capbac 0.3.0 → 0.4.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Cargo.toml +3 -3
- data/lib/capbac/version.rb +1 -1
- data/lib/capbac_ruby.so +0 -0
- data/src/lib.rs +241 -259
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 81c1db17c50ca3dce7a76f825fb981bcd347b3c0b0d194718e3d74ada60a8cd9
|
4
|
+
data.tar.gz: c193c44fb1693f57fa4b4e6e00bb7935b28c86ba53578b5e8d55b62b2d625388
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e4f381fc3571fe2ae1a3f8f7fc1a710a0425909cb5c5fb292392a7380361b8c23e95f0145a80291717175cc55548669a345b394c1866b0079669c4870105a274
|
7
|
+
data.tar.gz: dfab7513a193b11f048843bd43edc19f12f497073a39841995f5adca6abb83fafe2ecd9766a5e25c4f7d887388fd791f42c5504e6f78517b861a69dbea389d1c
|
data/Cargo.toml
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
[package]
|
2
2
|
name = "capbac-ruby"
|
3
|
-
version = "0.
|
3
|
+
version = "0.3.0"
|
4
4
|
authors = ["Kirill Chernyshov <delaguardo@gmail.com>"]
|
5
5
|
edition = "2018"
|
6
6
|
|
@@ -8,10 +8,10 @@ edition = "2018"
|
|
8
8
|
crate-type = ["cdylib"]
|
9
9
|
|
10
10
|
[dependencies]
|
11
|
-
rutie = "0.
|
11
|
+
rutie = "0.8.0"
|
12
12
|
url = "2.1"
|
13
13
|
openssl = "0.10"
|
14
14
|
ring = "0.16.15"
|
15
15
|
lazy_static = "1"
|
16
16
|
protobuf = "2.16.2"
|
17
|
-
capbac = "0.
|
17
|
+
capbac = "0.3.0"
|
data/lib/capbac/version.rb
CHANGED
data/lib/capbac_ruby.so
CHANGED
Binary file
|
data/src/lib.rs
CHANGED
@@ -1,25 +1,68 @@
|
|
1
|
-
#[macro_use]
|
2
|
-
|
1
|
+
#[macro_use]
|
2
|
+
extern crate rutie;
|
3
|
+
#[macro_use]
|
4
|
+
extern crate lazy_static;
|
3
5
|
|
4
|
-
use rutie::{Module, Class, RString, Object, AnyObject, Array,
|
5
|
-
Fixnum, Hash, Symbol, VM, Boolean, GC, VerifiedObject};
|
6
6
|
use capbac::{CertificateBlueprint, InvokeBlueprint};
|
7
|
-
use
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
use
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
signature::{self, KeyPair, EcdsaKeyPair},
|
7
|
+
use openssl::{
|
8
|
+
ec::{EcKey},
|
9
|
+
pkey::{PKey, Public},
|
10
|
+
};
|
11
|
+
use protobuf::Message;
|
12
|
+
use rutie::{
|
13
|
+
AnyObject, Boolean, Class, Encoding, Fixnum, Hash, Module, Object, RString, Symbol,
|
14
|
+
VerifiedObject, GC, VM, Array,
|
16
15
|
};
|
16
|
+
use std::{fmt, str};
|
17
|
+
use url::Url;
|
18
|
+
|
19
|
+
class!(ASCIIRString);
|
20
|
+
|
21
|
+
impl VerifiedObject for ASCIIRString {
|
22
|
+
fn is_correct_type<T: Object>(object: &T) -> bool {
|
23
|
+
object
|
24
|
+
.class()
|
25
|
+
.ancestors()
|
26
|
+
.iter()
|
27
|
+
.any(|class| *class == Class::from_existing("String"))
|
28
|
+
}
|
29
|
+
|
30
|
+
fn error_message() -> &'static str {
|
31
|
+
"Error converting to ASCII String"
|
32
|
+
}
|
33
|
+
}
|
34
|
+
|
35
|
+
impl From<ASCIIRString> for Vec<u8> {
|
36
|
+
fn from(rstring: ASCIIRString) -> Self {
|
37
|
+
let bytes = rstring
|
38
|
+
.protect_send("bytes", &[])
|
39
|
+
.map_err(VM::raise_ex)
|
40
|
+
.unwrap()
|
41
|
+
.try_convert_to::<Array>()
|
42
|
+
.map_err(VM::raise_ex)
