Skip to content

Instantly share code, notes, and snippets.

Avatar

Nov Matake nov

View GitHub Profile
@nov
nov / globalsign_root_cert_expired.rb
Created Jan 30, 2014
GlobalSign Root Certificate (expired)
View globalsign_root_cert_expired.rb
require 'openssl'
root_cert = <<-CERT
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
View globalsign_public_key.rb
require 'openssl'
expired = <<-CERT
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
View SSL Error
nov-matake@nov ~$ curl https://userinfo.yahooapis.jp
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
View openssl s_client
nov.matake@tovl ~$ openssl s_client -connect userinfo.yahooapis.jp:443 -showcerts
CONNECTED(00000003)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=JP/ST=Tokyo/L=Minato-Ku/O=Yahoo Japan Corporation/CN=*.yahooapis.jp
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
-----BEGIN CERTIFICATE-----
@nov
nov / globalsign_root_cert_latest.rb
Last active Aug 29, 2015
GlobalSign Root Certificate (latest)
View globalsign_root_cert_latest.rb
require 'openssl'
root_cert = <<-CERT
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
View gist:10152621
if (!crypto.subtle) {
crypto.subtle = crypto.webkitSubtle
}
// Encrypt some data using AES-CBC and alert() the result:
// ----------------------------------------
var keyBytes1 = asciiToArrayBufferView("raw key bytes 1.");
crypto.subtle.importKey('raw', keyBytes1, {name: 'aes-cbc'}, false, ['encrypt', 'decrypt']).then(function(key) {
// Initialization vector of all zeros.
var iv = asciiToArrayBufferView("16 bytes of iv..");
View gist:c702782baa98c75702dc
nov.matake@tovl ~$ curl -I https://www.iknow.jp/open_ids
HTTP/1.1 302 Moved Temporarily
Content-length: 160
Content-Type: text/html
Date: Thu, 08 May 2014 03:53:33 GMT
Location: https://iknow.jp/open_ids
Server: nginx/1.4.4
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
View gist:67c491166bed6f9cdb7e
nov.matake@tovl ~$ curl -I https://iknow.jp/open_ids
HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-length: 248
Content-Type: text/html; charset=utf-8
Date: Thu, 08 May 2014 03:00:19 GMT
ETag: "d7f555eab7c746d1f7d362f1188832cc"
P3P: CP="CAO CURa ADMa DEVa TAIa IVAa HISa OUR BUS UNI NAV INT"
Server: nginx/1.4.4
Set-Cookie: csid=cffb1060b88a013140000a18ce984607; path=/; expires=Sun, 08-Jun-2014 03:00:19 GMT
View gist:b6173c3195fa49e1c668
nov.matake@tovl ~$ curl https://iknow.jp/discovery.xrds
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns:openid="http://openid.net/xmlns/1.0" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/return_to</Type>
<URI>https://iknow.jp/open_ids?_method=GET</URI>
</Service>
<Service priority="10">
<Type>http://specs.openid.net/extensions/ui/icon</Type>
View self_issued_device_token.rb
require 'openid_connect'
private_key = OpenSSL::PKey::RSA.generate(2048)
client = Rack::OAuth2::Client.new(
identifier: 'client.example.com',
host: 'server.example.com',
redirect_uri: 'myapp://callback'
)
You can’t perform that action at this time.