capbac 0.2.1 → 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Cargo.toml +4 -3
- data/lib/capbac/version.rb +1 -1
- data/lib/capbac_ruby.so +0 -0
- data/src/lib.rs +242 -223
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: adda2cca9f2268e6630ebcf446a122a16f47af4cb8e8da244ec02dcc29ecacee
|
4
|
+
data.tar.gz: cd4d014f2e6f2e33e29be3084dc061cf4a24766bc486234e077916f786c8a430
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7a9e336f88154e277e3f98add0f0b1312ef7b6963602f47e02bfcac32c248624811600ce33cbcfc391e2780c3a8d687eefda388cb80f7e3f1e29ad9c19cf1a88
|
7
|
+
data.tar.gz: d78605c676018174d3af5ffee304d8d4a60e3f4bef9891e238478c08ddb34c34d16a9253e465163086f6493eb75ad71a029a16c683c828d36fe780416278c163
|
data/Cargo.toml
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
[package]
|
2
2
|
name = "capbac-ruby"
|
3
|
-
version = "0.
|
3
|
+
version = "0.3.0"
|
4
4
|
authors = ["Kirill Chernyshov <delaguardo@gmail.com>"]
|
5
5
|
edition = "2018"
|
6
6
|
|
@@ -8,9 +8,10 @@ edition = "2018"
|
|
8
8
|
crate-type = ["cdylib"]
|
9
9
|
|
10
10
|
[dependencies]
|
11
|
-
rutie = "0.
|
11
|
+
rutie = "0.8.0"
|
12
12
|
url = "2.1"
|
13
13
|
openssl = "0.10"
|
14
|
+
ring = "0.16.15"
|
14
15
|
lazy_static = "1"
|
15
16
|
protobuf = "2.16.2"
|
16
|
-
capbac = "0.
|
17
|
+
capbac = "0.3.0"
|
data/lib/capbac/version.rb
CHANGED
data/lib/capbac_ruby.so
CHANGED
Binary file
|
data/src/lib.rs
CHANGED
@@ -1,20 +1,69 @@
|
|
1
|
-
#[macro_use]
|
2
|
-
|
1
|
+
#[macro_use]
|
2
|
+
extern crate rutie;
|
3
|
+
#[macro_use]
|
4
|
+
extern crate lazy_static;
|
3
5
|
|
4
|
-
use rutie::{Module, Class, RString, Object, AnyObject, Array,
|
5
|
-
Fixnum, Hash, Symbol, VM, Boolean, GC, VerifiedObject};
|
6
6
|
use capbac::{CertificateBlueprint, InvokeBlueprint};
|
7
|
+
use openssl::{
|
8
|
+
ec::{EcKey, EcGroup},
|
9
|
+
pkey::{PKey, Public},
|
10
|
+
};
|
11
|
+
use openssl::nid::Nid;
|
12
|
+
use protobuf::Message;
|
13
|
+
use rutie::{
|
14
|
+
AnyObject, Boolean, Class, Encoding, Fixnum, Hash, Module, Object, RString, Symbol,
|
15
|
+
VerifiedObject, GC, VM, Array,
|
16
|
+
};
|
17
|
+
use std::{fmt, str};
|
7
18
|
use url::Url;
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
19
|
+
|
20
|
+
class!(ASCIIRString);
|
21
|
+
|
22
|
+
impl VerifiedObject for ASCIIRString {
|
23
|
+
fn is_correct_type<T: Object>(object: &T) -> bool {
|
24
|
+
object
|
25
|
+
.class()
|
26
|
+
.ancestors()
|
27
|
+
.iter()
|
28
|
+
.any(|class| *class == Class::from_existing("String"))
|
29
|
+
}
|
30
|
+
|
31
|
+
fn error_message() -> &'static str {
|
32
|
+
"Error converting to ASCII String"
|
33
|
+
}
|
34
|
+
}
|
35
|
+
|
36
|
+
impl From<ASCIIRString> for Vec<u8> {
|
37
|
+
fn from(rstring: ASCIIRString) -> Self {
|
38
|
+
let bytes = rstring
|
39
|
+
.protect_send("bytes", &[])
|
40
|
+
.map_err(VM::raise_ex)
|
41
|
+
.unwrap()
|
42
|
+
.try_convert_to::<Array>()
|
43
|
+
.map_err(VM::raise_ex)
|
44
|
+
.unwrap();
|
45
|
+
|
46
|
+
let mut res = Vec::new();
|
47
|
+
|
48
|
+
for n in bytes.into_iter() {
|
49
|
+
let n = n.try_convert_to::<Fixnum>()
|
50
|
+
.map_err(|e| VM::raise_ex(e))
