capbac 0.2.1 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Cargo.toml +4 -3
- data/lib/capbac/version.rb +1 -1
- data/lib/capbac_ruby.so +0 -0
- data/src/lib.rs +242 -223
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: adda2cca9f2268e6630ebcf446a122a16f47af4cb8e8da244ec02dcc29ecacee
|
|
4
|
+
data.tar.gz: cd4d014f2e6f2e33e29be3084dc061cf4a24766bc486234e077916f786c8a430
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7a9e336f88154e277e3f98add0f0b1312ef7b6963602f47e02bfcac32c248624811600ce33cbcfc391e2780c3a8d687eefda388cb80f7e3f1e29ad9c19cf1a88
|
|
7
|
+
data.tar.gz: d78605c676018174d3af5ffee304d8d4a60e3f4bef9891e238478c08ddb34c34d16a9253e465163086f6493eb75ad71a029a16c683c828d36fe780416278c163
|
data/Cargo.toml
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[package]
|
|
2
2
|
name = "capbac-ruby"
|
|
3
|
-
version = "0.
|
|
3
|
+
version = "0.3.0"
|
|
4
4
|
authors = ["Kirill Chernyshov <delaguardo@gmail.com>"]
|
|
5
5
|
edition = "2018"
|
|
6
6
|
|
|
@@ -8,9 +8,10 @@ edition = "2018"
|
|
|
8
8
|
crate-type = ["cdylib"]
|
|
9
9
|
|
|
10
10
|
[dependencies]
|
|
11
|
-
rutie = "0.
|
|
11
|
+
rutie = "0.8.0"
|
|
12
12
|
url = "2.1"
|
|
13
13
|
openssl = "0.10"
|
|
14
|
+
ring = "0.16.15"
|
|
14
15
|
lazy_static = "1"
|
|
15
16
|
protobuf = "2.16.2"
|
|
16
|
-
capbac = "0.
|
|
17
|
+
capbac = "0.3.0"
|
data/lib/capbac/version.rb
CHANGED
data/lib/capbac_ruby.so
CHANGED
|
Binary file
|
data/src/lib.rs
CHANGED
|
@@ -1,20 +1,69 @@
|
|
|
1
|
-
#[macro_use]
|
|
2
|
-
|
|
1
|
+
#[macro_use]
|
|
2
|
+
extern crate rutie;
|
|
3
|
+
#[macro_use]
|
|
4
|
+
extern crate lazy_static;
|
|
3
5
|
|
|
4
|
-
use rutie::{Module, Class, RString, Object, AnyObject, Array,
|
|
5
|
-
Fixnum, Hash, Symbol, VM, Boolean, GC, VerifiedObject};
|
|
6
6
|
use capbac::{CertificateBlueprint, InvokeBlueprint};
|
|
7
|
+
use openssl::{
|
|
8
|
+
ec::{EcKey, EcGroup},
|
|
9
|
+
pkey::{PKey, Public},
|
|
10
|
+
};
|
|
11
|
+
use openssl::nid::Nid;
|
|
12
|
+
use protobuf::Message;
|
|
13
|
+
use rutie::{
|
|
14
|
+
AnyObject, Boolean, Class, Encoding, Fixnum, Hash, Module, Object, RString, Symbol,
|
|
15
|
+
VerifiedObject, GC, VM, Array,
|
|
16
|
+
};
|
|
17
|
+
use std::{fmt, str};
|
|
7
18
|
use url::Url;
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
19
|
+
|
|
20
|
+
class!(ASCIIRString);
|
|
21
|
+
|
|
22
|
+
impl VerifiedObject for ASCIIRString {
|
|
23
|
+
fn is_correct_type<T: Object>(object: &T) -> bool {
|
|
24
|
+
object
|
|
25
|
+
.class()
|
|
26
|
+
.ancestors()
|
|
27
|
+
.iter()
|
|
28
|
+
.any(|class| *class == Class::from_existing("String"))
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
fn error_message() -> &'static str {
|
|
32
|
+
"Error converting to ASCII String"
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
impl From<ASCIIRString> for Vec<u8> {
|
|
37
|
+
fn from(rstring: ASCIIRString) -> Self {
|
|
38
|
+
let bytes = rstring
|
|
39
|
+
.protect_send("bytes", &[])
|
|
40
|
+
.map_err(VM::raise_ex)
|
|
41
|
+
.unwrap()
|
|
42
