aspera-cli 4.11.0 → 4.12.0

data/lib/aspera/web_auth.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
-require 'webrick'
-require 'webrick/https'
+require 'aspera/web_server_simple'
 require 'stringio'
 
 module Aspera
@@ -29,82 +28,31 @@ module Aspera
     end
   end # WebAuthServlet
 
-  # generates and adds self signed cert to provided webrick options
-  # def fill_self_signed_cert(cert,key)
-  #  cert.subject = cert.issuer = OpenSSL::X509::Name.parse('/C=FR/O=Test/OU=Test/CN=Test')
-  #  cert.not_before = Time.now
-  #  cert.not_after = Time.now + 365 * 24 * 60 * 60
-  #  cert.public_key = key.public_key
-  #  cert.serial = 0x0
-  #  cert.version = 2
-  #  ef = OpenSSL::X509::ExtensionFactory.new
-  #  ef.issuer_certificate = cert
-  #  ef.subject_certificate = cert
-  #  cert.extensions = [
-  #    ef.create_extension('basicConstraints','CA:TRUE', true),
-  #    ef.create_extension('subjectKeyIdentifier', 'hash'),
-  #    # ef.create_extension('keyUsage', 'cRLSign,keyCertSign', true),
-  #  ]
-  #  cert.add_extension(ef.create_extension('authorityKeyIdentifier','keyid:always,issuer:always'))
-  #  cert.sign(key, OpenSSL::Digest::SHA256.new)
-  # end
-
   # start a local web server, then start a browser that will callback the local server upon authentication
-  class WebAuth
+  class WebAuth < WebServerSimple
     attr_reader :expected_path, :mutex, :cond
     attr_writer :query
 
     # @param endpoint_url [String] e.g. 'https://127.0.0.1:12345'
     def initialize(endpoint_url)
       uri = URI.parse(endpoint_url)
+      super(uri)
       # parameters for servlet
-      @query = nil
       @mutex = Mutex.new
       @cond = ConditionVariable.new
       @expected_path = uri.path.empty? ? '/' : uri.path
-      # see https://www.rubydoc.info/stdlib/webrick/WEBrick/Config
-      webrick_options = {
-        BindAddress: uri.host,
-        Port:        uri.port,
-        Logger:      Log.log,
-        AccessLog:   [[self, WEBrick::AccessLog::COMMON_LOG_FORMAT]] # replace default access log to call local method "<<" below
-      }
-      case uri.scheme
-      when 'http'
-        Log.log.debug('HTTP mode')
-      when 'https'
-        webrick_options[:SSLEnable] = true
-        # a- automatic certificate generation
-        webrick_options[:SSLCertName] = [['CN', WEBrick::Utils.getservername]]
-        # b- generate self signed cert
-        # webrick_options[:SSLPrivateKey]   = OpenSSL::PKey::RSA.new(4096)
-        # webrick_options[:SSLCertificate]  = OpenSSL::X509::Certificate.new
-        # self.class.fill_self_signed_cert(webrick_options[:SSLCertificate],webrick_options[:SSLPrivateKey])
-        ## c- good cert
-        # webrick_options[:SSLPrivateKey]  = OpenSSL::PKey::RSA.new(File.read('.../myserver.key'))
-        # webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.read('.../myserver.crt'))
-      end
-      # self signed certificate generates characters on STDERR, see create_self_signed_cert in webrick/ssl.rb
-      Log.capture_stderr { @server = WEBrick::HTTPServer.new(webrick_options) }
-      @server.mount(@expected_path, WebAuthServlet, self) # additional args provided to constructor
-      Thread.new { @server.start }
-    end
-
-    # log web server access ( option AccessLog )
-    def <<(access_log)
-      Log.log.debug{"webrick log #{access_log.chomp}"}
+      @query = nil
+      mount(@expected_path, WebAuthServlet, self) # additional args provided to constructor
+      Thread.new { start }
     end
 
     # wait for request on web server
     # @return Hash the query
     def received_request
-      # shall be called only once
-      raise 'error, received_request called twice ?' if @server.nil?
       # wait for signal from thread
       @mutex.synchronize{@cond.wait(@mutex)}
       # tell server thread to stop
-      @server.shutdown
-      @server = nil
+      shutdown
       return @query
     end
   end

data/lib/aspera/web_server_simple.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require 'webrick'
+require 'webrick/https'
+require 'aspera/log'
+require 'openssl'
+
+module Aspera
+  class WebServerSimple < WEBrick::HTTPServer
+    CERT_PARAMETERS = %i[key cert chain].freeze
+    # generates and adds self signed cert to provided webrick options
+    def self.fill_self_signed_cert(cert, key)
+      cert.subject = cert.issuer = OpenSSL::X509::Name.parse('/C=FR/O=Test/OU=Test/CN=Test')
+      cert.not_before = Time.now
+      cert.not_after = Time.now + 365 * 24 * 60 * 60
+      cert.public_key = key.public_key
+      cert.serial = 0x0
+      cert.version = 2
+      ef = OpenSSL::X509::ExtensionFactory.new
+      ef.issuer_certificate = cert
+      ef.subject_certificate = cert
+      cert.extensions = [
+        ef.create_extension('basicConstraints', 'CA:TRUE', true),
+        ef.create_extension('subjectKeyIdentifier', 'hash')
+        # ef.create_extension('keyUsage', 'cRLSign,keyCertSign', true),
+      ]
+      cert.add_extension(ef.create_extension('authorityKeyIdentifier', 'keyid:always,issuer:always'))
+      cert.sign(key, OpenSSL::Digest.new('SHA256'))
+    end
+
+    # @param uri [URI]
+    def initialize(uri, certificate: nil)
+      # see https://www.rubydoc.info/stdlib/webrick/WEBrick/Config
+      webrick_options = {
+        BindAddress: uri.host,
+        Port:        uri.port,
+        Logger:      Log.log,
+        AccessLog:   [[self, WEBrick::AccessLog::COMMON_LOG_FORMAT]] # replace default access log to call local method "<<" below
+      }
+      case uri.scheme
+      when 'http'
+        Log.log.debug('HTTP mode')
+      when 'https'
+        webrick_options[:SSLEnable] = true
+        if certificate.nil?
+          webrick_options[:SSLCertName] = [['CN', WEBrick::Utils.getservername]]
+        else
+          raise 'certificate must be Hash' unless certificate.is_a?(Hash)
+          certificate = certificate.symbolize_keys
+          raise "unexpected key in certificate config: only: #{CERT_PARAMETERS.join(', ')}" if certificate.keys.any?{|k|!CERT_PARAMETERS.include?(k)}
+          webrick_options[:SSLPrivateKey] = if certificate.key?(:key)
+            OpenSSL::PKey::RSA.new(File.read(certificate[:key]))
+          else
+            OpenSSL::PKey::RSA.new(4096)
+          end
+          if certificate.key?(:cert)
+            webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.read(certificate[:cert]))
+          else
+            webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new
+            self.class.fill_self_signed_cert(webrick_options[:SSLCertificate], webrick_options[:SSLPrivateKey])
+          end
+          if certificate.key?(:chain)
+            webrick_options[:SSLExtraChainCert] = [OpenSSL::X509::Certificate.new(File.read(certificate[:chain]))]
+          end
+        end
+      end
+      # self signed certificate generates characters on STDERR, see create_self_signed_cert in webrick/ssl.rb
+      Log.capture_stderr { super(webrick_options) }
+    end
+
+    # log web server access ( option AccessLog )
+    def <<(access_log)
+      Log.log.debug{"webrick log #{access_log.chomp}"}
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aspera-cli
 version: !ruby/object:Gem::Version
-  version: 4.11.0
+  version: 4.12.0
 platform: ruby
 authors:
 - Laurent Martin
@@ -35,7 +35,7 @@ cert_chain:
   ZjkOWbUc1aLIsfaQFHWyNfisY9X2RgkFHjX0p5493wnoA7aWh52MUhc145npFh8z
   v4P9xwkT02Shkert4B4iwNvVjoAUGk+J4090svZCroAyXBjon5LV7MJ4fyw=
   -----END CERTIFICATE-----
-date: 2023-01-26 00:00:00.000000000 Z
+date: 2023-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: execjs
@@ -378,7 +378,7 @@ files:
 - lib/aspera/ats_api.rb
 - lib/aspera/cli/basic_auth_plugin.rb
 - lib/aspera/cli/extended_value.rb
-- lib/aspera/cli/formater.rb
+- lib/aspera/cli/formatter.rb
 - lib/aspera/cli/info.rb
 - lib/aspera/cli/listener/line_dump.rb
 - lib/aspera/cli/listener/logger.rb
@@ -432,6 +432,7 @@ files:
 - lib/aspera/fasp/transfer_spec.rb
 - lib/aspera/fasp/uri.rb
 - lib/aspera/faspex_gw.rb
+- lib/aspera/faspex_postproc.rb
 - lib/aspera/hash_ext.rb
 - lib/aspera/id_generator.rb
 - lib/aspera/keychain/encrypted_hash.rb
@@ -462,6 +463,7 @@ files:
 - lib/aspera/timer_limiter.rb
 - lib/aspera/uri_reader.rb
 - lib/aspera/web_auth.rb
+- lib/aspera/web_server_simple.rb
 homepage: https://github.com/IBM/aspera-cli
 licenses:
 - Apache-2.0
@@ -488,7 +490,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - Read the manual for any requirement
-rubygems_version: 3.4.1
+rubygems_version: 3.4.6
 signing_key: 
 specification_version: 4
 summary: 'Execute actions using command line on IBM Aspera Server products: Aspera