|
51
|
+
.unwrap();
|
52
|
+
|
53
|
+
res.push(n.to_i64() as u8);
|
54
|
+
}
|
55
|
+
res
|
56
|
+
}
|
57
|
+
}
|
12
58
|
|
13
59
|
class!(URI);
|
14
60
|
|
15
61
|
impl VerifiedObject for URI {
|
16
62
|
fn is_correct_type<T: Object>(object: &T) -> bool {
|
17
|
-
object
|
63
|
+
object
|
64
|
+
.class()
|
65
|
+
.ancestors()
|
66
|
+
.iter()
|
18
67
|
.any(|class| *class == Class::from_existing("URI"))
|
19
68
|
}
|
20
69
|
|
@@ -25,108 +74,98 @@ impl VerifiedObject for URI {
|
|
25
74
|
|
26
75
|
impl fmt::Display for URI {
|
27
76
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
28
|
-
let s = self
|
77
|
+
let s = self
|
78
|
+
.protect_send("to_s", &[])
|
79
|
+
.map_err(VM::raise_ex)
|
80
|
+
.unwrap()
|
81
|
+
.try_convert_to::<RString>()
|
82
|
+
.map_err(VM::raise_ex)
|
83
|
+
.unwrap()
|
84
|
+
.to_string();
|
29
85
|
write!(f, "{}", s)
|
30
86
|
}
|
31
87
|
}
|
32
88
|
|
33
89
|
impl From<&Url> for URI {
|
34
90
|
fn from(url: &Url) -> Self {
|
35
|
-
|
91
|
+
let args = [RString::new_utf8(&url.clone().to_string()).to_any_object()];
|
92
|
+
Class::from_existing("URI")
|
93
|
+
.protect_send("parse", &args)
|
94
|
+
.map_err(VM::raise_ex)
|
95
|
+
.unwrap()
|
96
|
+
.try_convert_to::<URI>()
|
97
|
+
.map_err(VM::raise_ex)
|
98
|
+
.unwrap()
|
36
99
|
}
|
37
100
|
}
|
38
101
|
|
39
102
|
impl From<URI> for Url {
|
40
103
|
fn from(uri: URI) -> Self {
|
41
|
-
Url::parse(&uri.to_string())
|
104
|
+
Url::parse(&uri.to_string())
|
105
|
+
.map_err(|_e| {
|
106
|
+
VM::raise(
|
107
|
+
Class::from_existing("URI").get_nested_class("InvalidURIError"),
|
108
|
+
&format!("bad URI(is not URI?): {}", uri.to_string()),
|
109
|
+
)
|
110
|
+
})
|
111
|
+
.unwrap()
|
42
112
|
}
|
43
113
|
}
|
44
114
|
|
115
|
+
// TODO CertificateBlueprint -> Result<CertificateBlueprint, Error>
|
45
116
|
fn options_to_cert_blueprint(options: Hash) -> CertificateBlueprint {
|
46
117
|
let subject = options
|
47
118
|
.at(&Symbol::new("subject"))
|
48
|
-
.try_convert_to::<URI>()
|
119
|
+
.try_convert_to::<URI>()
|
120
|
+
.map_err(VM::raise_ex)
|
121
|
+
.unwrap();
|
49
122
|
|
50
|
-
|
51
|
-
VM::raise(Class::from_existing("ArgumentError"), "Subject must be an instance of URI");
|
52
|
-
}
|
53
|
-
|
54
|
-
let subject = Url::from(subject.unwrap());
|
123
|
+
let subject = Url::from(subject);
|
55
124
|
|
56
125
|
let capability = options
|
57
126
|
.at(&Symbol::new("capability"))
|
58
|
-
.try_convert_to::<RString>()
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
}
|
63
|
-
|
64
|
-
let capability = capability
|
65
|
-
.unwrap().to_string()
|
127
|
+
.try_convert_to::<RString>()
|
128
|
+
.map_err(VM::raise_ex)
|
129
|
+
.unwrap()
|
130
|
+
.to_string()
|
66
131
|
.into_bytes();
|
67
132
|
|
68
133
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
69
134
|
Ok(x) => Some(x.to_i64() as u64),
|
70
|
-
_ => None
|
135
|
+
_ => None,
|
71
136
|
};
|
72
137
|
|
73
138
|
CertificateBlueprint {
|
74
139
|
subject,
|
75
140
|
capability,
|
76
|
-
exp
|
77
|
-
}
|
78
|
-
}
|
79
|
-
|
80
|
-
fn array_to_cert(array: Array) -> capbac::proto::Certificate {
|
81