|
43
|
+
.unwrap();
|
44
|
+
|
45
|
+
let mut res = Vec::new();
|
46
|
+
|
47
|
+
for n in bytes.into_iter() {
|
48
|
+
let n = n.try_convert_to::<Fixnum>()
|
49
|
+
.map_err(|e| VM::raise_ex(e))
|
50
|
+
.unwrap();
|
51
|
+
|
52
|
+
res.push(n.to_i64() as u8);
|
53
|
+
}
|
54
|
+
res
|
55
|
+
}
|
56
|
+
}
|
17
57
|
|
18
58
|
class!(URI);
|
19
59
|
|
20
60
|
impl VerifiedObject for URI {
|
21
61
|
fn is_correct_type<T: Object>(object: &T) -> bool {
|
22
|
-
object
|
62
|
+
object
|
63
|
+
.class()
|
64
|
+
.ancestors()
|
65
|
+
.iter()
|
23
66
|
.any(|class| *class == Class::from_existing("URI"))
|
24
67
|
}
|
25
68
|
|
@@ -30,108 +73,98 @@ impl VerifiedObject for URI {
|
|
30
73
|
|
31
74
|
impl fmt::Display for URI {
|
32
75
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
33
|
-
let s = self
|
76
|
+
let s = self
|
77
|
+
.protect_send("to_s", &[])
|
78
|
+
.map_err(VM::raise_ex)
|
79
|
+
.unwrap()
|
80
|
+
.try_convert_to::<RString>()
|
81
|
+
.map_err(VM::raise_ex)
|
82
|
+
.unwrap()
|
83
|
+
.to_string();
|
34
84
|
write!(f, "{}", s)
|
35
85
|
}
|
36
86
|
}
|
37
87
|
|
38
88
|
impl From<&Url> for URI {
|
39
89
|
fn from(url: &Url) -> Self {
|
40
|
-
|
90
|
+
let args = [RString::new_utf8(&url.clone().to_string()).to_any_object()];
|
91
|
+
Class::from_existing("URI")
|
92
|
+
.protect_send("parse", &args)
|
93
|
+
.map_err(VM::raise_ex)
|
94
|
+
.unwrap()
|
95
|
+
.try_convert_to::<URI>()
|
96
|
+
.map_err(VM::raise_ex)
|
97
|
+
.unwrap()
|
41
98
|
}
|
42
99
|
}
|
43
100
|
|
44
101
|
impl From<URI> for Url {
|
45
102
|
fn from(uri: URI) -> Self {
|
46
|
-
Url::parse(&uri.to_string())
|
103
|
+
Url::parse(&uri.to_string())
|
104
|
+
.map_err(|_e| {
|
105
|
+
VM::raise(
|
106
|
+
Class::from_existing("URI").get_nested_class("InvalidURIError"),
|
107
|
+
&format!("bad URI(is not URI?): {}", uri.to_string()),
|
108
|
+
)
|
109
|
+
})
|
110
|
+
.unwrap()
|
47
111
|
}
|
48
112
|
}
|
49
113
|
|
114
|
+
// TODO CertificateBlueprint -> Result<CertificateBlueprint, Error>
|
50
115
|
fn options_to_cert_blueprint(options: Hash) -> CertificateBlueprint {
|
51
116
|
let subject = options
|
52
117
|
.at(&Symbol::new("subject"))
|
53
|
-
.try_convert_to::<URI>()
|
118
|
+
.try_convert_to::<URI>()
|
119
|
+
.map_err(VM::raise_ex)
|
120
|
+
.unwrap();
|
54
121
|
|
55
|
-
|
56
|
-
VM::raise(Class::from_existing("ArgumentError"), "Subject must be an instance of URI");
|
57
|
-
}
|
58
|
-
|
59
|
-
let subject = Url::from(subject.unwrap());
|
122
|
+
let subject = Url::from(subject);
|
60
123
|
|
61
124
|
let capability = options
|
62
125
|
.at(&Symbol::new("capability"))
|
63
|
-
.try_convert_to::<RString>()
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
}
|
68
|
-
|
69
|
-
let capability = capability
|
70
|
-
.unwrap().to_string()
|
126
|
+
.try_convert_to::<RString>()
|
127
|
+
.map_err(VM::raise_ex)
|
128
|
+
.unwrap()
|
129
|
+
.to_string()
|
71
130
|
.into_bytes();
|
72
131
|
|
73
132
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
74
133
|
Ok(x) => Some(x.to_i64() as u64),
|
75
|
-
_ => None
|
134
|
+
_ => None,
|
76
135
|
};
|
77
136
|
|
78
137
|
CertificateBlueprint {
|
79
138
|
subject,
|
80
139
|
capability,
|
81
|
-
exp
|
82
|
-
}
|
83
|
-
}
|
84
|
-
|
85
|
-
fn array_to_cert(array: Array) -> capbac::proto::Certificate {
|
86
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
87
|
-
for n in array.into_iter() {
|
88
|
-
let n = n.try_convert_to::<Fixnum>();
|
89
|
-
|
90
|
-
if let Err(ref error) = n {
|
91
|
-
VM::raise(error.class(), &error.to_string());
|
92
|
-
}
|
93
|
-
|
94
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
140
|
+
exp,
|
95
141
|
}
|
96
|
-
let mut cert = capbac::proto::Certificate::new();
|
97
|
-
cert.merge_from_bytes(&cert_content).unwrap();
|
98
|
-
cert
|
99
142
|
}
|
100
143
|
|
101
144
|
fn options_to_invoke_blueprint(options: Hash) -> InvokeBlueprint {
|
102
|
-
|
103
145
|
let cert_content = options
|
104
146
|
.at(&Symbol::new("cert"))
|
105
|
-
.try_convert_to::<
|
147
|
+
.try_convert_to::<ASCIIRString>()
|
148
|
+
.map_err(VM::raise_ex)
|
149
|
+
.unwrap();
|
106
150
|
|
107
|
-
|
108
|
-
|
109
|
-
}
|
110
|
-
|
111
|
-
let cert = array_to_cert(cert_content.unwrap());
|
151
|
+
let mut cert = capbac::proto::Certificate::new();
|
152
|
+
cert.merge_from_bytes(&Vec::from(cert_content)).unwrap();
|
112
153
|
|
113
154
|
let action = options
|
114
155
|
.at(&Symbol::new("action"))
|
115
|
-
.try_convert_to::<RString>()
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
}
|
120
|
-
|
121
|
-
let action = action
|
122
|
-
.unwrap().to_string()
|
156
|
+
.try_convert_to::<RString>()
|
157
|
+
.map_err(VM::raise_ex)
|
158
|
+
.unwrap()
|
159
|
+
.to_string()
|
123
160
|
.into_bytes();
|
124
161
|
|
125
162
|
let exp = match options.at(&Symbol::new("exp")).try_convert_to::<Fixnum>() {
|
126
163
|
Ok(x) => Some(x.to_i64() as u64),
|
127
|
-
_ => None
|
164
|
+
_ => None,
|
128
165
|
};
|
129
166
|
|
130
|
-
InvokeBlueprint {
|
131
|
-
cert,
|
132
|
-
action,
|
133
|
-
exp
|
134
|
-
}
|
167
|
+
InvokeBlueprint { cert, action, exp }
|
135
168
|
}
|
136
169
|
|
137
170
|
wrappable_struct!(capbac::Holder, HolderWrapper, HOLDER_WRAPPER);
|
@@ -142,87 +175,74 @@ methods!(
|
|
142
175
|
Holder,
|
143
176
|
itself,
|
144
177
|
|
145
|
-
fn ruby_holder_new(me: URI, sk:
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
178
|
+
fn ruby_holder_new(me: URI, sk: RString) -> AnyObject {
|
179
|
+
let ruby_me = me.map_err(VM::raise_ex).unwrap().to_string();
|
180
|
+
|
181
|
+
let ruby_sk = sk
|
182
|
+
.map_err(VM::raise_ex)
|
183
|
+
.unwrap()
|
184
|
+
.to_string_unchecked();
|
185
|
+
|
186
|
+
let me = Url::parse(&ruby_me)
|
187
|
+
.map_err(|e| VM::raise(Class::from_existing("ArgumentError"), &e.to_string()))
|
188
|
+
.unwrap();
|
189
|
+
let sk = PKey::private_key_from_pem(&ruby_sk.as_bytes())
|
190
|
+
.map_err(|e| {
|
191
|
+
VM::raise(
|
192
|
+
Class::from_existing("ArgumentError"),
|
193
|
+
&format!("Wrong secret key formar (not pkcs8?) ({})", e.to_string()),
