capbac 0.2.0 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Cargo.toml +4 -3
  3. data/lib/capbac/version.rb +1 -1
  4. data/lib/capbac_ruby.so +0 -0
  5. data/src/lib.rs +284 -222
  6. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 88589fad2be4f62d09eea046bd902057b259be959578d08c67e35a5d1b9877a0
4
- data.tar.gz: e7e7be8ba72bb20186cbfe2babfa742451aa514100e04e3097acb7b2dac3b2f6
3
+ metadata.gz: 6b7076bd32f529211ece0a6a16efe8c1fc37ad412241f1c10392cd1bdd722f4c
4
+ data.tar.gz: 9d1d9bde2412d98785d964e774a91378d00fa70a662d6e66775c2813f34f0170
5
5
  SHA512:
6
- metadata.gz: e05d719e53998961edb131743604d86a1dc2b8e9e7671258cc54ee8e6ddaf0bf958215ab51d8370198abc6ae7e00ac57fd7df387269db844b328bab90bb121e0
7
- data.tar.gz: 3a6356425474be7a70af3be13e65dcdc05a644f3cf2e0734ae4f2758208f484424b2976271de58ff7facb010c0eb6143a1288eb9717812aded00b3eefb763560
6
+ metadata.gz: 227eb36d3513826e5dd9f5771958dd9b833903cb8181cb7e6d15889e0932ad21f8ea5303fc49e33b2bf5aa255237c1ae99214de09ed37a2dab947268021ddd20
7
+ data.tar.gz: 7c6de742856e11d91071e602538a28cd217490bcfa469ad5f09c677f9d5e9abb4964cc7243fe3b863f2988e9fab74248928612a5dbfc40a3ee77305cc8e184ac
data/Cargo.toml CHANGED
@@ -8,9 +8,10 @@ edition = "2018"
8
8
  crate-type = ["cdylib"]
9
9
 
10
10
  [dependencies]
11
- rutie = "0.6.1"
11
+ rutie = "0.8.0"
12
12
  url = "2.1"
13
13
  openssl = "0.10"
14
+ ring = "0.16.15"
14
15
  lazy_static = "1"
15
- protobuf = "~2"
16
- capbac = "0.2.0"
16
+ protobuf = "2.16.2"
17
+ capbac = "0.2.1"
data/lib/capbac/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CapBAC
2
- VERSION = '0.2.0'.freeze
2
+ VERSION = '0.4.2'.freeze
3
3
  end
data/lib/capbac_ruby.so ADDED
Binary file
data/src/lib.rs CHANGED
@@ -1,20 +1,72 @@
1
- #[macro_use] extern crate rutie;
2
- #[macro_use] extern crate lazy_static;
1
+ #[macro_use]
2
+ extern crate rutie;
3
+ #[macro_use]
4
+ extern crate lazy_static;
3
5
 
4
- use rutie::{Module, Class, RString, Object, AnyObject, Array,
5
- Fixnum, Hash, Symbol, VM, Boolean, GC, VerifiedObject};
6
6
  use capbac::{CertificateBlueprint, InvokeBlueprint};
7
+ use openssl::{
8
+ ec::EcKey,
9
+ pkey::{PKey, Public},
10
+ };
11
+ use protobuf::Message;
12
+ use ring::{
13
+ rand,
14
+ signature::{self, EcdsaKeyPair, KeyPair},
15
+ };
16
+ use rutie::{
17
+ AnyObject, Boolean, Class, Encoding, Fixnum, Hash, Module, Object, RString, Symbol,
18
+ VerifiedObject, GC, VM, Array,
19
+ };
20
+ use std::{fmt, str};
7
21
  use url::Url;
8
- use openssl::pkey::{PKey, Public};
9
- use openssl::ec::EcKey;
10
- use protobuf::{Message};
11
- use std::fmt;
22
+
23
+ class!(ASCIIRString);
24
+
25
+ impl VerifiedObject for ASCIIRString {
26
+ fn is_correct_type<T: Object>(object: &T) -> bool {
27
+ object
28
+ .class()
29
+ .ancestors()
30
+ .iter()
31
+ .any(|class| *class == Class::from_existing("String"))
32
+ }
33
+
34
+ fn error_message() -> &'static str {
35
+ "Error converting to ASCII String"
36
+ }
37
+ }
38
+
39
+ impl From<ASCIIRString> for Vec<u8> {
40
+ fn from(rstring: ASCIIRString) -> Self {
41
+ let bytes = rstring
42
+ .protect_send("bytes", &[])
43
+ .map_err(VM::raise_ex)
44
+ .unwrap()
45
+ .try_convert_to::<Array>()
46
+ .map_err(VM::raise_ex)
47
+ .unwrap();
48
+
49
+ let mut res = Vec::new();
50
+
51
+ for n in bytes.into_iter() {
52
+ let n = n.try_convert_to::<Fixnum>()
53
+ .map_err(|e| VM::raise_ex(e))
54
+ .unwrap();
55
+
56
+ res.push(n.to_i64() as u8);
57
+ }
58
+ res
59
+ }
60
+ }
12
61
 
