RubyGems - anchor-pki - Versions diffs - 0.6.3 → 0.7.0 - Mend

anchor-pki 0.6.3 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/Gemfile.lock +28 -7
data/README.md +3 -5
data/lib/anchor/auto_cert/configuration.rb +35 -219
data/lib/anchor/auto_cert/railtie.rb +4 -63
data/lib/anchor/auto_cert.rb +0 -16
data/lib/anchor/pem_bundle.rb +2 -0
data/lib/anchor/version.rb +1 -1
data/lib/anchor.rb +0 -1
data/lib/puma/dsl.rb +14 -9
data/lib/puma/plugin/auto_cert.rb +113 -80
metadata +4 -29
data/lib/anchor/auto_cert/identifier_policy.rb +0 -71
data/lib/anchor/auto_cert/managed_certificate.rb +0 -77
data/lib/anchor/auto_cert/manager.rb +0 -260
data/lib/anchor/auto_cert/policy_check/for_hostname.rb +0 -40
data/lib/anchor/auto_cert/policy_check/for_ipaddr.rb +0 -48
data/lib/anchor/auto_cert/policy_check/for_wildcard_hostname.rb +0 -57
data/lib/anchor/auto_cert/policy_check.rb +0 -37
data/lib/anchor/auto_cert/registry.rb +0 -63
data/lib/anchor/auto_cert/renewal_busy_wait.rb +0 -40
data/lib/anchor/auto_cert/terms_of_service_acceptor.rb +0 -34
data/lib/anchor/disk_store.rb +0 -31

data/lib/anchor/auto_cert/policy_check/for_hostname.rb DELETED Viewed

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-module Anchor
-  module AutoCert
-    class PolicyCheck
-      # Check the identifier by strict hostname name comparison
-      #
-      # Reference: http://www.faqs.org/rfcs/rfc2396.html
-      #
-      class ForHostname < PolicyCheck
-        ALPHA                = '[a-zA-Z]'
-        ALPHA_NUMERIC        = '[a-zA-Z0-9]'
-        ALPHA_NUMERIC_HYPHEN = '[-a-zA-Z0-9]'
-        DOMAIN_LABEL         = "#{ALPHA_NUMERIC}#{ALPHA_NUMERIC_HYPHEN}*#{ALPHA_NUMERIC}"
-        TOP_LEVEL_DOMAIN     = "#{ALPHA}#{ALPHA_NUMERIC_HYPHEN}*#{ALPHA_NUMERIC}"
-        REGEX = /
-          \A
-          (?<sub>(#{DOMAIN_LABEL}\.)+)
-          (?<tld>#{TOP_LEVEL_DOMAIN})
-          \z
-        /ix.freeze
-        def self.handles?(description)
-          description.is_a?(String) && description.match?(REGEX)
-        end
-        def initialize(description)
-          super
-          @hostname = description.downcase
-        end
-        # case insensitive comparison
-        def allow?(name)
-          name.is_a?(String) && (name.downcase == @hostname)
-        end
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/policy_check/for_ipaddr.rb DELETED Viewed

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-require 'ipaddr'
-module Anchor
-  module AutoCert
-    class PolicyCheck
-      #
-      # A PolicyCheck that compares the given IP address to an ipaddress
-      # or subnet
-      #
-      # The description for an IPAddr policy check can be anything that is
-      # parsed by the ruby IPAddr.new() method. Generally this is something in
-      # the format an ipv4 address, an ipv6 address, or CIDR notation.
-      #
-      # - "192.168.42.1"
-      # - "192.168.42.0/24"
-      # - "3ffe:505:2::1"
-      # - "2001:db8::/32"
-      #
-      class ForIPAddr < PolicyCheck
-        def self.handles?(description)
-          return true if description.is_a?(IPAddr)
-          begin
-            IPAddr.new(description)
-            true
-          rescue IPAddr::Error
-            false
-          end
-        end
-        def initialize(description)
-          super
-          @ipaddr = if description.is_a?(IPAddr)
-                      description
-                    else
-                      IPAddr.new(description)
-                    end
-        end
-        def allow?(name)
-          @ipaddr.include?(name)
-        end
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/policy_check/for_wildcard_hostname.rb DELETED Viewed

@@ -1,57 +0,0 @@
-# frozen_string_literal: true
-module Anchor
-  module AutoCert
-    class PolicyCheck
-      # Check that the identifier is allowed by wildcard hostname matching
-      #
-      # This does the same as the ForHostname check, but allows for an arbitrary
-      # prefixes, although the prefix itself also needs to match appropriate
-      # domain name rules.
-      #
-      # The description for a wildcard hostname check MUST be a string that starts
-      # with  `*.` followed by a valid domainname (which matches the ForHostname
-      # check)
-      #
-      #
-      class ForWildcardHostname < PolicyCheck
-        DOMAIN_LABEL_REGEX = /\A#{ForHostname::DOMAIN_LABEL}*\z/i.freeze
-        SPLAT              = '*'
-        def self.handles?(description)
-          return false unless description.is_a?(String)
-          parts = description.split('.')
-          return false unless parts[0] == SPLAT
-          suffix = parts[1..-1].join('.')
-          # reuse the hostname check here
-          ForHostname.handles?(suffix)
-        end
-        def initialize(description)
-          super
-          @parts    = description.split('.')
-          @wildcard = @parts.shift # assumed SPLAT
-          @suffix   = @parts.join('.').downcase
-        end
-        # An explicit '*.rest.of' is an allowable hostname for this check, even
-        # though it is not a valid domain name
-        #
-        def allow?(hostname)
-          return false unless hostname.is_a?(String)
-          parts = hostname.split('.')
-          prefix = parts.shift
-          return false unless (prefix == SPLAT) || DOMAIN_LABEL_REGEX.match?(prefix)
-          domain = parts.join('.').downcase
-          (domain == @suffix)
-        end
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/policy_check.rb DELETED Viewed

