capbac 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Cargo.toml +1 -1
- data/lib/capbac/version.rb +1 -1
- data/lib/capbac_ruby.so +0 -0
- data/src/lib.rs +232 -243
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 44848813257e696a0d0aa3ee32740481dced5a2400821e69a4fe31b130e60476
|
4
|
+
data.tar.gz: 9e7bc540cba3a4a0be51ed7d91f06455f493dbae694b5a003716d75143196bb5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3a05e44960b0368b3fa77def316ead43fd2aef59586ae5900e738b0b1f4f5329fba514270a52cd565301a60ec6c3e1d99cfe596bb52eaa667cd13da6c28999b2
|
7
|
+
data.tar.gz: 1a30dc257457acd1bb747ab6a4d9452c65d3833aa05459c48a7c61adc73957519516c68e6c21b00683d3ce7f7562cd908ac6542164e9358fa79371babfd7302d
|
data/Cargo.toml
CHANGED
data/lib/capbac/version.rb
CHANGED
data/lib/capbac_ruby.so
CHANGED
Binary file
|
data/src/lib.rs
CHANGED
@@ -1,25 +1,33 @@
|
|
1
|
-
#[macro_use]
|
2
|
-
|
1
|
+
#[macro_use]
|
2
|
+
extern crate rutie;
|
3
|
+
#[macro_use]
|
4
|
+
extern crate lazy_static;
|
3
5
|
|
4
|
-
use rutie::{Module, Class, RString, Object, AnyObject, Array,
|
5
|
-
Fixnum, Hash, Symbol, VM, Boolean, GC, VerifiedObject};
|
6
6
|
use capbac::{CertificateBlueprint, InvokeBlueprint};
|
7
|
-
use
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
use
|
12
|
-
|
7
|
+
use openssl::{
|
8
|
+
ec::EcKey,
|
9
|
+
pkey::{PKey, Public},
|
10
|
+
};
|
11
|
+
use protobuf::Message;
|
13
12
|
use ring::{
|
14
13
|
rand,
|
15
|
-
signature::{self,
|
14
|
+
signature::{self, EcdsaKeyPair, KeyPair},
|
16
15
|
};
|
16
|
+
use rutie::{
|
17
|
+
AnyObject, Boolean, Class, Encoding, Fixnum, Hash, Module, Object, RString, Symbol,
|
18
|
+
VerifiedObject, GC, VM,
|
19
|
+
};
|
20
|
+
use std::{fmt, str};
|
21
|
+
use url::Url;
|
17
22
|
|
18
23
|
class!(URI);
|
19
24
|
|
20
25
|
impl VerifiedObject for URI {
|
21
26
|
fn is_correct_type<T: Object>(object: &T) -> bool {
|
22
|
-
object
|
27
|
+
object
|
28
|
+
.class()
|
29
|
+
.ancestors()
|
30
|
+
.iter()
|
23
31
|
.any(|class| *class == Class::from_existing("URI"))
|
24
32
|
}
|
25
33
|
|
@@ -30,108 +38,100 @@ impl VerifiedObject for URI {
|
|
30
38
|
|
31
39
|
impl fmt::Display for URI {
|
32
40
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
33
|
-
let s = self
|
41
|
+
let s = self
|
42
|
+
.protect_send("to_s", &[])
|
43
|
+
.map_err(VM::raise_ex)
|
44
|
+
.unwrap()
|
45
|
+
.try_convert_to::<RString>()
|
46
|
+
.map_err(VM::raise_ex)
|
47
|
+
.unwrap()
|
48
|
+
.to_string();
|
34
49
|
write!(f, "{}", s)
|
35
50
|
}
|
36
51
|
}
|
37
52
|
|
38
53
|
impl From<&Url> for URI {
|
39
54
|
fn from(url: &Url) -> Self {
|
40
|
-
|
55
|
+
let args = [RString::new_utf8(&url.clone().to_string()).to_any_object()];
|
56
|
+
Class::from_existing("URI")
|
57
|
+
.protect_send("parse", &args)
|
58
|
+
.map_err(VM::raise_ex)
|
59
|
+
.unwrap()
|
60
|
+
.try_convert_to::<URI>()
|
61
|
+
.map_err(VM::raise_ex)
|
62
|
+
.unwrap()
|
41
63
|
}
|
42
64
|
}
|
43
65
|
|
44
66
|
impl From<URI> for Url {
|
45
67
|
fn from(uri: URI) -> Self {
|
46
|
-
Url::parse(&uri.to_string())
|
68
|
+
Url::parse(&uri.to_string())
|
69
|
+
.map_err(|_e| {
|
70
|
+
VM::raise(
|
71
|
+
Class::from_existing("URI").get_nested_class("InvalidURIError"),
|
72
|
+
&format!("bad URI(is not URI?): {}", uri.to_string()),
|
73
|
+
)
|
74
|
+
})
|
75