|
+
.try_convert_to::<Array>()
|
|
43
|
+
.map_err(VM::raise_ex)
|
|
44
|
+
.unwrap();
|
|
45
|
+
|
|
46
|
+
let mut res = Vec::new();
|
|
47
|
+
|
|
48
|
+
for n in bytes.into_iter() {
|
|
49
|
+
let n = n.try_convert_to::<Fixnum>()
|
|
50
|
+
.map_err(|e| VM::raise_ex(e))
|
|
51
|
+
.unwrap();
|
|
52
|
+
|
|
53
|
+
res.push(n.to_i64() as u8);
|
|
54
|
+
}
|
|
55
|
+
res
|
|
56
|
+
}
|
|
57
|
+
}
|
|
12
58
|
|
|
13
59
|
class!(URI);
|
|
14
60
|
|
|
15
61
|
impl VerifiedObject for URI {
|
|
16
62
|
fn is_correct_type<T: Object>(object: &T) -> bool {
|
|
17
|
-
object
|
|
63
|
+
object
|
|
64
|
+
.class()
|
|
65
|
+
.ancestors()
|
|
66
|
+
.iter()
|
|
18
67
|
.any(|class| *class == Class::from_existing("URI"))
|
|
19
68
|
}
|
|
20
69
|
|
|
@@ -25,108 +74,98 @@ impl VerifiedObject for URI {
|
|
|
25
74
|
|
|
26
75
|
impl fmt::Display for URI {
|
|
27
76
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
28
|
-
let s = self
|
|
77
|
+
let s = self
|
|
78
|
+
.protect_send("to_s", &[])
|
|
79
|
+
.map_err(VM::raise_ex)
|
|
80
|
+
.unwrap()
|
|
81
|
+
.try_convert_to::<RString>()
|
|
82
|
+
.map_err(VM::raise_ex)
|
|
83
|
+
.unwrap()
|
|
84
|
+
.to_string();
|
|
29
85
|
write!(f, "{}", s)
|
|
30
86
|
}
|
|
31
87
|
}
|
|
32
88
|
|
|
33
89
|
impl From<&Url> for URI {
|
|
34
90
|
fn from(url: &Url) -> Self {
|
|
35
|
-
|
|
91
|
+
let args = [RString::new_utf8(&url.clone().to_string()).to_any_object()];
|
|
92
|
+
Class::from_existing("URI")
|
|
93
|
+
.protect_send("parse", &args)
|
|
94
|
+
.map_err(VM::raise_ex)
|
|
95
|
+
.unwrap()
|
|
96
|
+
.try_convert_to::<URI>()
|
|
97
|
+
.map_err(VM::raise_ex)
|
|
98
|
+
.unwrap()
|
|
36
99
|
}
|
|
37
100
|
}
|
|
38
101
|
|
|
39
102
|
impl From<URI> for Url {
|
|
40
103
|
fn from(uri: URI) -> Self {
|
|
41
|
-
Url::parse(&uri.to_string())
|
|
104
|
+
Url::parse(&uri.to_string())
|
|
105
|
+
.map_err(|_e| {
|
|
106
|
+
VM::raise(
|
|
107
|
+
Class::from_existing("URI").get_nested_class("InvalidURIError"),
|
|
108
|
+
&format!("bad URI(is not URI?): {}", uri.to_string()),
|
|
109
|
+
)
|
|
110
|
+
})
|
|
111
|
+
.unwrap()
|
|
42
112
|
}
|
|
43
113
|
}
|
|
44
114
|
|
|
115
|
+
// TODO CertificateBlueprint -> Result<CertificateBlueprint, Error>
|
|
45
116
|
fn options_to_cert_blueprint(options: Hash) -> CertificateBlueprint {
|
|
46
117
|
let subject = options
|
|
47
118
|
.at(&Symbol::new("subject"))
|
|
48
|
-
.try_convert_to::<URI>()
|
|
119
|
+
.try_convert_to::<URI>()
|
|
120
|
+
.map_err(VM::raise_ex)
|
|
121
|
+
.unwrap();
|
|
49
122
|
|
|
50
|
-
|
|
51
|
-
VM::raise(Class::from_existing("ArgumentError"), "Subject must be an instance of URI");
|
|
52
|
-
}
|
|
53
|
-
|
|
54
|
-
let subject = Url::from(subject.unwrap());
|
|
123
|
+
let subject = Url::from(subject);
|
|
55
124
|
|
|
56
125
|
let capability = options
|
|
57
126
|
.at(&Symbol::new("capability"))
|
|
58
|
-
.try_convert_to::<RString>()
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
let capability = capability
|
|
65
|
-
.unwrap().to_string()
