autosign 0.1.1 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +12 -0
- data/.rubocop_todo.yml +659 -0
- data/.travis.yml +4 -5
- data/CHANGELOG.md +56 -0
- data/Gemfile.lock +107 -89
- data/LICENSE +201 -0
- data/README.md +37 -0
- data/Rakefile +22 -22
- data/autosign.gemspec +24 -20
- data/bin/autosign +23 -15
- data/bin/autosign-validator +14 -6
- data/lib/autosign.rb +1 -1
- data/lib/autosign/config.rb +71 -56
- data/lib/autosign/decoder.rb +7 -3
- data/lib/autosign/journal.rb +2 -2
- data/lib/autosign/token.rb +7 -7
- data/lib/autosign/validator.rb +34 -197
- data/lib/autosign/{validators → validator}/jwt.rb +41 -42
- data/lib/autosign/{validators → validator}/multiplexer.rb +24 -32
- data/lib/autosign/{validators → validator}/passwordlist.rb +16 -17
- data/lib/autosign/validator/validator_base.rb +168 -0
- data/lib/autosign/version.rb +1 -1
- metadata +78 -74
- data/features/autosign.feature +0 -93
- data/features/step_definitions/autosign_steps.rb +0 -44
- data/features/support/env.rb +0 -17
- data/features/validate.feature +0 -22
- data/fixtures/i-7672fe81.pem +0 -34
- data/spec/spec_helper.rb +0 -102
- data/spec/specs/config_spec.rb +0 -20
- data/spec/specs/decoder_spec.rb +0 -16
- data/spec/specs/journal_spec.rb +0 -41
- data/spec/specs/token_spec.rb +0 -102
- data/spec/specs/validators/jwt_spec.rb +0 -69
- data/spec/specs/validators/passwordlist_spec.rb +0 -51
@@ -1,6 +1,8 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
require 'autosign/validator/validator_base'
|
3
3
|
|
4
|
+
module Autosign
|
5
|
+
module Validator
|
4
6
|
# The multiplexer validator sends the same request received by the autosign
|
5
7
|
# executable to one or more external executables. The purpose is to allow
|
6
8
|
# one or more existing autosign scripts to be used in conjunction with the
|
@@ -25,15 +27,8 @@ module Autosign
|
|
25
27
|
# external_policy_executable = /usr/local/bin/another-autosign-script.rb
|
26
28
|
# # requests will only be validated by the multiplexer validator if they
|
27
29
|
# # are validated by both external policy executables.
|
28
|
-
class Multiplexer < Autosign::Validator
|
29
|
-
|
30
|
-
# set the user-friendly name of the Multiplexer validator.
|
31
|
-
# This name is used to specify that configuration should come from the
|
32
|
-
# [multiplexer] section of the autosign.conf file.
|
33
|
-
# @return [String] name of the validator
|
34
|
-
def name
|
35
|
-
"multiplexer"
|
36
|
-
end
|
30
|
+
class Multiplexer < Autosign::Validator::ValidatorBase
|
31
|
+
NAME = 'multiplexer'
|
37
32
|
|
38
33
|
private
|
39
34
|
|
@@ -42,25 +37,24 @@ module Autosign
|
|
42
37
|
# @param certname [String] certname requested in the CSR
|
43
38
|
# @param raw_csr [String] X509 certificate signing request as received by the policy executable
|
44
39
|
# @return [True, False] returns true to indicate successful validation, and false to indicate failure to validate
|
45
|
-
def perform_validation(
|
40
|
+
def perform_validation(_token, certname, raw_csr)
|
46
41
|
results = []
|
47
|
-
@log.debug
|
48
|
-
policy_executables.each
|
49
|
-
@log.debug "attempting to validate using #{executable
|
50
|
-
results << IO.popen(executable + ' ' + certname.to_s, 'r+') {|obj| obj.puts raw_csr; obj.close_write; obj.read; obj.close;
|
51
|
-
@log.debug "exit code from #{executable
|
52
|
-
|
53
|
-
bool_results = results.map {|val| val == 0}
|
54
|
-
|
42
|
+
@log.debug 'validating using multiplexed external executables'
|
43
|
+
policy_executables.each do |executable|
|
44
|
+
@log.debug "attempting to validate using #{executable}"
|
45
|
+
results << IO.popen(executable + ' ' + certname.to_s, 'r+') { |obj| obj.puts raw_csr; obj.close_write; obj.read; obj.close; $CHILD_STATUS.to_i }
|
46
|
+
@log.debug "exit code from #{executable}: #{results.last}"
|
47
|
+
end
|
48
|
+
bool_results = results.map { |val| val == 0 }
|
49
|
+
validate_using_strategy(bool_results)
