RubyGems - vcert - Versions diffs - 0.2.0 → 0.3.1 - Mend

vcert 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 64e42e07f9d888bfb7ce44fb88012806021ddc027d153f85c8d525862f974b30
-  data.tar.gz: '08cce53508dac0bd413f4b5d9ce5279995cdf9c4f09f85be1936e9f6255ab529'
+  metadata.gz: 4bcc98fd562fcb5c015d138eb9728a53f6c0c2a7009680e4f2df3765c6e2a6a9
+  data.tar.gz: e123df63ec44aae86e435830692463f75c0363697556f701b027da87f73a0b74
 SHA512:
-  metadata.gz: 11ac60359d93852be73e6d55440f9453525258f9ee88727fbdf98e8bc899e01264b385589a6b0f77979af8af497689ba152bc94fdc66589a7d12190659c1644c
-  data.tar.gz: 02e16121c702f97653271b3e8b1c172ec1cce57b8e3fbfec2b011a3c87cb5a87f7583b3c6ffdbb8ffb6b162e8379acc1cb2afa94d888da8e9ca9578554e29f98
+  metadata.gz: d1a9b791f98b2e4c33ba0f8ff09226ece7944d70dc8a6030cc8f944f26f33117c1d5a42e7c210c29f796105aa32e8f2fb54371b7b8075e8f70858a9c06d0379f
+  data.tar.gz: b5a01c97e9242a0dabd5b0e670d23e22ce10010bcb38cd6bc126e106c4a9395cce956b35b61e3fab74d531ac277b4ba71167c3e473384f167374ec9559d84f22

