121 lines
5.7 KiB
Ruby
121 lines
5.7 KiB
Ruby
class Step < Formula
|
|
desc "Crypto and x509 Swiss-Army-Knife"
|
|
homepage "https://smallstep.com"
|
|
url "https://github.com/smallstep/cli/releases/download/v0.16.1/step_0.16.1.tar.gz"
|
|
sha256 "09a90d5731c98e96e63af754a9bfcc00f6d0584f954505c305b52974094dc430"
|
|
license "Apache-2.0"
|
|
|
|
bottle do
|
|
sha256 cellar: :any_skip_relocation, arm64_big_sur: "e3150b89b4c083e63b7330417b7d5ebc4e1ac884fced45cefa251a9058f5c2f9"
|
|
sha256 cellar: :any_skip_relocation, big_sur: "ffc856f090795a346911b0ec07ee654ae142d7fa7beca51d91e54ab0233f481b"
|
|
sha256 cellar: :any_skip_relocation, catalina: "7cb397f326d74fcb368d4fcd76653fd5cc6d0c334d79f3afe2d1fbbeb030ffd3"
|
|
sha256 cellar: :any_skip_relocation, mojave: "d248be3b4c75184c52f5937381c544898b97ea08017b22f669603e6ae7b8670e"
|
|
sha256 cellar: :any_skip_relocation, x86_64_linux: "867edbfb1f69e5128fed3cbdaf343a4691b16db576bec6f7df8531d9f8973c91"
|
|
end
|
|
|
|
depends_on "go" => :build
|
|
|
|
resource "certificates" do
|
|
url "https://github.com/smallstep/certificates/releases/download/v0.16.0/step-ca_0.16.0.tar.gz"
|
|
sha256 "d4f333bd972eb5b6bd2cf4a4fa403574e6dceffaa54109c0f8251cf37f1dfa48"
|
|
end
|
|
|
|
def install
|
|
ENV["VERSION"] = version.to_s
|
|
system "make", "build"
|
|
bin.install "bin/step" => "step"
|
|
bash_completion.install "autocomplete/bash_autocomplete" => "step"
|
|
zsh_completion.install "autocomplete/zsh_autocomplete" => "_step"
|
|
|
|
resource("certificates").stage do |r|
|
|
ENV["VERSION"] = r.version.to_s
|
|
system "make", "build"
|
|
bin.install "bin/step-ca" => "step-ca"
|
|
end
|
|
end
|
|
|
|
test do
|
|
# Generate a public / private key pair. Creates foo.pub and foo.priv.
|
|
system "#{bin}/step", "crypto", "keypair", "foo.pub", "foo.priv", "--no-password", "--insecure"
|
|
assert_predicate testpath/"foo.pub", :exist?
|
|
assert_predicate testpath/"foo.priv", :exist?
|
|
|
|
# Generate a root certificate and private key with subject baz written to baz.crt and baz.key.
|
|
system "#{bin}/step", "certificate", "create", "--profile", "root-ca",
|
|
"--no-password", "--insecure", "baz", "baz.crt", "baz.key"
|
|
assert_predicate testpath/"baz.crt", :exist?
|
|
assert_predicate testpath/"baz.key", :exist?
|
|
baz_crt = File.read(testpath/"baz.crt")
|
|
assert_match(/^-----BEGIN CERTIFICATE-----.*/, baz_crt)
|
|
assert_match(/.*-----END CERTIFICATE-----$/, baz_crt)
|
|
baz_key = File.read(testpath/"baz.key")
|
|
assert_match(/^-----BEGIN EC PRIVATE KEY-----.*/, baz_key)
|
|
assert_match(/.*-----END EC PRIVATE KEY-----$/, baz_key)
|
|
shell_output("#{bin}/step certificate inspect --format json baz.crt > baz_crt.json")
|
|
baz_crt_json = JSON.parse(File.read(testpath/"baz_crt.json"))
|
|
assert_equal "CN=baz", baz_crt_json["subject_dn"]
|
|
assert_equal "CN=baz", baz_crt_json["issuer_dn"]
|
|
|
|
# Generate a leaf certificate signed by the previously created root.
|
|
system "#{bin}/step", "certificate", "create", "--profile", "intermediate-ca",
|
|
"--no-password", "--insecure", "--ca", "baz.crt", "--ca-key", "baz.key",
|
|
"zap", "zap.crt", "zap.key"
|
|
assert_predicate testpath/"zap.crt", :exist?