|
55
50
|
end
|
56
51
|
|
57
|
-
|
58
52
|
# set the default validation strategy to "any", succeeding if any one
|
59
53
|
# external autosign script succeeds.
|
60
54
|
# @return [Hash] config hash to be merged in with config file settings and overrides.
|
61
55
|
def default_settings
|
62
56
|
{
|
63
|
-
'strategy' => 'any'
|
57
|
+
'strategy' => 'any'
|
64
58
|
}
|
65
59
|
end
|
66
60
|
|
@@ -72,13 +66,13 @@ module Autosign
|
|
72
66
|
case settings['strategy']
|
73
67
|
when 'any'
|
74
68
|
@log.debug "validating using 'any' strategy"
|
75
|
-
|
69
|
+
array.any?
|
76
70
|
when 'all'
|
77
71
|
@log.debug "validating using 'all' strategy"
|
78
|
-
|
72
|
+
array.all?
|
79
73
|
else
|
80
|
-
@log.error
|
81
|
-
|
74
|
+
@log.error 'unable to validate; unknown strategy'
|
75
|
+
false
|
82
76
|
end
|
83
77
|
end
|
84
78
|
|
@@ -86,25 +80,23 @@ module Autosign
|
|
86
80
|
# or an empty array if none are specified.
|
87
81
|
# @return [Array] of policy executables.
|
88
82
|
def policy_executables
|
89
|
-
|
83
|
+
Array(settings['external_policy_executable'])
|
90
84
|
end
|
91
85
|
|
92
|
-
|
93
86
|
# validate that settins are reasonable. Validation strategy must be
|
94
87
|
# either any or all.
|
95
88
|
# @param settings [Hash] config settings hash
|
96
89
|
# @return [True, False] true if settings validate successfully, false otherwise
|
97
90
|
def validate_settings(settings)
|
98
|
-
@log.debug
|
99
|
-
unless [
|
91
|
+
@log.debug 'validating settings: ' + settings.to_s
|
92
|
+
unless %w[any all].include? settings['strategy']
|
100
93
|
@log.error "strategy setting must be set to 'any' or 'all'"
|
101
94
|
return false
|
102
95
|
end
|
103
96
|
|
104
|
-
@log.debug
|
97
|
+
@log.debug 'done validating settings'
|
105
98
|
true
|
106
99
|
end
|
107
|
-
|
108
100
|
end
|
109
101
|
end
|
110
102
|
end
|
@@ -1,5 +1,7 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
require 'autosign/validator/validator_base'
|
1
3
|
module Autosign
|
2
|
-
module
|
4
|
+
module Validator
|
3
5
|
# Validate certificate signing requests using a simple password list.
|
4
6
|
# This is not a very secure or flexible validation scheme, but is provided
|
5
7
|
# because so many existing autosign policy scripts implement it.
|
@@ -11,35 +13,32 @@ module Autosign
|
|
11
13
|
# password = opensesame
|
12
14
|
# password = CPE1704TKS
|
13
15
|
#
|
14
|
-
class Passwordlist < Autosign::Validator
|
15
|
-
|
16
|
-
"password_list"
|
17
|
-
end
|
16
|
+
class Passwordlist < Autosign::Validator::ValidatorBase
|
17
|
+
NAME = 'password_list'
|
18
18
|
|
19
19
|
private
|
20
20
|
|
21
|
-
def perform_validation(password,
|
22
|
-
@log.debug
|
23
|
-
@log.debug
|
21
|
+
def perform_validation(password, _certname, _raw_csr)
|
22
|
+
@log.debug 'validating against simple password list'
|
23
|
+
@log.debug 'passwords: ' + settings.to_s
|
24
24
|
result = validate_password(password.to_s)
|
25
|
-
@log.debug
|
26
|
-
|
25
|
+
@log.debug 'validation result: ' + result.to_s
|
26
|
+
result
|
27
27
|
end
|
28
28
|
|
29
29
|
def validate_password(password)
|
30
|
-
@log.debug
|
30
|
+
@log.debug 'Checking if password list includes password'
|
31
31
|
password_list.include?(password.to_s)
|
32
32
|
end
|
33
33
|
|
34
34
|
def password_list
|
35
|
-
|
35
|
+
Array(settings['password'])
|
36
36
|
end
|
37
37
|
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
38
|
+
def validate_settings(settings)
|
39
|
+
@log.debug 'validating settings: ' + settings.to_s
|
40
|
+
true
|
41
|
+
end
|
43
42
|
end
|
44
43
|
end
|
45
44
|
end
|
@@ -0,0 +1,168 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'logging'