|
+
.unwrap()
|
47
76
|
}
|
48
77
|
}
|
49
78
|
|
79
|
+
// TODO CertificateBlueprint -> Result<CertificateBlueprint, Error>
|
50
80
|
fn options_to_cert_blueprint(options: Hash) -> CertificateBlueprint {
|
51
81
|
let subject = options
|
52
82
|
.at(&Symbol::new("subject"))
|
53
|
-
.try_convert_to::<URI>()
|
83
|
+
.try_convert_to::<URI>()
|
84
|
+
.map_err(VM::raise_ex)
|
85
|
+
.unwrap();
|
54
86
|
|
55
|
-
|
56
|
-
VM::raise(Class::from_existing("ArgumentError"), "Subject must be an instance of URI");
|
57
|
-
}
|
58
|
-
|
59
|
-
let subject = Url::from(subject.unwrap());
|
87
|
+
let subject = Url::from(subject);
|
60
88
|
|
61
89
|
let capability = options
|
62
90
|
.at(&Symbol::new("capability"))
|
63
|
-
.try_convert_to::<RString>()
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
}
|
68
|
-
|
69
|
-
let capability = capability
|
70
|
-
.unwrap().to_string()
|
91
|
+
.try_convert_to::<RString>()
|
92
|
+
.map_err(VM::raise_ex)
|
93
|
+
.unwrap()
|
94
|
+
.to_string()
|
71
95
|
.into_bytes();
|
72
96
|
|
73
97
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
74
98
|
Ok(x) => Some(x.to_i64() as u64),
|
75
|
-
_ => None
|
99
|
+
_ => None,
|
76
100
|
};
|
77
101
|
|
78
102
|
CertificateBlueprint {
|
79
103
|
subject,
|
80
104
|
capability,
|
81
|
-
exp
|
105
|
+
exp,
|
82
106
|
}
|
83
107
|
}
|
84
108
|
|
85
|
-
fn array_to_cert(array: Array) -> capbac::proto::Certificate {
|
86
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
87
|
-
for n in array.into_iter() {
|
88
|
-
let n = n.try_convert_to::<Fixnum>();
|
89
|
-
|
90
|
-
if let Err(ref error) = n {
|
91
|
-
VM::raise(error.class(), &error.to_string());
|
92
|
-
}
|
93
|
-
|
94
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
95
|
-
}
|
96
|
-
let mut cert = capbac::proto::Certificate::new();
|
97
|
-
cert.merge_from_bytes(&cert_content).unwrap();
|
98
|
-
cert
|
99
|
-
}
|
100
|
-
|
101
109
|
fn options_to_invoke_blueprint(options: Hash) -> InvokeBlueprint {
|
102
|
-
|
103
110
|
let cert_content = options
|
104
111
|
.at(&Symbol::new("cert"))
|
105
|
-
.try_convert_to::<
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
112
|
+
.try_convert_to::<RString>()
|
113
|
+
.map_err(VM::raise_ex)
|
114
|
+
.unwrap()
|
115
|
+
.to_string()
|
116
|
+
.into_bytes();
|
110
117
|
|
111
|
-
let cert =
|
118
|
+
let mut cert = capbac::proto::Certificate::new();
|
119
|
+
cert.merge_from_bytes(&cert_content).unwrap();
|
112
120
|
|
113
121
|
let action = options
|
114
122
|
.at(&Symbol::new("action"))
|
115
|
-
.try_convert_to::<RString>()
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
}
|
120
|
-
|
121
|
-
let action = action
|
122
|
-
.unwrap().to_string()
|
123
|
+
.try_convert_to::<RString>()
|
124
|
+
.map_err(VM::raise_ex)
|
125
|
+
.unwrap()
|
126
|
+
.to_string()
|
123
127
|
.into_bytes();
|
124
128
|
|
125
129
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
126
130
|
Ok(x) => Some(x.to_i64() as u64),
|
127
|
-
_ => None
|
131
|
+
_ => None,
|
128
132
|
};
|
129
133
|
|
130
|
-
InvokeBlueprint {
|
131
|
-
cert,
|
132
|
-
action,
|
133
|
-
exp
|
134
|
-
}
|
134
|
+
InvokeBlueprint { cert, action, exp }
|
135
135
|
}
|
136
136
|
|
137
137
|
wrappable_struct!(capbac::Holder, HolderWrapper, HOLDER_WRAPPER);
|
@@ -142,87 +142,74 @@ methods!(
|
|