data/lib/cloud/cloud.rb CHANGED Viewed

@@ -1,12 +1,13 @@
 require 'json'
 require 'utils/utils'
+require 'addressable/uri'
 class Vcert::CloudConnection
   CLOUD_PREFIX = '<Cloud>'.freeze
   def initialize(url, apikey)
     @url = if url.nil?
-             'https://api.venafi.cloud/v1'.freeze
+             'https://api.venafi.cloud'.freeze
            else
              url
            end
@@ -15,8 +16,12 @@ class Vcert::CloudConnection
   def request(zone_tag, request)
-    zone_id = get_zoneId_by_tag(zone_tag)
-    _, data = post(URL_CERTIFICATE_REQUESTS, {:zoneId => zone_id, :certificateSigningRequest => request.csr})
+    zone_config = zone_configuration(zone_tag)
+    _, data = post(URL_CERTIFICATE_REQUESTS, {:applicationId => zone_config.app_id,
+                                              :certificateIssuingTemplateId=>zone_config.cit_id,
+                                              :certificateSigningRequest => request.csr,
+                                              :apiClientInformation => getApiClientInformation
+    })
     LOG.debug("Raw response to certificate request:")
     LOG.debug(JSON.pretty_generate(data))
     request.id = data['certificateRequests'][0]["id"]
@@ -34,7 +39,8 @@ class Vcert::CloudConnection
       when CERT_STATUS_FAILED
         raise Vcert::ServerUnexpectedBehaviorError, "Certificate issue status is FAILED"
       when CERT_STATUS_ISSUED
-        status, full_chain = get(URL_CERTIFICATE_RETRIEVE % request.id + "?chainOrder=#{CHAIN_OPTION_ROOT_LAST}&format=PEM")
+        cert_arr = data["certificateIds"]
+        status, full_chain = get(URL_CERTIFICATE_RETRIEVE % cert_arr[0] + "?chainOrder=#{CHAIN_OPTION_ROOT_LAST}&format=PEM")
         if status == 200
           cert = parse_full_chain full_chain
           if cert.private_key == nil
@@ -57,30 +63,38 @@ class Vcert::CloudConnection
       raise Vcert::ClientBadDataError, "Either request ID or certificate thumbprint is required to renew the certificate"
     end
     if request.thumbprint != nil
-      manage_id = search_by_thumbprint(request.thumbprint)
+      cert_id, request_id = search_by_thumbprint(request.thumbprint)
     end
     if request.id != nil
       prev_request = get_cert_status(request)
-      manage_id = prev_request[:manage_id]
+      request_id = request.id
       zone = prev_request[:zoneId]
     end
-    if manage_id == nil
-      raise Vcert::VcertError, "Can't find the existing certificate"
+    if request_id == nil
+      raise Vcert::VcertError, "Can't find the existing certificate request id"
     end
-    status, data = get(URL_MANAGED_CERTIFICATE_BY_ID % manage_id)
+    status, data = get(URL_CERTIFICATE_STATUS % request_id)
     if status == 200
-      request.id = data['latestCertificateRequestId']
+      request.id = data['id']
+      cert_id = data['certificateIds'][0]
     else
       raise Vcert::ServerUnexpectedBehaviorError, "Status #{status}"
     end
-    if zone == nil
+    if prev_request == nil
       prev_request = get_cert_status(request)
-      zone = prev_request[:zoneId]
     end
-    d = {existingManagedCertificateId: manage_id, zoneId: zone}
+    d = {existingCertificateId: cert_id,
+         applicationId: data["applicationId"],
+         certificateIssuingTemplateId: data["certificateIssuingTemplateId"],
+         apiClientInformation: getApiClientInformation
+    }
     if request.csr?
       d.merge!(certificateSigningRequest: request.csr)
       d.merge!(reuseCSR: false)
@@ -96,7 +110,8 @@ class Vcert::CloudConnection
           organizational_unit: parsed_csr[:OU])
       d.merge!(certificateSigningRequest: renew_request.csr)
     else
-      d.merge!(reuseCSR: true)
+      raise Vcert::VcertError, "This operation is not yet supported"
+      #d.merge!(reuseCSR: true)
     end
     status, data = post(URL_CERTIFICATE_REQUESTS, data = d)
@@ -118,9 +133,23 @@ class Vcert::CloudConnection
       raise Vcert::ClientBadDataError, "Zone should not be empty"
     end
     LOG.info("Getting configuration for zone #{tag}")
-    _, data = get(URL_ZONE_BY_TAG % tag)
-    template_id = data['certificateIssuingTemplateId']
-    _, data = get(URL_TEMPLATE_BY_ID % template_id)
+    arr = tag.split("\\", 2)
+    app_name = arr[0]
+    cit_alias = arr[1]
+    if app_name.to_s.strip.empty? || cit_alias.to_s.strip.empty?
+      raise Vcert::ClientBadDataError, "The parameters: app_name, cit_alias or both are empty"
+    end
+    app_name =  Addressable::URI.encode_component(app_name, Addressable::URI::CharacterClasses::QUERY)
+    cit_alias =  Addressable::URI.encode_component(cit_alias, Addressable::URI::CharacterClasses::QUERY)
+    #get cit
+    _, data = get(URL_CIT_BY_APP_NAME_CIT_ALIAS % [app_name, cit_alias])
+    #get app info
+    _, app = get(URL_APPLICATION_BY_NAME % app_name)
     kt = Vcert::KeyType.new data['keyTypes'][0]["keyType"], data['keyTypes'][0]["keyLengths"][0].to_i
     z = Vcert::ZoneConfiguration.new(
         country: Vcert::CertField.new(""),
@@ -130,6 +159,9 @@ class Vcert::CloudConnection
         organizational_unit: Vcert::CertField.new(""),
         key_type: Vcert::CertField.new(kt, locked: true),
     )
+    z.app_id = app["id"]
+    z.cit_id = data["id"]
     return z
   end
@@ -137,14 +169,21 @@ class Vcert::CloudConnection
     unless zone_id
       raise Vcert::ClientBadDataError, "Zone should be not nil"
     end
-    status, data = get(URL_PROJECT_ZONE_DETAILS % zone_id)
-    if status != 200
-      raise Vcert::ServerUnexpectedBehaviorError, "Invalid status getting issuing template: %s for zone %s" % status, zone_id
+    arr = zone_id.split("\\", 2)
+    app_name = arr[0]
+    cit_alias = arr[1]
+    if app_name.to_s.strip.empty? || cit_alias.to_s.strip.empty?
+      raise Vcert::ClientBadDataError, "The parameters: app_name, cit_alias or both are empty"
     end
-    template_id = data['certificateIssuingTemplateId']
-    status, data = get(URL_TEMPLATE_BY_ID % template_id)
+    app_name =  Addressable::URI.encode_component(app_name, Addressable::URI::CharacterClasses::QUERY)
+    cit_alias =  Addressable::URI.encode_component(cit_alias, Addressable::URI::CharacterClasses::QUERY)
+    status, data = get(URL_CIT_BY_APP_NAME_CIT_ALIAS % [app_name, cit_alias])
+    puts data
     if status != 200
-      raise Vcert::ServerUnexpectedBehaviorError, "Invalid status getting policy: %s for issuing template %s" % status, template_id
+      raise Vcert::ServerUnexpectedBehaviorError, "Invalid status getting issuing template: %s for zone %s" % status, zone_id
     end
     parse_policy_responce_to_object(data)
   end
@@ -158,20 +197,13 @@ class Vcert::CloudConnection
   CERT_STATUS_PENDING = 'PENDING'
   CERT_STATUS_FAILED = 'FAILED'
   CERT_STATUS_ISSUED = 'ISSUED'
-  URL_ZONE_BY_TAG = "zones/tag/%s"
-  URL_PROJECT_ZONE_DETAILS = "projectzones/%s"
-  URL_TEMPLATE_BY_ID = "certificateissuingtemplates/%s"
-  URL_CERTIFICATE_REQUESTS = "certificaterequests"
+  URL_CIT_BY_APP_NAME_CIT_ALIAS = "outagedetection/v1/applications/%s/certificateissuingtemplates/%s"
+  URL_APPLICATION_BY_NAME = "outagedetection/v1/applications/name/%s"
+  URL_CERTIFICATE_REQUESTS = "outagedetection/v1/certificaterequests"
   URL_CERTIFICATE_STATUS = URL_CERTIFICATE_REQUESTS + "/%s"
-  URL_CERTIFICATE_RETRIEVE = URL_CERTIFICATE_REQUESTS + "/%s/certificate"
-  URL_CERTIFICATE_SEARCH = "certificatesearch"
-  URL_MANAGED_CERTIFICATES = "managedcertificates"
-  URL_MANAGED_CERTIFICATE_BY_ID = URL_MANAGED_CERTIFICATES + "/%s"
-  def get_zoneId_by_tag(tag)
-    _, data = get(URL_ZONE_BY_TAG % tag)
-    data['id']
-  end
+  URL_CERTIFICATE_RETRIEVE = "outagedetection/v1/certificates/%s/contents"
+  URL_CERTIFICATE_SEARCH = "outagedetection/v1/certificatesearch"
   def get(url)
     uri = URI.parse(@url)
@@ -262,9 +294,10 @@ class Vcert::CloudConnection
       raise Vcert::ServerUnexpectedBehaviorError, "Status: #{status}. Message: #{data.body.to_s}"
     end
     # TODO: check data
-    manageId = data['certificates'][0]['managedCertificateId']
-    LOG.info("Found existing certificate with ID #{manageId}")
-    return manageId
+    certId = data['certificates'][0]['id']
+    certReqId = data['certificates'][0]['certificateRequestId']
+    LOG.info("Found existing certificate with ID #{certId}")
+    return certId, certReqId
   end
   def get_cert_status(request)