|
4
|
+
|
5
|
+
module Autosign
|
6
|
+
module Validator
|
7
|
+
# Parent class for validation backends. Validator take the
|
8
|
+
# challenge_password and common name from a certificate signing request,
|
9
|
+
# and perform some action to determine whether the request is valid.
|
10
|
+
#
|
11
|
+
# Validator also get the raw X509 CSR in case the extracted information
|
12
|
+
# is insufficient for future, more powerful validators.
|
13
|
+
#
|
14
|
+
# All validators must inherit from this class, and must override several
|
15
|
+
# methods in order to function. At a minimum, the name and perform_validation
|
16
|
+
# methods must be implemented by child classes.
|
17
|
+
#
|
18
|
+
# @return Autosign::Validator::ValidatorBase instance of the Autosign::Validator::ValidatorBase class
|
19
|
+
class ValidatorBase
|
20
|
+
NAME = 'base'
|
21
|
+
attr_reader :config_file_settings
|
22
|
+
|
23
|
+
def initialize(config_file_settings = nil)
|
24
|
+
@config_file_settings = config_file_settings
|
25
|
+
start_logging
|
26
|
+
settings # just run to validate settings
|
27
|
+
setup
|
28
|
+
# call name to ensure that the class fails immediately if child classes
|
29
|
+
# do not implement it.
|
30
|
+
name
|
31
|
+
end
|
32
|
+
|
33
|
+
# @return [String] name of the validator. Do not use special characters.
|
34
|
+
# You must set the NAME constant in the sublcass
|
35
|
+
def name
|
36
|
+
self.class::NAME
|
37
|
+
end
|
38
|
+
|
39
|
+
# define how a validator actually validates the request.
|
40
|
+
# This must be implemented by validators which inherit from the
|
41
|
+
# Autosign::Validator class.
|
42
|
+
#
|
43
|
+
# @param challenge_password [String] the challenge_password OID from the certificate signing request. The challenge_password field is the same setting as the "challengePassword" field in a `csr_attributes.yaml` file when the CSR is generated. In a request using a JSON web token, this would be the serialized token.
|
44
|
+
# @param certname [String] the common name being requested in the certificate signing request. Treat the certname as untrusted. This is user-submitted data that you must validate.
|
45
|
+
# @param raw_csr [String] the encoded X509 certificate signing request, as received by the autosign policy executable. This is provided as an optional extension point, but your validator may not need to use it.
|
46
|
+
# @return [True, False] return true if the certificate should be signed, and false if you cannot validate the request successfully.
|
47
|
+
def perform_validation(_challenge_password, _certname, _raw_csr)
|
48
|
+
# override this after inheriting
|
49
|
+
# should return true to indicate success validating
|
50
|
+
# or false to indicate that the validator was unable to validate
|
51
|
+
raise NotImplementedError
|
52
|
+
end
|
53
|
+
|
54
|
+
# wrapper method that wraps input validation and logging around the perform_validation method.
|
55
|
+
# Do not override or use this class in child classes. This is the class that gets called
|
56
|
+
# on validator objects.
|
57
|
+
def validate(challenge_password, certname, raw_csr)
|
58
|
+
raise unless challenge_password.is_a?(String)
|
59
|
+
raise unless certname.is_a?(String)
|
60
|
+
|
61
|
+
case perform_validation(challenge_password, certname, raw_csr)
|
62
|
+
when true
|
63
|
+
@log.debug 'validated successfully'
|
64
|
+
@log.info "Validated '#{certname}' using '#{name}' validator"
|
65
|
+
true
|
66
|
+
when false
|
67
|
+
@log.debug 'validation failed'
|
68
|
+
@log.debug "Unable to validate '#{certname}' using '#{name}' validator"
|
69
|
+
false
|
70
|
+
else
|
71
|
+
@log.error 'perform_validation returned a non-boolean result'
|
72
|
+
raise 'perform_validation returned a non-boolean result'
