capbac 0.2.0 → 0.4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Cargo.toml +4 -3
  3. data/lib/capbac/version.rb +1 -1
  4. data/lib/capbac_ruby.so +0 -0
  5. data/src/lib.rs +284 -222
  6. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 88589fad2be4f62d09eea046bd902057b259be959578d08c67e35a5d1b9877a0
4
- data.tar.gz: e7e7be8ba72bb20186cbfe2babfa742451aa514100e04e3097acb7b2dac3b2f6
3
+ metadata.gz: 6b7076bd32f529211ece0a6a16efe8c1fc37ad412241f1c10392cd1bdd722f4c
4
+ data.tar.gz: 9d1d9bde2412d98785d964e774a91378d00fa70a662d6e66775c2813f34f0170
5
5
  SHA512:
6
- metadata.gz: e05d719e53998961edb131743604d86a1dc2b8e9e7671258cc54ee8e6ddaf0bf958215ab51d8370198abc6ae7e00ac57fd7df387269db844b328bab90bb121e0
7
- data.tar.gz: 3a6356425474be7a70af3be13e65dcdc05a644f3cf2e0734ae4f2758208f484424b2976271de58ff7facb010c0eb6143a1288eb9717812aded00b3eefb763560
6
+ metadata.gz: 227eb36d3513826e5dd9f5771958dd9b833903cb8181cb7e6d15889e0932ad21f8ea5303fc49e33b2bf5aa255237c1ae99214de09ed37a2dab947268021ddd20
7
+ data.tar.gz: 7c6de742856e11d91071e602538a28cd217490bcfa469ad5f09c677f9d5e9abb4964cc7243fe3b863f2988e9fab74248928612a5dbfc40a3ee77305cc8e184ac
data/Cargo.toml CHANGED
@@ -8,9 +8,10 @@ edition = "2018"
8
8
  crate-type = ["cdylib"]
9
9
 
10
10
  [dependencies]
11
- rutie = "0.6.1"
11
+ rutie = "0.8.0"
12
12
  url = "2.1"
13
13
  openssl = "0.10"
14
+ ring = "0.16.15"
14
15
  lazy_static = "1"
15
- protobuf = "~2"
16
- capbac = "0.2.0"
16
+ protobuf = "2.16.2"
17
+ capbac = "0.2.1"
data/lib/capbac/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CapBAC
2
- VERSION = '0.2.0'.freeze
2
+ VERSION = '0.4.2'.freeze
3
3
  end
data/lib/capbac_ruby.so ADDED
Binary file
data/src/lib.rs CHANGED
@@ -1,20 +1,72 @@
1
- #[macro_use] extern crate rutie;
2
- #[macro_use] extern crate lazy_static;
1
+ #[macro_use]
2
+ extern crate rutie;
3
+ #[macro_use]
4
+ extern crate lazy_static;
3
5
 
4
- use rutie::{Module, Class, RString, Object, AnyObject, Array,
5
- Fixnum, Hash, Symbol, VM, Boolean, GC, VerifiedObject};
6
6
  use capbac::{CertificateBlueprint, InvokeBlueprint};
7
+ use openssl::{
8
+ ec::EcKey,
9
+ pkey::{PKey, Public},
10
+ };
11
+ use protobuf::Message;
12
+ use ring::{
13
+ rand,
14
+ signature::{self, EcdsaKeyPair, KeyPair},
15
+ };
16
+ use rutie::{
17
+ AnyObject, Boolean, Class, Encoding, Fixnum, Hash, Module, Object, RString, Symbol,
18
+ VerifiedObject, GC, VM, Array,
19
+ };
20
+ use std::{fmt, str};
7
21
  use url::Url;
8
- use openssl::pkey::{PKey, Public};
9
- use openssl::ec::EcKey;
10
- use protobuf::{Message};
11
- use std::fmt;
22
+
23
+ class!(ASCIIRString);
24
+
25
+ impl VerifiedObject for ASCIIRString {
26
+ fn is_correct_type<T: Object>(object: &T) -> bool {
27
+ object
28
+ .class()
29
+ .ancestors()
30
+ .iter()
31
+ .any(|class| *class == Class::from_existing("String"))
32
+ }
33
+
34
+ fn error_message() -> &'static str {
35
+ "Error converting to ASCII String"
36
+ }
37
+ }
38
+
39
+ impl From<ASCIIRString> for Vec<u8> {
40
+ fn from(rstring: ASCIIRString) -> Self {
41
+ let bytes = rstring
42
+ .protect_send("bytes", &[])
43
+ .map_err(VM::raise_ex)
44
+ .unwrap()
45
+ .try_convert_to::<Array>()
46
+ .map_err(VM::raise_ex)
47
+ .unwrap();
48
+
49
+ let mut res = Vec::new();
50
+
51
+ for n in bytes.into_iter() {
52
+ let n = n.try_convert_to::<Fixnum>()
53
+ .map_err(|e| VM::raise_ex(e))
54
+ .unwrap();
55
+
56
+ res.push(n.to_i64() as u8);
57
+ }
58
+ res
59
+ }
60
+ }
12
61
 
