capbac 0.3.0 → 0.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Cargo.toml +3 -3
- data/lib/capbac/version.rb +1 -1
- data/lib/capbac_ruby.so +0 -0
- data/src/lib.rs +241 -259
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 81c1db17c50ca3dce7a76f825fb981bcd347b3c0b0d194718e3d74ada60a8cd9
|
|
4
|
+
data.tar.gz: c193c44fb1693f57fa4b4e6e00bb7935b28c86ba53578b5e8d55b62b2d625388
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e4f381fc3571fe2ae1a3f8f7fc1a710a0425909cb5c5fb292392a7380361b8c23e95f0145a80291717175cc55548669a345b394c1866b0079669c4870105a274
|
|
7
|
+
data.tar.gz: dfab7513a193b11f048843bd43edc19f12f497073a39841995f5adca6abb83fafe2ecd9766a5e25c4f7d887388fd791f42c5504e6f78517b861a69dbea389d1c
|
data/Cargo.toml
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[package]
|
|
2
2
|
name = "capbac-ruby"
|
|
3
|
-
version = "0.
|
|
3
|
+
version = "0.3.0"
|
|
4
4
|
authors = ["Kirill Chernyshov <delaguardo@gmail.com>"]
|
|
5
5
|
edition = "2018"
|
|
6
6
|
|
|
@@ -8,10 +8,10 @@ edition = "2018"
|
|
|
8
8
|
crate-type = ["cdylib"]
|
|
9
9
|
|
|
10
10
|
[dependencies]
|
|
11
|
-
rutie = "0.
|
|
11
|
+
rutie = "0.8.0"
|
|
12
12
|
url = "2.1"
|
|
13
13
|
openssl = "0.10"
|
|
14
14
|
ring = "0.16.15"
|
|
15
15
|
lazy_static = "1"
|
|
16
16
|
protobuf = "2.16.2"
|
|
17
|
-
capbac = "0.
|
|
17
|
+
capbac = "0.3.0"
|
data/lib/capbac/version.rb
CHANGED
data/lib/capbac_ruby.so
CHANGED
|
Binary file
|
data/src/lib.rs
CHANGED
|
@@ -1,25 +1,68 @@
|
|
|
1
|
-
#[macro_use]
|
|
2
|
-
|
|
1
|
+
#[macro_use]
|
|
2
|
+
extern crate rutie;
|
|
3
|
+
#[macro_use]
|
|
4
|
+
extern crate lazy_static;
|
|
3
5
|
|
|
4
|
-
use rutie::{Module, Class, RString, Object, AnyObject, Array,
|
|
5
|
-
Fixnum, Hash, Symbol, VM, Boolean, GC, VerifiedObject};
|
|
6
6
|
use capbac::{CertificateBlueprint, InvokeBlueprint};
|
|
7
|
-
use
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
use
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
signature::{self, KeyPair, EcdsaKeyPair},
|
|
7
|
+
use openssl::{
|
|
8
|
+
ec::{EcKey},
|
|
9
|
+
pkey::{PKey, Public},
|
|
10
|
+
};
|
|
11
|
+
use protobuf::Message;
|
|
12
|
+
use rutie::{
|
|
13
|
+
AnyObject, Boolean, Class, Encoding, Fixnum, Hash, Module, Object, RString, Symbol,
|
|
14
|
+
VerifiedObject, GC, VM, Array,
|
|
16
15
|
};
|
|
16
|
+
use std::{fmt, str};
|
|
17
|
+
use url::Url;
|
|
18
|
+
|
|
19
|
+
class!(ASCIIRString);
|
|
20
|
+
|
|
21
|
+
impl VerifiedObject for ASCIIRString {
|
|
22
|
+
fn is_correct_type<T: Object>(object: &T) -> bool {
|
|
23
|
+
object
|
|
24
|
+
.class()
|
|
25
|
+
.ancestors()
|
|
26
|
+
.iter()
|
|
27
|
+
.any(|class| *class == Class::from_existing("String"))
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
fn error_message() -> &'static str {
|
|
31
|
+
"Error converting to ASCII String"
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
impl From<ASCIIRString> for Vec<u8> {
|
|
36
|
+
fn from(rstring: ASCIIRString) -> Self {
|
|
37
|
+
let bytes = rstring
|
|
38
|
+
.protect_send("bytes", &[])
|
|
39
|
+
.map_err(VM::raise_ex)
|
|
40
|
+
.unwrap()
|
|
41
|
+
.try_convert_to::<Array>()
|
|
42
|
+
.map_err(VM::raise_ex)
|
|
43
|
+
.unwrap();
|
|
44
|
+
|
|
45
|
+
let mut res = Vec::new();
|
|
46
|
+
|
|
47
|
+
for n in bytes.into_iter() {
|
|