13
62
  class!(URI);
14
63
 
15
64
  impl VerifiedObject for URI {
16
65
  fn is_correct_type<T: Object>(object: &T) -> bool {
17
- object.class().ancestors().iter()
66
+ object
67
+ .class()
68
+ .ancestors()
69
+ .iter()
18
70
  .any(|class| *class == Class::from_existing("URI"))
19
71
  }
20
72
 
@@ -25,108 +77,98 @@ impl VerifiedObject for URI {
25
77
 
26
78
  impl fmt::Display for URI {
27
79
  fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
28
- let s = self.send("to_s", &vec![]).try_convert_to::<RString>().unwrap().to_string();
80
+ let s = self
81
+ .protect_send("to_s", &[])
82
+ .map_err(VM::raise_ex)
83
+ .unwrap()
84
+ .try_convert_to::<RString>()
85
+ .map_err(VM::raise_ex)
86
+ .unwrap()
87
+ .to_string();
29
88
  write!(f, "{}", s)
30
89
  }
31
90
  }
32
91
 
33
92
  impl From<&Url> for URI {
34
93
  fn from(url: &Url) -> Self {
35
- Class::from_existing("URI").send("parse", &vec![RString::new_utf8(&url.clone().to_string()).to_any_object()]).try_convert_to::<URI>().unwrap()
94
+ let args = [RString::new_utf8(&url.clone().to_string()).to_any_object()];
95
+ Class::from_existing("URI")
96
+ .protect_send("parse", &args)
97
+ .map_err(VM::raise_ex)
98
+ .unwrap()
99
+ .try_convert_to::<URI>()
100
+ .map_err(VM::raise_ex)
101
+ .unwrap()
36
102
  }
37
103
  }
38
104
 
39
105
  impl From<URI> for Url {
40
106
  fn from(uri: URI) -> Self {
41
- Url::parse(&uri.to_string()).unwrap()
107
+ Url::parse(&uri.to_string())
108
+ .map_err(|_e| {
109
+ VM::raise(
110
+ Class::from_existing("URI").get_nested_class("InvalidURIError"),
111
+ &format!("bad URI(is not URI?): {}", uri.to_string()),
112
+ )
113
+ })
114
+ .unwrap()
42
115
  }
43
116
  }
44
117
 
118
+ // TODO CertificateBlueprint -> Result<CertificateBlueprint, Error>
45
119
  fn options_to_cert_blueprint(options: Hash) -> CertificateBlueprint {
46
120
  let subject = options
47
121
  .at(&Symbol::new("subject"))
48
- .try_convert_to::<URI>();
49
-
50
- if let Err(ref _error) = subject {
51
- VM::raise(Class::from_existing("ArgumentError"), "Subject must be an instance of URI");
52
- }
122
+ .try_convert_to::<URI>()
123
+ .map_err(VM::raise_ex)
124
+ .unwrap();
53
125
 
54
- let subject = Url::from(subject.unwrap());
126
+ let subject = Url::from(subject);
55
127
 
56
128
  let capability = options
57
129
  .at(&Symbol::new("capability"))
58
- .try_convert_to::<RString>();
59
-
60
- if let Err(ref _error) = capability {
61
- VM::raise(Class::from_existing("ArgumentError"), "Capability must be a string");
62
- }
63
-
64
- let capability = capability
65
- .unwrap().to_string()
130
+ .try_convert_to::<RString>()
131
+ .map_err(VM::raise_ex)
132
+ .unwrap()
133
+ .to_string()
66
134
  .into_bytes();
67
135
 