13
62
  class!(URI);
14
63
 
15
64
  impl VerifiedObject for URI {
16
65
  fn is_correct_type<T: Object>(object: &T) -> bool {
17
- object.class().ancestors().iter()
66
+ object
67
+ .class()
68
+ .ancestors()
69
+ .iter()
18
70
  .any(|class| *class == Class::from_existing("URI"))
19
71
  }
20
72
 
@@ -25,108 +77,98 @@ impl VerifiedObject for URI {
25
77
 
26
78
  impl fmt::Display for URI {
27
79
  fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
28
- let s = self.send("to_s", &vec![]).try_convert_to::<RString>().unwrap().to_string();
80
+ let s = self
81
+ .protect_send("to_s", &[])
82
+ .map_err(VM::raise_ex)
83
+ .unwrap()
84
+ .try_convert_to::<RString>()
85
+ .map_err(VM::raise_ex)
86
+ .unwrap()
87
+ .to_string();
29
88
  write!(f, "{}", s)
30
89
  }
31
90
  }
32
91
 
33
92
  impl From<&Url> for URI {
34
93
  fn from(url: &Url) -> Self {
35
- Class::from_existing("URI").send("parse", &vec![RString::new_utf8(&url.clone().to_string()).to_any_object()]).try_convert_to::<URI>().unwrap()
94
+ let args = [RString::new_utf8(&url.clone().to_string()).to_any_object()];
95
+ Class::from_existing("URI")
96
+ .protect_send("parse", &args)
97
+ .map_err(VM::raise_ex)
98
+ .unwrap()
99
+ .try_convert_to::<URI>()
100
+ .map_err(VM::raise_ex)
101
+ .unwrap()
36
102
  }
37
103
  }
38
104
 
39
105
  impl From<URI> for Url {
40
106
  fn from(uri: URI) -> Self {
41
- Url::parse(&uri.to_string()).unwrap()
107
+ Url::parse(&uri.to_string())
108
+ .map_err(|_e| {
109
+ VM::raise(
110
+ Class::from_existing("URI").get_nested_class("InvalidURIError"),
111
+ &format!("bad URI(is not URI?): {}", uri.to_string()),
112
+ )
113
+ })
114
+ .unwrap()
42
115
  }
43
116
  }
44
117
 
118
+ // TODO CertificateBlueprint -> Result<CertificateBlueprint, Error>
45
119
  fn options_to_cert_blueprint(options: Hash) -> CertificateBlueprint {
46
120
  let subject = options
47
121
  .at(&Symbol::new("subject"))
48
- .try_convert_to::<URI>();
49
-
50
- if let Err(ref _error) = subject {
51
- VM::raise(Class::from_existing("ArgumentError"), "Subject must be an instance of URI");
52
- }
122
+ .try_convert_to::<URI>()
123
+ .map_err(VM::raise_ex)
124
+ .unwrap();
53
125
 
54
- let subject = Url::from(subject.unwrap());
126
+ let subject = Url::from(subject);
55
127
 
56
128
  let capability = options
57
129
  .at(&Symbol::new("capability"))
58
- .try_convert_to::<RString>();
59
-
60
- if let Err(ref _error) = capability {
61
- VM::raise(Class::from_existing("ArgumentError"), "Capability must be a string");
62
- }
63
-
64
- let capability = capability
65
- .unwrap().to_string()
130
+ .try_convert_to::<RString>()
131
+ .map_err(VM::raise_ex)
132
+ .unwrap()
133
+ .to_string()
66
134
  .into_bytes();
67
135
 