142
142
|
Holder,
|
143
143
|
itself,
|
144
144
|
|
145
|
-
fn ruby_holder_new(me: URI, sk:
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
145
|
+
fn ruby_holder_new(me: URI, sk: RString) -> AnyObject {
|
146
|
+
let ruby_me = me.map_err(VM::raise_ex).unwrap().to_string();
|
147
|
+
|
148
|
+
let ruby_sk = sk
|
149
|
+
.map_err(VM::raise_ex)
|
150
|
+
.unwrap()
|
151
|
+
.to_string_unchecked();
|
152
|
+
|
153
|
+
let me = Url::parse(&ruby_me)
|
154
|
+
.map_err(|e| VM::raise(Class::from_existing("ArgumentError"), &e.to_string()))
|
155
|
+
.unwrap();
|
156
|
+
let sk = PKey::private_key_from_pkcs8(&ruby_sk.as_bytes())
|
157
|
+
.map_err(|e| {
|
158
|
+
VM::raise(
|
159
|
+
Class::from_existing("ArgumentError"),
|
160
|
+
&format!("Wrong secret key formar (not pkcs8?) ({})", e.to_string()),
|
161
|
+
)
|
162
|
+
})
|
163
|
+
.unwrap()
|
164
|
+
.ec_key()
|
165
|
+
.map_err(|e| {
|
166
|
+
VM::raise(
|
167
|
+
Class::from_existing("ArgumentError"),
|
168
|
+
&format!("Can't extract EC key ({})", e.to_string()),
|
169
|
+
)
|
170
|
+
})
|
171
|
+
.unwrap();
|
172
|
+
|
173
|
+
let holder = capbac::Holder::new(me, sk);
|
172
174
|
|
173
175
|
Class::from_existing("CapBAC")
|
174
176
|
.get_nested_class("Holder")
|
175
177
|
.wrap_data(holder, &*HOLDER_WRAPPER)
|
176
178
|
}
|
177
179
|
|
178
|
-
fn ruby_holder_forge(options: Hash) ->
|
179
|
-
|
180
|
-
|
181
|
-
}
|
182
|
-
|
183
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
184
|
-
|
180
|
+
fn ruby_holder_forge(options: Hash) -> RString {
|
181
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
182
|
+
let options = options_to_cert_blueprint(ruby_options);
|
185
183
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
184
|
+
|
186
185
|
let cert = holder.forge(options).unwrap();
|
187
186
|
|
188
|
-
|
189
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
190
|
-
res.push(Fixnum::new(i64::from(*item)));
|
191
|
-
};
|
192
|
-
res
|
187
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
193
188
|
}
|
194
189
|
|
195
|
-
fn ruby_holder_delegate(cert:
|
196
|
-
|
197
|
-
|
198
|
-
}
|
199
|
-
|
200
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
190
|
+
fn ruby_holder_delegate(cert: RString, options: Hash) -> RString {
|
191
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
192
|
+
let options = options_to_cert_blueprint(ruby_options);
|
201
193
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
202
|
-
|
194
|
+
|
195
|
+
let cert_content = cert.unwrap().to_string_unchecked();
|
196
|
+
|
197
|
+
let mut cert = capbac::proto::Certificate::new();
|
198
|
+
cert.merge_from_bytes(&cert_content.as_bytes()).unwrap();
|
203
199
|
|
204
200
|
let cert = holder.delegate(cert, options).unwrap();
|
205
|
-
let mut res = Array::new();
|
206
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
207
|
-
res.push(Fixnum::new(i64::from(*item)));
|
208
|
-
};
|
209
|
-
res
|
210
|
-
}
|
211
201
|
|
212
|
-
|
213
|
-
|
214
|
-
VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
|
215
|
-
}
|
202
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
203
|
+
}
|
216
204
|
|
217
|
-
|
205
|
+
fn ruby_holder_invoke(options: Hash) -> RString {
|
206
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
207
|
+
let options = options_to_invoke_blueprint(ruby_options);