68
136
  let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
69
137
  Ok(x) => Some(x.to_i64() as u64),
70
- _ => None
138
+ _ => None,
71
139
  };
72
140
 
73
141
  CertificateBlueprint {
74
142
  subject,
75
143
  capability,
76
- exp
144
+ exp,
77
145
  }
78
146
  }
79
147
 
80
- fn array_to_cert(array: Array) -> capbac::proto::Certificate {
81
- let mut cert_content: Vec<u8> = Vec::new();
82
- for n in array.into_iter() {
83
- let n = n.try_convert_to::<Fixnum>();
84
-
85
- if let Err(ref error) = n {
86
- VM::raise(error.class(), &error.to_string());
87
- }
88
-
89
- cert_content.push(n.unwrap().to_i64() as u8);
90
- }
91
- let mut cert = capbac::proto::Certificate::new();
92
- cert.merge_from_bytes(&cert_content).unwrap();
93
- cert
94
- }
95
-
96
148
  fn options_to_invoke_blueprint(options: Hash) -> InvokeBlueprint {
97
-
98
149
  let cert_content = options
99
150
  .at(&Symbol::new("cert"))
100
- .try_convert_to::<Array>();
101
-
102
- if let Err(ref _error) = cert_content {
103
- VM::raise(Class::from_existing("ArgumentError"), "Certificate must be an array");
104
- }
151
+ .try_convert_to::<ASCIIRString>()
152
+ .map_err(VM::raise_ex)
153
+ .unwrap();
105
154
 
106
- let cert = array_to_cert(cert_content.unwrap());
155
+ let mut cert = capbac::proto::Certificate::new();
156
+ cert.merge_from_bytes(&Vec::from(cert_content)).unwrap();
107
157
 
108
158
  let action = options
109
159
  .at(&Symbol::new("action"))
110
- .try_convert_to::<RString>();
111
-
112
- if let Err(ref _error) = action {
113
- VM::raise(Class::from_existing("ArgumentError"), "Action must be a string");
114
- }
115
-
116
- let action = action
117
- .unwrap().to_string()
160
+ .try_convert_to::<RString>()
161
+ .map_err(VM::raise_ex)
162
+ .unwrap()
163
+ .to_string()
118
164
  .into_bytes();
119
165
 
120
166
  let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
121
167
  Ok(x) => Some(x.to_i64() as u64),
122
- _ => None
168
+ _ => None,
123
169
  };
124
170
 
125
- InvokeBlueprint {
126
- cert,
127
- action,
128
- exp
129
- }
171
+ InvokeBlueprint { cert, action, exp }
130
172
  }
131
173
 
132
174
  wrappable_struct!(capbac::Holder, HolderWrapper, HOLDER_WRAPPER);
@@ -137,87 +179,74 @@ methods!(
137
179
  Holder,
138
180
  itself,
139
181
 
140
- fn ruby_holder_new(me: URI, sk: Array) -> AnyObject {
141
- if let Err(ref error) = me {
142
- VM::raise(error.class(), &error.to_string());
143
- }
144
-
145
- if let Err(ref error) = sk {
146
- VM::raise(error.class(), &error.to_string());
147
- }
148
-
149
- let me = Url::parse(&me.unwrap().to_string());
150
-
151
- if let Err(ref error) = me {
152
- VM::raise(Class::from_existing("ArgumentError"), &error.to_string())
153
- }
154
-
155
- let mut sk_content: Vec<u8> = Vec::new();
156
- for n in sk.unwrap().into_iter() {
157
- let n = n.try_convert_to::<Fixnum>();
158
-
159
- if let Err(ref error) = n {
160
- VM::raise(error.class(), &error.to_string());
161
- }
162
-
163
- sk_content.push(n.unwrap().to_i64() as u8);
164
- }
165
-
166
- let holder = capbac::Holder::new(me.unwrap(), PKey::private_key_from_pkcs8(&sk_content).unwrap().ec_key().unwrap());
182
+ fn ruby_holder_new(me: URI, sk: RString) -> AnyObject {
183
+ let ruby_me = me.map_err(VM::raise_ex).unwrap().to_string();
184
+
185
+ let ruby_sk = sk
186
+ .map_err(VM::raise_ex)
187
+ .unwrap()
188
+ .to_string_unchecked();
189
+
190
+ let me = Url::parse(&ruby_me)
191
+ .map_err(|e| VM::raise(Class::from_existing("ArgumentError"), &e.to_string()))
192
+ .unwrap();
193
+ let sk = PKey::private_key_from_pkcs8(&ruby_sk.as_bytes())
194
+ .map_err(|e| {
195
+ VM::raise(
196
+ Class::from_existing("ArgumentError"),
197
+ &format!("Wrong secret key formar (not pkcs8?) ({})", e.to_string()),
198
+ )
199
+ })
200
+ .unwrap()
201
+ .ec_key()
202
+ .map_err(|e| {
203
+ VM::raise(
204
+ Class::from_existing("ArgumentError"),
205
+ &format!("Can't extract EC key ({})", e.to_string()),
206
+ )
207
+ })
208
+ .unwrap();
209
+
210
+ let holder = capbac::Holder::new(me, sk);
167
211
 
