class Object
Public Instance Methods
display_help()
click to toggle source
# File bin/oggcert, line 52 def display_help puts puts "This is a tool to generate SSL CSR's and KEYs " puts "Config File: #{@config_file.colorize(:blue)}" puts puts "Options:" puts "-h or --help ".ljust(30) +"-> Display this help message" puts "-c or --config".ljust(30) +"-> Specifiy Config to use" puts "-f or --fqdn".ljust(30) +"-> Domain name you want a CRT for" puts "-l or --list".ljust(30) + "-> List Valid Configs" puts exit 1 end
generateCSR()
click to toggle source
# File bin/oggcert, line 121 def generateCSR @request = OpenSSL::X509::Request.new @request.version = 0 @request.subject = OpenSSL::X509::Name.new([ ['C', @sel_config["country"], OpenSSL::ASN1::PRINTABLESTRING], ['ST', @sel_config["state"], OpenSSL::ASN1::PRINTABLESTRING], ['L', @sel_config["city"], OpenSSL::ASN1::PRINTABLESTRING], ['O', @sel_config["organization"], OpenSSL::ASN1::UTF8STRING], ['CN', @fqdn.gsub('wildcard','*'), OpenSSL::ASN1::UTF8STRING] ]) @request.public_key = @key.public_key @request.sign(@key, Kernel.const_get("OpenSSL::Digest::#{@sel_config["digest_algorithm"].upcase}").new) puts @request end
generateKey()
click to toggle source
# File bin/oggcert, line 116 def generateKey @key = OpenSSL::PKey::RSA.new @sel_config["key_size_bits"] puts "New key generated (bits: #{@sel_config["key_size_bits"]})" end
list()
click to toggle source
# File bin/oggcert, line 90 def list puts "\nHint: Use the #{"Blue".colorize(:blue)} items and your config name" table_config = [ {:key=>:shortname, :size=>16, :title=>"Config"}, {:key=>:organization, :size=>40, :title=>"Organization"}, {:key=>:digest_algorithm, :size=>12, :title=>"Algorithm"}, {:key=>:key_size_bits, :size=>10, :title=>"Key Size"}, {:key=>:enable_iam_upload, :size=>13, :title=>"IAM Enabled"}, {:key=>:enable_s3_upload, :size=>13, :title=>"S3 Enabled"} ] ConsoleTable.define(table_config) do |table| @config.each do |item| table << [ item[0].dup.colorize(:blue), item[1]["organization"], item[1]["digest_algorithm"].colorize(:yellow), item[1]["key_size_bits"].to_s.colorize(:purple), item[1]["enable_s3_upload"] ? item[1]["enable_s3_upload"].to_s.colorize(:green) : item[1]["enable_s3_upload"].to_s.colorize(:red), item[1]["enable_iam_upload"] ? item[1]["enable_iam_upload"].to_s.colorize(:green) : item[1]["enable_iam_upload"].to_s.colorize(:red) ] end end puts exit 0 end
parse_cli()
click to toggle source
# File bin/oggcert, line 66 def parse_cli opts = GetoptLong.new( ["-h", "--help", GetoptLong::NO_ARGUMENT], ["-c", "--config", GetoptLong::REQUIRED_ARGUMENT], ["-f", "--fqdn", GetoptLong::REQUIRED_ARGUMENT], ["-l", "--list", GetoptLong::NO_ARGUMENT] ) opts.each do |opt, arg| case opt when "-h" || "--help" display_help; exit when "-c" || "--config" @active_config = arg.strip().downcase() when "-f" || "--fqdn" @fqdn = arg.strip().downcase() when "-l" || "--list" list end end end
process_new_certificates()
click to toggle source
# File bin/oggcert, line 137 def process_new_certificates puts "Please Paste the CERT in here (End with ^D):".colorize(:green) @signed_cert = $stdin.read puts "Please Paste the Certificate Chain in here (End with ^D):".colorize(:green) @chain = $stdin.read if @signed_cert.length == 0 || @chain.length == 0 puts "we need a certificate's to continue, im going to quit".colorize(:red) exit 1 end # ensure new line at the end of the cert [@signed_cert, @chain].each do |f| f+"\n" if f[-1] != "\n" end new_certificate = OpenSSL::X509::Certificate.new @signed_cert not_after_date = new_certificate.not_after.strftime('%m-%d-%Y') fqdn_from_certificate = new_certificate.subject.to_s(OpenSSL::X509::Name::RFC2253).split(',')[0].split('=')[1] file_name_friendly_fqdn = fqdn_from_certificate.gsub('*','wildcard') @my_path = "#{@results_directory}/#{@active_config}/#{file_name_friendly_fqdn}" FileUtils.mkdir_p(@my_path) if !File.directory? @my_path puts "Storing results in #{@my_path}" @final_files[:key]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.key" @final_files[:cert]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.pem" @final_files[:ca]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.ca.pem" @final_files[:csr]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.csr" @final_files[:full]="#{@my_path}/#{file_name_friendly_fqdn}.#{not_after_date}.full.pem" File.open(@final_files[:cert], 'w') {|f| f.write( @signed_cert ) } File.open(@final_files[:ca], 'w') {|f| f.write( @chain ) } File.open(@final_files[:full], 'w') {|f| f.write( @signed_cert + @chain ) } File.open(@final_files[:csr], 'w') {|f| f.write( @request ) } File.open(@final_files[:key], 'w') {|f| f.write( @key.to_pem ) } if @sel_config["enable_iam_upload"] == true puts "uploading new certificate to aws IAM: #{file_name_friendly_fqdn}-#{not_after_date}" command = "aws --profile=#{@sel_config["aws_profile"]} iam upload-server-certificate \ --server-certificate-name #{file_name_friendly_fqdn}-#{not_after_date} \ --certificate-body file://#{@final_files[:cert]} \ --private-key file://#{@final_files[:key]}\ --certificate-chain file://#{@final_files[:ca]}" system(command) end if @sel_config["enable_s3_upload"] == true @final_files.each do |k,v| puts "uploading new certificate to aws s3 bucket #{@sel_config["s3_bucket"]} : #{file_name_friendly_fqdn}-#{not_after_date}" command = "aws --profile=#{@sel_config["aws_profile"]} s3 cp #{v} s3://#{@sel_config["s3_bucket"]}/#{v.split('/')[-1]}" system(command) end end end
writeSampleConfig(path,data)
click to toggle source
# File bin/oggcert, line 37 def writeSampleConfig(path,data) File.open(path,"w") do |f| f.write(JSON.pretty_generate(data)) end end