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
private
|
77
|
+
|
78
|
+
# this is automatically called when the class is initialized; do not
|
79
|
+
# override it in child classes.
|
80
|
+
def start_logging
|
81
|
+
@log = Logging.logger[self.class]
|
82
|
+
@log.debug 'starting autosign validator: ' + name.to_s
|
83
|
+
end
|
84
|
+
|
85
|
+
# (optionally) override this method in validator child classes to perform any additional
|
86
|
+
# setup during class initialization prior to beginning validation.
|
87
|
+
# If you need to create a database connection, this would be a good place to do it.
|
88
|
+
# @return [True, False] return true if setup succeeded, or false if setup failed and the validation should not continue
|
89
|
+
def setup
|
90
|
+
true
|
91
|
+
end
|
92
|
+
|
93
|
+
# provide a merged settings hash of default settings for a validator,
|
94
|
+
# config file settings for the validator, and override settings defined in
|
95
|
+
# the validator.
|
96
|
+
#
|
97
|
+
# Do not override this in child classes. If you need to set
|
98
|
+
# custom config settings, override the get_override_settings method.
|
99
|
+
# The section of the config file this reads from is the same as the name
|
100
|
+
# method returns.
|
101
|
+
#
|
102
|
+
# @return [Hash] of config settings
|
103
|
+
def settings
|
104
|
+
@settings ||= begin
|
105
|
+
@log.debug "merging settings for #{name} validator"
|
106
|
+
setting_sources = [get_override_settings, load_config, default_settings]
|
107
|
+
merged_settings = setting_sources.inject({}) { |merged, hash| merged.deep_merge(hash, {:overwrite_arrays => true}) }
|
108
|
+
@log.debug 'using merged settings: ' + merged_settings.to_s
|
109
|
+
@log.debug 'validating merged settings'
|
110
|
+
if validate_settings(merged_settings)
|
111
|
+
@log.debug 'successfully validated merged settings'
|
112
|
+
merged_settings
|
113
|
+
else
|
114
|
+
@log.warn 'validation of merged settings failed'
|
115
|
+
@log.warn "unable to validate settings in #{name} validator"
|
116
|
+
raise 'settings validation error'
|
117
|
+
end
|
118
|
+
merged_settings
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
# (optionally) override this from a child class to set config defaults.
|
123
|
+
# These will be overridden by config file settings.
|
124
|
+
#
|
125
|
+
# Override this when inheriting if you need to set config defaults.
|
126
|
+
# For example, if you want to pull settings from zookeeper, this would
|
127
|
+
# be a good place to do that.
|
128
|
+
#
|
129
|
+
# @return [Hash] of config settings
|
130
|
+
def default_settings
|
131
|
+
{}
|
132
|
+
end
|
133
|
+
|
134
|
+
# (optionally) override this to perform validation checks on the merged
|
135
|
+
# config hash of default settings, config file settings, and override
|
136
|
+
# settings.
|
137
|
+
# @return [True, False]
|
138
|
+
def validate_settings(settings)
|
139
|
+
settings.is_a?(Hash)
|
140
|
+
end
|
141
|
+
|
142
|
+
# load any required configuration from the config file.
|
143
|
+
# Do not override this in child classes.
|
144
|
+
# @return [Hash] configuration settings from the validator's section of the config file
|
145
|
+
def load_config
|
146
|
+
@log.debug 'loading validator-specific configuration'
|
147
|
+
config_settings = @config_file_settings ||= Autosign::Config.new.settings
|
148
|
+
if config_settings.to_hash[name].nil?
