anchor-pki 0.6.3 → 0.8.0

data/lib/anchor/auto_cert/policy_check/for_hostname.rb

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-module Anchor
-  module AutoCert
-    class PolicyCheck
-      # Check the identifier by strict hostname name comparison
-      #
-      # Reference: http://www.faqs.org/rfcs/rfc2396.html
-      #
-      class ForHostname < PolicyCheck
-        ALPHA                = '[a-zA-Z]'
-        ALPHA_NUMERIC        = '[a-zA-Z0-9]'
-        ALPHA_NUMERIC_HYPHEN = '[-a-zA-Z0-9]'
-        DOMAIN_LABEL         = "#{ALPHA_NUMERIC}#{ALPHA_NUMERIC_HYPHEN}*#{ALPHA_NUMERIC}"
-        TOP_LEVEL_DOMAIN     = "#{ALPHA}#{ALPHA_NUMERIC_HYPHEN}*#{ALPHA_NUMERIC}"
-
-        REGEX = /
-          \A
-          (?<sub>(#{DOMAIN_LABEL}\.)+)
-          (?<tld>#{TOP_LEVEL_DOMAIN})
-          \z
-        /ix.freeze
-
-        def self.handles?(description)
-          description.is_a?(String) && description.match?(REGEX)
-        end
-
-        def initialize(description)
-          super
-          @hostname = description.downcase
-        end
-
-        # case insensitive comparison
-        def allow?(name)
-          name.is_a?(String) && (name.downcase == @hostname)
-        end
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/policy_check/for_ipaddr.rb

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-
-require 'ipaddr'
-module Anchor
-  module AutoCert
-    class PolicyCheck
-      #
-      # A PolicyCheck that compares the given IP address to an ipaddress
-      # or subnet
-      #
-      # The description for an IPAddr policy check can be anything that is
-      # parsed by the ruby IPAddr.new() method. Generally this is something in
-      # the format an ipv4 address, an ipv6 address, or CIDR notation.
-      #
-      # - "192.168.42.1"
-      # - "192.168.42.0/24"
-      # - "3ffe:505:2::1"
-      # - "2001:db8::/32"
-      #
-      class ForIPAddr < PolicyCheck
-        def self.handles?(description)
-          return true if description.is_a?(IPAddr)
-
-          begin
-            IPAddr.new(description)
-            true
-          rescue IPAddr::Error
-            false
-          end
-        end
-
-        def initialize(description)
-          super
-
-          @ipaddr = if description.is_a?(IPAddr)
-                      description
-                    else
-                      IPAddr.new(description)
-                    end
-        end
-
-        def allow?(name)
-          @ipaddr.include?(name)
-        end
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/policy_check/for_wildcard_hostname.rb

@@ -1,57 +0,0 @@
-# frozen_string_literal: true
-
-module Anchor
-  module AutoCert
-    class PolicyCheck
-      # Check that the identifier is allowed by wildcard hostname matching
-      #
-      # This does the same as the ForHostname check, but allows for an arbitrary
-      # prefixes, although the prefix itself also needs to match appropriate
-      # domain name rules.
-      #
-      # The description for a wildcard hostname check MUST be a string that starts
-      # with  `*.` followed by a valid domainname (which matches the ForHostname
-      # check)
-      #
-      #
-      class ForWildcardHostname < PolicyCheck
-        DOMAIN_LABEL_REGEX = /\A#{ForHostname::DOMAIN_LABEL}*\z/i.freeze
-        SPLAT              = '*'
-
-        def self.handles?(description)
-          return false unless description.is_a?(String)
-
-          parts = description.split('.')
-          return false unless parts[0] == SPLAT
-
-          suffix = parts[1..-1].join('.')
-          # reuse the hostname check here
-          ForHostname.handles?(suffix)
-        end
-
-        def initialize(description)
-          super
-          @parts    = description.split('.')
-          @wildcard = @parts.shift # assumed SPLAT
-          @suffix   = @parts.join('.').downcase
-        end
-
-        # An explicit '*.rest.of' is an allowable hostname for this check, even
-        # though it is not a valid domain name
-        #
-        def allow?(hostname)
-          return false unless hostname.is_a?(String)
-
-          parts = hostname.split('.')
-          prefix = parts.shift
-
-          return false unless (prefix == SPLAT) || DOMAIN_LABEL_REGEX.match?(prefix)
-
-          domain = parts.join('.').downcase
-
-          (domain == @suffix)
-        end
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/policy_check.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-module Anchor
-  module AutoCert
-    # Base class for PolicyCheck classes, these are utility classes used by the
-    # IdentifierPolicy class.
-    #
-    # The .handles? method is used to determine if an instance of this class
-    # could be created from the given description.
-    #
-    # Then the #allow? method is used to determine if the given identifier is allowed
-    # and the #deny? method is used to determine if the given identifier is denied.
-    #
-    class PolicyCheck
-      def self.handles?(description)
-        raise NotImplementedError, "#{self.class} must implement .handles?(description)"
-      end
-
-      attr_reader :policy_description
-
-      def initialize(description)
-        @policy_description = description
-      end
-
-      def deny?(identifier)
-        !allow?(identifier)
-      end
-
-      def allow?(identifier)
-        raise NotImplementedError, "#{self.class} must implement #allow?(identifier)"
-      end
-    end
-  end
-end
-require_relative 'policy_check/for_ipaddr'
-require_relative 'policy_check/for_hostname'
-require_relative 'policy_check/for_wildcard_hostname'