|
|
127
|
+
.try_convert_to::<RString>()
|
|
128
|
+
.map_err(VM::raise_ex)
|
|
129
|
+
.unwrap()
|
|
130
|
+
.to_string()
|
|
66
131
|
.into_bytes();
|
|
67
132
|
|
|
68
133
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
|
69
134
|
Ok(x) => Some(x.to_i64() as u64),
|
|
70
|
-
_ => None
|
|
135
|
+
_ => None,
|
|
71
136
|
};
|
|
72
137
|
|
|
73
138
|
CertificateBlueprint {
|
|
74
139
|
subject,
|
|
75
140
|
capability,
|
|
76
|
-
exp
|
|
77
|
-
}
|
|
78
|
-
}
|
|
79
|
-
|
|
80
|
-
fn array_to_cert(array: Array) -> capbac::proto::Certificate {
|
|
81
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
|
82
|
-
for n in array.into_iter() {
|
|
83
|
-
let n = n.try_convert_to::<Fixnum>();
|
|
84
|
-
|
|
85
|
-
if let Err(ref error) = n {
|
|
86
|
-
VM::raise(error.class(), &error.to_string());
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
|
141
|
+
exp,
|
|
90
142
|
}
|
|
91
|
-
let mut cert = capbac::proto::Certificate::new();
|
|
92
|
-
cert.merge_from_bytes(&cert_content).unwrap();
|
|
93
|
-
cert
|
|
94
143
|
}
|
|
95
144
|
|
|
96
145
|
fn options_to_invoke_blueprint(options: Hash) -> InvokeBlueprint {
|
|
97
|
-
|
|
98
146
|
let cert_content = options
|
|
99
147
|
.at(&Symbol::new("cert"))
|
|
100
|
-
.try_convert_to::<
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
VM::raise(Class::from_existing("ArgumentError"), "Certificate must be an array");
|
|
104
|
-
}
|
|
148
|
+
.try_convert_to::<ASCIIRString>()
|
|
149
|
+
.map_err(VM::raise_ex)
|
|
150
|
+
.unwrap();
|
|
105
151
|
|
|
106
|
-
let cert =
|
|
152
|
+
let mut cert = capbac::proto::Certificate::new();
|
|
153
|
+
cert.merge_from_bytes(&Vec::from(cert_content)).unwrap();
|
|
107
154
|
|
|
108
155
|
let action = options
|
|
109
156
|
.at(&Symbol::new("action"))
|
|
110
|
-
.try_convert_to::<RString>()
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
}
|
|
115
|
-
|
|
116
|
-
let action = action
|
|
117
|
-
.unwrap().to_string()
|
|
157
|
+
.try_convert_to::<RString>()
|
|
158
|
+
.map_err(VM::raise_ex)
|
|
159
|
+
.unwrap()
|
|
160
|
+
.to_string()
|
|
118
161
|
.into_bytes();
|
|
119
162
|
|
|
120
163
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
|
121
164
|
Ok(x) => Some(x.to_i64() as u64),
|
|
122
|
-
_ => None
|
|
165
|
+
_ => None,
|
|
123
166
|
};
|
|
124
167
|
|
|
125
|
-
InvokeBlueprint {
|
|
126
|
-
cert,
|
|
127
|
-
action,
|
|
128
|
-
exp
|
|
129
|
-
}
|
|
168
|
+
InvokeBlueprint { cert, action, exp }
|
|
130
169
|
}
|
|
131
170
|
|
|
132
171
|
wrappable_struct!(capbac::Holder, HolderWrapper, HOLDER_WRAPPER);
|
|
@@ -137,87 +176,74 @@ methods!(
|
|
|
137
176
|
Holder,
|
|
138
177
|
itself,
|
|
139
178
|
|
|
140
|
-
fn ruby_holder_new(me: URI, sk:
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
179
|
+
fn ruby_holder_new(me: URI, sk: RString) -> AnyObject {
|
|
180
|
+
let ruby_me = me.map_err(VM::raise_ex).unwrap().to_string();
|
|
181
|
+
|
|
182
|
+
let ruby_sk = sk
|
|
183
|
+
.map_err(VM::raise_ex)
|
|
184
|
+
.unwrap()
|
|
185
|
+