68
136
  let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
69
137
  Ok(x) => Some(x.to_i64() as u64),
70
- _ => None
138
+ _ => None,
71
139
  };
72
140
 
73
141
  CertificateBlueprint {
74
142
  subject,
75
143
  capability,
76
- exp
144
+ exp,
77
145
  }
78
146
  }
79
147
 
80
- fn array_to_cert(array: Array) -> capbac::proto::Certificate {
81
- let mut cert_content: Vec<u8> = Vec::new();
82
- for n in array.into_iter() {
83
- let n = n.try_convert_to::<Fixnum>();
84
-
85
- if let Err(ref error) = n {
86
- VM::raise(error.class(), &error.to_string());
87
- }
88
-
89
- cert_content.push(n.unwrap().to_i64() as u8);
90
- }
91
- let mut cert = capbac::proto::Certificate::new();
92
- cert.merge_from_bytes(&cert_content).unwrap();
93
- cert
94
- }
95
-
96
148
  fn options_to_invoke_blueprint(options: Hash) -> InvokeBlueprint {
97
-
98
149
  let cert_content = options
99
150
  .at(&Symbol::new("cert"))
100
- .try_convert_to::<Array>();
101
-
102
- if let Err(ref _error) = cert_content {
103
- VM::raise(Class::from_existing("ArgumentError"), "Certificate must be an array");
104
- }
151
+ .try_convert_to::<ASCIIRString>()
152
+ .map_err(VM::raise_ex)
153
+ .unwrap();
105
154
 
106
- let cert = array_to_cert(cert_content.unwrap());
155
+ let mut cert = capbac::proto::Certificate::new();
156
+ cert.merge_from_bytes(&Vec::from(cert_content)).unwrap();
107
157
 
108
158
  let action = options
109
159
  .at(&Symbol::new("action"))
110
- .try_convert_to::<RString>();
111
-
112
- if let Err(ref _error) = action {
113
- VM::raise(Class::from_existing("ArgumentError"), "Action must be a string");
114
- }
115
-
116
- let action = action
117
- .unwrap().to_string()
160
+ .try_convert_to::<RString>()
161
+ .map_err(VM::raise_ex)
162
+ .unwrap()
163
+ .to_string()
118
164
  .into_bytes();
119
165
 
120
166
  let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
121
167
  Ok(x) => Some(x.to_i64() as u64),
122
- _ => None
168
+ _ => None,
123
169
  };
124
170
 
125
- InvokeBlueprint {
126
- cert,
127
- action,
128
- exp
129
- }
171
+ InvokeBlueprint { cert, action, exp }
130
172
  }
131
173
 
132
174
  wrappable_struct!(capbac::Holder, HolderWrapper, HOLDER_WRAPPER);
@@ -137,87 +179,74 @@ methods!(
137
179
  Holder,
138
180
  itself,
139
181
 
140
- fn ruby_holder_new(me: URI, sk: Array) -> AnyObject {
141
- if let Err(ref error) = me {
142
- VM::raise(error.class(), &error.to_string());
143
- }
144
-
145
- if let Err(ref error) = sk {
146
- VM::raise(error.class(), &error.to_string());
147
- }
148
-
149
- let me = Url::parse(&me.unwrap().to_string());
150
-
151
- if let Err(ref error) = me {
152
- VM::raise(Class::from_existing("ArgumentError"), &error.to_string())
153
- }
154
-
155
- let mut sk_content: Vec<u8> = Vec::new();
156
- for n in sk.unwrap().into_iter() {
157
- let n = n.try_convert_to::<Fixnum>();
158
-
159
- if let Err(ref error) = n {
160
- VM::raise(error.class(), &error.to_string());
161
- }
162
-
163
- sk_content.push(n.unwrap().to_i64() as u8);
164
- }
165
-
166
- let holder = capbac::Holder::new(me.unwrap(), PKey::private_key_from_pkcs8(&sk_content).unwrap().ec_key().unwrap());
182
+ fn ruby_holder_new(me: URI, sk: RString) -> AnyObject {
183
+ let ruby_me = me.map_err(VM::raise_ex).unwrap().to_string();
184
+
185
+ let ruby_sk = sk
186
+ .map_err(VM::raise_ex)
187
+ .unwrap()
188
+ .to_string_unchecked();
189
+
190
+ let me = Url::parse(&ruby_me)
191
+ .map_err(|e| VM::raise(Class::from_existing("ArgumentError"), &e.to_string()))
192
+ .unwrap();
193
+ let sk = PKey::private_key_from_pkcs8(&ruby_sk.as_bytes())
194
+ .map_err(|e| {
195
+ VM::raise(
196
+ Class::from_existing("ArgumentError"),
197
+ &format!("Wrong secret key formar (not pkcs8?) ({})", e.to_string()),
198
+ )
199
+ })
200
+ .unwrap()
201
+ .ec_key()
202
+ .map_err(|e| {
203
+ VM::raise(
204
+ Class::from_existing("ArgumentError"),
205
+ &format!("Can't extract EC key ({})", e.to_string()),
206
+ )
207
+ })
208
+ .unwrap();
209
+
210
+ let holder = capbac::Holder::new(me, sk);
167
211
 