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
82
|
-
for n in array.into_iter() {
|
83
|
-
let n = n.try_convert_to::<Fixnum>();
|
84
|
-
|
85
|
-
if let Err(ref error) = n {
|
86
|
-
VM::raise(error.class(), &error.to_string());
|
87
|
-
}
|
88
|
-
|
89
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
141
|
+
exp,
|
90
142
|
}
|
91
|
-
let mut cert = capbac::proto::Certificate::new();
|
92
|
-
cert.merge_from_bytes(&cert_content).unwrap();
|
93
|
-
cert
|
94
143
|
}
|
95
144
|
|
96
145
|
fn options_to_invoke_blueprint(options: Hash) -> InvokeBlueprint {
|
97
|
-
|
98
146
|
let cert_content = options
|
99
147
|
.at(&Symbol::new("cert"))
|
100
|
-
.try_convert_to::<
|
101
|
-
|
102
|
-
|
103
|
-
VM::raise(Class::from_existing("ArgumentError"), "Certificate must be an array");
|
104
|
-
}
|
148
|
+
.try_convert_to::<ASCIIRString>()
|
149
|
+
.map_err(VM::raise_ex)
|
150
|
+
.unwrap();
|
105
151
|
|
106
|
-
let cert =
|
152
|
+
let mut cert = capbac::proto::Certificate::new();
|
153
|
+
cert.merge_from_bytes(&Vec::from(cert_content)).unwrap();
|
107
154
|
|
108
155
|
let action = options
|
109
156
|
.at(&Symbol::new("action"))
|
110
|
-
.try_convert_to::<RString>()
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
}
|
115
|
-
|
116
|
-
let action = action
|
117
|
-
.unwrap().to_string()
|
157
|
+
.try_convert_to::<RString>()
|
158
|
+
.map_err(VM::raise_ex)
|
159
|
+
.unwrap()
|
160
|
+
.to_string()
|
118
161
|
.into_bytes();
|
119
162
|
|
120
163
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
121
164
|
Ok(x) => Some(x.to_i64() as u64),
|
122
|
-
_ => None
|
165
|
+
_ => None,
|
123
166
|
};
|
124
167
|
|
125
|
-
InvokeBlueprint {
|
126
|
-
cert,
|
127
|
-
action,
|
128
|
-
exp
|
129
|
-
}
|
168
|
+
InvokeBlueprint { cert, action, exp }
|
130
169
|
}
|
131
170
|
|
132
171
|
wrappable_struct!(capbac::Holder, HolderWrapper, HOLDER_WRAPPER);
|
@@ -137,87 +176,74 @@ methods!(
|
|
137
176
|
Holder,
|
138
177
|
itself,
|
139
178
|
|
140
|
-
fn ruby_holder_new(me: URI, sk:
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
179
|
+
fn ruby_holder_new(me: URI, sk: RString) -> AnyObject {
|
180
|
+
let ruby_me = me.map_err(VM::raise_ex).unwrap().to_string();
|
181
|
+
|
182
|
+
let ruby_sk = sk
|
183
|
+
.map_err(VM::raise_ex)
|
184
|
+
.unwrap()
|
185
|
+
.to_string_unchecked();
|
186
|
+
|
187
|
+
let me = Url::parse(&ruby_me)
|
188
|
+
.map_err(|e| VM::raise(Class::from_existing("ArgumentError"), &e.to_string()))
|
189
|
+
.unwrap();
|
190
|
+
let sk = PKey::private_key_from_pem(&ruby_sk.as_bytes())
|
191
|
+
.map_err(|e| {
|
192
|
+
VM::raise(
|
193
|
+
Class::from_existing("ArgumentError"),
|
194
|
+
&format!("Wrong secret key formar (not pkcs8?) ({})", e.to_string()),
|
195
|
+
)
|
196
|
+
})
|
197
|
+
.unwrap()
|
198
|
+
.ec_key()
|
199
|
+
.map_err(|e| {
|
200
|
+
VM::raise(
|
201
|
+
Class::from_existing("ArgumentError"),
|
202
|
+
&format!("Can't extract EC key ({})", e.to_string()),
|
203
|
+
)
|
204
|
+
})
|
205
|
+
.unwrap();
|
206
|
+
|
207
|
+
let holder = capbac::Holder::new(me, sk);
|
167
208
|
|
168
209
|
Class::from_existing("CapBAC")
