diff options
author | NAKAMURA Hiroshi <nahi@keynauts.com> | 2003-07-10 17:31:28 +0000 |
---|---|---|
committer | NAKAMURA Hiroshi <nahi@keynauts.com> | 2003-07-10 17:31:28 +0000 |
commit | 262434083bf3fbc277289f8622d5d64651c5a615 (patch) | |
tree | 714de0758667f5f87abd43d93f020507df6dbb69 | |
parent | e5b94086f219e51723e4ddda7ecda6844ce2c948 (diff) | |
download | ruby-openssl-history-262434083bf3fbc277289f8622d5d64651c5a615.tar.gz |
* examples/gen_csr.rb: Add 'key' option to specify keypair file.
We need this feature for creating cross certificate.
* examples/c_rehash.rb, certstore.rb, cert_store_view.rb: Add Request
support.
* examples/cert2text.rb: Instead of `openssl x509|req|crl -text`.
-rw-r--r-- | ChangeLog | 7 | ||||
-rwxr-xr-x | examples/c_rehash.rb | 6 | ||||
-rwxr-xr-x | examples/cert2text.rb | 30 | ||||
-rwxr-xr-x | examples/cert_store_view.rb | 164 | ||||
-rw-r--r-- | examples/certstore.rb | 27 | ||||
-rwxr-xr-x | examples/gen_csr.rb | 4 |
6 files changed, 216 insertions, 22 deletions
@@ -1,3 +1,10 @@ +Thu, 11 Jul 2003 02:30:55 +0900 -- NAKAMURA, Hiroshi <nahi@ruby-lang.org> + * examples/gen_csr.rb: Add 'key' option to specify keypair file. + We need this feature for creating cross certificate. + * examples/c_rehash.rb, certstore.rb, cert_store_view.rb: Add Request + support. + * examples/cert2text.rb: Instead of `openssl x509|req|crl -text`. + Thu, 11 Jul 2003 02:23:04 +0900 -- NAKAMURA, Hiroshi <nahi@ruby-lang.org> * examples/ca/init_sub_ca.rb: Add a command line option for CN. * examples/ca/gen_crl.rb: CRL issuer was wrong! Oops. diff --git a/examples/c_rehash.rb b/examples/c_rehash.rb index c5e832a..386eef5 100755 --- a/examples/c_rehash.rb +++ b/examples/c_rehash.rb @@ -56,7 +56,11 @@ class CHashDir begin OpenSSL::X509::CRL.new(str) rescue - nil + begin + OpenSSL::X509::Request.new(str) + rescue + nil + end end end end diff --git a/examples/cert2text.rb b/examples/cert2text.rb new file mode 100755 index 0000000..806c1a0 --- /dev/null +++ b/examples/cert2text.rb @@ -0,0 +1,30 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL::X509 + +def cert2text(cert_str) + cert = nil + begin + cert = Certificate.new(cert_str) + rescue + begin + cert = CRL.new(cert_str) + rescue + begin + cert = Request.new(cert_str) + rescue + nil + end + end + end + puts cert.to_text if cert +end + +if ARGV.empty? + cert2text(STDIN.read) +else + ARGV.each do |file| + cert2text(File.read(file)) + end +end diff --git a/examples/cert_store_view.rb b/examples/cert_store_view.rb index 2fe1b7e..0728d61 100755 --- a/examples/cert_store_view.rb +++ b/examples/cert_store_view.rb @@ -11,7 +11,7 @@ include Fox module CertDumpSupport def cert_label(cert) subject_alt_name = - cert.extensions.find { |ext| ext.oid == 'subjectAltName' } + cert.extensions.find { |ext| ext.oid == 'subjectAltName' } if subject_alt_name subject_alt_name.value.split(/\s*,\s/).each do |alt_name_pair| alt_tag, alt_name = alt_name_pair.split(/:/) @@ -361,6 +361,86 @@ private end end +class RequestDump + include CertDumpSupport + + def initialize(req) + @req = req + end + + def get_dump(tag) + case tag + when 'Version' + version + when 'Signature Algorithm' + signature_algorithm + when 'Subject' + subject + when 'Public key' + public_key + else + attributes(tag) + end + end + + def get_dump_line(tag) + case tag + when 'Version' + version_line + when 'Signature Algorithm' + signature_algorithm_line + when 'Subject' + subject_line + when 'Public key' + public_key_line + else + attributes_line(tag) + end + end + +private + + def version + "Version: #{@req.version + 1}" + end + + def version_line + version + end + + def signature_algorithm + @req.signature_algorithm + end + + def signature_algorithm_line + signature_algorithm + end + + def subject + name_text(@req.subject) + end + + def subject_line + @req.subject.to_s + end + + def public_key + @req.public_key.to_text + end + + def public_key_line + "#{@req.public_key.class} -- " << public_key.scan(/\A[^\n]*/)[0] << '...' + end + + def attributes(tag) + "(unknown)" + end + + def attributes_line(tag) + attributes(tag).tr("\r\n", '') + end +end + class CertStoreView < FXMainWindow class CertTree include CertDumpSupport @@ -385,10 +465,26 @@ class CertStoreView < FXMainWindow @other_ca_node = add_item_last(nil, "Intermediate CA") @ee_node = add_item_last(nil, "Personal") @crl_node = add_item_last(nil, "CRL") + @request_node = add_item_last(nil, "Request") @verify_path_node = add_item_last(nil, "Certification path") + show_certs(cert_store) + end + + def show_certs(cert_store) + remove_items(@self_signed_ca_node) + remove_items(@other_ca_node) + remove_items(@ee_node) + remove_items(@crl_node) + remove_items(@request_node) import_certs(cert_store) end + def show_request(req) + node = add_item_last(@request_node, name_label(req.subject), req) + @tree.selectItem(node) + @observer.show_item(req) + end + def show_verify_path(verify_path) add_verify_path(verify_path) end @@ -420,6 +516,9 @@ class CertStoreView < FXMainWindow add_item_last(node, bn_label(revoked.serial), revoked) end end + cert_store.request.each do |req| + add_item_last(@requestnode, name_label(req.subject), req) + end end def add_verify_path(verify_path) @@ -456,6 +555,12 @@ class CertStoreView < FXMainWindow open_node(node) node end + + def remove_items(node) + while node.getNumChildren > 0 + @tree.removeItem(node.getFirst) + end + end end class CertInfo @@ -486,6 +591,8 @@ class CertStoreView < FXMainWindow show_crl(item) when OpenSSL::X509::Revoked show_revoked(item) + when OpenSSL::X509::Request + show_request(item) else raise NotImplementedError.new("Unknown item type #{item.class}.") end @@ -536,6 +643,19 @@ class CertStoreView < FXMainWindow show_items(revoked, items) end + def show_request(req) + wrap = RequestDump.new(req) + items = [] + items << ['Version', wrap.get_dump_line('Version')] + items << ['Signature Algorithm', wrap.get_dump_line('Signature Algorithm')] + items << ['Subject', wrap.get_dump_line('Subject')] + items << ['Public key', wrap.get_dump_line('Public key')] + req.attributes.each do |attr| + items << [attr.attr, wrap.get_dump_line(attr.oid)] + end + show_items(req, items) + end + def show_items(obj, items) set_column_size(items.size) items.each_with_index do |ele, idx| @@ -587,6 +707,8 @@ class CertStoreView < FXMainWindow show_crl(item, tag) when OpenSSL::X509::Revoked show_revoked(item, tag) + when OpenSSL::X509::Request + show_request(item, tag) else raise NotImplementedError.new("Unknown item type #{item.class}.") end @@ -608,6 +730,11 @@ class CertStoreView < FXMainWindow wrap = RevokedDump.new(revoked) @detail.text = wrap.get_dump(tag) end + + def show_request(request, tag) + wrap = RequestDump.new(request) + @detail.text = wrap.get_dump(tag) + end end attr_reader :cert_store @@ -639,6 +766,8 @@ class CertStoreView < FXMainWindow FXMenuTitle.new(menubar, "&Tool", nil, tool_menu) FXMenuCommand.new(tool_menu, "&Verify\tCtl-N").connect(SEL_COMMAND, method(:on_cmd_tool_verify)) + FXMenuCommand.new(tool_menu, "&Show