.to_string_unchecked();
|
|
186
|
+
|
|
187
|
+
let me = Url::parse(&ruby_me)
|
|
188
|
+
.map_err(|e| VM::raise(Class::from_existing("ArgumentError"), &e.to_string()))
|
|
189
|
+
.unwrap();
|
|
190
|
+
let sk = PKey::private_key_from_pem(&ruby_sk.as_bytes())
|
|
191
|
+
.map_err(|e| {
|
|
192
|
+
VM::raise(
|
|
193
|
+
Class::from_existing("ArgumentError"),
|
|
194
|
+
&format!("Wrong secret key formar (not pkcs8?) ({})", e.to_string()),
|
|
195
|
+
)
|
|
196
|
+
})
|
|
197
|
+
.unwrap()
|
|
198
|
+
.ec_key()
|
|
199
|
+
.map_err(|e| {
|
|
200
|
+
VM::raise(
|
|
201
|
+
Class::from_existing("ArgumentError"),
|
|
202
|
+
&format!("Can't extract EC key ({})", e.to_string()),
|
|
203
|
+
)
|
|
204
|
+
})
|
|
205
|
+
.unwrap();
|
|
206
|
+
|
|
207
|
+
let holder = capbac::Holder::new(me, sk);
|
|
167
208
|
|
|
168
209
|
Class::from_existing("CapBAC")
|
|
169
210
|
.get_nested_class("Holder")
|
|
170
211
|
.wrap_data(holder, &*HOLDER_WRAPPER)
|
|
171
212
|
}
|
|
172
213
|
|
|
173
|
-
fn ruby_holder_forge(options: Hash) ->
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
}
|
|
177
|
-
|
|
178
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
|
179
|
-
|
|
214
|
+
fn ruby_holder_forge(options: Hash) -> RString {
|
|
215
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
|
216
|
+
let options = options_to_cert_blueprint(ruby_options);
|
|
180
217
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
|
218
|
+
|
|
181
219
|
let cert = holder.forge(options).unwrap();
|
|
182
220
|
|
|
183
|
-
|
|
184
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
|
185
|
-
res.push(Fixnum::new(i64::from(*item)));
|
|
186
|
-
};
|
|
187
|
-
res
|
|
221
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
|
188
222
|
}
|
|
189
223
|
|
|
190
|
-
fn ruby_holder_delegate(cert:
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
}
|
|
194
|
-
|
|
195
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
|
224
|
+
fn ruby_holder_delegate(cert: ASCIIRString, options: Hash) -> RString {
|
|
225
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
|
226
|
+
let options = options_to_cert_blueprint(ruby_options);
|
|
196
227
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
|
197
|
-
|
|
228
|
+
|
|
229
|
+
let cert_content = Vec::from(cert.map_err(VM::raise_ex).unwrap());
|
|
230
|
+
|
|
231
|
+
let mut cert = capbac::proto::Certificate::new();
|
|
232
|
+
cert.merge_from_bytes(&cert_content).unwrap();
|
|
198
233
|
|
|
199
234
|
let cert = holder.delegate(cert, options).unwrap();
|
|
200
|
-
let mut res = Array::new();
|
|
201
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
|
202
|
-
res.push(Fixnum::new(i64::from(*item)));
|
|
203
|
-
};
|
|
204
|
-
res
|
|
205
|
-
}
|
|
206
235
|
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
|
|
210
|
-
}
|
|
236
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
|
237
|
+
}
|
|
211
238
|
|
|
212
|
-
|
|
239
|
+
fn ruby_holder_invoke(options: Hash) -> RString {
|
|
240
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