|
169
210
|
.get_nested_class("Holder")
|
170
211
|
.wrap_data(holder, &*HOLDER_WRAPPER)
|
171
212
|
}
|
172
213
|
|
173
|
-
fn ruby_holder_forge(options: Hash) ->
|
174
|
-
|
175
|
-
|
176
|
-
}
|
177
|
-
|
178
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
179
|
-
|
214
|
+
fn ruby_holder_forge(options: Hash) -> RString {
|
215
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
216
|
+
let options = options_to_cert_blueprint(ruby_options);
|
180
217
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
218
|
+
|
181
219
|
let cert = holder.forge(options).unwrap();
|
182
220
|
|
183
|
-
|
184
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
185
|
-
res.push(Fixnum::new(i64::from(*item)));
|
186
|
-
};
|
187
|
-
res
|
221
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
188
222
|
}
|
189
223
|
|
190
|
-
fn ruby_holder_delegate(cert:
|
191
|
-
|
192
|
-
|
193
|
-
}
|
194
|
-
|
195
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
224
|
+
fn ruby_holder_delegate(cert: ASCIIRString, options: Hash) -> RString {
|
225
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
226
|
+
let options = options_to_cert_blueprint(ruby_options);
|
196
227
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
197
|
-
|
228
|
+
|
229
|
+
let cert_content = Vec::from(cert.map_err(VM::raise_ex).unwrap());
|
230
|
+
|
231
|
+
let mut cert = capbac::proto::Certificate::new();
|
232
|
+
cert.merge_from_bytes(&cert_content).unwrap();
|
198
233
|
|
199
234
|
let cert = holder.delegate(cert, options).unwrap();
|
200
|
-
let mut res = Array::new();
|
201
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
202
|
-
res.push(Fixnum::new(i64::from(*item)));
|
203
|
-
};
|
204
|
-
res
|
205
|
-
}
|
206
235
|
|
207
|
-
|
208
|
-
|
209
|
-
VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
|
210
|
-
}
|
236
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
237
|
+
}
|
211
238
|
|
212
|
-
|
239
|
+
fn ruby_holder_invoke(options: Hash) -> RString {
|
240
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
241
|
+
let options = options_to_invoke_blueprint(ruby_options);
|
213
242
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
214
243
|
|
215
244
|
let invocation = holder.invoke(options).unwrap();
|
216
|
-
|
217
|
-
|
218
|
-
res.push(Fixnum::new(i64::from(*item)));
|
219
|
-
};
|
220
|
-
res
|
245
|
+
|
246
|
+
RString::from_bytes(&invocation.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
221
247
|
}
|
222
248
|
);
|
223
249
|
|
@@ -230,7 +256,7 @@ impl IntValidator {
|
|
230
256
|
fn new(trust_checker: AnyObject, pubs: AnyObject) -> Self {
|
231
257
|
IntValidator {
|
232
258
|
trust_checker,
|
233
|
-
pubs
|
259
|
+
pubs,
|
234
260
|
}
|
235
261
|
}
|
236
262
|
}
|
@@ -239,30 +265,36 @@ impl capbac::TrustChecker for IntValidator {
|
|
239
265
|
fn is_trusted(&self, id: &Url) -> bool {
|
240
266
|
let args = vec![URI::from(id).to_any_object()];
|
241
267
|
self.trust_checker
|
242
|
-
.
|
268
|
+
.protect_send("trusted?", &args)
|
269
|
+
.map_err(VM::raise_ex)
|
270
|
+
.unwrap()
|
243
271
|
.try_convert_to::<Boolean>()
|
244
|
-
.