48
|
+
let n = n.try_convert_to::<Fixnum>()
|
|
49
|
+
.map_err(|e| VM::raise_ex(e))
|
|
50
|
+
.unwrap();
|
|
51
|
+
|
|
52
|
+
res.push(n.to_i64() as u8);
|
|
53
|
+
}
|
|
54
|
+
res
|
|
55
|
+
}
|
|
56
|
+
}
|
|
17
57
|
|
|
18
58
|
class!(URI);
|
|
19
59
|
|
|
20
60
|
impl VerifiedObject for URI {
|
|
21
61
|
fn is_correct_type<T: Object>(object: &T) -> bool {
|
|
22
|
-
object
|
|
62
|
+
object
|
|
63
|
+
.class()
|
|
64
|
+
.ancestors()
|
|
65
|
+
.iter()
|
|
23
66
|
.any(|class| *class == Class::from_existing("URI"))
|
|
24
67
|
}
|
|
25
68
|
|
|
@@ -30,108 +73,98 @@ impl VerifiedObject for URI {
|
|
|
30
73
|
|
|
31
74
|
impl fmt::Display for URI {
|
|
32
75
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
33
|
-
let s = self
|
|
76
|
+
let s = self
|
|
77
|
+
.protect_send("to_s", &[])
|
|
78
|
+
.map_err(VM::raise_ex)
|
|
79
|
+
.unwrap()
|
|
80
|
+
.try_convert_to::<RString>()
|
|
81
|
+
.map_err(VM::raise_ex)
|
|
82
|
+
.unwrap()
|
|
83
|
+
.to_string();
|
|
34
84
|
write!(f, "{}", s)
|
|
35
85
|
}
|
|
36
86
|
}
|
|
37
87
|
|
|
38
88
|
impl From<&Url> for URI {
|
|
39
89
|
fn from(url: &Url) -> Self {
|
|
40
|
-
|
|
90
|
+
let args = [RString::new_utf8(&url.clone().to_string()).to_any_object()];
|
|
91
|
+
Class::from_existing("URI")
|
|
92
|
+
.protect_send("parse", &args)
|
|
93
|
+
.map_err(VM::raise_ex)
|
|
94
|
+
.unwrap()
|
|
95
|
+
.try_convert_to::<URI>()
|
|
96
|
+
.map_err(VM::raise_ex)
|
|
97
|
+
.unwrap()
|
|
41
98
|
}
|
|
42
99
|
}
|
|
43
100
|
|
|
44
101
|
impl From<URI> for Url {
|
|
45
102
|
fn from(uri: URI) -> Self {
|
|
46
|
-
Url::parse(&uri.to_string())
|
|
103
|
+
Url::parse(&uri.to_string())
|
|
104
|
+
.map_err(|_e| {
|
|
105
|
+
VM::raise(
|
|
106
|
+
Class::from_existing("URI").get_nested_class("InvalidURIError"),
|
|
107
|
+
&format!("bad URI(is not URI?): {}", uri.to_string()),
|
|
108
|
+
)
|
|
109
|
+
})
|
|
110
|
+
.unwrap()
|
|
47
111
|
}
|
|
48
112
|
}
|
|
49
113
|
|
|
114
|
+
// TODO CertificateBlueprint -> Result<CertificateBlueprint, Error>
|
|
50
115
|
fn options_to_cert_blueprint(options: Hash) -> CertificateBlueprint {
|
|
51
116
|
let subject = options
|
|
52
117
|
.at(&Symbol::new("subject"))
|
|
53
|
-
.try_convert_to::<URI>()
|
|
118
|
+
.try_convert_to::<URI>()
|
|
119
|
+
.map_err(VM::raise_ex)
|
|
120
|
+
.unwrap();
|
|
54
121
|
|
|
55
|
-
|
|
56
|
-
VM::raise(Class::from_existing("ArgumentError"), "Subject must be an instance of URI");
|
|
57
|
-
}
|
|
58
|
-
|
|
59
|
-
let subject = Url::from(subject.unwrap());
|
|
122
|
+
let subject = Url::from(subject);
|
|
60
123
|
|
|
61
124
|
let capability = options
|
|
62
125
|
.at(&Symbol::new("capability"))
|
|
63
|
-
.try_convert_to::<RString>()
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
}
|
|
68
|
-
|
|
69
|
-
let capability = capability
|
|
70
|
-
.unwrap().to_string()
|
|
126
|
+
.try_convert_to::<RString>()
|
|
127
|
+
.map_err(VM::raise_ex)
|
|
128
|
+
.unwrap()
|
|
129
|
+
.to_string()
|
|
71
130
|
.into_bytes();
|
|
72
131
|
|
|
73
132
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
|
74
133
|
Ok(x) => Some(x.to_i64() as u64),
|
|
75
|
-
_ => None
|
|
134
|
+
_ => None,
|
|
76
135
|
};
|
|
77
136
|
|
|
78
137
|
CertificateBlueprint {
|
|
79
138
|
subject,
|
|
80
139
|
capability,
|
|
81
|
-
