-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathRakefile
77 lines (65 loc) · 2.08 KB
/
Rakefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# frozen_string_literal: true
require 'bundler/gem_tasks'
require 'rspec/core/rake_task'
RSpec::Core::RakeTask.new(:spec)
task default: :spec
PRIVATE_KEY = 'spec/fixtures/pem/privatekey.pem'
CERTIFICATE = 'spec/fixtures/pem/certificate.pem'
AWS_FIXTURES = FileList['spec/fixtures/json/*.json'].exclude('**/*/invalid_signature.json')
SIGNABLE_KEYS = %w[
Message
MessageId
Subject
SubscribeURL
Timestamp
Token
TopicArn
Type
].freeze
file PRIVATE_KEY do |t|
require 'openssl'
key = OpenSSL::PKey::RSA.new 2048
File.write(t.name, key.to_pem)
end
file CERTIFICATE => PRIVATE_KEY do |t|
require 'openssl'
key = OpenSSL::PKey::RSA.new File.read(PRIVATE_KEY)
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 2
cert.subject = OpenSSL::X509::Name.parse '/DC=org/DC=ruby-lang/CN=Ruby certificate'
cert.issuer = cert.subject # root CA is the issuer
cert.public_key = key.public_key
cert.not_before = Time.now
cert.not_after = cert.not_before + (1 * 365 * 24 * 60 * 60) # 10 years validity
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = cert
ef.issuer_certificate = cert
cert.add_extension(ef.create_extension('keyUsage', 'digitalSignature', true))
cert.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
cert.sign(key, OpenSSL::Digest.new('SHA256'))
File.write(t.name, cert.to_pem)
end
task certificates: [PRIVATE_KEY, CERTIFICATE]
desc 'Sign AWS SES fixtures, must be called if fixtures are modified.'
task sign_aws_fixtures: :certificates do
require 'openssl'
require 'json'
require 'base64'
key = OpenSSL::PKey::RSA.new File.read(PRIVATE_KEY)
AWS_FIXTURES.each do |fixture|
data = JSON.parse File.read(fixture)
string = canonical_string(data)
signed_string = key.sign('SHA1', string)
data['Signature'] = Base64.encode64(signed_string)
File.write(fixture, JSON.pretty_generate(data))
end
end
def canonical_string(message)
parts = []
SIGNABLE_KEYS.each do |key|
value = message[key]
parts << "#{key}\n#{value}\n" unless value.nil? || value.empty?
end
parts.join
end