|
149
|
+
@log.warn 'Unable to load validator-specific configuration'
|
150
|
+
@log.warn "Cannot load configuration section named '#{name}'"
|
151
|
+
{}
|
152
|
+
else
|
153
|
+
@log.debug 'Set validator-specific settings from config file: ' + config_settings.to_hash[name].to_s
|
154
|
+
config_settings.to_hash[name]
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
# (optionally) override this from child classes to get custom configuration
|
159
|
+
# from a validator.
|
160
|
+
#
|
161
|
+
# This is how you override defaults and config file settings.
|
162
|
+
# @return [Hash] configuration settings
|
163
|
+
def get_override_settings
|
164
|
+
{}
|
165
|
+
end
|
166
|
+
end
|
167
|
+
end
|
168
|
+
end
|
data/lib/autosign/version.rb
CHANGED
metadata
CHANGED
@@ -1,171 +1,185 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: autosign
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Dreier
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-06-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: aruba
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
19
|
+
version: '0.6'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
26
|
+
version: '0.6'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
28
|
+
name: coveralls
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: cucumber
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
45
|
- - "~>"
|
32
46
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
47
|
+
version: '2'
|
34
48
|
type: :development
|
35
49
|
prerelease: false
|
36
50
|
version_requirements: !ruby/object:Gem::Requirement
|
37
51
|
requirements:
|
38
52
|
- - "~>"
|
39
53
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
54
|
+
version: '2'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
56
|
+
name: pry
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
44
58
|
requirements:
|
45
59
|
- - "~>"
|
46
60
|
- !ruby/object:Gem::Version
|
47
|
-
version: '0.
|
61
|
+
version: '0.10'
|
48
62
|
type: :development
|
49
63
|
prerelease: false
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
51
65
|
requirements:
|
52
66
|
- - "~>"
|
53
67
|
- !ruby/object:Gem::Version
|
54
|
-
version: '0.
|
68
|
+
version: '0.10'
|
55
69
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
70
|
+
name: puppet
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
58
72
|
requirements:
|
59
73
|
- - "~>"
|
60
74
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
75
|
+
version: '6'
|
62
76
|
type: :development
|
63
77
|
prerelease: false
|
64
78
|
version_requirements: !ruby/object:Gem::Requirement
|
65
79
|
requirements:
|
66
80
|
- - "~>"
|
67
81
|
- !ruby/object:Gem::Version
|
68
|
-
version: '
|
82
|
+
version: '6'
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
|
-
name:
|
84
|
+
name: rake
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
72
86
|
requirements:
|
73
87
|
- - "~>"
|
74
88
|
- !ruby/object:Gem::Version
|
75
|
-
version: '
|
89
|
+
version: '13'
|
76
90
|
type: :development
|
77
91
|
prerelease: false
|
78
92
|
version_requirements: !ruby/object:Gem::Requirement
|
79
93
|
requirements:
|
80
94
|
- - "~>"
|
81
95
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
96
|
+
version: '13'
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
|
-
name:
|
98
|
+
name: rdoc
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
86
100
|
requirements:
|
87
101
|
- - "~>"
|
88
102
|
- !ruby/object:Gem::Version
|
89
|
-
version: '
|
103
|
+
version: '4'
|
90
104
|
type: :development
|
91
105
|
prerelease: false
|
92
106
|
version_requirements: !ruby/object:Gem::Requirement
|
93
107
|
requirements:
|
94
108
|
- - "~>"
|
95
109
|
- !ruby/object:Gem::Version
|
96
|
-
version: '
|
110
|
+
version: '4'
|
97
111
|
- !ruby/object:Gem::Dependency
|
98
|
-
name:
|
112
|
+
name: rspec
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
100
114
|
requirements:
|
101
|
-
- - "
|
115
|
+
- - "~>"
|
102
116
|
- !ruby/object:Gem::Version
|
103
|
-
version: '
|
117
|
+
version: '3'
|
104
118
|
type: :development
|
105
119
|
prerelease: false
|
106
120
|
version_requirements: !ruby/object:Gem::Requirement
|
107
121
|
requirements:
|
108
|
-
- - "
|
122
|
+
- - "~>"
|
109
123
|
- !ruby/object:Gem::Version
|
110
|
-
version: '
|
124
|
+
version: '3'
|
111
125
|
- !ruby/object:Gem::Dependency
|
112
|
-
name:
|
126
|
+
name: rubocop
|
113
127
|
requirement: !ruby/object:Gem::Requirement
|
114
128
|
requirements:
|
115
129
|
- - "~>"
|
116
130
|
- !ruby/object:Gem::Version
|
117
|
-
version:
|
131
|
+
version: 0.83.0
|
118
132
|
type: :development
|
119
133
|
prerelease: false
|
120
134
|
version_requirements: !ruby/object:Gem::Requirement
|
121
135
|
requirements:
|
122
136
|
- - "~>"
|
123
137
|
- !ruby/object:Gem::Version
|
124
|
-
version:
|
138
|
+
version: 0.83.0
|
125
139
|
- !ruby/object:Gem::Dependency
|
126
|
-
name:
|
140
|
+
name: yard
|
127
141
|
requirement: !ruby/object:Gem::Requirement
|
128
142
|
requirements:
|
129
143
|
- - "~>"
|
130
144
|
- !ruby/object:Gem::Version
|
131
|
-
version:
|
132
|
-
type: :
|
145
|
+
version: 0.9.11
|
146
|
+
type: :development
|
133
147
|
prerelease: false
|
134
148
|
version_requirements: !ruby/object:Gem::Requirement
|
135
149
|
requirements:
|
136
150
|
- - "~>"
|
137
151
|
- !ruby/object:Gem::Version
|
138
|
-
version:
|
152
|
+
version: 0.9.11
|
139
153
|
- !ruby/object:Gem::Dependency
|
140
|
-
name:
|
154
|
+
name: bundler
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
142
156
|
requirements:
|
143
157
|
- - "~>"
|
144
158
|
- !ruby/object:Gem::Version
|
145
|
-
version: '
|
146
|
-
type: :
|
159
|
+
version: '2.0'
|
160
|
+
type: :development
|
147
161
|
prerelease: false
|
148
162
|
version_requirements: !ruby/object:Gem::Requirement
|
149
163
|
requirements:
|
150
164
|
- - "~>"
|
151
165
|
- !ruby/object:Gem::Version
|
152
|
-
version: '
|
166
|
+
version: '2.0'
|
153
167
|
- !ruby/object:Gem::Dependency
|
154
|
-
name:
|
168
|
+
name: deep_merge
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|
156
170
|
requirements:
|
157
171
|
- - "~>"
|
158
172
|
- !ruby/object:Gem::Version
|
159
|
-
version: '1'
|
173
|
+
version: '1.2'
|
160
174
|
type: :runtime
|
161
175
|
prerelease: false
|
162
176
|
version_requirements: !ruby/object:Gem::Requirement
|
163
177
|
requirements:
|
164
178
|
- - "~>"
|
165
179
|
- !ruby/object:Gem::Version
|
166
|
-
version: '1'
|
180
|
+
version: '1.2'
|
167
181
|
- !ruby/object:Gem::Dependency
|
168
|
-
name:
|
182
|
+
name: gli
|
169
183
|
requirement: !ruby/object:Gem::Requirement
|
170
184
|
requirements:
|
171
185
|
- - "~>"
|
@@ -179,7 +193,7 @@ dependencies:
|
|
179
193
|
- !ruby/object:Gem::Version
|
180
194
|
version: '2'
|
181
195
|
- !ruby/object:Gem::Dependency
|
182
|
-
name:
|
196
|
+
name: iniparse
|
183
197
|
requirement: !ruby/object:Gem::Requirement
|
184
198
|
requirements:
|
185
199
|
- - "~>"
|
@@ -193,7 +207,7 @@ dependencies:
|
|
193
207
|
- !ruby/object:Gem::Version
|
194
208
|
version: '1'
|
195
209
|
- !ruby/object:Gem::Dependency
|
196
|
-
name:
|
210
|
+
name: jwt
|
197
211
|
requirement: !ruby/object:Gem::Requirement
|
198
212
|
requirements:
|
199
213
|
- - "~>"
|
@@ -207,83 +221,74 @@ dependencies:
|
|
207
221
|
- !ruby/object:Gem::Version
|
208
222
|
version: '1'
|
209
223
|
- !ruby/object:Gem::Dependency
|
210
|
-
name:
|
224
|
+
name: logging
|
211
225
|
requirement: !ruby/object:Gem::Requirement
|
212
226
|
requirements:
|
213
227
|
- - "~>"
|
214
228
|
- !ruby/object:Gem::Version
|
215
|
-
version: '
|
229
|
+
version: '2'
|
216
230
|
type: :runtime
|
217
231
|
prerelease: false
|
218
232
|
version_requirements: !ruby/object:Gem::Requirement
|
219
233
|
requirements:
|
220
234
|
- - "~>"
|
221
235
|
- !ruby/object:Gem::Version
|
222
|
-
version: '
|
236
|
+
version: '2'
|
223
237
|
- !ruby/object:Gem::Dependency
|
224
|
-
name:
|
238
|
+
name: multi_json
|
225
239
|
requirement: !ruby/object:Gem::Requirement
|
226
240
|
requirements:
|
227
|
-
- - "
|
241
|
+
- - ">="
|
228
242
|
- !ruby/object:Gem::Version
|
229
|
-
version: '
|
243
|
+
version: '1'
|
230
244
|
type: :runtime
|
231
245
|
prerelease: false
|
232
246
|
version_requirements: !ruby/object:Gem::Requirement
|
233
247
|
requirements:
|
234
|
-
- - "
|
248
|
+
- - ">="
|
235
249
|
- !ruby/object:Gem::Version
|
236
|
-
version: '
|
250
|
+
version: '1'
|
237
251
|
description:
|
238
252
|
email: ddreier@thinkplango.com
|
239
253
|
executables:
|
240
254
|
- autosign
|
241
255
|
- autosign-validator
|
242
256
|
extensions: []
|
243
|
-
extra_rdoc_files:
|
257
|
+
extra_rdoc_files:
|
258
|
+
- CHANGELOG.md
|
259
|
+
- LICENSE
|
260
|
+
- README.md
|
244
261
|
files:
|
245
262
|
- ".gitignore"
|
246
263
|
- ".rspec"
|
264
|
+
- ".rubocop.yml"
|
265
|
+
- ".rubocop_todo.yml"
|
247
266
|
- ".travis.yml"
|
267
|
+
- CHANGELOG.md
|
248
268
|
- Gemfile
|
249
269
|
- Gemfile.lock
|
270
|
+
- LICENSE
|
250
271
|
- README.md
|
251
272
|
- Rakefile
|
252
273
|
- autosign.gemspec
|
253
274
|
- bin/autosign
|
254
275
|
- bin/autosign-validator
|
255
|
-
- features/autosign.feature
|
256
|
-
- features/step_definitions/autosign_steps.rb
|
257
|
-
- features/support/env.rb
|
258
|
-
- features/validate.feature
|
259
|
-
- fixtures/i-7672fe81.pem
|
260
276
|
- lib/autosign.rb
|
261
277
|
- lib/autosign/config.rb
|
262
278
|
- lib/autosign/decoder.rb
|
263
279
|
- lib/autosign/journal.rb
|
264
280
|
- lib/autosign/token.rb
|
265
281
|
- lib/autosign/validator.rb
|
266
|
-
- lib/autosign/
|
267
|
-
- lib/autosign/
|
268
|
-
- lib/autosign/
|
282
|
+
- lib/autosign/validator/jwt.rb
|
283
|
+
- lib/autosign/validator/multiplexer.rb
|
284
|
+
- lib/autosign/validator/passwordlist.rb
|
285
|
+
- lib/autosign/validator/validator_base.rb
|
269
286
|
- lib/autosign/version.rb
|
270
|
-
- spec/spec_helper.rb
|
271
|
-
- spec/specs/config_spec.rb
|
272
|
-
- spec/specs/decoder_spec.rb
|
273
|
-
- spec/specs/journal_spec.rb
|
274
|
-
- spec/specs/token_spec.rb
|
275
|
-
- spec/specs/validators/jwt_spec.rb
|
276
|
-
- spec/specs/validators/passwordlist_spec.rb
|
277
287
|
homepage: https://github.com/danieldreier/autosign
|
278
288
|
licenses: []
|
279
289
|
metadata: {}
|
280
290
|
post_install_message:
|
281
|
-
rdoc_options:
|
282
|
-
- "--title"
|
283
|
-
- autosign
|
284
|
-
- "--main"
|
285
|
-
- README.rdoc
|
286
|
-
- "-ri"
|
291
|
+
rdoc_options: []
|
287
292
|
require_paths:
|
288
293
|
- lib
|
289
294
|
- lib
|
@@ -298,8 +303,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
298
303
|
- !ruby/object:Gem::Version
|
299
304
|
version: '0'
|
300
305
|
requirements: []
|
301
|
-
|
302
|
-
rubygems_version: 2.2.2
|
306
|
+
rubygems_version: 3.0.8
|
303
307
|
signing_key:
|
304
308
|
specification_version: 4
|
305
309
|
summary: Tooling to make puppet autosigning easy, secure, and extensible
|