data/lib/objects/objects.rb CHANGED Viewed

@@ -300,7 +300,8 @@ module Vcert
   end
   class ZoneConfiguration
-    attr_reader :country, :province, :locality, :organization, :organizational_unit, :key_type
+    attr_reader :country, :province, :locality, :organization, :organizational_unit, :key_type, :app_id, :cit_id;
+    attr_accessor :app_id, :cit_id
     # @param [CertField] country
     # @param [CertField] province

data/lib/utils/utils.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require 'socket'
 def parse_pem_list(multiline)
   pems = []
   buf = ""
@@ -144,3 +146,12 @@ module Vcert
   end
 end
+def getApiClientInformation()
+  ip = Socket.ip_address_list.detect{|intf| intf.ipv4_private?}
+  ip_addres = ip.ip_address
+  data = {
+    type: CLIENT_ID,
+    identifier: ip_addres
+  }
+  return data
+end

metadata CHANGED Viewed

@@ -1,17 +1,38 @@
 --- !ruby/object:Gem::Specification
 name: vcert
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Denis Subbotin
 - Alexander Rykalin
 - Russel Vela
+- Angel Moo
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-05 00:00:00.000000000 Z
-dependencies: []
+date: 2021-02-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
 description: Ruby client for Venafi Cloud and Trust Protection Platform
 email: opensource@venafi.com
 executables: []