|
241
|
+
let options = options_to_invoke_blueprint(ruby_options);
|
|
213
242
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
|
214
243
|
|
|
215
244
|
let invocation = holder.invoke(options).unwrap();
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
res.push(Fixnum::new(i64::from(*item)));
|
|
219
|
-
};
|
|
220
|
-
res
|
|
245
|
+
|
|
246
|
+
RString::from_bytes(&invocation.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
|
221
247
|
}
|
|
222
248
|
);
|
|
223
249
|
|
|
@@ -230,7 +256,7 @@ impl IntValidator {
|
|
|
230
256
|
fn new(trust_checker: AnyObject, pubs: AnyObject) -> Self {
|
|
231
257
|
IntValidator {
|
|
232
258
|
trust_checker,
|
|
233
|
-
pubs
|
|
259
|
+
pubs,
|
|
234
260
|
}
|
|
235
261
|
}
|
|
236
262
|
}
|
|
@@ -239,30 +265,36 @@ impl capbac::TrustChecker for IntValidator {
|
|
|
239
265
|
fn is_trusted(&self, id: &Url) -> bool {
|
|
240
266
|
let args = vec![URI::from(id).to_any_object()];
|
|
241
267
|
self.trust_checker
|
|
242
|
-
.
|
|
268
|
+
.protect_send("trusted?", &args)
|
|
269
|
+
.map_err(VM::raise_ex)
|
|
270
|
+
.unwrap()
|
|
243
271
|
.try_convert_to::<Boolean>()
|
|
244
|
-
.
|
|
272
|
+
.unwrap_or_else(|_| Boolean::new(false))
|
|
245
273
|
.to_bool()
|
|
246
274
|
}
|
|
247
275
|
}
|
|
248
276
|
|
|
249
277
|
impl capbac::Pubs for IntValidator {
|
|
250
278
|
fn get(&self, id: &Url) -> Option<EcKey<Public>> {
|
|
251
|
-
let
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
279
|
+
let args = [URI::from(id).to_any_object()];
|
|
280
|
+
let res = self
|
|
281
|
+
.pubs
|
|
282
|
+
.protect_send("get", &args)
|
|
283
|
+
.map_err(VM::raise_ex)
|
|
284
|
+
.unwrap()
|
|
285
|
+
.try_convert_to::<RString>();
|
|
286
|
+
|
|
287
|
+
match res {
|
|
288
|
+
Ok(pk) => {
|
|
289
|
+
Some(
|
|
290
|
+
PKey::public_key_from_pem(&pk.to_string_unchecked().as_bytes())
|
|
291
|
+
.unwrap()
|
|
292
|
+
.ec_key()
|
|
293
|
+
.unwrap(),
|
|
294
|
+
)
|
|
261
295
|
}
|
|
262
|
-
|
|
263
|
-
pk_content.push(n.unwrap().to_i64() as u8);
|
|
296
|
+
Err(_) => None
|
|
264
297
|
}
|
|
265
|
-
Some(PKey::public_key_from_der(&pk_content).unwrap().ec_key().unwrap())
|
|
266
298
|
}
|
|
267
299
|
}
|
|
268
300
|
|
|
@@ -285,56 +317,48 @@ methods!(
|
|
|
285
317
|
.wrap_data(validator, &*INT_VALIDATOR_WRAPPER)
|
|
286
318
|
}
|
|
287
319
|
|
|
288
|
-
fn ruby_validator_validate_cert(cert:
|
|
289
|
-
|
|
290
|
-
VM::
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
if let Err(ref error) = now {
|
|
294
|
-
VM::raise(error.class(), &error.to_string());
|
|
295
|
-
}
|
|
296
|
-
|
|
297
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
|
298
|
-
for n in cert.unwrap().into_iter() {
|
|
299
|
-
let n = n.try_convert_to::<Fixnum>();
|
|
320
|
+
fn ruby_validator_validate_cert(cert: RString, now: Fixnum) -> Boolean {
|
|
321
|
+
let ruby_cert = cert
|
|
322
|
+
.map_err(VM::raise_ex)
|
|
323
|
+
.unwrap()
|
|
324
|
+
.to_string_unchecked();
|
|
300
325
|
|
|
301
|
-
if let Err(ref error) = n {
|
|
302
|
-
VM::raise(error.class(), &error.to_string());
|
|
303
|
-
}
|
|
304
|
-
|
|
305
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
|
306
|
-
}
|
|
307
326
|
let mut cert = capbac::proto::Certificate::new();
|
|
308
|
-
cert.merge_from_bytes(&
|
|
327
|
+
cert.merge_from_bytes(&ruby_cert.as_bytes()).unwrap();
|
|
309
328
|
|
|
310
|
-
let now = now.unwrap().to_i64() as u64;
|
|
329
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
|
311
330
|
|
|
312
331
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
|
313
332
|
let validator = capbac::Validator::new(x, x);
|
|
314
333
|
|
|
315
334
|
match validator.validate_cert(&cert, now) {
|
|
316
335
|
Result::Ok(_) => Boolean::new(true),
|
|
317
|
-
Err(x) =>
|
|
336
|
+
Err(x) => {
|
|
318
337
|
let capbac_class = Class::from_existing("CapBAC");
|
|
319
338
|
match x {
|
|
320
|
-
capbac::ValidateError::Malformed { .. } =>
|
|
321
|
-
|
|
322
|
-
|
|
339
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
|
340
|
+
capbac_class.get_nested_class("Malformed"),
|
|
341
|
+
&format!("{}", x),
|
|
342
|
+
),
|
|
323
343
|
capbac::ValidateError::BadURL { .. } => {
|
|
324
344
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
|
325
|
-
}
|
|
326
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
}
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
345
|
+
}
|
|
346
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
|
347
|
+
capbac_class.get_nested_class("UnknownPub"),
|
|
348
|
+
&format!("{}", x),
|
|
349
|
+
),
|
|
350
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
|
351
|
+
capbac_class.get_nested_class("BadIssuer"),
|
|
352
|
+
&format!("{}", x),
|
|
353
|
+
),
|
|
354
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
|
355
|
+
capbac_class.get_nested_class("BadInvoker"),
|
|
356
|
+
&format!("{}", x),
|
|
357
|
+
),
|
|
358
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
|
359
|
+
capbac_class.get_nested_class("Untrusted"),
|
|
360
|
+
&format!("{}", x),
|
|
361
|
+
),
|
|
338
362
|
capbac::ValidateError::Expired => {
|
|
339
363
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
|
340
364
|
}
|
|
@@ -347,56 +371,50 @@ methods!(
|
|
|
347
371
|
}
|
|
348
372
|
}
|
|
349
373
|
|
|
350
|
-
fn ruby_validator_validate_invocation(invocation:
|
|
351
|
-
|
|
352
|
-
VM::
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
if let Err(ref error) = now {
|
|
356
|
-
VM::raise(error.class(), &error.to_string());
|
|
357
|
-
}
|
|
358
|
-
|
|
359
|
-
let mut invocation_content: Vec<u8> = Vec::new();
|
|
360
|
-
for n in invocation.unwrap().into_iter() {
|
|
361
|
-
let n = n.try_convert_to::<Fixnum>();
|
|
362
|
-
|
|
363
|
-
if let Err(ref error) = n {
|
|
364
|
-
VM::raise(error.class(), &error.to_string());
|
|
365
|
-
}
|
|
374
|
+
fn ruby_validator_validate_invocation(invocation: RString, now: Fixnum) -> Boolean {
|
|
375
|
+
let ruby_invocation = invocation
|
|
376
|
+
.map_err(VM::raise_ex)
|
|
377
|
+
.unwrap()
|
|
378
|
+
.to_string_unchecked();
|
|
366
379
|
|
|
367
|
-