|
218
208
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
219
209
|
|
220
210
|
let invocation = holder.invoke(options).unwrap();
|
221
|
-
|
222
|
-
|
223
|
-
res.push(Fixnum::new(i64::from(*item)));
|
224
|
-
};
|
225
|
-
res
|
211
|
+
|
212
|
+
RString::from_bytes(&invocation.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
226
213
|
}
|
227
214
|
);
|
228
215
|
|
@@ -235,7 +222,7 @@ impl IntValidator {
|
|
235
222
|
fn new(trust_checker: AnyObject, pubs: AnyObject) -> Self {
|
236
223
|
IntValidator {
|
237
224
|
trust_checker,
|
238
|
-
pubs
|
225
|
+
pubs,
|
239
226
|
}
|
240
227
|
}
|
241
228
|
}
|
@@ -244,30 +231,36 @@ impl capbac::TrustChecker for IntValidator {
|
|
244
231
|
fn is_trusted(&self, id: &Url) -> bool {
|
245
232
|
let args = vec![URI::from(id).to_any_object()];
|
246
233
|
self.trust_checker
|
247
|
-
.
|
234
|
+
.protect_send("trusted?", &args)
|
235
|
+
.map_err(VM::raise_ex)
|
236
|
+
.unwrap()
|
248
237
|
.try_convert_to::<Boolean>()
|
249
|
-
.
|
238
|
+
.unwrap_or_else(|_| Boolean::new(false))
|
250
239
|
.to_bool()
|
251
240
|
}
|
252
241
|
}
|
253
242
|
|
254
243
|
impl capbac::Pubs for IntValidator {
|
255
244
|
fn get(&self, id: &Url) -> Option<EcKey<Public>> {
|
256
|
-
let
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
245
|
+
let args = [URI::from(id).to_any_object()];
|
246
|
+
let res = self
|
247
|
+
.pubs
|
248
|
+
.protect_send("get", &args)
|
249
|
+
.map_err(VM::raise_ex)
|
250
|
+
.unwrap()
|
251
|
+
.try_convert_to::<RString>();
|
252
|
+
|
253
|
+
match res {
|
254
|
+
Ok(pk) => {
|
255
|
+
Some(
|
256
|
+
PKey::public_key_from_der(&pk.to_string_unchecked().as_bytes())
|
257
|
+
.unwrap()
|
258
|
+
.ec_key()
|
259
|
+
.unwrap(),
|
260
|
+
)
|
266
261
|
}
|
267
|
-
|
268
|
-
pk_content.push(n.unwrap().to_i64() as u8);
|
262
|
+
Err(_) => None
|
269
263
|
}
|
270
|
-
Some(PKey::public_key_from_der(&pk_content).unwrap().ec_key().unwrap())
|
271
264
|
}
|
272
265
|
}
|
273
266
|
|
@@ -290,56 +283,48 @@ methods!(
|
|
290
283
|
.wrap_data(validator, &*INT_VALIDATOR_WRAPPER)
|
291
284
|
}
|
292
285
|
|
293
|
-
fn ruby_validator_validate_cert(cert:
|
294
|
-
|
295
|
-
VM::
|
296
|
-
|
297
|
-
|
298
|
-
if let Err(ref error) = now {
|
299
|
-
VM::raise(error.class(), &error.to_string());
|
300
|
-
}
|
301
|
-
|
302
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
303
|
-
for n in cert.unwrap().into_iter() {
|
304
|
-
let n = n.try_convert_to::<Fixnum>();
|
286
|
+
fn ruby_validator_validate_cert(cert: RString, now: Fixnum) -> Boolean {
|
287
|
+
let ruby_cert = cert
|
288
|
+
.map_err(VM::raise_ex)
|
289
|
+
.unwrap()
|
290
|
+
.to_string_unchecked();
|
305
291
|
|
306
|
-
if let Err(ref error) = n {
|
307
|
-
VM::raise(error.class(), &error.to_string());
|
308
|
-
}
|
309
|
-
|
310
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
311
|
-
}
|
312
292
|
let mut cert = capbac::proto::Certificate::new();
|
313
|
-
cert.merge_from_bytes(&
|
293
|
+
cert.merge_from_bytes(&ruby_cert.as_bytes()).unwrap();
|
314
294
|
|
315
|
-
let now = now.unwrap().to_i64() as u64;
|
295
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
316
296
|
|
317
297
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
318
298
|
let validator = capbac::Validator::new(x, x);
|
319
299
|
|
320
300
|
match validator.validate_cert(&cert, now) {
|
321
301
|
Result::Ok(_) => Boolean::new(true),
|
322
|
-
Err(x) =>
|
302
|
+
Err(x) => {
|
323
303
|
let capbac_class = Class::from_existing("CapBAC");
|
324
304
|
match x {
|
325
|
-
capbac::ValidateError::Malformed { .. } =>
|
326
|
-
|
327
|
-
|
305
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
306
|
+
capbac_class.get_nested_class("Malformed"),
|
307
|
+
&format!("{}", x),
|
308
|
+
),
|
328
309
|
capbac::ValidateError::BadURL { .. } => {
|
329
310
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
330
|
-
}
|
331
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
332
|
-
|
333
|
-
|
334
|
-
|
335
|
-
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
}
|
340
|
-
|
341
|
-
|
342
|
-
|
311
|
+
}
|
312
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
313
|
+
capbac_class.get_nested_class("UnknownPub"),
|
314
|
+
&format!("{}", x),
|
315
|
+
),
|
316
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
317
|
+
capbac_class.get_nested_class("BadIssuer"),
|
318
|
+
&format!("{}", x),
|
319
|
+
),
|
320
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
321
|
+
capbac_class.get_nested_class("BadInvoker"),
|
322
|
+
&format!("{}", x),
|
323
|
+
),
|
324
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
325
|
+
capbac_class.get_nested_class("Untrusted"),
|
326
|
+
&format!("{}", x),
|
327
|
+
),
|
343
328
|
capbac::ValidateError::Expired => {
|
344
329
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
345
330
|
}
|
@@ -352,56 +337,50 @@ methods!(
|
|
352
337
|
}
|
353
338
|
}
|
354
339
|
|
355
|
-
fn ruby_validator_validate_invocation(invocation:
|
356
|
-
|
357
|
-
VM::
|
358
|
-
|
359
|
-
|
360
|
-
if let Err(ref error) = now {
|
361
|
-
VM::raise(error.class(), &error.to_string());
|
362
|
-
}
|
363
|
-
|
364
|
-
let mut invocation_content: Vec<u8> = Vec::new();
|
365
|
-
for n in invocation.unwrap().into_iter() {
|
366
|
-
let n = n.try_convert_to::<Fixnum>();
|
340
|
+
fn ruby_validator_validate_invocation(invocation: RString, now: Fixnum) -> Boolean {
|
341
|
+
let ruby_invocation = invocation
|
342
|
+
.map_err(VM::raise_ex)
|
343
|
+
.unwrap()
|
344
|
+
.to_string_unchecked();
|
367
345
|
|
368
|
-
if let Err(ref error) = n {
|
369
|
-
VM::raise(error.class(), &error.to_string());
|
370
|
-
}
|
371
|
-
|
372
|
-
invocation_content.push(n.unwrap().to_i64() as u8);
|
373
|
-
}
|
374
346
|
let mut invocation = capbac::proto::Invocation::new();
|
375
|
-
invocation
|
347
|
+
invocation
|
348
|
+
.merge_from_bytes(&ruby_invocation.as_bytes())
|
349
|
+
.unwrap();
|
376
350
|
|
377
|
-
let now = now.unwrap().to_i64() as u64;
|
351
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
378
352
|
|
379
353
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
380
354
|
let validator = capbac::Validator::new(x, x);
|
381
355
|
|
382
356
|
match validator.validate_invocation(&invocation, now) {
|
383
357
|
Result::Ok(_) => Boolean::new(true),
|
384
|
-
Err(x) =>
|
358
|
+
Err(x) => {
|
385
359
|
let capbac_class = Class::from_existing("CapBAC");
|
386
360
|
match x {
|
387
|
-
capbac::ValidateError::Malformed { .. } =>
|
388
|
-
|
389
|
-
|
361
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
362
|
+
capbac_class.get_nested_class("Malformed"),
|
363
|
+