168
212
  Class::from_existing("CapBAC")
169
213
  .get_nested_class("Holder")
170
214
  .wrap_data(holder, &*HOLDER_WRAPPER)
171
215
  }
172
216
 
173
- fn ruby_holder_forge(options: Hash) -> Array {
174
- if let Err(ref _error) = options {
175
- VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
176
- }
177
-
178
- let options = options_to_cert_blueprint(options.unwrap());
179
-
217
+ fn ruby_holder_forge(options: Hash) -> RString {
218
+ let ruby_options = options.map_err(VM::raise_ex).unwrap();
219
+ let options = options_to_cert_blueprint(ruby_options);
180
220
  let holder = itself.get_data(&*HOLDER_WRAPPER);
221
+
181
222
  let cert = holder.forge(options).unwrap();
182
223
 
183
- let mut res = Array::new();
184
- for item in cert.write_to_bytes().unwrap().iter() {
185
- res.push(Fixnum::new(i64::from(*item)));
186
- };
187
- res
224
+ RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
188
225
  }
189
226
 
190
- fn ruby_holder_delegate(cert: Array, options: Hash) -> Array {
191
- if let Err(ref _error) = options {
192
- VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
193
- }
194
-
195
- let options = options_to_cert_blueprint(options.unwrap());
227
+ fn ruby_holder_delegate(cert: ASCIIRString, options: Hash) -> RString {
228
+ let ruby_options = options.map_err(VM::raise_ex).unwrap();
229
+ let options = options_to_cert_blueprint(ruby_options);
196
230
  let holder = itself.get_data(&*HOLDER_WRAPPER);
197
- let cert = array_to_cert(cert.unwrap());
231
+
232
+ let cert_content = Vec::from(cert.map_err(VM::raise_ex).unwrap());
233
+
234
+ let mut cert = capbac::proto::Certificate::new();
235
+ cert.merge_from_bytes(&cert_content).unwrap();
198
236
 
199
237
  let cert = holder.delegate(cert, options).unwrap();
200
- let mut res = Array::new();
201
- for item in cert.write_to_bytes().unwrap().iter() {
202
- res.push(Fixnum::new(i64::from(*item)));
203
- };
204
- res
205
- }
206
238
 
207
- fn ruby_holder_invoke(options: Hash) -> Array {
208
- if let Err(ref _error) = options {
209
- VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
210
- }
239
+ RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
240
+ }
211
241
 
212
- let options = options_to_invoke_blueprint(options.unwrap());
242
+ fn ruby_holder_invoke(options: Hash) -> RString {
243
+ let ruby_options = options.map_err(VM::raise_ex).unwrap();
244
+ let options = options_to_invoke_blueprint(ruby_options);
213
245
  let holder = itself.get_data(&*HOLDER_WRAPPER);
214
246
 
215
247
  let invocation = holder.invoke(options).unwrap();
216
- let mut res = Array::new();
217
- for item in invocation.write_to_bytes().unwrap().iter() {
218
- res.push(Fixnum::new(i64::from(*item)));
219
- };
220
- res
248
+
249
+ RString::from_bytes(&invocation.write_to_bytes().unwrap(), &Encoding::us_ascii())
221
250
  }
222
251
  );
223
252
 