exp
|
|
82
|
-
}
|
|
83
|
-
}
|
|
84
|
-
|
|
85
|
-
fn array_to_cert(array: Array) -> capbac::proto::Certificate {
|
|
86
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
|
87
|
-
for n in array.into_iter() {
|
|
88
|
-
let n = n.try_convert_to::<Fixnum>();
|
|
89
|
-
|
|
90
|
-
if let Err(ref error) = n {
|
|
91
|
-
VM::raise(error.class(), &error.to_string());
|
|
92
|
-
}
|
|
93
|
-
|
|
94
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
|
140
|
+
exp,
|
|
95
141
|
}
|
|
96
|
-
let mut cert = capbac::proto::Certificate::new();
|
|
97
|
-
cert.merge_from_bytes(&cert_content).unwrap();
|
|
98
|
-
cert
|
|
99
142
|
}
|
|
100
143
|
|
|
101
144
|
fn options_to_invoke_blueprint(options: Hash) -> InvokeBlueprint {
|
|
102
|
-
|
|
103
145
|
let cert_content = options
|
|
104
146
|
.at(&Symbol::new("cert"))
|
|
105
|
-
.try_convert_to::<
|
|
147
|
+
.try_convert_to::<ASCIIRString>()
|
|
148
|
+
.map_err(VM::raise_ex)
|
|
149
|
+
.unwrap();
|
|
106
150
|
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
}
|
|
110
|
-
|
|
111
|
-
let cert = array_to_cert(cert_content.unwrap());
|
|
151
|
+
let mut cert = capbac::proto::Certificate::new();
|
|
152
|
+
cert.merge_from_bytes(&Vec::from(cert_content)).unwrap();
|
|
112
153
|
|
|
113
154
|
let action = options
|
|
114
155
|
.at(&Symbol::new("action"))
|
|
115
|
-
.try_convert_to::<RString>()
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
}
|
|
120
|
-
|
|
121
|
-
let action = action
|
|
122
|
-
.unwrap().to_string()
|
|
156
|
+
.try_convert_to::<RString>()
|
|
157
|
+
.map_err(VM::raise_ex)
|
|
158
|
+
.unwrap()
|
|
159
|
+
.to_string()
|
|
123
160
|
.into_bytes();
|
|
124
161
|
|
|
125
162
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
|
126
163
|
Ok(x) => Some(x.to_i64() as u64),
|
|
127
|
-
_ => None
|
|
164
|
+
_ => None,
|
|
128
165
|
};
|
|
129
166
|
|
|
130
|
-
InvokeBlueprint {
|
|
131
|
-
cert,
|
|
132
|
-
action,
|
|
133
|
-
exp
|
|
134
|
-
}
|
|
167
|
+
InvokeBlueprint { cert, action, exp }
|
|
135
168
|
}
|
|
136
169
|
|
|
137
170
|
wrappable_struct!(capbac::Holder, HolderWrapper, HOLDER_WRAPPER);
|
|
@@ -142,87 +175,74 @@ methods!(
|
|
|
142
175
|
Holder,
|
|
143
176
|
itself,
|
|
144
177
|
|
|
145
|
-
fn ruby_holder_new(me: URI, sk:
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
178
|
+
fn ruby_holder_new(me: URI, sk: RString) -> AnyObject {
|
|
179
|
+
let ruby_me = me.map_err(VM::raise_ex).unwrap().to_string();
|
|
180
|
+
|
|
181
|
+
let ruby_sk = sk
|
|
182
|
+
.map_err(VM::raise_ex)
|
|
183
|
+
.unwrap()
|
|
184
|
+
.to_string_unchecked();
|
|
185
|
+
|
|
186
|
+
let me = Url::parse(&ruby_me)
|
|
187
|
+
.map_err(|e| VM::raise(Class::from_existing("ArgumentError"), &e.to_string()))
|
|
188
|
+
.unwrap();
|
|
189
|
+
let sk = PKey::private_key_from_pem(&ruby_sk.as_bytes())
|
|
190
|
+
.map_err(|e| {
|
|
191
|
+
VM::raise(
|
|
192
|
+
Class::from_existing("ArgumentError"),
|
|
193
|
+
&format!("Wrong secret key formar (not pkcs8?) ({})", e.to_string()),
|
|
194
|
+
)
|
|
195
|
+
})
|
|
196
|
+
.unwrap()
|
|
197
|
+
.ec_key()
|
|
198
|
+
.map_err(|e| {
|
|
199
|
+
VM::raise(
|
|
200
|
+
Class::from_existing("ArgumentError"),
|
|
201
|
+
&format!("Can't extract EC key ({})", e.to_string()),
|
|
202
|
+
)
|
|
203
|
+
})
|
|
204
|
+
.unwrap();
|
|
205
|
+
|
|
206
|
+
let holder = capbac::Holder::new(me, sk);
|
|
172
207
|
|
|
173
208
|
Class::from_existing("CapBAC")
|
|
174
209
|
.get_nested_class("Holder")
|
|
175
210
|
.wrap_data(holder, &*HOLDER_WRAPPER)
|
|
176
211
|
}
|
|
177
212
|
|
|
178
|
-
fn ruby_holder_forge(options: Hash) ->
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
}
|
|
182
|
-
|
|
183
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
|
184
|
-
|
|
213
|
+
fn ruby_holder_forge(options: Hash) -> RString {
|
|
214
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
|
215
|
+
let options = options_to_cert_blueprint(ruby_options);
|
|
185
216
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
|
217
|
+
|
|
186
218
|
let cert = holder.forge(options).unwrap();
|
|
187
219
|
|
|
188
|
-
|
|
189
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
|
190
|
-
res.push(Fixnum::new(i64::from(*item)));
|
|
191
|
-
};
|
|
192
|
-
res
|
|
220
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
|
193
221
|
}
|
|
194
222
|
|
|
195
|
-
fn ruby_holder_delegate(cert:
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
}
|
|
199
|
-
|
|
200
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
|
223
|
+
fn ruby_holder_delegate(cert: ASCIIRString, options: Hash) -> RString {
|
|
224
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
|
225
|
+
let options = options_to_cert_blueprint(ruby_options);
|
|
201
226
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
|
202
|
-
|
|
227
|
+
|
|
228
|
+
let cert_content = Vec::from(cert.map_err(VM::raise_ex).unwrap());
|
|
229
|
+
|
|
230
|
+
let mut cert = capbac::proto::Certificate::new();
|
|
231
|
+
cert.merge_from_bytes(&cert_content).unwrap();
|
|
203
232
|
|
|
204
233
|
let cert = holder.delegate(cert, options).unwrap();
|
|
205
|
-
let mut res = Array::new();
|
|
206
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
|
207
|
-
res.push(Fixnum::new(i64::from(*item)));
|
|
208
|
-
};
|
|
209
|
-
res
|
|
210
|
-
}
|
|
211
234
|
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
|
|
215
|
-
}
|
|
235
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
|
236
|
+
}
|
|
216
237
|
|
|
217
|
-
|
|
238
|
+
fn ruby_holder_invoke(options: Hash) -> RString {
|
|
239
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
|
240
|
+
let options = options_to_invoke_blueprint(ruby_options);
|
|
218
241
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
|
219
242
|
|
|
220
243
|
let invocation = holder.invoke(options).unwrap();
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
res.push(Fixnum::new(i64::from(*item)));
|
|
224
|
-
};
|
|
225
|
-
res
|
|
244
|
+
|
|
245
|
+
RString::from_bytes(&invocation.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
|
226
246
|
}
|
|
227
247
|
);
|
|
228
248
|
|
|
@@ -235,7 +255,7 @@ impl IntValidator {
|
|
|
235
255
|
fn new(trust_checker: AnyObject, pubs: AnyObject) -> Self {
|
|
236
256
|
IntValidator {
|
|
237
257
|
trust_checker,
|
|
238
|
-
pubs
|
|
258
|
+
pubs,
|
|
239
259
|
}
|
|
240
260
|
}
|
|
241
261
|
}
|
|
@@ -244,30 +264,36 @@ impl capbac::TrustChecker for IntValidator {
|
|
|
244
264
|
fn is_trusted(&self, id: &Url) -> bool {
|
|
245
265
|
let args = vec![URI::from(id).to_any_object()];
|
|
246
266
|
self.trust_checker
|
|
247
|
-
.
|
|
267
|
+
.protect_send("trusted?", &args)
|
|
268
|
+
.map_err(VM::raise_ex)
|
|
269
|
+
.unwrap()
|
|
248
270
|
.try_convert_to::<Boolean>()
|
|
249
|
-
.
|
|
271
|
+
.unwrap_or_else(|_| Boolean::new(false))
|
|
250
272
|
.to_bool()
|
|
251
273
|
}
|
|
252
274
|
}
|
|
253
275
|
|
|
254
276
|
impl capbac::Pubs for IntValidator {
|
|
255
277
|
fn get(&self, id: &Url) -> Option<EcKey<Public>> {
|
|
256
|
-
let
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
278
|
+
let args = [URI::from(id).to_any_object()];
|
|
279
|
+
let res = self
|
|
280
|
+
.pubs
|
|
281
|
+
.protect_send("get", &args)
|
|
282
|
+
.map_err(VM::raise_ex)
|
|
283
|
+
.unwrap()
|
|
284
|
+
.try_convert_to::<RString>();
|
|
285
|
+
|
|
286
|
+
match res {
|
|
287
|
+
Ok(pk) => {
|
|
288
|
+
Some(
|
|
289
|
+
PKey::public_key_from_pem(&pk.to_string_unchecked().as_bytes())
|
|
290
|
+
.unwrap()
|
|
291
|
+
.ec_key()
|
|
292
|
+
.unwrap(),
|
|
293
|
+
)
|
|
266
294
|
}
|
|
267
|
-
|
|
268
|
-
pk_content.push(n.unwrap().to_i64() as u8);
|
|
295
|
+
Err(_) => None
|
|
269
296
|
}
|
|
270
|
-
Some(PKey::public_key_from_der(&pk_content).unwrap().ec_key().unwrap())
|
|
271
297
|
}
|
|
272
298
|
}
|
|
273
299
|
|
|
@@ -290,56 +316,48 @@ methods!(
|
|
|
290
316
|
.wrap_data(validator, &*INT_VALIDATOR_WRAPPER)
|
|
291
317
|
}
|
|
292
318
|
|
|
293
|
-
fn ruby_validator_validate_cert(cert:
|
|
294
|
-
|
|
295
|
-
VM::
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
if let Err(ref error) = now {
|
|
299
|
-
VM::raise(error.class(), &error.to_string());
|
|
300
|
-
}
|
|
301
|
-
|
|
302
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
|
303
|
-
for n in cert.unwrap().into_iter() {
|
|
304
|
-
let n = n.try_convert_to::<Fixnum>();
|
|
319
|
+
fn ruby_validator_validate_cert(cert: RString, now: Fixnum) -> Boolean {
|
|
320
|
+
let ruby_cert = cert
|
|
321
|
+
.map_err(VM::raise_ex)
|
|
322
|
+
.unwrap()
|
|
323
|
+
.to_string_unchecked();
|
|
305
324
|
|
|
306
|
-
if let Err(ref error) = n {
|
|
307
|
-
VM::raise(error.class(), &error.to_string());
|
|
308
|
-
}
|
|
309
|
-
|
|
310
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
|
311
|
-
}
|
|
312
325
|
let mut cert = capbac::proto::Certificate::new();
|
|
313
|
-
cert.merge_from_bytes(&
|
|
326
|
+
cert.merge_from_bytes(&ruby_cert.as_bytes()).unwrap();
|
|
314
327
|
|
|
315
|
-
let now = now.unwrap().to_i64() as u64;
|
|
328
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
|
316
329
|
|
|
317
330
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
|
318
331
|
let validator = capbac::Validator::new(x, x);
|
|
319
332
|
|
|
320
333
|
match validator.validate_cert(&cert, now) {
|
|
321
334
|
Result::Ok(_) => Boolean::new(true),
|
|
322
|
-
Err(x) =>
|
|
335
|
+
Err(x) => {
|
|
323
336
|
let capbac_class = Class::from_existing("CapBAC");
|
|
324
337
|
match x {
|
|
325
|
-
capbac::ValidateError::Malformed { .. } =>
|
|
326
|
-
|
|
327
|
-
|
|
338
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
|
339
|
+
capbac_class.get_nested_class("Malformed"),
|
|
340
|
+
&format!("{}", x),
|
|
341
|
+
),
|
|
328
342
|
capbac::ValidateError::BadURL { .. } => {
|
|
329
343
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
|
330
|
-
}
|
|
331
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
}
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
344
|
+
}
|
|
345
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
|
346
|
+
capbac_class.get_nested_class("UnknownPub"),
|
|
347
|
+
&format!("{}", x),
|
|
348
|
+
),
|
|
349
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
|
350
|
+
capbac_class.get_nested_class("BadIssuer"),
|
|
351
|
+
&format!("{}", x),
|
|
352
|
+
),
|
|
353
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
|
354
|
+
capbac_class.get_nested_class("BadInvoker"),
|
|
355
|
+
&format!("{}", x),
|
|
356
|
+
),
|
|
357
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
|
358
|
+
capbac_class.get_nested_class("Untrusted"),
|
|
359
|
+
&format!("{}", x),
|
|
360
|
+
),
|
|
343
361
|
capbac::ValidateError::Expired => {
|
|
344
362
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
|
345
363
|
}
|
|
@@ -352,56 +370,50 @@ methods!(
|
|
|
352
370
|
}
|
|
353
371
|
}
|
|
354
372
|
|
|
355
|
-
fn ruby_validator_validate_invocation(invocation:
|
|
356
|
-
|
|
357
|
-
VM::
|
|
358
|
-
|
|
373
|
+
fn ruby_validator_validate_invocation(invocation: RString, now: Fixnum) -> Boolean {
|
|
374
|
+
let ruby_invocation = invocation
|
|
375
|
+
.map_err(VM::raise_ex)
|
|
376
|
+
.unwrap()
|
|
377
|
+
.to_string_unchecked();
|
|
359
378
|
|
|
360
|
-
if let Err(ref error) = now {
|
|
361
|
-
VM::raise(error.class(), &error.to_string());
|
|
362
|
-
}
|
|
363
|
-
|
|
364
|
-
let mut invocation_content: Vec<u8> = Vec::new();
|
|
365
|
-
for n in invocation.unwrap().into_iter() {
|
|
366
|
-
let n = n.try_convert_to::<Fixnum>();
|
|
367
|
-
|
|
368
|
-
if let Err(ref error) = n {
|
|
369
|
-
VM::raise(error.class(), &error.to_string());
|
|
370
|
-
}
|
|
371
|
-
|
|
372
|
-
invocation_content.push(n.unwrap().to_i64() as u8);
|
|
373
|
-
}
|
|
374
379
|
let mut invocation = capbac::proto::Invocation::new();
|
|
375
|
-
invocation
|
|
380
|
+
invocation
|
|
381
|
+
.merge_from_bytes(&ruby_invocation.as_bytes())
|
|
382
|
+
.unwrap();
|
|
376
383
|
|
|
377
|
-
let now = now.unwrap().to_i64() as u64;
|
|
384
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
|
378
385
|
|
|
379
386
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
|
380
387
|
let validator = capbac::Validator::new(x, x);
|
|
381
388
|
|
|
382
389
|
match validator.validate_invocation(&invocation, now) {
|
|
383
390
|
Result::Ok(_) => Boolean::new(true),
|
|
384
|
-
Err(x) =>
|
|
391
|
+
Err(x) => {
|
|
385
392
|
let capbac_class = Class::from_existing("CapBAC");
|
|
386
393
|
match x {
|
|
387
|
-
capbac::ValidateError::Malformed { .. } =>
|
|
388
|
-
|
|
389
|
-
|
|
394
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
|
395
|
+
capbac_class.get_nested_class("Malformed"),
|
|
396
|
+
&format!("{}", x),
|
|
397
|
+
),
|
|
390
398
|
