aspera-cli 4.18.0 → 4.19.0

data/lib/aspera/secret_hider.rb

@@ -16,17 +16,18 @@ module Aspera
     KEY_SECRETS = %w[password secret passphrase _key apikey crn token].freeze
     HTTP_SECRETS = %w[Authorization].freeze
     ALL_SECRETS = [ASCP_ENV_SECRETS, KEY_SECRETS, HTTP_SECRETS].flatten.freeze
+    ALL_SECRETS2 = [KEY_SECRETS, HTTP_SECRETS].flatten.freeze
     KEY_FALSE_POSITIVES = [/^access_key$/, /^fallback_private_key$/].freeze
     # regex that define named captures :begin and :end
     REGEX_LOG_REPLACES = [
       # CLI manager get/set options
       /(?<begin>[sg]et (?:#{KEY_SECRETS.join('|')})=).*(?<end>)/,
       # env var ascp exec
-      /(?<begin> (?:#{ASCP_ENV_SECRETS.join('|')})=)(\\.|[^ ])*(?<end> )/,
+      /(?<begin> (?:#{ASCP_ENV_SECRETS.join('|')})=)[^ ]+(?<end> )/,
       # rendered JSON or Ruby
       /(?<begin>(?:(?<quote>["'])|:)[^"':=]*(?:#{ALL_SECRETS.join('|')})[^"':=]*\k<quote>?(?:=>|:) *")[^"]+(?<end>")/,
       # logged data
-      /(?<begin>(?:#{ALL_SECRETS.join('|')})[ =:]+).*(?<end>$)/,
+      /(?<begin>(?:#{ALL_SECRETS2.join('|')})[ =:]+).*(?<end>$)/,
       # private key values
       /(?<begin>--+BEGIN [^-]+ KEY--+)[[:ascii:]]+?(?<end>--+?END [^-]+ KEY--+)/,
       # cred in http dump

data/lib/aspera/ssh.rb

@@ -14,7 +14,7 @@ if ENV.fetch('ASCLI_ENABLE_ED25519', 'false').eql?('false')
   $VERBOSE = old_verbose
 end
 
-if RUBY_ENGINE == 'jruby' && ENV.fetch('ASCLI_ENABLE_ECDSHA2', 'false').eql?('false')
+if defined?(JRUBY_VERSION) && ENV.fetch('ASCLI_ENABLE_ECDSHA2', 'false').eql?('false')
   Net::SSH::Transport::Algorithms::ALGORITHMS.each_value { |a| a.reject! { |a| a =~ /^ecd(sa|h)-sha2/ } }
   Net::SSH::KnownHosts::SUPPORTED_TYPE.reject! { |t| t =~ /^ecd(sa|h)-sha2/ }
 end

data/lib/aspera/transfer/faux_file.rb

@@ -8,19 +8,21 @@ module Aspera
       PREFIX = 'faux:///'
       # size suffix
       SUFFIX = %w[k m g t p e]
+      private_constant :PREFIX, :SUFFIX
       class << self
-        def open(name)
+        # @return nil if not a faux: scheme, else a FauxFile instance
+        def create(name)
           return nil unless name.start_with?(PREFIX)
-          parts = name[PREFIX.length..-1].split('?')
-          raise 'Format: #{PREFIX}<file path>?<size>' unless parts.length.eql?(2)
-          raise "Format: <integer>[#{SUFFIX.join(',')}]" unless (m = parts[1].downcase.match(/^(\d+)([#{SUFFIX.join('')}])$/))
+          url_parts = name[PREFIX.length..-1].split('?')
+          raise 'Format: #{PREFIX}<file path>?<size>' unless url_parts.length.eql?(2)
+          raise "Format: <integer>[#{SUFFIX.join(',')}]" unless (m = url_parts[1].downcase.match(/^(\d+)([#{SUFFIX.join('')}])$/))
           size = m[1].to_i
           suffix = m[2]
           SUFFIX.each do |s|
             size *= 1024
             break if s.eql?(suffix)
           end
-          return FauxFile.new(parts[0], size)
+          return FauxFile.new(url_parts[0], size)
         end
       end
       attr_reader :path, :size

