-
-
Notifications
You must be signed in to change notification settings - Fork 12.5k
/
step.rb
123 lines (110 loc) · 5.91 KB
/
step.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
class Step < Formula
desc "Crypto and x509 Swiss-Army-Knife"
homepage "https://smallstep.com"
url "https://github.com/smallstep/cli/releases/download/v0.27.4/step_0.27.4.tar.gz"
sha256 "3231287493a952fb8c959508f1bf04c1e6a5bc4bbd12743a85716715bec8639d"
license "Apache-2.0"
bottle do
sha256 cellar: :any_skip_relocation, arm64_sequoia: "2fe3d3f989eaece1b3d42f98125fe17ca96901d112b8e80b70a67c940703d3c0"
sha256 cellar: :any_skip_relocation, arm64_sonoma: "6456457dd3e96a994d6c170f8db96b767a63f400fc008a1fa9043649f69d4a68"
sha256 cellar: :any_skip_relocation, arm64_ventura: "1f9f92929d321c543bfb7a1682fa81acb6c5c52e94c42f0997482d243f899f03"
sha256 cellar: :any_skip_relocation, sonoma: "6becebe7505e262fe5c20b77164f8713b4ebb5184cba50d58ce63142c57c7ae9"
sha256 cellar: :any_skip_relocation, ventura: "3d3caf254b5ef8aaa3d672682c7edff80974a5fea29a86c7a2c2c63c6a8ee1d4"
sha256 cellar: :any_skip_relocation, x86_64_linux: "84de6167662215f7809159e1c3440882050344620155aa8c9634ab4ebe63a062"
end
depends_on "go" => :build
# certificates is not always in sync with step, see discussions in https://github.com/smallstep/certificates/issues/1925
resource "certificates" do
url "https://github.com/smallstep/certificates/releases/download/v0.27.4/step-ca_0.27.4.tar.gz"
sha256 "6ac5ba0c183c87c6039c052de1d79082ac5df474d90ce026121607302f06ce6d"
end
def install
ENV["VERSION"] = version.to_s
ENV["CGO_OVERRIDE"] = "CGO_ENABLED=1"
system "make", "build"
bin.install "bin/step" => "step"
generate_completions_from_executable(bin/"step", "completion")
resource("certificates").stage do |r|
ENV["VERSION"] = r.version.to_s
ENV["CGO_OVERRIDE"] = "CGO_ENABLED=1"
system "make", "build"
bin.install "bin/step-ca" => "step-ca"
end
end
test do
# Generate a public / private key pair. Creates foo.pub and foo.priv.
system bin/"step", "crypto", "keypair", "foo.pub", "foo.priv", "--no-password", "--insecure"
assert_predicate testpath/"foo.pub", :exist?
assert_predicate testpath/"foo.priv", :exist?
# Generate a root certificate and private key with subject baz written to baz.crt and baz.key.
system bin/"step", "certificate", "create", "--profile", "root-ca",
"--no-password", "--insecure", "baz", "baz.crt", "baz.key"
assert_predicate testpath/"baz.crt", :exist?
assert_predicate testpath/"baz.key", :exist?
baz_crt = File.read(testpath/"baz.crt")
assert_match(/^-----BEGIN CERTIFICATE-----.*/, baz_crt)
assert_match(/.*-----END CERTIFICATE-----$/, baz_crt)
baz_key = File.read(testpath/"baz.key")
assert_match(/^-----BEGIN EC PRIVATE KEY-----.*/, baz_key)
assert_match(/.*-----END EC PRIVATE KEY-----$/, baz_key)
shell_output("#{bin}/step certificate inspect --format json baz.crt > baz_crt.json")
baz_crt_json = JSON.parse(File.read(testpath/"baz_crt.json"))
assert_equal "CN=baz", baz_crt_json["subject_dn"]
assert_equal "CN=baz", baz_crt_json["issuer_dn"]
# Generate a leaf certificate signed by the previously created root.
system bin/"step", "certificate", "create", "--profile", "intermediate-ca",
"--no-password", "--insecure", "--ca", "baz.crt", "--ca-key", "baz.key",
"zap", "zap.crt", "zap.key"
assert_predicate testpath/"zap.crt", :exist?
assert_predicate testpath/"zap.key", :exist?
zap_crt = File.read(testpath/"zap.crt")
assert_match(/^-----BEGIN CERTIFICATE-----.*/, zap_crt)
assert_match(/.*-----END CERTIFICATE-----$/, zap_crt)
zap_key = File.read(testpath/"zap.key")
assert_match(/^-----BEGIN EC PRIVATE KEY-----.*/, zap_key)
assert_match(/.*-----END EC PRIVATE KEY-----$/, zap_key)
shell_output("#{bin}/step certificate inspect --format json zap.crt > zap_crt.json")
zap_crt_json = JSON.parse(File.read(testpath/"zap_crt.json"))
assert_equal "CN=zap", zap_crt_json["subject_dn"]
assert_equal "CN=baz", zap_crt_json["issuer_dn"]
# Initialize a PKI and step-ca configuration, boot the CA, and create a
# certificate using the API.
(testpath/"password.txt").write("password")
steppath = "#{testpath}/.step"
mkdir_p(steppath)
ENV["STEPPATH"] = steppath
system bin/"step", "ca", "init", "--address", "127.0.0.1:8081",
"--dns", "127.0.0.1", "--password-file", "#{testpath}/password.txt",
"--provisioner-password-file", "#{testpath}/password.txt", "--name",
"homebrew-smallstep-test", "--provisioner", "brew"
begin
pid = fork do
exec bin/"step-ca", "--password-file", "#{testpath}/password.txt",
"#{steppath}/config/ca.json"
end
sleep 2
shell_output("#{bin}/step ca health > health_response.txt")
assert_match(/^ok$/, File.read(testpath/"health_response.txt"))
shell_output("#{bin}/step ca token --password-file #{testpath}/password.txt " \
"homebrew-smallstep-leaf > token.txt")
token = File.read(testpath/"token.txt")
system bin/"step", "ca", "certificate", "--token", token,
"homebrew-smallstep-leaf", "brew.crt", "brew.key"
assert_predicate testpath/"brew.crt", :exist?
assert_predicate testpath/"brew.key", :exist?
brew_crt = File.read(testpath/"brew.crt")
assert_match(/^-----BEGIN CERTIFICATE-----.*/, brew_crt)
assert_match(/.*-----END CERTIFICATE-----$/, brew_crt)
brew_key = File.read(testpath/"brew.key")
assert_match(/^-----BEGIN EC PRIVATE KEY-----.*/, brew_key)
assert_match(/.*-----END EC PRIVATE KEY-----$/, brew_key)
shell_output("#{bin}/step certificate inspect --format json brew.crt > brew_crt.json")
brew_crt_json = JSON.parse(File.read(testpath/"brew_crt.json"))
assert_equal "CN=homebrew-smallstep-leaf", brew_crt_json["subject_dn"]
assert_equal "O=homebrew-smallstep-test, CN=homebrew-smallstep-test Intermediate CA", brew_crt_json["issuer_dn"]
ensure
Process.kill(9, pid)
Process.wait(pid)
end
end
end