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-module Anchor
-  module AutoCert
-    # Base class for PolicyCheck classes, these are utility classes used by the
-    # IdentifierPolicy class.
-    #
-    # The .handles? method is used to determine if an instance of this class
-    # could be created from the given description.
-    #
-    # Then the #allow? method is used to determine if the given identifier is allowed
-    # and the #deny? method is used to determine if the given identifier is denied.
-    #
-    class PolicyCheck
-      def self.handles?(description)
-        raise NotImplementedError, "#{self.class} must implement .handles?(description)"
-      end
-      attr_reader :policy_description
-      def initialize(description)
-        @policy_description = description
-      end
-      def deny?(identifier)
-        !allow?(identifier)
-      end
-      def allow?(identifier)
-        raise NotImplementedError, "#{self.class} must implement #allow?(identifier)"
-      end
-    end
-  end
-end
-require_relative 'policy_check/for_ipaddr'
-require_relative 'policy_check/for_hostname'
-require_relative 'policy_check/for_wildcard_hostname'

data/lib/anchor/auto_cert/registry.rb DELETED Viewed

@@ -1,63 +0,0 @@
-# frozen_string_literal: true
-module Anchor
-  module AutoCert
-    # A global registry for storing AutoCert::Configuration objects
-    class Registry
-      @_registry = {}
-      @_mutex = Mutex.new
-      def self.store(name, configuration)
-        @_mutex.synchronize do
-          @_registry.store(name.to_s, configuration)
-        end
-      end
-      def self.fetch(name)
-        @_mutex.synchronize do
-          @_registry.fetch(name.to_s)
-        end
-      end
-      def self.key?(name)
-        @_mutex.synchronize do
-          @_registry.key?(name.to_s)
-        end
-      end
-      def self.delete(name)
-        @_mutex.synchronize do
-          @_registry.delete(name.to_s)
-        end
-      end
-      # helpers for creating an AutoCert::Manager instance from registered
-      # configuration
-      def self.manager_for(name)
-        manager_for!(name)
-      rescue KeyError
-        nil
-      end
-      # helpers for creating an AutoCert::Manager instance from registered
-      # configuration - raises KeyError if the named configuration does not
-      # exist
-      def self.manager_for!(name)
-        configuration = fetch(name)
-        AutoCert::Manager.new(configuration: configuration)
-      end
-      def self.default_configuration
-        fetch(:default)
-      rescue KeyError
-        default = AutoCert::Configuration.new
-        store(:default, default)
-        default
-      end
-      def self.default_manager
-        manager_for(:default)
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/renewal_busy_wait.rb DELETED Viewed

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-module Anchor
-  module AutoCert
-    # RenewalBusyWait is a class that will loop to check if a certificate needs to
-    # to be renewed, and if it does, return
-    #
-    # Generally this class should be used inside its own thread as it will sleep
-    # and loop until the pem file is able to be renewed.
-    #
-    # Every 'check_every' interval it will check if the certificate needs to be
-    # renewed. If it does, the loop will end and `wait_for_it` will return. If
-    # it does not need renewal, the block will be called, and if the result of
-    # the block is falsy, the loop will exit early
-    #
-    class RenewalBusyWait
-      ONE_HOUR = 60 * 60
-      def self.wait_for_it(manager:, managed_certificate:, check_every: ONE_HOUR, &keep_going)
-        waiter = new(manager: manager, managed_certificate: managed_certificate, check_every: check_every)
-        waiter.wait_for_it(&keep_going)
-      end
-      def initialize(manager:, managed_certificate:, check_every: ONE_HOUR)
-        @manager = manager
-        @managed_certificate = managed_certificate
-        @check_every = check_every
-      end
-      def wait_for_it
-        loop do
-          break if @manager.needs_renewal?(cert: @managed_certificate)
-          break unless yield
-          sleep @check_every
-        end
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/terms_of_service_acceptor.rb DELETED Viewed

@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-module Anchor
-  module AutoCert
-    # Any class that implements the following interface can be used as a
-    # Terms of Service Acceptor. The interface is the single method `#accept?`
-    # which is handed the terms of service URI as a String.
-    module TermsOfServiceAcceptor
-      def accept?(tos_uri)
-        raise NotImplementedError, "#{self.class} must implement #accept?(tos_uri)"
-      end
-      # Terms of Service Acceptor that will always match anything
-      class Any
-        include TermsOfServiceAcceptor
-        def accept?(_tos_uri)
-          true
-        end
-      end
-      # Terms of Service Acceptor that matches based upon a regular expression
-      class Regex
-        include TermsOfServiceAcceptor
-        def initialize(regex)
-          @regex = regex
-        end
-        def accept?(tos_uri)
-          @regex.match?(tos_uri)
-        end
-      end
-    end
-  end
-end

data/lib/anchor/disk_store.rb DELETED Viewed

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-require 'pstore'
-require 'tempfile'
-module Anchor
-  # DiskStore is a simple key/value store that persists to disk using PStore.
-  #
-  class DiskStore
-    def initialize(dir: nil, basename: 'anchor-disk-store')
-      @dir = dir || Dir.mktmpdir
-      @basename = basename
-      @path = File.join(@dir, @basename)
-      @pstore = PStore.new(@path, true)
-    end
-    def [](key)
-      data = nil
-      @pstore.transaction do
-        data = @pstore[key]
-      end
-      data
-    end
-    def []=(key, value)
-      @pstore.transaction do
-        @pstore[key] = value
-      end
-    end
-  end
-end