data/lib/anchor/auto_cert/registry.rb

@@ -1,63 +0,0 @@
-# frozen_string_literal: true
-
-module Anchor
-  module AutoCert
-    # A global registry for storing AutoCert::Configuration objects
-    class Registry
-      @_registry = {}
-      @_mutex = Mutex.new
-
-      def self.store(name, configuration)
-        @_mutex.synchronize do
-          @_registry.store(name.to_s, configuration)
-        end
-      end
-
-      def self.fetch(name)
-        @_mutex.synchronize do
-          @_registry.fetch(name.to_s)
-        end
-      end
-
-      def self.key?(name)
-        @_mutex.synchronize do
-          @_registry.key?(name.to_s)
-        end
-      end
-
-      def self.delete(name)
-        @_mutex.synchronize do
-          @_registry.delete(name.to_s)
-        end
-      end
-
-      # helpers for creating an AutoCert::Manager instance from registered
-      # configuration
-      def self.manager_for(name)
-        manager_for!(name)
-      rescue KeyError
-        nil
-      end
-
-      # helpers for creating an AutoCert::Manager instance from registered
-      # configuration - raises KeyError if the named configuration does not
-      # exist
-      def self.manager_for!(name)
-        configuration = fetch(name)
-        AutoCert::Manager.new(configuration: configuration)
-      end
-
-      def self.default_configuration
-        fetch(:default)
-      rescue KeyError
-        default = AutoCert::Configuration.new
-        store(:default, default)
-        default
-      end
-
-      def self.default_manager
-        manager_for(:default)
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/renewal_busy_wait.rb

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-module Anchor
-  module AutoCert
-    # RenewalBusyWait is a class that will loop to check if a certificate needs to
-    # to be renewed, and if it does, return
-    #
-    # Generally this class should be used inside its own thread as it will sleep
-    # and loop until the pem file is able to be renewed.
-    #
-    # Every 'check_every' interval it will check if the certificate needs to be
-    # renewed. If it does, the loop will end and `wait_for_it` will return. If
-    # it does not need renewal, the block will be called, and if the result of
-    # the block is falsy, the loop will exit early
-    #
-    class RenewalBusyWait
-      ONE_HOUR = 60 * 60
-
-      def self.wait_for_it(manager:, managed_certificate:, check_every: ONE_HOUR, &keep_going)
-        waiter = new(manager: manager, managed_certificate: managed_certificate, check_every: check_every)
-        waiter.wait_for_it(&keep_going)
-      end
-
-      def initialize(manager:, managed_certificate:, check_every: ONE_HOUR)
-        @manager = manager
-        @managed_certificate = managed_certificate
-        @check_every = check_every
-      end
-
-      def wait_for_it
-        loop do
-          break if @manager.needs_renewal?(cert: @managed_certificate)
-          break unless yield
-
-          sleep @check_every
-        end
-      end
-    end
-  end
-end

data/lib/anchor/auto_cert/terms_of_service_acceptor.rb

@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-
-module Anchor
-  module AutoCert
-    # Any class that implements the following interface can be used as a
-    # Terms of Service Acceptor. The interface is the single method `#accept?`
-    # which is handed the terms of service URI as a String.
-    module TermsOfServiceAcceptor
-      def accept?(tos_uri)
-        raise NotImplementedError, "#{self.class} must implement #accept?(tos_uri)"
-      end
-
-      # Terms of Service Acceptor that will always match anything
-      class Any
-        include TermsOfServiceAcceptor
-        def accept?(_tos_uri)
-          true
-        end
-      end
-
-      # Terms of Service Acceptor that matches based upon a regular expression
-      class Regex
-        include TermsOfServiceAcceptor
-        def initialize(regex)
-          @regex = regex
-        end
-
-        def accept?(tos_uri)
-          @regex.match?(tos_uri)
-        end
-      end
-    end
-  end
-end

data/lib/anchor/disk_store.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-require 'pstore'
-require 'tempfile'
-
-module Anchor
-  # DiskStore is a simple key/value store that persists to disk using PStore.
-  #
-  class DiskStore
-    def initialize(dir: nil, basename: 'anchor-disk-store')
-      @dir = dir || Dir.mktmpdir
-      @basename = basename
-      @path = File.join(@dir, @basename)
-      @pstore = PStore.new(@path, true)
-    end
-
-    def [](key)
-      data = nil
-      @pstore.transaction do
-        data = @pstore[key]
-      end
-      data
-    end
-
-    def []=(key, value)
-      @pstore.transaction do
-        @pstore[key] = value
-      end
-    end
-  end
-end