|
|
assert_predicate testpath/"zap.key", :exist?
|
|
zap_crt = File.read(testpath/"zap.crt")
|
|
assert_match(/^-----BEGIN CERTIFICATE-----.*/, zap_crt)
|
|
assert_match(/.*-----END CERTIFICATE-----$/, zap_crt)
|
|
zap_key = File.read(testpath/"zap.key")
|
|
assert_match(/^-----BEGIN EC PRIVATE KEY-----.*/, zap_key)
|
|
assert_match(/.*-----END EC PRIVATE KEY-----$/, zap_key)
|
|
shell_output("#{bin}/step certificate inspect --format json zap.crt > zap_crt.json")
|
|
zap_crt_json = JSON.parse(File.read(testpath/"zap_crt.json"))
|
|
assert_equal "CN=zap", zap_crt_json["subject_dn"]
|
|
assert_equal "CN=baz", zap_crt_json["issuer_dn"]
|
|
|
|
# Initialize a PKI and step-ca configuration, boot the CA, and create a
|
|
# certificate using the API.
|
|
(testpath/"password.txt").write("password")
|
|
steppath = "#{testpath}/.step"
|
|
Dir.mkdir(steppath) unless File.exist?(steppath)
|
|
ENV["STEPPATH"] = steppath
|
|
system "#{bin}/step", "ca", "init", "--address", "127.0.0.1:8081",
|
|
"--dns", "127.0.0.1", "--password-file", "#{testpath}/password.txt",
|
|
"--provisioner-password-file", "#{testpath}/password.txt", "--name",
|
|
"homebrew-smallstep-test", "--provisioner", "brew"
|
|
|
|
begin
|
|
pid = fork do
|
|
exec "#{bin}/step-ca", "--password-file", "#{testpath}/password.txt",
|
|
"#{steppath}/config/ca.json"
|
|
end
|
|
|
|
sleep 2
|
|
shell_output("#{bin}/step ca health > health_response.txt")
|
|
assert_match(/^ok$/, File.read(testpath/"health_response.txt"))
|
|
|
|
shell_output("#{bin}/step ca token --password-file #{testpath}/password.txt " \
|
|
"homebrew-smallstep-leaf > token.txt")
|
|
token = File.read(testpath/"token.txt")
|
|
system "#{bin}/step", "ca", "certificate", "--token", token,
|
|
"homebrew-smallstep-leaf", "brew.crt", "brew.key"
|
|
|
|
assert_predicate testpath/"brew.crt", :exist?
|
|
assert_predicate testpath/"brew.key", :exist?
|
|
brew_crt = File.read(testpath/"brew.crt")
|
|
assert_match(/^-----BEGIN CERTIFICATE-----.*/, brew_crt)
|
|
assert_match(/.*-----END CERTIFICATE-----$/, brew_crt)
|
|
brew_key = File.read(testpath/"brew.key")
|
|
assert_match(/^-----BEGIN EC PRIVATE KEY-----.*/, brew_key)
|
|
assert_match(/.*-----END EC PRIVATE KEY-----$/, brew_key)
|
|
shell_output("#{bin}/step certificate inspect --format json brew.crt > brew_crt.json")
|
|
brew_crt_json = JSON.parse(File.read(testpath/"brew_crt.json"))
|
|
assert_equal "CN=homebrew-smallstep-leaf", brew_crt_json["subject_dn"]
|
|
assert_equal "O=homebrew-smallstep-test, CN=homebrew-smallstep-test Intermediate CA", brew_crt_json["issuer_dn"]
|
|
ensure
|
|
Process.kill(9, pid)
|
|
Process.wait(pid)
|
|
end
|
|
end
|
|
end
|