data/lib/aspera/transfer/parameters.rb

@@ -21,9 +21,10 @@ module Aspera
     class Parameters
       # Agents shown in manual for parameters (sub list)
       SUPPORTED_AGENTS = %i[direct node connect trsdk httpgw].freeze
+      FILE_LIST_OPTIONS = ['--file-list', '--file-pair-list'].freeze
       # Short names of columns in manual
       SUPPORTED_AGENTS_SHORT = SUPPORTED_AGENTS.map{|agent_sym|agent_sym.to_s[0].to_sym}
-      FILE_LIST_OPTIONS = ['--file-list', '--file-pair-list'].freeze
+      HTTP_FALLBACK_ACTIVATION_VALUES = ['1', 1, true, 'force'].freeze
 
       private_constant :SUPPORTED_AGENTS, :FILE_LIST_OPTIONS
 
@@ -106,21 +107,25 @@ module Aspera
       # @param options [Hash] key: :wss: bool, :ascp_args: array of strings
       def initialize(
         job_spec,
-        ascp_args:,
-        wss:,
-        quiet:,
-        trusted_certs:,
-        check_ignore_cb:
+        ascp_args:       nil,
+        wss:             true,
+        quiet:           true,
+        trusted_certs:   nil,
+        client_ssh_key:  nil,
+        check_ignore_cb: nil
       )
         @job_spec = job_spec
-        @ascp_args = ascp_args
+        @ascp_args = ascp_args.nil? ? [] : ascp_args
         @wss = wss
         @quiet = quiet
-        @trusted_certs = trusted_certs
+        @trusted_certs = trusted_certs.nil? ? [] : trusted_certs
+        @client_ssh_key = client_ssh_key.nil? ? :rsa : client_ssh_key.to_sym
         @check_ignore_cb = check_ignore_cb
-        Aspera.assert_type(job_spec, Hash)
+        Aspera.assert_type(@job_spec, Hash)
         Aspera.assert_type(@ascp_args, Array){'ascp_args'}
-        Aspera.assert(@ascp_args.all?(String)){'ascp arguments must be Strings'}
+        Aspera.assert(@ascp_args.all?(String)){'all ascp arguments must be String'}
+        Aspera.assert_type(@trusted_certs, Array){'trusted_certs'}
+        Aspera.assert_values(@client_ssh_key, Ascp::Installation::CLIENT_SSH_KEY_OPTIONS)
         @builder = CommandLineBuilder.new(@job_spec, Spec::DESCRIPTION)
       end
 
@@ -162,6 +167,7 @@ module Aspera
         @builder.add_command_line_options(["#{file_list_option}=#{file_list_file}"]) unless file_list_option.nil?
       end
 
+      # @return the list of certificates to use when token/ssh or wss are used
       def remote_certificates
         certificates_to_use = []
         # use web socket secure for session ?
@@ -174,7 +180,7 @@ module Aspera
           @job_spec.delete('fasp_port')
           @job_spec.delete('sshfp')
           # set location for CA bundle to be the one of Ruby, see env var SSL_CERT_FILE / SSL_CERT_DIR
-          certificates_to_use.concat(@trusted_certs) if @trusted_certs.is_a?(Array)
+          certificates_to_use.concat(@trusted_certs)
           # ignore cert for wss ?
           if @check_ignore_cb&.call(@job_spec['remote_host'], @job_spec['wss_port'])
             wss_cert_file = TempFileManager.instance.new_file_path_global('wss_cert')
@@ -191,7 +197,7 @@ module Aspera
           # add SSH bypass keys when authentication is token and no auth is provided
           if @job_spec.key?('token') && !@job_spec.key?('remote_password')
             # @job_spec['remote_password'] = Ascp::Installation.instance.ssh_cert_uuid # not used: no passphrase
-            certificates_to_use.concat(Ascp::Installation.instance.aspera_token_ssh_key_paths)
+            certificates_to_use.concat(Ascp::Installation.instance.aspera_token_ssh_key_paths(@client_ssh_key))
           end
         end
         return certificates_to_use
@@ -200,9 +206,9 @@ module Aspera
       # translate transfer spec to env vars and command line arguments for ascp
       def ascp_args
         env_args = {
-          args:         [],
-          env:          {},
-          ascp_version: :ascp
+          args: [],
+          env:  {},
+          name: :ascp
         }
 
         # special cases
@@ -213,7 +219,7 @@ module Aspera
 
         # add ssh or wss certificates
         # (reverse, to keep order, as we unshift)
-        remote_certificates.reverse_each do |cert|
+        remote_certificates&.reverse_each do |cert|
           env_args[:args].unshift('-i', cert)
         end
 
@@ -223,9 +229,9 @@ module Aspera
         base64_destination = false
         # symbol must be index of Ascp::Installation.paths
         if @builder.read_param('use_ascp4')
-          env_args[:ascp_version] = :ascp4
+          env_args[:name] = :ascp4
         else
-          env_args[:ascp_version] = :ascp
+          env_args[:name] = :ascp
           base64_destination = true
         end
         # destination will be base64 encoded, put this before source path arguments
@@ -243,10 +249,12 @@ module Aspera
         @builder.add_env_args(env_args)
         env_args[:args].unshift('-q') if @quiet
         # add fallback cert and key as arguments if needed
-        if ['1', 1, true, 'force'].include?(@job_spec['http_fallback'])
+        if HTTP_FALLBACK_ACTIVATION_VALUES.include?(@job_spec['http_fallback'])
           env_args[:args].unshift('-Y', Ascp::Installation.instance.path(:fallback_private_key))
           env_args[:args].unshift('-I', Ascp::Installation.instance.path(:fallback_certificate))
         end
+        # disable redis in client
+        env_args[:env]['ASPERA_TEST_REDIS_DISABLE'] = 'true'
         Log.log.debug{"ascp args: #{env_args}"}
         return env_args
       end

data/lib/aspera/transfer/spec.rb

@@ -22,23 +22,21 @@ module Aspera
       # reserved tag for Aspera
       TAG_RESERVED = 'aspera'
       class << self
-        def action_to_direction(tspec, command)
-          Aspera.assert_type(tspec, Hash){'transfer spec'}
-          tspec['direction'] = case command.to_sym
+        # translate upload/download to send/receive
+        def transfer_type_to_direction(transfer_type)
+          case transfer_type.to_sym
           when :upload then DIRECTION_SEND
           when :download then DIRECTION_RECEIVE
-          else Aspera.error_unexpected_value(command.to_sym)
+          else Aspera.error_unexpected_value(transfer_type.to_sym)
           end
-          return tspec
         end
 
-        def action(tspec)
-          Aspera.assert_type(tspec, Hash){'transfer spec'}
-          Aspera.assert_values(tspec['direction'], [DIRECTION_SEND, DIRECTION_RECEIVE]){'direction'}
-          case tspec['direction']
+        # translate send/receive to upload/download
+        def direction_to_transfer_type(direction)
+          case direction
           when DIRECTION_SEND then :upload
           when DIRECTION_RECEIVE then :download
-          else Aspera.error_unexpected_value(tspec['direction'])
+          else Aspera.error_unexpected_value(direction)
           end
         end
       end

data/lib/aspera/transfer/sync.rb

@@ -4,6 +4,7 @@
 
 require 'aspera/command_line_builder'
 require 'aspera/ascp/installation'
+require 'aspera/agent/direct'
 require 'aspera/log'
 require 'aspera/assert'
 require 'json'
@@ -13,12 +14,12 @@ require 'English'
 
 module Aspera
   module Transfer
-    # builds command line arg for async
+    # builds command line arg for async and execute it
     module Sync
       # sync direction, default is push
       DIRECTIONS = %i[push pull bidi].freeze
-      # custom JSON for async instance command line options
-      PARAMS_VX_INSTANCE =
+      # JSON for async instance command line options
+      CMDLINE_PARAMS_INSTANCE =
         {
           'alt_logdir'          => { cli: { type: :opt_with_arg}, accepted_types: :string},
           'watchd'              => { cli: { type: :opt_with_arg}, accepted_types: :string},
@@ -28,7 +29,7 @@ module Aspera
         }.freeze
 
       # map sync session parameters to transfer spec: sync -> ts, true if same
-      PARAMS_VX_SESSION =
+      CMDLINE_PARAMS_SESSION =
         {
           'name'                       => { cli: { type: :opt_with_arg}, accepted_types: :string},
           'local_dir'                  => { cli: { type: :opt_with_arg}, accepted_types: :string},
@@ -65,13 +66,13 @@ module Aspera
           'license'                    => { cli: { type: :envvar, variable: 'ASPERA_SCP_LICENSE'}}
         }.freeze
 
-      CommandLineBuilder.normalize_description(PARAMS_VX_INSTANCE)
-      CommandLineBuilder.normalize_description(PARAMS_VX_SESSION)
+      CommandLineBuilder.normalize_description(CMDLINE_PARAMS_INSTANCE)
+      CommandLineBuilder.normalize_description(CMDLINE_PARAMS_SESSION)
 
-      PARAMS_VX_KEYS = %w[instance sessions].freeze
+      CMDLINE_PARAMS_KEYS = %w[instance sessions].freeze
 
       # Translation of transfer spec parameters to async v2 API (asyncs)
-      TS_TO_PARAMS_V2 = {
+      TSPEC_TO_ASYNC_CONF = {
         'remote_host'     => 'remote.host',
         'remote_user'     => 'remote.user',
         'remote_password' => 'remote.pass',
@@ -83,10 +84,9 @@ module Aspera
         'tags'            => 'tags'
       }.freeze
 
-      ASYNC_EXECUTABLE = 'async'
       ASYNC_ADMIN_EXECUTABLE = 'asyncadmin'
 
-      private_constant :PARAMS_VX_INSTANCE, :PARAMS_VX_SESSION, :PARAMS_VX_KEYS, :TS_TO_PARAMS_V2, :ASYNC_EXECUTABLE, :ASYNC_ADMIN_EXECUTABLE
+      private_constant :CMDLINE_PARAMS_INSTANCE, :CMDLINE_PARAMS_SESSION, :CMDLINE_PARAMS_KEYS, :TSPEC_TO_ASYNC_CONF, :ASYNC_ADMIN_EXECUTABLE
 
       class << self
         # Set remote_dir in sync parameters based on transfer spec
@@ -126,7 +126,7 @@ module Aspera
             remote.delete('ws_port')
             # add SSH bypass keys when authentication is token and no auth is provided
             if remote.key?('token') && !remote.key?('pass')
-              certificates_to_use.concat(Ascp::Installation.instance.aspera_token_ssh_key_paths)
+              certificates_to_use.concat(Ascp::Installation.instance.aspera_token_ssh_key_paths(:rsa))
             end
           end
           return certificates_to_use
@@ -134,23 +134,27 @@ module Aspera
 
         # @param sync_params [Hash] sync parameters, old or new format
         # @param block [nil, Proc] block to generate transfer spec, takes: direction (one of DIRECTIONS), local_dir, remote_dir
-        def start(sync_params, &block)
+        def start(
+          sync_params,
+          &block
+        )
+          Log.log.debug{Log.dump(:sync_params_initial, sync_params)}
           Aspera.assert_type(sync_params, Hash)
           env_args = {
             args: [],
             env:  {}
           }
           if sync_params.key?('local')
+            # async native JSON format (conf option)
+            Aspera.assert_type(sync_params['local'], Hash){'local'}
             remote = sync_params['remote']
-            # async native JSON format (v2)
-            Aspera.assert_type(remote, Hash)
+            Aspera.assert_type(remote, Hash){'remote'}
+            Aspera.assert_type(remote['path'], String){'remote path'}
             # get transfer spec if possible, and feed back to new structure
             if block
               transfer_spec = yield((sync_params['direction'] || 'push').to_sym, sync_params['local']['path'], remote['path'])
-              # async native JSON format
-              Aspera.assert_type(sync_params['local'], Hash)
               # translate transfer spec to async parameters
-              TS_TO_PARAMS_V2.each do |ts_param, sy_path|
+              TSPEC_TO_ASYNC_CONF.each do |ts_param, sy_path|
                 next unless transfer_spec.key?(ts_param)
                 sy_dig = sy_path.split('.')
                 param = sy_dig.pop
@@ -160,36 +164,41 @@ module Aspera
               end
               update_remote_dir(remote, 'path', transfer_spec)
             end
-            remote['connect_mode'] ||= remote.key?('ws_port') ? 'ws' : 'ssh'
+            remote['connect_mode'] ||= transfer_spec['wss_enabled'] ? 'ws' : 'ssh'
             add_certificates = remote_certificates(remote)
             if !add_certificates.empty?
               remote['private_key_paths'] ||= []
               remote['private_key_paths'].concat(add_certificates)
             end
-            Aspera.assert_type(sync_params, Hash)
+            # '--exclusive-mgmt-port=12345', '--arg-err-path=-',
             env_args[:args] = ["--conf64=#{Base64.strict_encode64(JSON.generate(sync_params))}"]
+            Log.log.debug{Log.dump(:sync_params_enriched, sync_params)}
+            agent = Agent::Direct.new
+            agent.start_and_monitor_process(session: {}, name: :async, **env_args)
           elsif sync_params.key?('sessions')
-            # ascli JSON format (v1)
+            # ascli JSON format (cmdline)
+            raise StandardError, "Only 'sessions', and optionally 'instance' keys are allowed" unless
+              sync_params.keys.push('instance').uniq.sort.eql?(CMDLINE_PARAMS_KEYS)
+            Aspera.assert_type(sync_params['sessions'], Array)
+            Aspera.assert_type(sync_params['sessions'].first, Hash)
             if block
               sync_params['sessions'].each do |session|
+                Aspera.assert_type(session['local_dir'], String){'local_dir'}
+                Aspera.assert_type(session['remote_dir'], String){'remote_dir'}
                 transfer_spec = yield((session['direction'] || 'push').to_sym, session['local_dir'], session['remote_dir'])
-                PARAMS_VX_SESSION.each do |async_param, behavior|
+                CMDLINE_PARAMS_SESSION.each do |async_param, behavior|
                   if behavior.key?(:ts)
                     tspec_param = behavior[:ts].is_a?(TrueClass) ? async_param : behavior[:ts].to_s
                     session[async_param] ||= transfer_spec[tspec_param] if transfer_spec.key?(tspec_param)
                   end
                 end
-                session['private_key_paths'] = Ascp::Installation.instance.aspera_token_ssh_key_paths if transfer_spec.key?('token')
+                session['private_key_paths'] = Ascp::Installation.instance.aspera_token_ssh_key_paths(:rsa) if transfer_spec.key?('token')
                 update_remote_dir(session, 'remote_dir', transfer_spec)
               end
             end
-            raise StandardError, "Only 'sessions', and optionally 'instance' keys are allowed" unless
-              sync_params.keys.push('instance').uniq.sort.eql?(PARAMS_VX_KEYS)
-            Aspera.assert_type(sync_params['sessions'], Array)
-            Aspera.assert_type(sync_params['sessions'].first, Hash)
             if sync_params.key?('instance')
               Aspera.assert_type(sync_params['instance'], Hash)
-              instance_builder = CommandLineBuilder.new(sync_params['instance'], PARAMS_VX_INSTANCE)
+              instance_builder = CommandLineBuilder.new(sync_params['instance'], CMDLINE_PARAMS_INSTANCE)
               instance_builder.process_params
               instance_builder.add_env_args(env_args)
             end
@@ -197,23 +206,19 @@ module Aspera
             sync_params['sessions'].each do |session_params|
               Aspera.assert_type(session_params, Hash)
               Aspera.assert(session_params.key?('name')){'session must contain at least name'}
-              session_builder = CommandLineBuilder.new(session_params, PARAMS_VX_SESSION)
+              session_builder = CommandLineBuilder.new(session_params, CMDLINE_PARAMS_SESSION)
               session_builder.process_params
               session_builder.add_env_args(env_args)
             end
+            async_exec = Ascp::Installation.instance.path(:async)
+            Process.wait(Environment.secure_spawn(env: env_args[:env], exec: async_exec, args: env_args[:args]))
+            if $CHILD_STATUS.exitstatus != 0
+              raise "Sync failed with exit: #{$CHILD_STATUS.exitstatus}"
+            end
           else
             raise 'At least one of `local` or `sessions` must be present in async parameters'
           end
-          Log.log.debug{Log.dump(:sync_params, sync_params)}
-          Log.log.debug{"execute: #{env_args[:env].map{|k, v| "#{k}=\"#{v}\""}.join(' ')} \"#{ASYNC_EXECUTABLE}\" \"#{env_args[:args].join('" "')}\""}
-          res = system(env_args[:env], [ASYNC_EXECUTABLE, ASYNC_EXECUTABLE], *env_args[:args])
-          Log.log.debug{"result=#{res}"}
-          case res
-          when true then return nil
-          when false then raise "failed: #{$CHILD_STATUS}"
-          when nil then raise "not started: #{$CHILD_STATUS}"
-          else Aspera.error_unexpected_value(res)
-          end
+          return nil
         end
 
         def parse_status(stdout)
@@ -234,15 +239,15 @@ module Aspera
         end
 
         def admin_status(sync_params, session_name)
-          command_line = [ASYNC_ADMIN_EXECUTABLE, '--quiet']
+          arguments = ['--quiet']
           if sync_params.key?('local')
             Aspera.assert(!sync_params['name'].nil?){'Missing session name'}
             Aspera.assert(session_name.nil? || session_name.eql?(sync_params['name'])){'Session not found'}
-            command_line.push("--name=#{sync_params['name']}")
+            arguments.push("--name=#{sync_params['name']}")
             if sync_params.key?('local_db_dir')
-              command_line.push("--local-db-dir=#{sync_params['local_db_dir']}")
+              arguments.push("--local-db-dir=#{sync_params['local_db_dir']}")
             elsif sync_params.dig('local', 'path')
-              command_line.push("--local-dir=#{sync_params.dig('local', 'path')}")
+              arguments.push("--local-dir=#{sync_params.dig('local', 'path')}")
             else
               raise 'Missing either local_db_dir or local.path'
             end
@@ -250,19 +255,19 @@ module Aspera
             session = session_name.nil? ? sync_params['sessions'].first : sync_params['sessions'].find{|s|s['name'].eql?(session_name)}
             raise "Session #{session_name} not found in #{sync_params['sessions'].map{|s|s['name']}.join(',')}" if session.nil?
             raise 'Missing session name' if session['name'].nil?
-            command_line.push("--name=#{session['name']}")
+            arguments.push("--name=#{session['name']}")
             if session.key?('local_db_dir')
-              command_line.push("--local-db-dir=#{session['local_db_dir']}")
+              arguments.push("--local-db-dir=#{session['local_db_dir']}")
             elsif session.key?('local_dir')
-              command_line.push("--local-dir=#{session['local_dir']}")
+              arguments.push("--local-dir=#{session['local_dir']}")
             else
               raise 'Missing either local_db_dir or local_dir'
             end
           else
             raise 'At least one of `local` or `sessions` must be present in async parameters'
           end
-          Log.log.debug{"execute: #{command_line.join(' ')}"}
-          stdout, stderr, status = Open3.capture3(*command_line)
+          Environment.secure_spawn(env: {}, exec: ASYNC_ADMIN_EXECUTABLE, args: arguments, log_only: true)
+          stdout, stderr, status = Open3.capture3(*[ASYNC_ADMIN_EXECUTABLE].concat(arguments))
           Log.log.debug{"status=#{status}, stderr=#{stderr}"}
           Log.log.trace1{"stdout=#{stdout}"}
           raise "Sync failed: #{status.exitstatus} : #{stderr}" unless status.success?

data/lib/aspera/web_auth.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require 'aspera/web_server_simple'
-require 'stringio'
 
 module Aspera
   # servlet called on callback: it records the callback request

data/lib/aspera/web_server_simple.rb

@@ -4,12 +4,13 @@ require 'webrick'
 require 'webrick/https'
 require 'aspera/log'
 require 'aspera/assert'
+require 'aspera/hash_ext'
 require 'openssl'
 
 module Aspera
   # Simple WEBrick server with HTTPS support
   class WebServerSimple < WEBrick::HTTPServer
-    CERT_PARAMETERS = %i[key cert chain].freeze
+    CERT_PARAMETERS = %i[key cert chain pkcs12].freeze
     GENERIC_ISSUER = '/C=FR/O=Test/OU=Test/CN=Test'
     ONE_YEAR_SECONDS = 365 * 24 * 60 * 60
 
@@ -58,19 +59,29 @@ module Aspera
           Aspera.assert_type(certificate, Hash)
           certificate = certificate.symbolize_keys
           raise "unexpected key in certificate config: only: #{CERT_PARAMETERS.join(', ')}" if certificate.keys.any?{|key|!CERT_PARAMETERS.include?(key)}
-          webrick_options[:SSLPrivateKey] = if certificate.key?(:key)
-            OpenSSL::PKey::RSA.new(File.read(certificate[:key]))
+          if certificate.key?(:pkcs12)
+            Log.log.debug('Using PKCS12 certificate')
+            raise 'pkcs12 requires a password' unless certificate.key?(:key)
+            pkcs12 = OpenSSL::PKCS12.new(File.read(certificate[:pkcs12]), certificate[:key])
+            webrick_options[:SSLCertificate] = pkcs12.certificate
+            webrick_options[:SSLPrivateKey] = pkcs12.key
+            webrick_options[:SSLExtraChainCert] = pkcs12.ca_certs
           else
-            OpenSSL::PKey::RSA.new(4096)
-          end
-          if certificate.key?(:cert)
-            webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.read(certificate[:cert]))
-          else
-            webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new
-            self.class.fill_self_signed_cert(webrick_options[:SSLCertificate], webrick_options[:SSLPrivateKey])
-          end
-          if certificate.key?(:chain)
-            webrick_options[:SSLExtraChainCert] = [OpenSSL::X509::Certificate.new(File.read(certificate[:chain]))]
+            Log.log.debug('Using PEM certificate')
+            webrick_options[:SSLPrivateKey] = if certificate.key?(:key)
+              OpenSSL::PKey::RSA.new(File.read(certificate[:key]))
+            else
+              OpenSSL::PKey::RSA.new(4096)
+            end
+            if certificate.key?(:cert)
+              webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.read(certificate[:cert]))
+            else
+              webrick_options[:SSLCertificate] = OpenSSL::X509::Certificate.new
+              self.class.fill_self_signed_cert(webrick_options[:SSLCertificate], webrick_options[:SSLPrivateKey])
+            end
+            if certificate.key?(:chain)
+              webrick_options[:SSLExtraChainCert] = [OpenSSL::X509::Certificate.new(File.read(certificate[:chain]))]
+            end
           end
         end
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aspera-cli
 version: !ruby/object:Gem::Version
-  version: 4.18.0
+  version: 4.19.0
 platform: ruby
 authors:
 - Laurent Martin
@@ -37,7 +37,7 @@ cert_chain:
   eTf9kxhVM40wGQOECVNA8UsEEZHD48eF+csUYZtAJOF5oxTI8UyV9T/o6CgO0c9/
   Gzz+Qm5ULOUcPiJLjSpaiTrkiIVYiDGnqNSr6R1Hb1c=
   -----END CERTIFICATE-----
-date: 2024-07-10 00:00:00.000000000 Z
+date: 2024-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: blankslate
@@ -390,9 +390,10 @@ files:
 - README.md
 - bin/ascli
 - bin/asession
+- examples/build_exec
+- examples/build_package.sh
 - examples/dascli
 - examples/proxy.pac
-- examples/rubyc
 - lib/aspera/agent/alpha.rb
 - lib/aspera/agent/base.rb
 - lib/aspera/agent/connect.rb
@@ -435,6 +436,7 @@ files:
 - lib/aspera/cli/plugins/preview.rb
 - lib/aspera/cli/plugins/server.rb
 - lib/aspera/cli/plugins/shares.rb
+- lib/aspera/cli/special_values.rb
 - lib/aspera/cli/sync_actions.rb
 - lib/aspera/cli/transfer_agent.rb
 - lib/aspera/cli/transfer_progress.rb
@@ -468,7 +470,6 @@ files:
 - lib/aspera/oauth/jwt.rb
 - lib/aspera/oauth/url_json.rb
 - lib/aspera/oauth/web.rb
-- lib/aspera/open_application.rb
 - lib/aspera/persistency_action_once.rb
 - lib/aspera/persistency_folder.rb
 - lib/aspera/preview/file_types.rb

