bullion 0.1.0 → 0.1.2

data/lib/bullion/challenge_client.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Bullion
+  # Superclass for executing ACMEv2 Challenges
+  class ChallengeClient
+    ChallengeClientMetric = Prometheus::Client::Histogram.new(
+      :challenge_execution_seconds,
+      docstring: 'Challenge execution histogram in seconds',
+      labels: %i[acme_type status]
+    )
+    MetricsRegistry.register(ChallengeClientMetric)
+
+    attr_accessor :challenge
+
+    def initialize(challenge)
+      @challenge = challenge
+    end
+
+    # rubocop:disable Metrics/AbcSize
+    # rubocop:disable Metrics/MethodLength
+    def attempt(retries: 4)
+      tries = 0
+      success = false
+
+      benchtime = Benchmark.realtime do
+        until success || tries >= retries
+          tries += 1
+          success = perform
+          if success
+            LOGGER.info "Validated #{type} #{identifier}"
+            challenge.status = 'valid'
+            challenge.validated = Time.now
+          else
+            sleep rand(2..4)
+          end
+        end
+      end
+
+      unless success
+        LOGGER.info "Failed to validate #{type} #{identifier}"
+        challenge.status = 'invalid'
+      end
+
+      challenge.save
+
+      ChallengeClientMetric.observe(
+        benchtime, labels: { acme_type: type, status: challenge.status }
+      )
+
+      success
+    end
+    # rubocop:enable Metrics/AbcSize
+    # rubocop:enable Metrics/MethodLength
+
+    def identifier
+      challenge.authorization.identifier['value']
+    end
+  end
+end

data/lib/bullion/challenge_clients/dns.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Bullion
+  module ChallengeClients
+    # ACME DNS01 Challenge Client
+    # @see https://tools.ietf.org/html/rfc8555#section-8.4
+    class DNS < ChallengeClient
+      def type
+        'DNS01'
+      end
+
+      def perform
+        value = dns_value
+
+        digester = OpenSSL::Digest.new('SHA256')
+        digest   = digester.digest "#{challenge.token}.#{challenge.thumbprint}"
+        # clean up the digest output so it can match the provided challenge value
+        expected_value = Base64.urlsafe_encode64(digest).sub(/[\s=]*\z/, '')
+
+        value == expected_value
+      end
+
+      def dns_value
+        name = "_acme-challenge.#{identifier}"
+
+        # Randomly select a nameserver to pull the TXT record
+        nameserver = NAMESERVERS.sample
+
+        begin
+          records = Resolv::DNS.open(nameserver: nameserver) do |dns|
+            dns.getresources(
+              name,
+              Resolv::DNS::Resource::IN::TXT
+            )
+          end
+          record = records.map(&:strings).flatten.first
+          LOGGER.debug "Resolved #{name} to value #{record}"
+          record
+        rescue Resolv::ResolvError
+          LOGGER.info "Resolution error for #{name} via #{nameserver}"
+          false
+        rescue StandardError => e
+          LOGGER.warn "Error '#{e.message}' for #{name} with #{nameserver}"
+          false
+        end
+      end
+    end
+  end
+end

data/lib/bullion/challenge_clients/http.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Bullion
+  module ChallengeClients
+    # ACME HTTP01 Challenge Client
+    # @see https://tools.ietf.org/html/rfc8555#section-8.3
+    class HTTP < ChallengeClient
+      def type
+        'HTTP01'
+      end
+
+      def perform
+        response = begin
+          HTTParty.get(
+            challenge_url,
+            verify: false,
+            headers: { 'User-Agent' => "Bullion/#{Bullion::VERSION}" }
+          ).body
+        rescue SocketError
+          LOGGER.debug "Failed to connect to #{challenge_url}"
+          ''
+        end
+
+        token, thumbprint = response.split('.')
+        token == challenge.token && thumbprint == challenge.thumbprint
+      end
+
+      def challenge_url
+        "http://#{identifier}/.well-known/acme-challenge/#{challenge.token}"
+      end
+    end
+  end
+end