invocation_content.push(n.unwrap().to_i64() as u8);
|
|
368
|
-
}
|
|
369
380
|
let mut invocation = capbac::proto::Invocation::new();
|
|
370
|
-
invocation
|
|
381
|
+
invocation
|
|
382
|
+
.merge_from_bytes(&ruby_invocation.as_bytes())
|
|
383
|
+
.unwrap();
|
|
371
384
|
|
|
372
|
-
let now = now.unwrap().to_i64() as u64;
|
|
385
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
|
373
386
|
|
|
374
387
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
|
375
388
|
let validator = capbac::Validator::new(x, x);
|
|
376
389
|
|
|
377
390
|
match validator.validate_invocation(&invocation, now) {
|
|
378
391
|
Result::Ok(_) => Boolean::new(true),
|
|
379
|
-
Err(x) =>
|
|
392
|
+
Err(x) => {
|
|
380
393
|
let capbac_class = Class::from_existing("CapBAC");
|
|
381
394
|
match x {
|
|
382
|
-
capbac::ValidateError::Malformed { .. } =>
|
|
383
|
-
|
|
384
|
-
|
|
395
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
|
396
|
+
capbac_class.get_nested_class("Malformed"),
|
|
397
|
+
&format!("{}", x),
|
|
398
|
+
),
|
|
385
399
|
capbac::ValidateError::BadURL { .. } => {
|
|
386
400
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
|
387
|
-
}
|
|
388
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
}
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
401
|
+
}
|
|
402
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
|
403
|
+
capbac_class.get_nested_class("UnknownPub"),
|
|
404
|
+
&format!("{}", x),
|
|
405
|
+
),
|
|
406
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
|
407
|
+
capbac_class.get_nested_class("BadIssuer"),
|
|
408
|
+
&format!("{}", x),
|
|
409
|
+
),
|
|
410
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
|
411
|
+
capbac_class.get_nested_class("BadInvoker"),
|
|
412
|
+
&format!("{}", x),
|
|
413
|
+
),
|
|
414
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
|
415
|
+
capbac_class.get_nested_class("Untrusted"),
|
|
416
|
+
&format!("{}", x),
|
|
417
|
+
),
|
|
400
418
|
capbac::ValidateError::Expired => {
|
|
401
419
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
|
402
420
|
}
|
|
@@ -407,7 +425,6 @@ methods!(
|
|
|
407
425
|
Boolean::new(false)
|
|
408
426
|
}
|
|
409
427
|
}
|
|
410
|
-
|
|
411
428
|
}
|
|
412
429
|
);
|
|
413
430
|
|
|
@@ -422,10 +439,12 @@ pub extern "C" fn Init_capbac() {
|
|
|
422
439
|
itself.def("invoke", ruby_holder_invoke);
|
|
423
440
|
});
|
|
424
441
|
|
|
425
|
-
itself
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
442
|
+
itself
|
|
443
|
+
.define_nested_class("Validator", None)
|
|
444
|
+
.define(|itself| {
|
|
445
|
+
itself.def_self("new", ruby_validator_new);
|
|
446
|
+
itself.def("validate_cert", ruby_validator_validate_cert);
|
|
447
|
+
itself.def("validate_invocation", ruby_validator_validate_invocation);
|
|
448
|
+
});
|
|
430
449
|
});
|
|
431
450
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: capbac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kirill Chernyshov
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thermite
|