168
212
  Class::from_existing("CapBAC")
169
213
  .get_nested_class("Holder")
170
214
  .wrap_data(holder, &*HOLDER_WRAPPER)
171
215
  }
172
216
 
173
- fn ruby_holder_forge(options: Hash) -> Array {
174
- if let Err(ref _error) = options {
175
- VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
176
- }
177
-
178
- let options = options_to_cert_blueprint(options.unwrap());
179
-
217
+ fn ruby_holder_forge(options: Hash) -> RString {
218
+ let ruby_options = options.map_err(VM::raise_ex).unwrap();
219
+ let options = options_to_cert_blueprint(ruby_options);
180
220
  let holder = itself.get_data(&*HOLDER_WRAPPER);
221
+
181
222
  let cert = holder.forge(options).unwrap();
182
223
 
183
- let mut res = Array::new();
184
- for item in cert.write_to_bytes().unwrap().iter() {
185
- res.push(Fixnum::new(i64::from(*item)));
186
- };
187
- res
224
+ RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
188
225
  }
189
226
 
190
- fn ruby_holder_delegate(cert: Array, options: Hash) -> Array {
191
- if let Err(ref _error) = options {
192
- VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
193
- }
194
-
195
- let options = options_to_cert_blueprint(options.unwrap());
227
+ fn ruby_holder_delegate(cert: ASCIIRString, options: Hash) -> RString {
228
+ let ruby_options = options.map_err(VM::raise_ex).unwrap();
229
+ let options = options_to_cert_blueprint(ruby_options);
196
230
  let holder = itself.get_data(&*HOLDER_WRAPPER);
197
- let cert = array_to_cert(cert.unwrap());
231
+
232
+ let cert_content = Vec::from(cert.map_err(VM::raise_ex).unwrap());
233
+
234
+ let mut cert = capbac::proto::Certificate::new();
235
+ cert.merge_from_bytes(&cert_content).unwrap();
198
236
 
199
237
  let cert = holder.delegate(cert, options).unwrap();
200
- let mut res = Array::new();
201
- for item in cert.write_to_bytes().unwrap().iter() {
202
- res.push(Fixnum::new(i64::from(*item)));
203
- };
204
- res
205
- }
206
238
 
207
- fn ruby_holder_invoke(options: Hash) -> Array {
208
- if let Err(ref _error) = options {
209
- VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
210
- }
239
+ RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
240
+ }
211
241
 
212
- let options = options_to_invoke_blueprint(options.unwrap());
242
+ fn ruby_holder_invoke(options: Hash) -> RString {
243
+ let ruby_options = options.map_err(VM::raise_ex).unwrap();
244
+ let options = options_to_invoke_blueprint(ruby_options);
213
245
  let holder = itself.get_data(&*HOLDER_WRAPPER);
214
246
 
215
247
  let invocation = holder.invoke(options).unwrap();
216
- let mut res = Array::new();
217
- for item in invocation.write_to_bytes().unwrap().iter() {
218
- res.push(Fixnum::new(i64::from(*item)));
219
- };
220
- res
248
+
249
+ RString::from_bytes(&invocation.write_to_bytes().unwrap(), &Encoding::us_ascii())
221
250
  }
222
251
  );
223
252
 
@@ -230,7 +259,7 @@ impl IntValidator {
230
259
  fn new(trust_checker: AnyObject, pubs: AnyObject) -> Self {
231
260
  IntValidator {
232
261
  trust_checker,
233
- pubs
262
+ pubs,
234
263
  }
235
264
  }
236
265
  }
@@ -239,30 +268,36 @@ impl capbac::TrustChecker for IntValidator {
239
268
  fn is_trusted(&self, id: &Url) -> bool {
240
269
  let args = vec![URI::from(id).to_any_object()];
241
270
  self.trust_checker
242
- .send("trusted?", &args)
271
+ .protect_send("trusted?", &args)
272
+ .map_err(VM::raise_ex)
273
+ .unwrap()
243
274
  .try_convert_to::<Boolean>()
244
- .unwrap_or(Boolean::new(false))
275
+ .unwrap_or_else(|_| Boolean::new(false))
245
276
  .to_bool()
246
277
  }
247
278
  }
248
279
 
249
280
  impl capbac::Pubs for IntValidator {
250
281
  fn get(&self, id: &Url) -> Option<EcKey<Public>> {
251
- let res = self.pubs.send("get", &vec![URI::from(id).to_any_object()]).try_convert_to::<Array>();
252
- if let Err(ref _error) = res {
253
- return None
254
- }
255
- let mut pk_content: Vec<u8> = Vec::new();
256
- for n in res.unwrap().into_iter() {
257
- let n = n.try_convert_to::<Fixnum>();
258
-
259
- if let Err(ref error) = n {
260
- VM::raise(error.class(), &error.to_string());
282
+ let args = [URI::from(id).to_any_object()];
283
+ let res = self
284
+ .pubs
285
+ .protect_send("get", &args)
286
+ .map_err(VM::raise_ex)
287
+ .unwrap()
288
+ .try_convert_to::<RString>();
289
+
290
+ match res {
291
+ Ok(pk) => {
292
+ Some(
293
+ PKey::public_key_from_der(&pk.to_string_unchecked().as_bytes())
294
+ .unwrap()
295
+ .ec_key()
296
+ .unwrap(),
297
+ )
261
298
  }
262
-
263
- pk_content.push(n.unwrap().to_i64() as u8);
299
+ Err(_) => None
264
300
  }
265
- Some(PKey::public_key_from_der(&pk_content).unwrap().ec_key().unwrap())
266
301
  }
267
302
  }
268
303
 
@@ -285,56 +320,48 @@ methods!(
285
320
  .wrap_data(validator, &*INT_VALIDATOR_WRAPPER)
286
321
  }
287
322
 
288
- fn ruby_validator_validate_cert(cert: Array, now: Fixnum) -> Boolean {
289
- if let Err(ref error) = cert {
290
- VM::raise(error.class(), &error.to_string());
291
- }
292
-
293
- if let Err(ref error) = now {
294
- VM::raise(error.class(), &error.to_string());
295
- }
296
-
297
- let mut cert_content: Vec<u8> = Vec::new();
298
- for n in cert.unwrap().into_iter() {
299
- let n = n.try_convert_to::<Fixnum>();
300
-
301
- if let Err(ref error) = n {
302
- VM::raise(error.class(), &error.to_string());
303
- }
323
+ fn ruby_validator_validate_cert(cert: RString, now: Fixnum) -> Boolean {
324
+ let ruby_cert = cert
325
+ .map_err(VM::raise_ex)
326
+ .unwrap()
327
+ .to_string_unchecked();
304
328
 
305
- cert_content.push(n.unwrap().to_i64() as u8);
306
- }
307
329
  let mut cert = capbac::proto::Certificate::new();
308
- cert.merge_from_bytes(&cert_content).unwrap();
330
+ cert.merge_from_bytes(&ruby_cert.as_bytes()).unwrap();
309
331
 
310
- let now = now.unwrap().to_i64() as u64;
332
+ let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
311
333
 
312
334
  let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
313
335
  let validator = capbac::Validator::new(x, x);
314
336
 
315
337
  match validator.validate_cert(&cert, now) {
316
338
  Result::Ok(_) => Boolean::new(true),
317
- Err(x) => {
339
+ Err(x) => {
318
340
  let capbac_class = Class::from_existing("CapBAC");
319
341
  match x {
320
- capbac::ValidateError::Malformed { .. } => {
321
- VM::raise(capbac_class.get_nested_class("Malformed"), &format!("{}", x))
322
- },
342
+ capbac::ValidateError::Malformed { .. } => VM::raise(
343
+ capbac_class.get_nested_class("Malformed"),
344
+ &format!("{}", x),
345
+ ),
323
346
  capbac::ValidateError::BadURL { .. } => {
324
347
  VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
325
- },
326
- capbac::ValidateError::UnknownPub { .. } => {
327
- VM::raise(capbac_class.get_nested_class("UnknownPub"), &format!("{}", x))
328
- },
329
- capbac::ValidateError::BadIssuer { .. } => {
330
- VM::raise(capbac_class.get_nested_class("BadIssuer"), &format!("{}", x))
331
- },
332
- capbac::ValidateError::BadInvoker { .. } => {
333
- VM::raise(capbac_class.get_nested_class("BadInvoker"), &format!("{}", x))
334
- },
335
- capbac::ValidateError::Untrusted { .. } => {
336
- VM::raise(capbac_class.get_nested_class("Untrusted"), &format!("{}", x))
337
- },
348
+ }
349
+ capbac::ValidateError::UnknownPub { .. } => VM::raise(
350
+ capbac_class.get_nested_class("UnknownPub"),
351
+ &format!("{}", x),
352
+ ),
353
+ capbac::ValidateError::BadIssuer { .. } => VM::raise(
354
+ capbac_class.get_nested_class("BadIssuer"),
355
+ &format!("{}", x),
356
+ ),
357
+ capbac::ValidateError::BadInvoker { .. } => VM::raise(
358
+ capbac_class.get_nested_class("BadInvoker"),
359
+ &format!("{}", x),
360
+ ),
361
+ capbac::ValidateError::Untrusted { .. } => VM::raise(
362
+ capbac_class.get_nested_class("Untrusted"),
363
+ &format!("{}", x),
364
+ ),
338
365
  capbac::ValidateError::Expired => {
339
366
  VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
340
367
  }
@@ -347,56 +374,50 @@ methods!(
347
374
  }
348
375
  }
349
376
 
350
- fn ruby_validator_validate_invocation(invocation: Array, now: Fixnum) -> Boolean {
351
- if let Err(ref error) = invocation {
352
- VM::raise(error.class(), &error.to_string());
353
- }
354
-
355
- if let Err(ref error) = now {
356
- VM::raise(error.class(), &error.to_string());
357
- }
358
-
359
- let mut invocation_content: Vec<u8> = Vec::new();
360
- for n in invocation.unwrap().into_iter() {
361
- let n = n.try_convert_to::<Fixnum>();
377
+ fn ruby_validator_validate_invocation(invocation: RString, now: Fixnum) -> Boolean {
378
+ let ruby_invocation = invocation
379
+ .map_err(VM::raise_ex)
380
+ .unwrap()
381
+ .to_string_unchecked();
362
382
 
363
- if let Err(ref error) = n {
364
- VM::raise(error.class(), &error.to_string());
365
- }
366
-
367
- invocation_content.push(n.unwrap().to_i64() as u8);
368
- }
369
383
  let mut invocation = capbac::proto::Invocation::new();
370
- invocation.merge_from_bytes(&invocation_content).unwrap();
384
+ invocation
385
+ .merge_from_bytes(&ruby_invocation.as_bytes())
386
+ .unwrap();
371
387
 
372
- let now = now.unwrap().to_i64() as u64;
388
+ let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
373
389
 
374
390
  let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
375
391
  let validator = capbac::Validator::new(x, x);
376
392
 
