Class: Varanus::SSL

Inherits:

RestResource

• Object
• RestResource
• Varanus::SSL

Defined in:

lib/varanus/ssl.rb

Overview

An connection to the SSL/TSL API. This should not be initialized directly. Instead, use Varanus#ssl

Defined Under Namespace

Classes: CSR

Constant Summary

REPORT_CERT_STATUS =

rubocop:disable Style/MutableConstant These constants are frozen, rubocop is failing to detect the freeze. See github.com/rubocop-hq/rubocop/issues/4406

{ any: 0, requested: 1, issued: 2, revoked: 3, expired: 4 }

REPORT_CERT_DATE_ATTR =

{ revocation_date: 2, expiration_date: 3, request_date: 4,
issue_date: 5 }

Instance Method Summary

• #certificate_type_from_csr(csr, days = nil) ⇒ Hash

  Returns the option from #certificate_types that best matches the csr.

• #certificate_types ⇒ Array<Hash>

  Certificate types that can be used to sign a cert.

• #certificate_types_standard(days = nil) ⇒ Array<Hash>

  Return Array of certificate types based on standard sorting.

• #collect(id, type = 'x509') ⇒ String

  Retrieves the cert.

• #info(id) ⇒ Object

  Returns info on the SSL certificate of the given name.

• #list(opts = {}) ⇒ Object

  List certs ids and serial numbers.

• #report(opts = { certificateStatus: :any }) ⇒ Object

  Return a report (list) of SSL certs based on the options.

• #revoke(id, reason) ⇒ Object

  Revoke an ssl cert.

• #sign(csr, org_id, opts = {}) ⇒ Integer

  Sign an SSL cert.

Methods inherited from RestResource

#initialize

Constructor Details

This class inherits a constructor from Varanus::RestResource

Instance Method Details

#certificate_type_from_csr(csr, days = nil) ⇒ Hash

Returns the option from #certificate_types that best matches the csr.

Parameters:

• csr (Varanus::SSL::CSR)

Returns:

• (Hash) —

  The option from #certificate_types that best matches the csr

# File 'lib/varanus/ssl.rb', line 26

def certificate_type_from_csr csr, days = nil
  types = certificate_types_standard(days)
  return types.first if types.length <= 1

  regexp = cert_type_regexp(csr)
  typ = types.find { |ct| ct['name'] =~ regexp } if regexp
  return typ unless typ.nil?

  types.find do |ct|
    ct['name'] =~ /\bSSL\b/ && ct['name'] !~ /(?:Multi.?Domain|Wildcard)/i
  end
end

#certificate_types ⇒ Array<Hash>

Certificate types that can be used to sign a cert

Returns:

• (Array<Hash>)

# File 'lib/varanus/ssl.rb', line 41

def certificate_types
  @certificate_types ||= get('ssl/v1/types')
end

#certificate_types_standard(days = nil) ⇒ Array<Hash>

Return Array of certificate types based on standard sorting.

Parameters:

• days (Integer) (defaults to: nil) —

  if present, only include types that support the given day count

Returns:

• (Array<Hash>)

# File 'lib/varanus/ssl.rb', line 48

def certificate_types_standard days = nil
  types = certificate_types.reject do |ct|
    ct['name'] =~ /\b(?:EV|Extended Validation|ECC|AMT|Elite)\b/
  end
  types = types.select! { |t| t['terms'].include? days } unless days.nil?

  types
end

#collect(id, type = 'x509') ⇒ String

Retrieves the cert. type can be one of:

'x509'    - X509 format - cert and chain (default)
'x509CO'  - X509 format - cert only
'x509IO'  - X509 format - intermediates/root only
'x590IOR' - X509 format - intermediates/root only reversed
'base64'  - PKCS#7 base64 encoded
'bin'     - PKCS#7 bin encoded

Parameters:

• id (Integer) —

  As returned by #sign

• type (String) (defaults to: 'x509')

Returns:

• (String) —

  Certificate

Raises:

• (Varanus::Error::StillProcessing) —

  Cert is still being signed

# File 'lib/varanus/ssl.rb', line 71

def collect id, type = 'x509'
  get("ssl/v1/collect/#{id}/#{type}")
end

#info(id) ⇒ Object

Returns info on the SSL certificate of the given name

# File 'lib/varanus/ssl.rb', line 76

def info id
  get("ssl/v1/#{id}")
end

#list(opts = {}) ⇒ Object

List certs ids and serial numbers

# File 'lib/varanus/ssl.rb', line 81

def list opts = {}
  get_with_size_and_position('ssl/v1', opts)
end

#report(opts = { certificateStatus: :any }) ⇒ Object

Return a report (list) of SSL certs based on the options. The report includes a full set of details about the certs, not just the id/cn/serial opts can include: (all are optional)

• :organizationIds - Array - ids of organization/departments to include certs for

• :certificateStatus - :any, :requested, :issued, :revoked, or :expired

• :certificateDateAttribute - Specifies what fields :from and/or :to refer to.

  Can be: :revocation_date, :expiration_date,
          :request_date, or :issue_date
  

• :from - Date - based on :certificateDateAttribute

• :to - Date - based on :certificateDateAttribute

# File 'lib/varanus/ssl.rb', line 96

def report opts = { certificateStatus: :any }
  # Default is to request any certificate status since the API call will fail if no
  # options are passed
  opts = { certificateStatus: :any } if opts.empty?
  opts = _parse_report_opts(opts)

  post('report/v1/ssl-certificates', opts)['reports']
end

#revoke(id, reason) ⇒ Object

Revoke an ssl cert

Parameters:

• id (Integer) —

  As returned by #sign

• reason (String) —

  Reason for revoking. Sectigo’s API will return an error if it is blank.

# File 'lib/varanus/ssl.rb', line 109

def revoke id, reason
  post("ssl/v1/revoke/#{id}", reason: reason)
  nil
end

#sign(csr, org_id, opts = {}) ⇒ Integer

Sign an SSL cert. Returns the id of the SSL cert

Parameters:

• csr (Varanus::SSL::CSR, OpenSSL::X509::Request, String) —

  CSR to sign

• org_id (Integer) —

  your organization id on cert-manager.com

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :comments (String) — default: '' —

  Limited to 1,024 characters

• :external_requester (String) — default: '' —

  email address associated with cert on cert-manager.com - limited to 512 characters

• :cert_type (String, Integer) —

  name(String) or id(Integer) of the cert type to use. If none is specified, Varanus will attempt to find one

• :years (Integer) —

  number of years cert should be valid for (this number is multiplied by 365 and used as days)

• :days (Integer) —

  number of days cert should be valid for (if none is specified, lowest allowed for the cert type will be used)

Returns:

• (Integer) —

  Id of SSL cert.

# File 'lib/varanus/ssl.rb', line 128

def sign csr, org_id, opts = {}
  opts[:days] ||= opts[:years] * 365 unless opts[:years].nil?
  csr = Varanus::SSL::CSR.new(csr) unless csr.is_a?(Varanus::SSL::CSR)
  cert_type_id = opts_to_cert_type_id opts, csr
  args = {
    orgId: org_id,
    csr: csr.to_s,
    subjAltNames: csr.subject_alt_names.join(','),
    certType: cert_type_id,
    term: opts_to_term(opts, cert_type_id),
    serverType: -1,
    comments: opts[:comments].to_s[0, 1024],
    externalRequester: opts[:external_requester].to_s[0, 512]
  }
  post('ssl/v1/enroll', args)['sslId']
end