&format!("{}", x),
|
364
|
+
),
|
390
365
|
capbac::ValidateError::BadURL { .. } => {
|
391
366
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
392
|
-
}
|
393
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
|
401
|
-
}
|
402
|
-
|
403
|
-
|
404
|
-
|
367
|
+
}
|
368
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
369
|
+
capbac_class.get_nested_class("UnknownPub"),
|
370
|
+
&format!("{}", x),
|
371
|
+
),
|
372
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
373
|
+
capbac_class.get_nested_class("BadIssuer"),
|
374
|
+
&format!("{}", x),
|
375
|
+
),
|
376
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
377
|
+
capbac_class.get_nested_class("BadInvoker"),
|
378
|
+
&format!("{}", x),
|
379
|
+
),
|
380
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
381
|
+
capbac_class.get_nested_class("Untrusted"),
|
382
|
+
&format!("{}", x),
|
383
|
+
),
|
405
384
|
capbac::ValidateError::Expired => {
|
406
385
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
407
386
|
}
|
@@ -412,7 +391,6 @@ methods!(
|
|
412
391
|
Boolean::new(false)
|
413
392
|
}
|
414
393
|
}
|
415
|
-
|
416
394
|
}
|
417
395
|
);
|
418
396
|
|
@@ -424,21 +402,28 @@ methods!(
|
|
424
402
|
|
425
403
|
fn ruby_generate_keypair() -> Hash {
|
426
404
|
let rng = rand::SystemRandom::new();
|
427
|
-
|
428
|
-
let
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
|
433
|
-
let key_pair = EcdsaKeyPair::from_pkcs8(
|
434
|
-
|
435
|
-
|
436
|
-
|
437
|
-
|
405
|
+
|
406
|
+
let key_pair =
|
407
|
+
EcdsaKeyPair::generate_pkcs8(&signature::ECDSA_P256_SHA256_FIXED_SIGNING, &rng)
|
408
|
+
.unwrap();
|
409
|
+
let sk = key_pair.as_ref();
|
410
|
+
|
411
|
+
let key_pair = EcdsaKeyPair::from_pkcs8(
|
412
|
+
&signature::ECDSA_P256_SHA256_FIXED_SIGNING,
|
413
|
+
&key_pair.as_ref(),
|
414
|
+
)
|
415
|
+
.unwrap();
|
416
|
+
let pk = key_pair.public_key().as_ref();
|
438
417
|
|
439
418
|
let mut res = Hash::new();
|
440
|
-
res.store(
|
441
|
-
|
419
|
+
res.store(
|
420
|
+
Symbol::new("sk"),
|
421
|
+
RString::from_bytes(&sk, &Encoding::us_ascii()),
|
422
|
+
);
|
423
|
+
res.store(
|
424
|
+
Symbol::new("pk"),
|
425
|
+
RString::from_bytes(&pk, &Encoding::us_ascii()),
|
426
|
+
);
|
442
427
|
res
|
443
428
|
}
|
444
429
|
);
|
@@ -454,14 +439,18 @@ pub extern "C" fn Init_capbac() {
|
|
454
439
|
itself.def("invoke", ruby_holder_invoke);
|
455
440
|
});
|
456
441
|
|
457
|
-
itself
|
458
|
-
|
459
|
-
|
460
|
-
|
461
|
-
|
462
|
-
|
463
|
-
|
464
|
-
|
465
|
-
|
442
|
+
itself
|
443
|
+
.define_nested_class("Validator", None)
|
444
|
+
.define(|itself| {
|
445
|
+
itself.def_self("new", ruby_validator_new);
|
446
|
+
itself.def("validate_cert", ruby_validator_validate_cert);
|
447
|
+
itself.def("validate_invocation", ruby_validator_validate_invocation);
|
448
|
+
});
|
449
|
+
|
450
|
+
itself
|
451
|
+
.define_nested_class("KeyPair", None)
|
452
|
+
.define(|itself| {
|
453
|
+
itself.def("generate!", ruby_generate_keypair);
|
454
|
+
});
|
466
455
|
});
|
467
456
|
}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: capbac
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kirill Chernyshov
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-07-
|
11
|
+
date: 2020-07-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thermite
|