@@ -230,7 +259,7 @@ impl IntValidator {
230
259
  fn new(trust_checker: AnyObject, pubs: AnyObject) -> Self {
231
260
  IntValidator {
232
261
  trust_checker,
233
- pubs
262
+ pubs,
234
263
  }
235
264
  }
236
265
  }
@@ -239,30 +268,36 @@ impl capbac::TrustChecker for IntValidator {
239
268
  fn is_trusted(&self, id: &Url) -> bool {
240
269
  let args = vec![URI::from(id).to_any_object()];
241
270
  self.trust_checker
242
- .send("trusted?", &args)
271
+ .protect_send("trusted?", &args)
272
+ .map_err(VM::raise_ex)
273
+ .unwrap()
243
274
  .try_convert_to::<Boolean>()
244
- .unwrap_or(Boolean::new(false))
275
+ .unwrap_or_else(|_| Boolean::new(false))
245
276
  .to_bool()
246
277
  }
247
278
  }
248
279
 
249
280
  impl capbac::Pubs for IntValidator {
250
281
  fn get(&self, id: &Url) -> Option<EcKey<Public>> {
251
- let res = self.pubs.send("get", &vec![URI::from(id).to_any_object()]).try_convert_to::<Array>();
252
- if let Err(ref _error) = res {
253
- return None
254
- }
255
- let mut pk_content: Vec<u8> = Vec::new();
256
- for n in res.unwrap().into_iter() {
257
- let n = n.try_convert_to::<Fixnum>();
258
-
259
- if let Err(ref error) = n {
260
- VM::raise(error.class(), &error.to_string());
282
+ let args = [URI::from(id).to_any_object()];
283
+ let res = self
284
+ .pubs
285
+ .protect_send("get", &args)
286
+ .map_err(VM::raise_ex)
287
+ .unwrap()
288
+ .try_convert_to::<RString>();
289
+
290
+ match res {
291
+ Ok(pk) => {
292
+ Some(
293
+ PKey::public_key_from_der(&pk.to_string_unchecked().as_bytes())
294
+ .unwrap()
295
+ .ec_key()
296
+ .unwrap(),
297
+ )
261
298
  }
262
-
263
- pk_content.push(n.unwrap().to_i64() as u8);
299
+ Err(_) => None
264
300
  }
265
- Some(PKey::public_key_from_der(&pk_content).unwrap().ec_key().unwrap())
266
301
  }
267
302
  }
268
303
 
@@ -285,56 +320,48 @@ methods!(
285
320
  .wrap_data(validator, &*INT_VALIDATOR_WRAPPER)
286
321
  }
287
322
 
288
- fn ruby_validator_validate_cert(cert: Array, now: Fixnum) -> Boolean {
289
- if let Err(ref error) = cert {
290
- VM::raise(error.class(), &error.to_string());
291
- }
292
-
293
- if let Err(ref error) = now {
294
- VM::raise(error.class(), &error.to_string());
295
- }
296
-
297
- let mut cert_content: Vec<u8> = Vec::new();
298
- for n in cert.unwrap().into_iter() {
299
- let n = n.try_convert_to::<Fixnum>();
300
-
301
- if let Err(ref error) = n {
302
- VM::raise(error.class(), &error.to_string());
303
- }
323
+ fn ruby_validator_validate_cert(cert: RString, now: Fixnum) -> Boolean {
324
+ let ruby_cert = cert
325
+ .map_err(VM::raise_ex)
326
+ .unwrap()
327
+ .to_string_unchecked();
304
328
 
305
- cert_content.push(n.unwrap().to_i64() as u8);
306
- }
307
329
  let mut cert = capbac::proto::Certificate::new();
308
- cert.merge_from_bytes(&cert_content).unwrap();
330
+ cert.merge_from_bytes(&ruby_cert.as_bytes()).unwrap();
309
331
 
310
- let now = now.unwrap().to_i64() as u64;
332
+ let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
311
333
 
312
334
  let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
313
335
  let validator = capbac::Validator::new(x, x);
314
336
 