data/lib/bullion/helpers/acme.rb

@@ -0,0 +1,202 @@
+# frozen_string_literal: true
+
+module Bullion
+  module Helpers
+    # ACME-specific helper functions
+    module Acme
+      # Parses and verifies the incoming ACME JWT for authentication
+      # @see https://tools.ietf.org/html/rfc8555#section-6.2
+      # rubocop:disable Metrics/AbcSize
+      # rubocop:disable Metrics/MethodLength
+      # rubocop:disable Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/CyclomaticComplexity
+      def parse_acme_jwt(key = nil, validate_nonce: true)
+        @header_data = extract_header_data
+        @payload_data = extract_payload_data
+        signature = @json_body[:signature]
+
+        # check nonce
+        if validate_nonce
+          nonce = Models::Nonce.where(token: @header_data['nonce']).first
+          raise Bullion::Acme::Errors::BadNonce unless nonce
+
+          nonce.destroy
+        end
+
+        jwt_data = [
+          @json_body[:protected],
+          @json_body[:payload],
+          @json_body[:signature]
+        ].join('.')
+
+        # Either use the provided key or find the current user's public key
+        public_key = key || user_public_key
+
+        # Convert the key to an OpenSSL-compatible key
+        compat_public_key = openssl_compat(public_key)
+
+        # Validate the payload was signed with the private key for the public key
+        if @payload_data && @payload_data != ''
+          JWT.decode(jwt_data, compat_public_key, @header_data['alg'])
+        else
+          digest = digest_from_alg(@header_data['alg'])
+
+          sig = if @header_data['alg'].downcase.start_with?('es')
+                  ecdsa_sig_to_der(signature)
+                elsif @header_data['alg'].downcase.start_with?('rs')
+                  Base64.urlsafe_decode64(signature)
+                end
+
+          validated = compat_public_key.verify(
+            digest,
+            sig,
+            "#{@json_body[:protected]}."
+          )
+          raise Bullion::Acme::Errors::Malformed unless validated
+        end
+      end
+      # rubocop:enable Metrics/AbcSize
+      # rubocop:enable Metrics/MethodLength
+      # rubocop:enable Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/CyclomaticComplexity
+
+      def extract_header_data
+        JSON.parse(Base64.decode64(@json_body[:protected]))
+      end
+
+      def extract_payload_data
+        if @json_body[:payload] && @json_body[:payload] != ''
+          JSON.parse(Base64.decode64(@json_body[:payload]))
+        else
+          @json_body[:payload]
+        end
+      end
+
+      def user_public_key
+        @user = if @header_data['kid']
+                  user_id = @header_data['kid'].split('/').last
+                  return unless user_id
+
+                  Models::Account.find(user_id)
+                else
+                  Models::Account.where(public_key: @header_data['jwk']).last
+                end
+
+        @user.public_key
+      end
+
+      def extract_csr_attrs(csr)
+        csr.attributes.select { |a| a.oid == 'extReq' }.map { |a| a.value.map(&:value) }
+      end
+
+      def extract_csr_sans(csr_attrs)
+        csr_attrs.flatten.select { |a| a.value.first.value == 'subjectAltName' }
+      end
+
+      def extract_csr_domains(csr_sans)
+        csr_decoded_sans = OpenSSL::ASN1.decode(csr_sans.first.value[1].value)
+        csr_decoded_sans.select { |v| v.tag == 2 }.map(&:value)
+      end
+
+      # Validation helpers
+
+      def validate_account_data(hash)
+        unless [true, false, nil].include?(hash['onlyReturnExisting'])
+          raise Bullion::Acme::Errors::Malformed,
+                "Invalid onlyReturnExisting: #{hash['onlyReturnExisting']}"
+        end
+
+        unless hash['contact'].is_a?(Array)
+          raise Bullion::Acme::Errors::InvalidContact,
+                "Invalid contacts format: #{hash['contact'].class}, #{hash}"
+        end
+
+        unless hash['contact'].size.positive?
+          raise Bullion::Acme::Errors::InvalidContact,
+                'Empty contacts list'
+        end
+
+        # Contacts must be a valid email
+        # TODO: find a better email verification approach
+        unless hash['contact'].reject { |c| c.match?(/^mailto:[a-zA-Z0-9@.+-]{3,}/) }.empty?
+          raise Bullion::Acme::Errors::UnsupportedContact
+        end
+
+        true
+      end
+
+      def validate_acme_csr(order, csr)
+        csr_attrs = extract_csr_attrs(csr)
+        csr_sans = extract_csr_sans(csr_attrs)
+        csr_domains = extract_csr_domains(csr_sans)
+        csr_cn = cn_from_csr(csr)
+
+        order_domains = order.identifiers.map { |i| i['value'] }
+
+        return false unless order.status == 'ready'
+        raise Bullion::Acme::Errors::BadCSR unless csr_domains.include?(csr_cn)
+        raise Bullion::Acme::Errors::BadCSR unless csr_domains.sort == order_domains.sort
+
+        true
+      end
+
+      def validate_order(hash)
+        validate_order_nb_and_na(hash['notBefore'], hash['notAfter'])
+
+        # Don't approve empty orders
+        raise Bullion::Acme::Errors::InvalidOrder, 'Empty order!' if hash['identifiers'].empty?
+
+        order_domains = hash['identifiers'].select { |ident| ident['type'] == 'dns' }
+
+        # Don't approve an order with identifiers that _aren't_ of type 'dns'
+        unless hash['identifiers'] == order_domains
+          raise Bullion::Acme::Errors::InvalidOrder, 'Only type "dns" allowed'
+        end
+
+        # Extract domains that end with something in our allowed domains list
+        valid_domains = order_domains.reject do |domain|
+          endings = CA_DOMAINS.select { |d| domain['value'].end_with?(d) }
+          endings.empty?
+        end
+
+        # Only allow CA_DOMAINS domains...
+        unless order_domains == valid_domains
+          raise(
+            Bullion::Acme::Errors::InvalidOrder,
+            "Domains #{order_domains - valid_domains} not allowed"
+          )
+        end
+
+        true
+      end
+
+      # rubocop:disable Metrics/AbcSize
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
+      def validate_order_nb_and_na(not_before, not_after)
+        raise Bullion::Acme::Errors::Malformed if not_before && !not_before.is_a?(String)
+        raise Bullion::Acme::Errors::Malformed if not_after && !not_after.is_a?(String)
+
+        return unless not_before && not_after
+
+        nb = Time.parse(not_before)
+        na = Time.parse(not_after)
+
+        # don't allow nonsense certs
+        raise Bullion::Acme::Errors::InvalidOrder unless nb < na
+        # don't allow far-future certs
+        if nb > Time.now + (7 * 86_400) || na > Time.now + CERT_VALIDITY_DURATION
+          raise Bullion::Acme::Errors::InvalidOrder
+        end
+
+        # don't allow really "old" certs
+        raise Bullion::Acme::Errors::InvalidOrder if nb < Time.now - (14 * 86_400)
+        # don't allow creating certs that are already expired
+        raise Bullion::Acme::Errors::InvalidOrder if na <= Time.now
+      end
+      # rubocop:enable Metrics/AbcSize
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
+    end
+  end
+end

data/lib/bullion/helpers/service.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Bullion
+  module Helpers
+    # Sinatra service helper methods
+    module Service
+      def add_acme_headers(nonce, additional: {})
+        headers['Replay-Nonce'] = nonce
+        headers['Link'] = "<#{uri('/directory')}>;rel=\"index\""
+
+        additional.each do |name, value|
+          headers[name.to_s] = value.to_s
+        end
+      end
+    end
+  end
+end

data/lib/bullion/helpers/ssl.rb

@@ -0,0 +1,214 @@
+# frozen_string_literal: true
+
+module Bullion
+  module Helpers
+    # SSL-related helper methods
+    module Ssl
+      # Converts the incoming key data to an OpenSSL public key usable to verify JWT signatures
+      def openssl_compat(key_data)
+        case key_data['kty']
+        when 'RSA'
+          key_data_to_rsa(key_data)
+        when 'EC'
+          key_data_to_ecdsa(key_data)
+        end
+      end
+
+      def openssl_compat_csr(csrdata)
+        "-----BEGIN CERTIFICATE REQUEST-----\n" \
+        "#{csrdata}-----END CERTIFICATE REQUEST-----"
+      end
+
+      # @see https://tools.ietf.org/html/rfc7518#page-30
+      def key_data_to_rsa(key_data)
+        key = OpenSSL::PKey::RSA.new
+        exponent = key_data['e']
+        modulus = key_data['n']
+
+        key.set_key(
+          base64_to_long(modulus),
+          base64_to_long(exponent),
+          nil
+        )
+        key
+      end
+
+      def key_data_to_ecdsa(key_data)
+        crv_mapping = {
+          'P-256' => 'prime256v1',
+          'P-384' => 'secp384r1',
+          'P-521' => 'secp521r1'
+        }
+
+        key = OpenSSL::PKey::EC.new(crv_mapping[key_data['crv']])
+        x = base64_to_octet(key_data['x'])
+        y = base64_to_octet(key_data['y'])
+
+        key_bn = OpenSSL::BN.new("\x04#{x}#{y}", 2)
+        key.public_key = OpenSSL::PKey::EC::Point.new(key.group, key_bn)
+        key
+      end
+
+      def base64_to_long(data)
+        Base64.urlsafe_decode64(data).to_s.unpack('C*').map do |byte|
+          to_hex(byte)
+        end.join.to_i(16)
+      end
+
+      def base64_to_octet(data)
+        Base64.urlsafe_decode64(data)
+      end
+
+      def digest_from_alg(alg)
+        if alg.end_with?('256')
+          OpenSSL::Digest.new('SHA256')
+        elsif alg.end_with?('384')
+          OpenSSL::Digest.new('SHA384')
+        else
+          OpenSSL::Digest.new('SHA512')
+        end
+      end
+
+      # This is for ECDSA keys.
+      # @see https://bit.ly/3b7yZFd
+      def ecdsa_sig_to_der(incoming)
+        # Base64 decode the signature
+        joined_ints = Base64.urlsafe_decode64(incoming)
+        # Break it apart into the two 32-byte words
+        r = joined_ints[0..31]
+        s = joined_ints[32..]
+        # Unpack each word to a hex string
+        hexnums = [r, s].map { |n| n.unpack1('H*') }
+        # Convert each to an Integer
+        ints = hexnums.map { |bn| bn.to_i(16) }
+        # Convert each Integer to a BigNumber
+        bns = ints.map { |int| OpenSSL::BN.new(int) }
+        # Wrap each BigNum in a ASN1 encoding
+        asn1_wrapped = bns.map { |bn| OpenSSL::ASN1::Integer.new(bn) }
+        # Create an ASN1 sequence from the ASN1-wrapped Integers
+        seq = OpenSSL::ASN1::Sequence.new(asn1_wrapped)
+        # Return the DER-encoded sequence for verification
+        seq.to_der
+      end
+
+      def to_hex(int)
+        int < 16 ? "0#{int.to_s(16)}" : int.to_s(16)
+      end
+
+      def simple_subject(common_name)
+        OpenSSL::X509::Name.new([['CN', common_name, OpenSSL::ASN1::UTF8STRING]])
+      end
+
+      def manage_csr_extensions(csr, new_cert)
+        # Build extensions
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = new_cert
+        ef.issuer_certificate = Bullion.ca_cert
+        new_cert.add_extension(
+          ef.create_extension('basicConstraints', 'CA:FALSE', true)
+        )
+        new_cert.add_extension(
+          ef.create_extension('keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature', true)
+        )
+        new_cert.add_extension(
+          ef.create_extension('subjectKeyIdentifier', 'hash')
+        )
+        new_cert.add_extension(
+          ef.create_extension('extendedKeyUsage', 'serverAuth')
+        )
+
+        # Alternate Names
+        cn = cn_from_csr(csr)
+        existing_sans = filter_sans(csr_sans(csr))
+        valid_alts = (["DNS:#{cn}"] + [*existing_sans]).uniq
+
+        new_cert.add_extension(ef.create_extension('subjectAltName', valid_alts.join(',')))
+
+        # return the updated cert and any subject alternate names added
+        [new_cert, valid_alts]
+      end
+
+      def csr_sans(csr)
+        raw_attributes = csr.attributes
+        return [] unless raw_attributes
+
+        seq = extract_csr_seq(raw_attributes)
+        return [] unless seq
+
+        values = extract_san_values(seq)
+        return [] unless values
+
+        values = OpenSSL::ASN1.decode(values).value
+
+        values.select { |v| v.tag == 2 }.map { |v| "DNS:#{v.value}" }
+      end
+
+      def extract_csr_attrs(attrs)
+        attrs.select { |a| a.oid == 'extReq' }.map(&:value).first
+      end
+
+      def extract_san_values(sequence)
+        seqvalues = nil
+        sequence.value.each do |v|
+          v.each do |innerv|
+            if innerv.value[0].value == 'subjectAltName'
+              seqvalues = innerv.value[1].value
+              break
+            end
+            break if seqvalues
+          end
+        end
+        seqvalues
+      end
+
+      def filter_sans(potential_sans)
+        # Select only those that are part of the appropriate domain
+        potential_sans.select { |alt| alt.match(/#{CA_DOMAIN}$/) }
+      end
+
+      def cn_from_csr(csr)
+        if csr.subject.to_s
+          cns = csr.subject.to_s.split('/').select { |name| name =~ /^CN=/ }
+
+          return cns.first.split('=').last if cns && !cns.empty?
+        end
+
+        csr_sans(csr).first.split(':').last
+      end
+
+      # Signs an ACME CSR
+      # rubocop:disable Metrics/AbcSize
+      def sign_csr(csr, username)
+        cert = Models::Certificate.from_csr(csr)
+        # Create a OpenSSL cert using select info from the CSR
+        csr_cert = OpenSSL::X509::Certificate.new
+        csr_cert.serial = cert.serial
+        csr_cert.version = 2
+        csr_cert.not_before = Time.now
+        # only 90 days for ACMEv2
+        csr_cert.not_after = csr_cert.not_before + (3 * 30 * 24 * 60 * 60)
+
+        # Force a subject if the cert doesn't have one
+        cert.subject = simple_subject(cn_from_csr(csr)) unless cert.subject
+
+        csr_cert.subject = cert.subject.to_s
+
+        csr_cert.public_key = csr.public_key
+        csr_cert.issuer = Bullion.ca_cert.issuer
+
+        csr_cert, sans = manage_csr_extensions(csr, csr_cert)
+
+        csr_cert.sign(Bullion.ca_key, OpenSSL::Digest.new('SHA256'))
+
+        cert.data = csr_cert.to_pem
+        cert.alternate_names = sans unless sans.empty?
+        cert.requester = username
+        cert.validated = true
+        cert.save
+
+        [csr_cert, cert.id]
+      end
+      # rubocop:enable Metrics/AbcSize
+    end
+  end
+end