|
272
|
+
.unwrap_or_else(|_| Boolean::new(false))
|
245
273
|
.to_bool()
|
246
274
|
}
|
247
275
|
}
|
248
276
|
|
249
277
|
impl capbac::Pubs for IntValidator {
|
250
278
|
fn get(&self, id: &Url) -> Option<EcKey<Public>> {
|
251
|
-
let
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
279
|
+
let args = [URI::from(id).to_any_object()];
|
280
|
+
let res = self
|
281
|
+
.pubs
|
282
|
+
.protect_send("get", &args)
|
283
|
+
.map_err(VM::raise_ex)
|
284
|
+
.unwrap()
|
285
|
+
.try_convert_to::<RString>();
|
286
|
+
|
287
|
+
match res {
|
288
|
+
Ok(pk) => {
|
289
|
+
Some(
|
290
|
+
PKey::public_key_from_pem(&pk.to_string_unchecked().as_bytes())
|
291
|
+
.unwrap()
|
292
|
+
.ec_key()
|
293
|
+
.unwrap(),
|
294
|
+
)
|
261
295
|
}
|
262
|
-
|
263
|
-
pk_content.push(n.unwrap().to_i64() as u8);
|
296
|
+
Err(_) => None
|
264
297
|
}
|
265
|
-
Some(PKey::public_key_from_der(&pk_content).unwrap().ec_key().unwrap())
|
266
298
|
}
|
267
299
|
}
|
268
300
|
|
@@ -285,56 +317,48 @@ methods!(
|
|
285
317
|
.wrap_data(validator, &*INT_VALIDATOR_WRAPPER)
|
286
318
|
}
|
287
319
|
|
288
|
-
fn ruby_validator_validate_cert(cert:
|
289
|
-
|
290
|
-
VM::
|
291
|
-
|
292
|
-
|
293
|
-
if let Err(ref error) = now {
|
294
|
-
VM::raise(error.class(), &error.to_string());
|
295
|
-
}
|
296
|
-
|
297
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
298
|
-
for n in cert.unwrap().into_iter() {
|
299
|
-
let n = n.try_convert_to::<Fixnum>();
|
320
|
+
fn ruby_validator_validate_cert(cert: RString, now: Fixnum) -> Boolean {
|
321
|
+
let ruby_cert = cert
|
322
|
+
.map_err(VM::raise_ex)
|
323
|
+
.unwrap()
|
324
|
+
.to_string_unchecked();
|
300
325
|
|
301
|
-
if let Err(ref error) = n {
|
302
|
-
VM::raise(error.class(), &error.to_string());
|
303
|
-
}
|
304
|
-
|
305
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
306
|
-
}
|
307
326
|
let mut cert = capbac::proto::Certificate::new();
|
308
|
-
cert.merge_from_bytes(&
|
327
|
+
cert.merge_from_bytes(&ruby_cert.as_bytes()).unwrap();
|
309
328
|
|
310
|
-
let now = now.unwrap().to_i64() as u64;
|
329
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
311
330
|
|
312
331
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
313
332
|
let validator = capbac::Validator::new(x, x);
|
314
333
|
|
315
334
|
match validator.validate_cert(&cert, now) {
|
316
335
|
Result::Ok(_) => Boolean::new(true),
|
317
|
-
Err(x) =>
|
336
|
+
Err(x) => {
|
318
337
|
let capbac_class = Class::from_existing("CapBAC");
|
319
338
|
match x {
|
320
|
-
capbac::ValidateError::Malformed { .. } =>
|
321
|
-
|
322
|
-
|
339
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
340
|
+
capbac_class.get_nested_class("Malformed"),
|
341
|
+
&format!("{}", x),
|
342
|
+
),
|
323
343
|
capbac::ValidateError::BadURL { .. } => {
|
324
344
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
325
|
-
}
|
326
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
327
|
-
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
|
334
|
-
}
|
335
|
-
|
336
|
-
|
337
|
-
|
345
|
+
}
|
346
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
347
|
+
capbac_class.get_nested_class("UnknownPub"),
|
348
|
+
&format!("{}", x),
|
349
|
+
),
|
350
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
351
|
+
capbac_class.get_nested_class("BadIssuer"),
|
352
|
+
&format!("{}", x),
|
353
|
+
),
|
354
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
355
|
+
capbac_class.get_nested_class("BadInvoker"),
|
356
|
+
&format!("{}", x),
|
357
|
+
),
|
358
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
359
|
+
capbac_class.get_nested_class("Untrusted"),
|
360
|
+
&format!("{}", x),
|
361
|
+
),
|
338
362
|
capbac::ValidateError::Expired => {
|
339
363