315
337
  match validator.validate_cert(&cert, now) {
316
338
  Result::Ok(_) => Boolean::new(true),
317
- Err(x) => {
339
+ Err(x) => {
318
340
  let capbac_class = Class::from_existing("CapBAC");
319
341
  match x {
320
- capbac::ValidateError::Malformed { .. } => {
321
- VM::raise(capbac_class.get_nested_class("Malformed"), &format!("{}", x))
322
- },
342
+ capbac::ValidateError::Malformed { .. } => VM::raise(
343
+ capbac_class.get_nested_class("Malformed"),
344
+ &format!("{}", x),
345
+ ),
323
346
  capbac::ValidateError::BadURL { .. } => {
324
347
  VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
325
- },
326
- capbac::ValidateError::UnknownPub { .. } => {
327
- VM::raise(capbac_class.get_nested_class("UnknownPub"), &format!("{}", x))
328
- },
329
- capbac::ValidateError::BadIssuer { .. } => {
330
- VM::raise(capbac_class.get_nested_class("BadIssuer"), &format!("{}", x))
331
- },
332
- capbac::ValidateError::BadInvoker { .. } => {
333
- VM::raise(capbac_class.get_nested_class("BadInvoker"), &format!("{}", x))
334
- },
335
- capbac::ValidateError::Untrusted { .. } => {
336
- VM::raise(capbac_class.get_nested_class("Untrusted"), &format!("{}", x))
337
- },
348
+ }
349
+ capbac::ValidateError::UnknownPub { .. } => VM::raise(
350
+ capbac_class.get_nested_class("UnknownPub"),
351
+ &format!("{}", x),
352
+ ),
353
+ capbac::ValidateError::BadIssuer { .. } => VM::raise(
354
+ capbac_class.get_nested_class("BadIssuer"),
355
+ &format!("{}", x),
356
+ ),
357
+ capbac::ValidateError::BadInvoker { .. } => VM::raise(
358
+ capbac_class.get_nested_class("BadInvoker"),
359
+ &format!("{}", x),
360
+ ),
361
+ capbac::ValidateError::Untrusted { .. } => VM::raise(
362
+ capbac_class.get_nested_class("Untrusted"),
363
+ &format!("{}", x),
364
+ ),
338
365
  capbac::ValidateError::Expired => {
339
366
  VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
340
367
  }
@@ -347,56 +374,50 @@ methods!(
347
374
  }
348
375
  }
349
376
 
350
- fn ruby_validator_validate_invocation(invocation: Array, now: Fixnum) -> Boolean {
351
- if let Err(ref error) = invocation {
352
- VM::raise(error.class(), &error.to_string());
353
- }
354
-
355
- if let Err(ref error) = now {
356
- VM::raise(error.class(), &error.to_string());
357
- }
358
-
359
- let mut invocation_content: Vec<u8> = Vec::new();
360
- for n in invocation.unwrap().into_iter() {
361
- let n = n.try_convert_to::<Fixnum>();
377
+ fn ruby_validator_validate_invocation(invocation: RString, now: Fixnum) -> Boolean {
378
+ let ruby_invocation = invocation
379
+ .map_err(VM::raise_ex)
380
+ .unwrap()
381
+ .to_string_unchecked();
362
382
 
363
- if let Err(ref error) = n {
364
- VM::raise(error.class(), &error.to_string());
365
- }
366
-
367
- invocation_content.push(n.unwrap().to_i64() as u8);
368
- }
369
383
  let mut invocation = capbac::proto::Invocation::new();
370
- invocation.merge_from_bytes(&invocation_content).unwrap();
384
+ invocation
385
+ .merge_from_bytes(&ruby_invocation.as_bytes())
386
+ .unwrap();
371
387
 
372
- let now = now.unwrap().to_i64() as u64;
388
+ let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
373
389
 
374
390
  let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
375
391
  let validator = capbac::Validator::new(x, x);
376
392
 