377
393
  match validator.validate_invocation(&invocation, now) {
378
394
  Result::Ok(_) => Boolean::new(true),
379
- Err(x) => {
395
+ Err(x) => {
380
396
  let capbac_class = Class::from_existing("CapBAC");
381
397
  match x {
382
- capbac::ValidateError::Malformed { .. } => {
383
- VM::raise(capbac_class.get_nested_class("Malformed"), &format!("{}", x))
384
- },
398
+ capbac::ValidateError::Malformed { .. } => VM::raise(
399
+ capbac_class.get_nested_class("Malformed"),
400
+ &format!("{}", x),
401
+ ),
385
402
  capbac::ValidateError::BadURL { .. } => {
386
403
  VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
387
- },
388
- capbac::ValidateError::UnknownPub { .. } => {
389
- VM::raise(capbac_class.get_nested_class("UnknownPub"), &format!("{}", x))
390
- },
391
- capbac::ValidateError::BadIssuer { .. } => {
392
- VM::raise(capbac_class.get_nested_class("BadIssuer"), &format!("{}", x))
393
- },
394
- capbac::ValidateError::BadInvoker { .. } => {
395
- VM::raise(capbac_class.get_nested_class("BadInvoker"), &format!("{}", x))
396
- },
397
- capbac::ValidateError::Untrusted { .. } => {
398
- VM::raise(capbac_class.get_nested_class("Untrusted"), &format!("{}", x))
399
- },
404
+ }
405
+ capbac::ValidateError::UnknownPub { .. } => VM::raise(
406
+ capbac_class.get_nested_class("UnknownPub"),
407
+ &format!("{}", x),
408
+ ),
409
+ capbac::ValidateError::BadIssuer { .. } => VM::raise(
410
+ capbac_class.get_nested_class("BadIssuer"),
411
+ &format!("{}", x),
412
+ ),
413
+ capbac::ValidateError::BadInvoker { .. } => VM::raise(
414
+ capbac_class.get_nested_class("BadInvoker"),
415
+ &format!("{}", x),
416
+ ),
417
+ capbac::ValidateError::Untrusted { .. } => VM::raise(
418
+ capbac_class.get_nested_class("Untrusted"),
419
+ &format!("{}", x),
420
+ ),
400
421
  capbac::ValidateError::Expired => {
401
422
  VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
402
423
  }
@@ -407,7 +428,40 @@ methods!(
407
428
  Boolean::new(false)
408
429
  }
409
430
  }
431
+ }
432
+ );
433
+
434
+ class!(KeyGen);
410
435
 
436
+ methods!(
437
+ KeyGen,
438
+ itself,
439
+
440
+ fn ruby_generate_keypair() -> Hash {
441
+ let rng = rand::SystemRandom::new();
442
+
443
+ let key_pair =
444
+ EcdsaKeyPair::generate_pkcs8(&signature::ECDSA_P256_SHA256_FIXED_SIGNING, &rng)
445
+ .unwrap();
446
+ let sk = key_pair.as_ref();
447
+
448
+ let key_pair = EcdsaKeyPair::from_pkcs8(
449
+ &signature::ECDSA_P256_SHA256_FIXED_SIGNING,
450
+ &key_pair.as_ref(),
451
+ )
452
+ .unwrap();
453
+ let pk = key_pair.public_key().as_ref();
454
+
455
+ let mut res = Hash::new();
456
+ res.store(
457
+ Symbol::new("sk"),
458
+ RString::from_bytes(&sk, &Encoding::us_ascii()),
459
+ );
460
+ res.store(
461
+ Symbol::new("pk"),
462
+ RString::from_bytes(&pk, &Encoding::us_ascii()),
463
+ );
464
+ res
411
465
  }
412
466
  );
413
467
 
@@ -422,10 +476,18 @@ pub extern "C" fn Init_capbac() {
422
476
  itself.def("invoke", ruby_holder_invoke);
423
477
  });
424
478
 
425
- itself.define_nested_class("Validator", None).define(|itself| {
426
- itself.def_self("new", ruby_validator_new);
427
- itself.def("validate_cert", ruby_validator_validate_cert);
428
- itself.def("validate_invocation", ruby_validator_validate_invocation);
429
- });
479
+ itself
480
+ .define_nested_class("Validator", None)
481
+ .define(|itself| {
482
+ itself.def_self("new", ruby_validator_new);
483
+ itself.def("validate_cert", ruby_validator_validate_cert);
484
+ itself.def("validate_invocation", ruby_validator_validate_invocation);
485
+ });
486
+
487
+ itself
488
+ .define_nested_class("KeyPair", None)
489
+ .define(|itself| {
490
+ itself.def("generate!", ruby_generate_keypair);
491
+ });
430
492
  });
431
493
  }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capbac
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kirill Chernyshov
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-15 00:00:00.000000000 Z
11
+ date: 2020-07-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thermite
@@ -110,6 +110,7 @@ files:
110
110
  - lib/capbac/pubs.rb
111
111
  - lib/capbac/trust_checker.rb
112
112
  - lib/capbac/version.rb
113
+ - lib/capbac_ruby.so
113
114
  - src/lib.rs
114
115
  homepage: http://capbac.org
115
116
  licenses: