class Step < Formula desc "Crypto and x509 Swiss-Army-Knife" homepage "https://smallstep.com" url "https://github.com/smallstep/cli/releases/download/v0.22.0/step_0.22.0.tar.gz" sha256 "2865b7268d5a3b27913f3fdf86cd9a030c9d44dc6359f6cee54085a5d9ad6dca" license "Apache-2.0" bottle do sha256 cellar: :any_skip_relocation, arm64_ventura: "b24bddb3e3bedbc2c376625b3003b4b79a723af58692a66bef34d7d95968d7d7" sha256 cellar: :any_skip_relocation, arm64_monterey: "8045866de4f5f2277e261c4d6599b3c02e8273c428c26b9f7b39aa737be72550" sha256 cellar: :any_skip_relocation, arm64_big_sur: "e8fb5d3510cfcac5951b5e1fe46f45bcec602cd816e92d39815552ad7933bef0" sha256 cellar: :any_skip_relocation, monterey: "9bbd01bfb0a2599dd6ffad6cc2da29c357f661f67b7ae42c8cd3b33d10720b5d" sha256 cellar: :any_skip_relocation, big_sur: "a8a5f25d20c89e12dd3f73eda25ce69585390d589228173d4b509720b2bd4951" sha256 cellar: :any_skip_relocation, catalina: "dfedeabd4f9e1a4973c2dc13ad91d5236feaa21ab7d4b6eb93ec18b4bd90ec6b" sha256 cellar: :any_skip_relocation, x86_64_linux: "083dda6d42597b10cd260709451320ad60b3cf23f3eed8bcf1919614f8a948b8" end depends_on "go" => :build resource "certificates" do url "https://github.com/smallstep/certificates/releases/download/v0.22.0/step-ca_0.22.0.tar.gz" sha256 "fe11b8e8aa48d8c62ed54ae577c2a5abbd1dda4d3d93502f5c26260c12395e24" end def install ENV["VERSION"] = version.to_s ENV["CGO_OVERRIDE"] = "CGO_ENABLED=1" system "make", "build" bin.install "bin/step" => "step" bash_completion.install "autocomplete/bash_autocomplete" => "step" zsh_completion.install "autocomplete/zsh_autocomplete" => "_step" resource("certificates").stage do |r| ENV["VERSION"] = r.version.to_s ENV["CGO_OVERRIDE"] = "CGO_ENABLED=1" system "make", "build" bin.install "bin/step-ca" => "step-ca" end end test do # Generate a public / private key pair. Creates foo.pub and foo.priv. system "#{bin}/step", "crypto", "keypair", "foo.pub", "foo.priv", "--no-password", "--insecure" assert_predicate testpath/"foo.pub", :exist? assert_predicate testpath/"foo.priv", :exist? # Generate a root certificate and private key with subject baz written to baz.crt and baz.key. system "#{bin}/step", "certificate", "create", "--profile", "root-ca", "--no-password", "--insecure", "baz", "baz.crt", "baz.key" assert_predicate testpath/"baz.crt", :exist? assert_predicate testpath/"baz.key", :exist? baz_crt = File.read(testpath/"baz.crt") assert_match(/^-----BEGIN CERTIFICATE-----.*/, baz_crt) assert_match(/.*-----END CERTIFICATE-----$/, baz_crt) baz_key = File.read(testpath/"baz.key") assert_match(/^-----BEGIN EC PRIVATE KEY-----.*/, baz_key) assert_match(/.*-----END EC PRIVATE KEY-----$/, baz_key) shell_output("#{bin}/step certificate inspect --format json baz.crt > baz_crt.json") baz_crt_json = JSON.parse(File.read(testpath/"baz_crt.json")) assert_equal "CN=baz", baz_crt_json["subject_dn"] assert_equal "CN=baz", baz_crt_json["issuer_dn"] # Generate a leaf certificate signed by the previously created root. system "#{bin}/step", "certificate", "create", "--profile", "intermediate-ca", "--no-password", "--insecure", "--ca", "baz.crt", "--ca-key", "baz.key", "zap", "zap.crt", "zap.key" assert_predicate testpath/"zap.crt", :exist? assert_predicate testpath/"zap.key", :exist? zap_crt = File.read(testpath/"zap.crt") assert_match(/^-----BEGIN CERTIFICATE-----.*/, zap_crt) assert_match(/.*-----END CERTIFICATE-----$/, zap_crt) zap_key = File.read(testpath/"zap.key") assert_match(/^-----BEGIN EC PRIVATE KEY-----.*/, zap_key) assert_match(/.*-----END EC PRIVATE KEY-----$/, zap_key) shell_output("#{bin}/step certificate inspect --format json zap.crt > zap_crt.json") zap_crt_json = JSON.parse(File.read(testpath/"zap_crt.json")) assert_equal "CN=zap", zap_crt_json["subject_dn"] assert_equal "CN=baz", zap_crt_json["issuer_dn"] # Initialize a PKI and step-ca configuration, boot the CA, and create a # certificate using the API. (testpath/"password.txt").write("password") steppath = "#{testpath}/.step" mkdir_p(steppath) ENV["STEPPATH"] = steppath system "#{bin}/step", "ca", "init", "--address", "127.0.0.1:8081", "--dns", "127.0.0.1", "--password-file", "#{testpath}/password.txt", "--provisioner-password-file", "#{testpath}/password.txt", "--name", "homebrew-smallstep-test", "--provisioner", "brew" begin pid = fork do exec "#{bin}/step-ca", "--password-file", "#{testpath}/password.txt", "#{steppath}/config/ca.json" end sleep 2 shell_output("#{bin}/step ca health > health_response.txt") assert_match(/^ok$/, File.read(testpath/"health_response.txt")) shell_output("#{bin}/step ca token --password-file #{testpath}/password.txt " \ "homebrew-smallstep-leaf > token.txt") token = File.read(testpath/"token.txt") system "#{bin}/step", "ca", "certificate", "--token", token, "homebrew-smallstep-leaf", "brew.crt", "brew.key" assert_predicate testpath/"brew.crt", :exist? assert_predicate testpath/"brew.key", :exist? brew_crt = File.read(testpath/"brew.crt") assert_match(/^-----BEGIN CERTIFICATE-----.*/, brew_crt) assert_match(/.*-----END CERTIFICATE-----$/, brew_crt) brew_key = File.read(testpath/"brew.key") assert_match(/^-----BEGIN EC PRIVATE KEY-----.*/, brew_key) assert_match(/.*-----END EC PRIVATE KEY-----$/, brew_key) shell_output("#{bin}/step certificate inspect --format json brew.crt > brew_crt.json") brew_crt_json = JSON.parse(File.read(testpath/"brew_crt.json")) assert_equal "CN=homebrew-smallstep-leaf", brew_crt_json["subject_dn"] assert_equal "O=homebrew-smallstep-test, CN=homebrew-smallstep-test Intermediate CA", brew_crt_json["issuer_dn"] ensure Process.kill(9, pid) Process.wait(pid) end end end