capbac::ValidateError::BadURL { .. } => {
|
|
391
399
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
|
392
|
-
}
|
|
393
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
}
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
400
|
+
}
|
|
401
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
|
402
|
+
capbac_class.get_nested_class("UnknownPub"),
|
|
403
|
+
&format!("{}", x),
|
|
404
|
+
),
|
|
405
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
|
406
|
+
capbac_class.get_nested_class("BadIssuer"),
|
|
407
|
+
&format!("{}", x),
|
|
408
|
+
),
|
|
409
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
|
410
|
+
capbac_class.get_nested_class("BadInvoker"),
|
|
411
|
+
&format!("{}", x),
|
|
412
|
+
),
|
|
413
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
|
414
|
+
capbac_class.get_nested_class("Untrusted"),
|
|
415
|
+
&format!("{}", x),
|
|
416
|
+
),
|
|
405
417
|
capbac::ValidateError::Expired => {
|
|
406
418
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
|
407
419
|
}
|
|
@@ -412,34 +424,6 @@ methods!(
|
|
|
412
424
|
Boolean::new(false)
|
|
413
425
|
}
|
|
414
426
|
}
|
|
415
|
-
|
|
416
|
-
}
|
|
417
|
-
);
|
|
418
|
-
|
|
419
|
-
class!(KeyGen);
|
|
420
|
-
|
|
421
|
-
methods!(
|
|
422
|
-
KeyGen,
|
|
423
|
-
itself,
|
|
424
|
-
|
|
425
|
-
fn ruby_generate_keypair() -> Hash {
|
|
426
|
-
let rng = rand::SystemRandom::new();
|
|
427
|
-
let key_pair = EcdsaKeyPair::generate_pkcs8(&signature::ECDSA_P256_SHA256_FIXED_SIGNING, &rng).unwrap();
|
|
428
|
-
let mut sk = Array::new();
|
|
429
|
-
for item in key_pair.as_ref().iter() {
|
|
430
|
-
sk.push(Fixnum::new(i64::from(*item)));
|
|
431
|
-
};
|
|
432
|
-
|
|
433
|
-
let key_pair = EcdsaKeyPair::from_pkcs8(&signature::ECDSA_P256_SHA256_FIXED_SIGNING, &key_pair.as_ref()).unwrap();
|
|
434
|
-
let mut pk = Array::new();
|
|
435
|
-
for item in key_pair.public_key().as_ref().iter() {
|
|
436
|
-
pk.push(Fixnum::new(i64::from(*item)));
|
|
437
|
-
};
|
|
438
|
-
|
|
439
|
-
let mut res = Hash::new();
|
|
440
|
-
res.store(Symbol::new("sk"), sk);
|
|
441
|
-
res.store(Symbol::new("pk"), pk);
|
|
442
|
-
res
|
|
443
427
|
}
|
|
444
428
|
);
|
|
445
429
|
|
|
@@ -454,14 +438,12 @@ pub extern "C" fn Init_capbac() {
|
|
|
454
438
|
itself.def("invoke", ruby_holder_invoke);
|
|
455
439
|
});
|
|
456
440
|
|
|
457
|
-
itself
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
itself.def("generate!", ruby_generate_keypair);
|
|
465
|
-
});
|
|
441
|
+
itself
|
|
442
|
+
.define_nested_class("Validator", None)
|
|
443
|
+
.define(|itself| {
|
|
444
|
+
itself.def_self("new", ruby_validator_new);
|
|
445
|
+
itself.def("validate_cert", ruby_validator_validate_cert);
|
|
446
|
+
itself.def("validate_invocation", ruby_validator_validate_invocation);
|
|
447
|
+
});
|
|
466
448
|
});
|
|
467
449
|
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: capbac
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kirill Chernyshov
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thermite
|