377
393
  match validator.validate_invocation(&invocation, now) {
378
394
  Result::Ok(_) => Boolean::new(true),
379
- Err(x) => {
395
+ Err(x) => {
380
396
  let capbac_class = Class::from_existing("CapBAC");
381
397
  match x {
382
- capbac::ValidateError::Malformed { .. } => {
383
- VM::raise(capbac_class.get_nested_class("Malformed"), &format!("{}", x))
384
- },
398
+ capbac::ValidateError::Malformed { .. } => VM::raise(
399
+ capbac_class.get_nested_class("Malformed"),
400
+ &format!("{}", x),
401
+ ),
385
402
  capbac::ValidateError::BadURL { .. } => {
386
403
  VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
387
- },
388
- capbac::ValidateError::UnknownPub { .. } => {
389
- VM::raise(capbac_class.get_nested_class("UnknownPub"), &format!("{}", x))
390
- },
391
- capbac::ValidateError::BadIssuer { .. } => {
392
- VM::raise(capbac_class.get_nested_class("BadIssuer"), &format!("{}", x))
393
- },
394
- capbac::ValidateError::BadInvoker { .. } => {
395
- VM::raise(capbac_class.get_nested_class("BadInvoker"), &format!("{}", x))
396
- },
397
- capbac::ValidateError::Untrusted { .. } => {
398
- VM::raise(capbac_class.get_nested_class("Untrusted"), &format!("{}", x))
399
- },
404
+ }
405
+ capbac::ValidateError::UnknownPub { .. } => VM::raise(
406
+ capbac_class.get_nested_class("UnknownPub"),
407
+ &format!("{}", x),
408
+ ),
409
+ capbac::ValidateError::BadIssuer { .. } => VM::raise(
410
+ capbac_class.get_nested_class("BadIssuer"),
411
+ &format!("{}", x),
412
+ ),
413
+ capbac::ValidateError::BadInvoker { .. } => VM::raise(
414
+ capbac_class.get_nested_class("BadInvoker"),
415
+ &format!("{}", x),
416
+ ),
417
+ capbac::ValidateError::Untrusted { .. } => VM::raise(
418
+ capbac_class.get_nested_class("Untrusted"),
419
+ &format!("{}", x),
420
+ ),
400
421
  capbac::ValidateError::Expired => {
401
422
  VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
402
423
  }
@@ -407,7 +428,40 @@ methods!(
407
428
  Boolean::new(false)
408
429
  }
409
430
  }
431
+ }
432
+ );
433
+
434
+ class!(KeyGen);
410
435
 
436
+ methods!(
437
+ KeyGen,
438
+ itself,
439
+
440
+ fn ruby_generate_keypair() -> Hash {
441
+ let rng = rand::SystemRandom::new();
442
+
443
+ let key_pair =
444
+ EcdsaKeyPair::generate_pkcs8(&signature::ECDSA_P256_SHA256_FIXED_SIGNING, &rng)
445
+ .unwrap();
446
+ let sk = key_pair.as_ref();
447
+
448
+ let key_pair = EcdsaKeyPair::from_pkcs8(
449
+ &signature::ECDSA_P256_SHA256_FIXED_SIGNING,
450
+ &key_pair.as_ref(),
451
+ )
452
+ .unwrap();
453
+ let pk = key_pair.public_key().as_ref();
454
+
455
+ let mut res = Hash::new();
456
+ res.store(
457
+ Symbol::new("sk"),
458
+ RString::from_bytes(&sk, &Encoding::us_ascii()),
459
+ );
460
+ res.store(
461
+ Symbol::new("pk"),
462
+ RString::from_bytes(&pk, &Encoding::us_ascii()),
463
+ );
464
+ res
411
465
  }
412
466
  );
413
467
 
@@ -422,10 +476,18 @@ pub extern "C" fn Init_capbac() {
422
476
  itself.def("invoke", ruby_holder_invoke);
423
477
  });
424
478
 
425
- itself.define_nested_class("Validator", None).define(|itself| {
426
- itself.def_self("new", ruby_validator_new);
427
- itself.def("validate_cert", ruby_validator_validate_cert);
428
- itself.def("validate_invocation", ruby_validator_validate_invocation);
429
- });
479
+ itself
480
+ .define_nested_class("Validator", None)
481
+ .define(|itself| {
482
+ itself.def_self("new", ruby_validator_new);
483
+ itself.def("validate_cert", ruby_validator_validate_cert);
484
+ itself.def("validate_invocation", ruby_validator_validate_invocation);
485
+ });
486
+
487
+ itself
488
+ .define_nested_class("KeyPair", None)
489
+ .define(|itself| {
490
+ itself.def("generate!", ruby_generate_keypair);
491
+ });
430
492
  });
431
493
  }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capbac
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kirill Chernyshov
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-15 00:00:00.000000000 Z
11
+ date: 2020-07-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thermite
@@ -110,6 +110,7 @@ files:
110
110
  - lib/capbac/pubs.rb
111
111
  - lib/capbac/trust_checker.rb
112
112
  - lib/capbac/version.rb
113
+ - lib/capbac_ruby.so
113
114
  - src/lib.rs
114
115
  homepage: http://capbac.org
115
116
  licenses: