lib/tunnelss/configure_with_pow.rb in tunnelss-0.1.2 vs lib/tunnelss/configure_with_pow.rb in tunnelss-0.1.3
- old
+ new
@@ -28,41 +28,43 @@
def build_dir
Dir.mkdir(dir)
end
def ca_exists?
- File.exists?(ca_dir) and File.exists?("#{ca_dir}/key.pem") and File.exists?("#{ca_dir}/cert.pem")
+ File.exists?(ca_dir) && File.exists?("#{ca_dir}/key.pem") && File.exists?("#{ca_dir}/cert.pem")
end
def build_ca
FileUtils.rm_rf(ca_dir) if File.exists?(ca_dir)
Dir.mkdir(ca_dir)
- puts "Creating SSL keypair for signing *.dev certificate"
- system "openssl req -newkey rsa:2048 -batch -x509 -nodes -subj \"/C=US/O=Developer Certificate/CN=*.dev Domain CA\" -keyout #{ca_dir}/key.pem -out #{ca_dir}/cert.pem -days 9999 &> /dev/null"
+ puts "Creating SSL keypair for signing #{pow_domain_extensions.join(',')}certificate"
+ multi_domain_certificate_param = pow_domain_extensions.map { |e| "CN=*.#{e} Domain CA" }.join('/')
+ system "openssl req -newkey rsa:2048 -batch -x509 -sha256 -nodes -subj \"/C=US/O=Developer Certificate/#{multi_domain_certificate_param}\" -keyout #{ca_dir}/key.pem -out #{ca_dir}/cert.pem -days 9999 &> /dev/null"
puts "Adding certificate to login keychain as trusted."
system "security add-trusted-cert -d -r trustRoot -k #{ENV['HOME']}/Library/Keychains/login.keychain #{ca_dir}/cert.pem"
puts "================================================================================"
puts "To use the certificate without a warning in Firefox you must add the\n\"#{ca_dir}/cert.pem\" certificate to your Firefox root certificates."
puts "================================================================================"
end
def build_certificate
prepare_openssl_config
- puts "Generating new *.dev certificate"
- system "openssl req -newkey rsa:2048 -batch -nodes -subj \"/C=US/O=Developer Certificate/CN=*.dev\" -keyout #{dir}/key.pem -out #{dir}/csr.pem -days 9999 &> /dev/null"
- puts "Signing *.dev certificate"
+ puts "Generating new *.#{pow_domain_extensions.join(',')} certificate"
+ multi_domain_certificate_param = pow_domain_extensions.map { |e| "CN=*.#{e}" }.join('/')
+ system "openssl req -newkey rsa:2048 -sha256 -batch -nodes -subj \"/C=US/O=Developer Certificate/#{multi_domain_certificate_param}\" -keyout #{dir}/key.pem -out #{dir}/csr.pem -days 9999 &> /dev/null"
+ puts "Signing *.#{pow_domain_extensions.join(',')} certificate"
system "openssl ca -config #{ca_dir}/openssl.cnf -policy policy_anything -batch -days 9999 -out #{dir}/cert.pem -infiles #{dir}/csr.pem &> /dev/null"
# Build cert chain
system "cat #{dir}/cert.pem > #{dir}/server.crt"
system "cat #{ca_dir}/cert.pem >> #{dir}/server.crt"
write_pow_domains_to_cache
- puts "Generated certificate for your Pow .dev domains."
+ puts "Generated certificate for your Pow #{pow_domain_extensions.join(',')} domains."
true
end
def prepare_openssl_config
Dir.mkdir("#{ca_dir}/newcerts") unless File.exists?("#{ca_dir}/newcerts")
@@ -105,11 +107,23 @@
def pow_domains
@pow_domains ||= Dir["#{pow_dir}/*"].collect {|f| File.basename(f)}
end
+ def pow_domain_extensions
+ @pow_domain_extensions ||= begin
+ domains = `source #{ENV['HOME']}/.powconfig 2> /dev/null && echo $POW_DOMAINS`.chomp.split(',')
+ domains = ['dev'] if domains.empty?
+ domains
+ end
+ end
+
def pow_domains_str
- pow_domains.map {|d| "DNS:#{d}.dev,DNS:*.#{d}.dev"}.join(',')
+ pow_domains.map do |d|
+ pow_domain_extensions.map do |e|
+ "DNS:#{d}.#{e},DNS:*.#{d}.#{e}"
+ end
+ end.flatten.join(',')
end
def pow_dir
"#{ENV['HOME']}/.pow"
end