpenSSL::X509::Request]
-  attr_reader :request
-
-  # @param csr [String, OpenSSL::X509::Request]
-  def initialize csr
-    if csr.is_a? OpenSSL::X509::Request
-      @request = csr
-      @text = csr.to_s
-    else
-      @text = csr.to_s
-      @request = OpenSSL::X509::Request.new @text
-    end
-
-    raise 'Improperly signed CSR' unless @request.verify @request.public_key
-
-    cn_ref = @request.subject.to_a.find { |a| a[0] == 'CN' }
-    @cn = cn_ref && cn_ref[1].downcase
-
-    _parse_sans
-
-    # If we have no CN or SAN, raise an error
-    raise 'CSR must have a CN and/or subjectAltName' if @cn.nil? && @sans.empty?
-  end
-
-  # Unique list of all DNS names for cert (CN and subject alt names)
-  # @return [Array<String>]
-  def all_names
-    ([@cn] + @sans).compact.uniq
-  end
-
-  # Key size for the cert
-  # @return [Integer]
-  def key_size
-    case @request.public_key
-    when OpenSSL::PKey::RSA
-      @request.public_key.n.num_bytes * 8
-    when OpenSSL::PKey::DSA
-      @request.public_key.p.num_bytes * 8
-    when OpenSSL::PKey::EC
-      @request.public_key.group.degree
-    else
-      raise "Unknown public key type: #{@request.public_key.class}"
-    end
-  end
-
-  # PEM format for cert
-  def to_s
-    @text
-  end
-
-  # DNS subject alt names
-  # @return [Array<String>]
-  def subject_alt_names
-    @sans
-  end
-
-  private
-
-  def _parse_sans
-    extensions = @request.attributes.select { |at| at.oid == 'extReq' }
-    sans_extensions = extensions.flat_map do |extension|
-      extension.value.value[0].value
-               .select { |ext| ext.first.value == 'subjectAltName' }
-               .map { |ext| ext.value.last }
-    end
-    @sans = sans_extensions.compact.flat_map do |san|
-      _parse_sans_extension san
-    end
-  end
-
-  def _parse_sans_extension ext
-    OpenSSL::ASN1.decode(ext.value).map do |s_entry|
-      unless s_entry.tag == 2 && s_entry.tag_class == :CONTEXT_SPECIFIC
-        raise "unknown tag #{s_entry.tag}"
-      end
-
-      s_entry.value.downcase
-    end
-  end
-end