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
340
364
|
}
|
@@ -347,56 +371,50 @@ methods!(
|
|
347
371
|
}
|
348
372
|
}
|
349
373
|
|
350
|
-
fn ruby_validator_validate_invocation(invocation:
|
351
|
-
|
352
|
-
VM::
|
353
|
-
|
354
|
-
|
355
|
-
if let Err(ref error) = now {
|
356
|
-
VM::raise(error.class(), &error.to_string());
|
357
|
-
}
|
358
|
-
|
359
|
-
let mut invocation_content: Vec<u8> = Vec::new();
|
360
|
-
for n in invocation.unwrap().into_iter() {
|
361
|
-
let n = n.try_convert_to::<Fixnum>();
|
362
|
-
|
363
|
-
if let Err(ref error) = n {
|
364
|
-
VM::raise(error.class(), &error.to_string());
|
365
|
-
}
|
374
|
+
fn ruby_validator_validate_invocation(invocation: RString, now: Fixnum) -> Boolean {
|
375
|
+
let ruby_invocation = invocation
|
376
|
+
.map_err(VM::raise_ex)
|
377
|
+
.unwrap()
|
378
|
+
.to_string_unchecked();
|
366
379
|
|
367
|
-
invocation_content.push(n.unwrap().to_i64() as u8);
|
368
|
-
}
|
369
380
|
let mut invocation = capbac::proto::Invocation::new();
|
370
|
-
invocation
|
381
|
+
invocation
|
382
|
+
.merge_from_bytes(&ruby_invocation.as_bytes())
|
383
|
+
.unwrap();
|
371
384
|
|
372
|
-
let now = now.unwrap().to_i64() as u64;
|
385
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
373
386
|
|
374
387
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
375
388
|
let validator = capbac::Validator::new(x, x);
|
376
389
|
|
377
390
|
match validator.validate_invocation(&invocation, now) {
|
378
391
|
Result::Ok(_) => Boolean::new(true),
|
379
|
-
Err(x) =>
|
392
|
+
Err(x) => {
|
380
393
|
let capbac_class = Class::from_existing("CapBAC");
|
381
394
|
match x {
|
382
|
-
capbac::ValidateError::Malformed { .. } =>
|
383
|
-
|
384
|
-
|
395
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
396
|
+
capbac_class.get_nested_class("Malformed"),
|
397
|
+
&format!("{}", x),
|
398
|
+
),
|
385
399
|
capbac::ValidateError::BadURL { .. } => {
|
386
400
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
387
|
-
}
|
388
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
}
|
397
|
-
|
398
|
-
|
399
|
-
|
401
|
+
}
|
402
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
403
|
+
capbac_class.get_nested_class("UnknownPub"),
|
404
|
+
&format!("{}", x),
|
405
|
+
),
|
406
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
407
|
+
capbac_class.get_nested_class("BadIssuer"),
|
408
|
+
&format!("{}", x),
|
409
|
+
),
|
410
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
411
|
+
capbac_class.get_nested_class("BadInvoker"),
|
412
|
+
&format!("{}", x),
|
413
|
+
),
|
414
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
415
|
+
capbac_class.get_nested_class("Untrusted"),
|
416
|
+
&format!("{}", x),
|
417
|
+
),
|
400
418
|
capbac::ValidateError::Expired => {
|
401
419
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
402
420
|
}
|
@@ -407,7 +425,6 @@ methods!(
|
|
407
425
|
Boolean::new(false)
|
408
426
|
}
|
409
427
|
}
|
410
|
-
|
411
428
|
}
|
412
429
|
);
|
413
430
|
|
@@ -422,10 +439,12 @@ pub extern "C" fn Init_capbac() {
|
|
422
439
|
itself.def("invoke", ruby_holder_invoke);
|
423
440
|
});
|
424
441
|
|
425
|
-
itself
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
442
|
+
itself
|
443
|
+
.define_nested_class("Validator", None)
|
444
|
+
.define(|itself| {
|
445
|
+
itself.def_self("new", ruby_validator_new);
|
446
|
+
itself.def("validate_cert", ruby_validator_validate_cert);
|
447
|
+
itself.def("validate_invocation", ruby_validator_validate_invocation);
|
448
|
+
});
|
430
449
|
});
|
431
450
|
}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: capbac
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kirill Chernyshov
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thermite
|