data/examples/rubyc

@@ -1,24 +0,0 @@
-#!/bin/bash
-# https://github.com/you54f/ruby-packer
-# https://github.com/YOU54F/ruby-packer/releases
-set -e
-FOLDER="$(dirname $0)/../tmp"
-RUBYC="$FOLDER/rubyc"
-if test ! -e "$RUBYC"; then
-    mkdir -p "$FOLDER"
-    case $(uname -sm|tr ' ' -) in
-        Darwin-arm64)
-            curl -L https://github.com/YOU54F/ruby-packer/releases/download/rel-20230812/rubyc-Darwin-arm64.tar.gz | tar -xz -C "$FOLDER"
-            mv "$FOLDER/rubyc-Darwin-arm64" "$RUBYC"
-            ;;
-        Linux-x86_64)
-            curl -L https://github.com/YOU54F/ruby-packer/releases/download/rel-20230812/rubyc-Linux-x86_64.tar.gz | tar -xz -C "$FOLDER"
-            mv "$FOLDER/rubyc-Linux-x86_64" "$RUBYC"
-            ;;
-        *)
-            echo "This architecture is not supported." >&2
-            exit 1
-            ;;
-    esac
-fi
-exec "$RUBYC" "$@"

data/lib/aspera/open_application.rb

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-
-require 'aspera/log'
-require 'aspera/environment'
-require 'rbconfig'
-require 'singleton'
-
-module Aspera
-  # Allows a user to open a Url
-  # if method is "text", then URL is displayed on terminal
-  # if method is "graphical", then the URL will be opened with the default browser.
-  class OpenApplication
-    include Singleton
-    USER_INTERFACES = %i[text graphical].freeze
-    class << self
-      def default_gui_mode
-        # assume not remotely connected on macos and windows
-        return :graphical if [Environment::OS_WINDOWS, Environment::OS_X].include?(Environment.os)
-        # unix family
-        return :graphical if ENV.key?('DISPLAY') && !ENV['DISPLAY'].empty?
-        return :text
-      end
-
-      # command must be non blocking
-      def uri_graphical(uri)
-        case Environment.os
-        when Environment::OS_X       then return system('open', uri.to_s)
-        when Environment::OS_WINDOWS then return system('start', 'explorer', %Q{"#{uri}"})
-        when Environment::OS_LINUX   then return system('xdg-open', uri.to_s)
-        else
-          raise "no graphical open method for #{Environment.os}"
-        end
-      end
-
-      def editor(file_path)
-        if ENV.key?('EDITOR')
-          system(ENV['EDITOR'], file_path.to_s)
-        elsif Environment.os.eql?(Environment::OS_WINDOWS)
-          system('notepad.exe', %Q{"#{file_path}"})
-        else
-          uri_graphical(file_path.to_s)
-        end
-      end
-    end
-
-    attr_accessor :url_method
-
-    def initialize
-      @url_method = self.class.default_gui_mode
-    end
-
-    # this is non blocking
-    def uri(the_url)
-      case @url_method
-      when :graphical
-        self.class.uri_graphical(the_url)
-      when :text
-        case the_url.to_s
-        when /^http/
-          puts "USER ACTION: please enter this url in a browser:\n#{the_url.to_s.red}\n"
-        else
-          puts "USER ACTION: open this:\n#{the_url.to_s.red}\n"
-        end
-      else
-        raise StandardError, "unsupported url open method: #{@url_method}"
-      end
-    end
-  end
-end