data/lib/varanus/ssl.rb

@@ -1,191 +0,0 @@
-# frozen_string_literal: true
-
-# An connection to the SSL/TSL API.  This should not be initialized directly.  Instead,
-# use Varanus#ssl
-class Varanus::SSL < Varanus::RestResource
-  # rubocop:disable Style/MutableConstant
-  # These constants are frozen, rubocop is failing to detect the freeze.
-  # See https://github.com/rubocop-hq/rubocop/issues/4406
-  REPORT_CERT_STATUS = { any: 0, requested: 1, issued: 2, revoked: 3, expired: 4 }
-  REPORT_CERT_STATUS.default_proc = proc { |_h, k|
-    raise ArgumentError, "Unknown certificateStatus: #{k.inspect}"
-  }
-  REPORT_CERT_STATUS.freeze
-
-  REPORT_CERT_DATE_ATTR = { revocation_date: 2, expiration_date: 3, request_date: 4,
-                            issue_date: 5 }
-  REPORT_CERT_DATE_ATTR.default_proc = proc { |_h, k|
-    raise ArgumentError, "Unknown certificateDateAttribute: #{k.inspect}"
-  }
-  REPORT_CERT_DATE_ATTR.freeze
-  # rubocop:enable Style/MutableConstant
-
-  # Returns the option from #certificate_types that best matches the csr.
-  # @param csr [Varanus::SSL::CSR]
-  # @return [Hash] The option from {#certificate_types} that best matches the csr
-  def certificate_type_from_csr csr, days = nil
-    types = certificate_types_standard(days)
-    return types.first if types.length <= 1
-
-    regexp = cert_type_regexp(csr)
-    typ = types.find { |ct| ct['name'] =~ regexp } if regexp
-    return typ unless typ.nil?
-
-    types.find do |ct|
-      ct['name'] =~ /\bSSL\b/ && ct['name'] !~ /(?:Multi.?Domain|Wildcard)/i
-    end
-  end
-
-  # Certificate types that can be used to sign a cert
-  # @return [Array<Hash>]
-  def certificate_types
-    @certificate_types ||= get('ssl/v1/types')
-  end
-
-  # Return Array of certificate types based on standard sorting.
-  # @param days [Integer] if present, only include types that support the given day count
-  # @return [Array<Hash>]
-  def certificate_types_standard days = nil
-    types = certificate_types.reject do |ct|
-      ct['name'] =~ /\b(?:EV|Extended Validation|ECC|AMT|Elite)\b/
-    end
-    types = types.select! { |t| t['terms'].include? days } unless days.nil?
-
-    types
-  end
-
-  # Retrieves the cert.
-  # @param id [Integer] As returned by {#sign}
-  # @param type [String]
-  #
-  # +type+ can be one of:
-  #  'x509'    - X509 format - cert and chain (default)
-  #  'x509CO'  - X509 format - cert only
-  #  'x509IO'  - X509 format - intermediates/root only
-  #  'x590IOR' - X509 format - intermediates/root only reversed
-  #  'base64'  - PKCS#7 base64 encoded
-  #  'bin'     - PKCS#7 bin encoded
-  #
-  # @raise [Varanus::Error::StillProcessing] Cert is still being signed
-  # @return [String] Certificate
-  def collect id, type = 'x509'
-    get("ssl/v1/collect/#{id}/#{type}")
-  end
-
-  # Returns info on the SSL certificate of the given name
-  def info id
-    get("ssl/v1/#{id}")
-  end
-
-  # List certs ids and serial numbers
-  def list opts = {}
-    get_with_size_and_position('ssl/v1', opts)
-  end
-
-  # Return a report (list) of SSL certs based on the options.
-  # The report includes a full set of details about the certs, not just the id/cn/serial
-  # +opts+ can include:
-  # (all are optional)
-  # - :organizationIds - Array - ids of organization/departments to include certs for
-  # - :certificateStatus - :any, :requested, :issued, :revoked, or :expired
-  # - :certificateDateAttribute - Specifies what fields :from and/or :to refer to.
-  #                               Can be: :revocation_date, :expiration_date,
-  #                                       :request_date, or :issue_date
-  # - :from - Date - based on :certificateDateAttribute
-  # - :to - Date - based on :certificateDateAttribute
-  def report opts = { certificateStatus: :any }
-    # Default is to request any certificate status since the API call will fail if no
-    # options are passed
-    opts = { certificateStatus: :any } if opts.empty?
-    opts = _parse_report_opts(opts)
-
-    post('report/v1/ssl-certificates', opts)['reports']
-  end
-
-  # Revoke an ssl cert
-  # @param id [Integer] As returned by {#sign}
-  # @param reason [String] Reason for revoking. Sectigo's API will return an error if it
-  #   is blank.
-  def revoke id, reason
-    post("ssl/v1/revoke/#{id}", reason: reason)
-    nil
-  end
-
-  # Sign an SSL cert.  Returns the id of the SSL cert
-  # @param csr [Varanus::SSL::CSR, OpenSSL::X509::Request, String] CSR to sign
-  # @param org_id [Integer] your organization id on cert-manager.com
-  # @param opts [Hash]
-  # @option opts [String] :comments ('') Limited to 1,024 characters
-  # @option opts [String] :external_requester ('') email address associated with cert on
-  #   cert-manager.com - limited to 512 characters
-  # @option opts [String, Integer] :cert_type name(String) or id(Integer) of the cert
-  #   type to use.  If none is specified, Varanus will attempt to find one
-  # @option opts [Integer] :years number of years cert should be valid for (this number
-  #   is multiplied by 365  and used as days)
-  # @option opts [Integer] :days  number of days cert should be valid for (if none is
-  #   specified, lowest allowed for the cert type will be used)
-  # @return [Integer] Id of SSL cert.
-  def sign csr, org_id, opts = {}
-    opts[:days] ||= opts[:years] * 365 unless opts[:years].nil?
-    csr = Varanus::SSL::CSR.new(csr) unless csr.is_a?(Varanus::SSL::CSR)
-    cert_type_id = opts_to_cert_type_id opts, csr
-    args = {
-      orgId: org_id,
-      csr: csr.to_s,
-      subjAltNames: csr.subject_alt_names.join(','),
-      certType: cert_type_id,
-      term: opts_to_term(opts, cert_type_id),
-      serverType: -1,
-      comments: opts[:comments].to_s[0, 1024],
-      externalRequester: opts[:external_requester].to_s[0, 512]
-    }
-    post('ssl/v1/enroll', args)['sslId']
-  end
-
-  private
-
-  def cert_type_regexp csr
-    return /Wildcard.+SSL/i if csr.all_names.any? { |n| n.start_with?('*.') }
-
-    return /Multi.?Domain.+SSL/i if csr.subject_alt_names.any?
-
-    nil
-  end
-
-  def opts_to_cert_type_id opts, csr
-    case opts[:cert_type]
-    when Integer
-      opts[:cert_type]
-    when String
-      certificate_types.find { |ct| ct['name'] == opts[:cert_type] }['id']
-    else
-      certificate_type_from_csr(csr, opts[:days])['id']
-    end
-  end
-
-  def opts_to_term opts, cert_type_id
-    term = opts[:days]
-    term ||= certificate_types.find { |ct| ct['id'] == cert_type_id }['terms'].min
-    term
-  end
-
-  def _parse_report_opts user_opts
-    api_opts = {}
-    user_opts.each do |key, val|
-      case key
-      when :organizationIds, :certificateRequestSource, :serialNumberFormat
-        api_opts[key] = val
-      when :from, :to
-        api_opts[key] = val.strftime('%Y-%m-%d')
-      when :certificateStatus
-        api_opts[key] = REPORT_CERT_STATUS[val]
-      when :certificateDateAttribute
-        api_opts[key] = REPORT_CERT_DATE_ATTR[val]
-      else
-        raise ArgumentError, "Unknown key: #{key.inspect}"
-      end
-    end
-
-    api_opts
-  end
-end

