module Acme::PKI::Information
Public Instance Methods
certifificate_info(crt)
click to toggle source
# File lib/acme/pki/information.rb, line 34 def certifificate_info(crt) title 'Subject' puts "\t#{crt.subject}" title 'Issuer' puts "\t#{crt.issuer}" der = crt.to_der fingerprint der hpkp = Digest::SHA256.digest der hpkp = Base64.encode64(hpkp).strip title 'HPKP' puts "\tPublic-Key-Pins \"max-age=5184000; pin-sha256=\\\"#{hpkp}\\\";".colorize(:blue) tlsa = Digest::SHA512.hexdigest der title 'TLSA' puts "\tTLSA 1 0 2 #{tlsa}".colorize(:blue) title 'Public key' key_info crt.public_key, tab: 1 end
chain_info(chain)
click to toggle source
# File lib/acme/pki/information.rb, line 57 def chain_info(chain) chain = File.read(chain).split('-----BEGIN CERTIFICATE-----') .reject { |s| s.empty? } .collect { |s| '-----BEGIN CERTIFICATE-----' + s } .collect { |s| OpenSSL::X509::Certificate.new s } loop do last = chain.last issuer = last.issuer break if last.subject == issuer # This is not a root, fetch the issuer aia = last.extensions.detect { |e| e.oid == 'authorityInfoAccess' } break unless aia uri = aia.value.split("\n").find { |s| s.start_with? 'CA Issuers - URI:' } .sub /^CA Issuers - URI:/, '' puts "Fetch certificate #{issuer} from #{uri}" file = Digest::MD5.hexdigest uri file = file File.join 'cache', file dir = File.dirname file FileUtils.mkpath dir unless Dir.exist? dir crt = if File.exist? file open(file, 'r') { |f| OpenSSL::X509::Certificate.new f } else crt = Faraday.get uri break unless crt.success? crt = crt.body crt = begin OpenSSL::X509::Certificate.new crt rescue pkcs7 = OpenSSL::PKCS7.new crt pkcs7.certificates.first end File.write file, crt.to_pem crt end subject = crt.subject puts "Warning : expecting #{issuer}, get #{subject}".colorize :magenta unless subject == issuer chain << crt end chain.each do |c| certifificate_info c puts '' end end
key_info(key, tab: 0)
click to toggle source
# File lib/acme/pki/information.rb, line 6 def key_info(key, tab: 0) key = open(key, 'r') { |f| OpenSSL::PKey.read f } unless key.is_a? OpenSSL::PKey::PKey der = case key when OpenSSL::PKey::EC puts "\t" * (tab) + "#{'Key'.colorize :red} : ECC #{key.group.curve_name}" point = key.public_key pub = OpenSSL::PKey::EC.new point.group pub.public_key = point pub when OpenSSL::PKey::RSA puts "\t" * (tab) + "#{'Key'.colorize :red} : RSA #{key.n.num_bits} bits" key.public_key end.to_der fingerprint der, tab: tab hpkp = Digest::SHA256.digest der hpkp = Base64.encode64(hpkp).strip title 'HPKP', tab: tab puts "\t" * (tab+1) + "Public-Key-Pins \"max-age=5184000; pin-sha256=\\\"#{hpkp}\\\";".colorize(:blue) tlsa = Digest::SHA512.hexdigest der title 'TLSA', tab: tab puts "\t" * (tab+1) + "TLSA 1 1 2 #{tlsa}".colorize(:blue) end
Private Instance Methods
fingerprint(der, tab: 0)
click to toggle source
# File lib/acme/pki/information.rb, line 113 def fingerprint(der, tab: 0) der = der.to_der if der.respond_to? :to_der title 'Fingerprint', tab: tab %w(SHA512 SHA256 SHA1).each do |h| fp = Digest.const_get(h).hexdigest(der).scan(/../).join ':' puts "\t" * (tab+1) + h.colorize(:yellow) + ' ' + fp.colorize(:blue) end end
title(title, tab: 0)
click to toggle source
# File lib/acme/pki/information.rb, line 109 def title(title, tab: 0) puts "\t" * tab + title.colorize(:red) + ' :' end