autosign 0.0.1

data/lib/autosign/validator.rb

@@ -0,0 +1,133 @@
+require 'logging'
+require 'require_all'
+
+module Autosign
+  class Validator
+    def initialize()
+      @log = Logging.logger[self.name]
+      settings() # just run to validate settings
+      setup()
+    end
+
+    def name
+      # override this after inheriting
+      # should return a string with no spaces
+      # this is the name used to reference the validator in config files
+      raise NotImplementedError
+    end
+
+    def validate(challenge_password, certname)
+      @log.debug "running validate"
+      fail unless challenge_password.is_a?(String)
+      fail unless certname.is_a?(String)
+
+      case perform_validation(challenge_password, certname)
+      when true
+        @log.debug "validated successfully"
+        @log.info  "Validated '#{certname}' using '#{name}' validator"
+        return true
+      when false
+        @log.debug "validation failed"
+        @log.debug "Unable to validate '#{certname}' using '#{name}' validator"
+        return false
+      else
+        @log.error "perform_validation returned a non-boolean result"
+        raise "perform_validation returned a non-boolean result"
+      end
+    end
+
+    def self.any_validator(challenge_password, certname)
+      @log = Logging.logger[self.name]
+      # iterate over all known validators and attempt to validate using them
+      results = self.descendants.map {|c|
+        validator = c.new()
+        @log.debug "attempting to validate using #{validator.name}"
+        result = validator.validate(challenge_password, certname)
+        @log.debug "result: #{result.to_s}"
+        result
+      }
+      @log.debug "validator results: " + results.to_s
+      success = results.inject(true) { |sum, n| n and sum }
+      if success
+        @log.info "successfully validated using one or more validators"
+        return true
+      else
+        @log.info "unable to validate using any validator"
+        return false
+      end
+    end
+
+    private
+    def perform_validation(challenge_password, certname)
+      # override this after inheriting
+      # should return true to indicate success validating
+      # or false to indicate that the validator was unable to validate
+      raise NotImplementedError
+    end
+
+    # perform any steps you want to take during initialization
+    def setup
+      true
+    end
+
+    def self.descendants
+      ObjectSpace.each_object(Class).select { |klass| klass < self }
+    end
+
+    def settings
+      @log.debug "merging settings"
+      setting_sources = [default_settings, load_config, get_override_settings]
+      merged_settings = setting_sources.inject({}) { |merged, hash| merged.deep_merge(hash) }
+      @log.debug "using merged settings: " + merged_settings.to_s
+      @log.debug "validating merged settings"
+      if validate_settings(merged_settings)
+        @log.debug "successfully validated merged settings"
+        return merged_settings
+      else
+        @log.warn "validation of merged settings failed"
+        @log.warn "unable to validate settings in #{self.name} validator"
+        raise "settings validation error"
+      end
+    end
+
+    # this hash will be merged with the configuration section's hash
+    # override this when inheriting if you need to set config defaults
+    def default_settings
+      {}
+    end
+
+
+    # override this to perform validation checks on the merged config hash
+    # of default settings, config file settings, and override settings.
+    # return either true or false
+    def validate_settings(settings)
+      settings.is_a?(Hash)
+    end
+
+    # load any required configuration
+    def load_config
+      @log.debug "loading validator-specific configuration"
+      config = Autosign::Config.new
+
+      if config.settings.to_hash[self.name].nil?
+        @log.warning "Unable to load validator-specific configuration"
+        @log.warning "Cannot load configuration section named '#{self.name}'"
+        return {}
+      else
+        @log.debug "Set validator-specific settings from config file: " + config.settings.to_hash[self.name].to_s
+        return config.settings.to_hash[self.name]
+      end
+    end
+
+    # this hook gets run to get settings from the CLI etc
+    # this is how you override defaults and config file settings
+    def get_override_settings
+      {}
+    end
+
+  end
+end
+
+# must run at the end because the validators inherit this class
+# this loads all validators
+require_rel 'validators'

data/lib/autosign/validators/jwt.rb

@@ -0,0 +1,63 @@
+module Autosign
+  module Validators
+    class JWT < Autosign::Validator
+      def name
+        "jwt_token"
+      end
+
+      private
+
+      def perform_validation(token, certname)
+        puts "attempting to validate JWT token"
+        return false unless Autosign::Token.validate(certname, token, settings['secret'])
+        puts "validated JWT token"
+        @log.debug "validated JWT token, checking reusability"
+
+        return true if is_reusable?(token)
+        return true if add_to_journal(token)
+        return false
+      end
+
+      def is_reusable?(token)
+        Autosign::Token.from_token(token, settings['secret']).reusable
+      end
+
+      def add_to_journal(token)
+        validated_token = Autosign::Token.from_token(token, settings['secret'])
+        journal = Autosign::Journal.new({'journalfile' => settings['journalfile']})
+        token_expiration = Autosign::Token.token_validto(token, settings['secret'])
+
+        # adding will return false if the token is already in the journal
+        if journal.add(validated_token.uuid, token_expiration, validated_token.to_hash)
+          @log.info "added token with UUID '#{validated_token.uuid}' to journal"
+          return true
+        else
+          @log.warn "journal cannot validate one-time token; may already have been used"
+          return false
+        end
+      end
+
+      def default_settings
+        {
+          'journalfile' => '/var/autosign/autosign.journal'
+        }
+      end
+
+      def get_override_settings
+        {}
+      end
+
+    def validate_settings(settings)
+      @log.debug "validating settings: " + settings.to_s
+      if settings['secret'].is_a?(String)
+        @log.info "validated settings successfully"
+        return true
+      else
+        @log.error "no secret setting found"
+        return false
+      end
+    end
+
+    end
+  end
+end

data/lib/autosign/version.rb

@@ -0,0 +1,3 @@
+module Autosign
+  VERSION = '0.0.1'
+end

metadata

@@ -0,0 +1,213 @@
+--- !ruby/object:Gem::Specification
+name: autosign
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Your Name Here
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-07-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: puppet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: gli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: iniparse
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: logging
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: deep_merge
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: require_all
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email: your@email.address.com
+executables:
+- autosign
+extensions: []
+extra_rdoc_files:
+- README.rdoc
+- autosign.rdoc
+files:
+- Gemfile
+- Gemfile.lock
+- README.rdoc
+- Rakefile
+- autosign.gemspec
+- autosign.rdoc
+- bin/autosign
+- bin/autosign-validator
+- features/autosign.feature
+- features/step_definitions/autosign_steps.rb
+- features/support/env.rb
+- features/validate.feature
+- fixtures/i-7672fe81.pem
+- lib/autosign.rb
+- lib/autosign/config.rb
+- lib/autosign/decoder.rb
+- lib/autosign/journal.rb
+- lib/autosign/logger.rb
+- lib/autosign/token.rb
+- lib/autosign/validator.rb
+- lib/autosign/validators/jwt.rb
+- lib/autosign/version.rb
+homepage: http://your.website.com
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options:
+- "--title"
+- autosign
+- "--main"
+- README.rdoc
+- "-ri"
+require_paths:
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: A description of your project
+test_files: []