data/lib/varanus/version.rb

@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-
-class Varanus
-  VERSION = '0.7.1'
-end

data/lib/varanus.rb

@@ -1,77 +0,0 @@
-# frozen_string_literal: true
-
-# Interface for Sectigo's (formerly Comodo CA) API.
-class Varanus
-  attr_reader :customer_uri, :username, :password
-
-  # @param customer_uri [String]
-  #   (see {file:README.md#label-Finding+Organization+Id+-28org_id-29})
-  # @param username [String]
-  # @param password [String]
-  def initialize customer_uri, username, password
-    @customer_uri = customer_uri
-    @username = username
-    @password = password
-  end
-
-  # :nodoc:
-  def connection
-    @connection ||= Faraday.new(url: 'https://cert-manager.com/api',
-                                request: { timeout: 300 }) do |conn|
-      conn.request :json
-      conn.response :json, content_type: /\bjson$/
-
-      conn.headers['login'] = @username
-      conn.headers['password'] = @password
-      conn.headers['customerUri'] = @customer_uri
-
-      conn.adapter Faraday.default_adapter
-    end
-  end
-
-  # Retrive DCV instance
-  # @return [Varanus::DCV]
-  def dcv
-    @dcv ||= DCV.new(self)
-  end
-
-  # Retrieve Domain instance
-  # @return [Varanus::Domain]
-  def domain
-    @domain ||= Domain.new(self)
-  end
-
-  # Retrieve Organization instance
-  # @return [Varanus::Organization]
-  def organization
-    @organization ||= Organization.new(self)
-  end
-
-  # DEPRECATED
-  def reports
-    @reports ||= Reports.new(self)
-  end
-
-  # Retrive SSL instance
-  # @return [Varanus::SSL]
-  def ssl
-    @ssl ||= SSL.new(self)
-  end
-end
-
-# stdlib/gem requires
-require 'faraday'
-require 'faraday_middleware'
-require 'openssl'
-require 'savon'
-
-# Require other files in this gem
-require 'varanus/error'
-require 'varanus/rest_resource'
-require 'varanus/dcv'
-require 'varanus/domain'
-require 'varanus/organization'
-require 'varanus/reports'
-require 'varanus/ssl'
-require 'varanus/ssl/csr'
-require 'varanus/version'

data/varanus.gemspec

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-lib = File.expand_path('lib', __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'varanus/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = 'varanus'
-  spec.version       = Varanus::VERSION
-  spec.authors       = ['Sean Dilda']
-  spec.email         = ['sean@duke.edu']
-
-  spec.summary       = "Interface for Sectigo's (formerly Comodo CA) API."
-  spec.description   = <<~DESCRIPTION
-    This gem provides an interface to Sectigo's (formerly Comodo CA) APIs for working
-    with SSL/TLS certificates as well as its reporting API.
-
-    Support for Sectigo's other APIs (S/MIME, code signing, device certificates, etc) may
-    be added at a later date.
-  DESCRIPTION
-  spec.homepage      = 'https://github.com/duke-automation/varanus'
-  spec.license       = 'MIT'
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path(__dir__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  end
-  spec.require_paths = ['lib']
-  spec.required_ruby_version = '>= 2.5.0'
-
-  spec.add_development_dependency 'bundler', '~> 1.16'
-  spec.add_development_dependency 'minitest', '~> 5.0'
-  spec.add_development_dependency 'minitest-rg'
-  spec.add_development_dependency 'mocha'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rubocop'
-  spec.add_development_dependency 'simplecov'
-  spec.add_development_dependency 'webmock'
-  spec.add_development_dependency 'yard'
-
-  spec.add_runtime_dependency 'faraday'
-  spec.add_runtime_dependency 'faraday_middleware'
-  spec.add_runtime_dependency 'savon', '~> 2.0'
-end