Request\tCtl-R").connect(SEL_COMMAND, + method(:on_cmd_tool_request)) base_frame = FXHorizontalFrame.new(self, LAYOUT_FILL_X | LAYOUT_FILL_Y) splitter_horz = FXSplitter.new(base_frame, LAYOUT_SIDE_TOP | LAYOUT_FILL_X | @@ -682,12 +811,16 @@ class CertStoreView < FXMainWindow end def show_init - show_tree + @cert_tree.show(@cert_store) show_item(nil) end - def show_tree - @cert_tree.show(@cert_store) + def show_certs + @cert_tree.show_certs(@cert_store) + end + + def show_request(req) + @cert_tree.show_request(req) end def show_verify_path(verify_path) @@ -703,7 +836,9 @@ class CertStoreView < FXMainWindow end def verify(certfile) - show_verify_path(verify_certfile(certfile)) + path = verify_certfile(certfile) + show_certs # CRL could be change. + show_verify_path(path) end private @@ -734,10 +869,23 @@ private 1 end + def on_cmd_tool_request(sender, sel, ptr) + dialog = FXFileDialog.new(self, "Show request") + dialog.filename = '' + dialog.patternList = ["All Files (*)", "PEM formatted certificate (*.pem)"] + if dialog.execute != 0 + req = @cert_store.generate_cert(dialog.filename) + show_request(req) + end + 1 + end + def verify_certfile(filename) begin cert = @cert_store.generate_cert(filename) - @cert_store.verify(cert) + result = @cert_store.verify(cert) + @cert_store.scan_certs + result rescue show_error($!) [] @@ -751,10 +899,10 @@ private end GC.start -getopts nil, "trust_file:", "cert:" +getopts nil, "trustCA:", "cert:" certs_dir = ARGV.shift or raise "#{$0} cert_dir" -trust_file = $OPT_trust_file +trust_file = $OPT_trustCA certfile = $OPT_cert app = FXApp.new("CertStore", "FoxTest") cert_store = CertStore.new(certs_dir) diff --git a/examples/certstore.rb b/examples/certstore.rb index 20a2439..2155dab 100644 --- a/examples/certstore.rb +++ b/examples/certstore.rb @@ -10,6 +10,7 @@ class CertStore attr_reader :other_ca attr_reader :ee attr_reader :crl + attr_reader :request def initialize(certs_dir) @trust_anchor = [] @@ -18,12 +19,12 @@ class CertStore @c_store.hash_dir(true) @crl_store = CrlStore.new(@c_store) @x509store = Store.new - @x509store.add_path(@certs_dir) @self_signed_ca = @other_ca = @ee = @crl = nil - # Uncomment thi line to let OpenSSL to check CRL for each certs. + # Uncomment this line to let OpenSSL to check CRL for each certs. # @x509store.flags = V_FLAG_CRL_CHECK | V_FLAG_CRL_CHECK_ALL + add_path scan_certs end @@ -59,14 +60,26 @@ class CertStore end end + def scan_certs + @self_signed_ca = [] + @other_ca = [] + @ee = [] + @crl = [] + @request = [] + load_certs + end + private + def add_path + @x509store.add_path(@certs_dir) + end + def do_verify(cert) error_map = {} crl_map = {} result = @x509store.verify(cert) do |ok, ctx| cert = ctx.current_cert - p cert.subject if ctx.current_crl crl_map[cert.subject] = true end @@ -108,14 +121,6 @@ private false end - def scan_certs - @self_signed_ca = [] - @other_ca = [] - @ee = [] - @crl = [] - load_certs - end - def load_certs @c_store.get_certs.each do |certfile| cert = generate_cert(certfile) diff --git a/examples/gen_csr.rb b/examples/gen_csr.rb index f525f22..2a730ca 100755 --- a/examples/gen_csr.rb +++ b/examples/gen_csr.rb @@ -14,12 +14,12 @@ EOS exit end -getopts nil, "csrout:", "keyout:" +getopts nil, "key:", "csrout:", "keyout:" +keypair_file = $OPT_key csrout = $OPT_csrout || "csr.pem" keyout = $OPT_keyout || "keypair.pem" name_str = ARGV.shift or usage() -keypair_file = ARGV.shift $stdout.sync = true |