|
194
|
+
)
|
195
|
+
})
|
196
|
+
.unwrap()
|
197
|
+
.ec_key()
|
198
|
+
.map_err(|e| {
|
199
|
+
VM::raise(
|
200
|
+
Class::from_existing("ArgumentError"),
|
201
|
+
&format!("Can't extract EC key ({})", e.to_string()),
|
202
|
+
)
|
203
|
+
})
|
204
|
+
.unwrap();
|
205
|
+
|
206
|
+
let holder = capbac::Holder::new(me, sk);
|
172
207
|
|
173
208
|
Class::from_existing("CapBAC")
|
174
209
|
.get_nested_class("Holder")
|
175
210
|
.wrap_data(holder, &*HOLDER_WRAPPER)
|
176
211
|
}
|
177
212
|
|
178
|
-
fn ruby_holder_forge(options: Hash) ->
|
179
|
-
|
180
|
-
|
181
|
-
}
|
182
|
-
|
183
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
184
|
-
|
213
|
+
fn ruby_holder_forge(options: Hash) -> RString {
|
214
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
215
|
+
let options = options_to_cert_blueprint(ruby_options);
|
185
216
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
217
|
+
|
186
218
|
let cert = holder.forge(options).unwrap();
|
187
219
|
|
188
|
-
|
189
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
190
|
-
res.push(Fixnum::new(i64::from(*item)));
|
191
|
-
};
|
192
|
-
res
|
220
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
193
221
|
}
|
194
222
|
|
195
|
-
fn ruby_holder_delegate(cert:
|
196
|
-
|
197
|
-
|
198
|
-
}
|
199
|
-
|
200
|
-
let options = options_to_cert_blueprint(options.unwrap());
|
223
|
+
fn ruby_holder_delegate(cert: ASCIIRString, options: Hash) -> RString {
|
224
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
225
|
+
let options = options_to_cert_blueprint(ruby_options);
|
201
226
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
202
|
-
|
227
|
+
|
228
|
+
let cert_content = Vec::from(cert.map_err(VM::raise_ex).unwrap());
|
229
|
+
|
230
|
+
let mut cert = capbac::proto::Certificate::new();
|
231
|
+
cert.merge_from_bytes(&cert_content).unwrap();
|
203
232
|
|
204
233
|
let cert = holder.delegate(cert, options).unwrap();
|
205
|
-
let mut res = Array::new();
|
206
|
-
for item in cert.write_to_bytes().unwrap().iter() {
|
207
|
-
res.push(Fixnum::new(i64::from(*item)));
|
208
|
-
};
|
209
|
-
res
|
210
|
-
}
|
211
234
|
|
212
|
-
|
213
|
-
|
214
|
-
VM::raise(Class::from_existing("ArgumentError"), "Options must be a hash");
|
215
|
-
}
|
235
|
+
RString::from_bytes(&cert.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
236
|
+
}
|
216
237
|
|
217
|
-
|
238
|
+
fn ruby_holder_invoke(options: Hash) -> RString {
|
239
|
+
let ruby_options = options.map_err(VM::raise_ex).unwrap();
|
240
|
+
let options = options_to_invoke_blueprint(ruby_options);
|
218
241
|
let holder = itself.get_data(&*HOLDER_WRAPPER);
|
219
242
|
|
220
243
|
let invocation = holder.invoke(options).unwrap();
|
221
|
-
|
222
|
-
|
223
|
-
res.push(Fixnum::new(i64::from(*item)));
|
224
|
-
};
|
225
|
-
res
|
244
|
+
|
245
|
+
RString::from_bytes(&invocation.write_to_bytes().unwrap(), &Encoding::us_ascii())
|
226
246
|
}
|
227
247
|
);
|
228
248
|
|
@@ -235,7 +255,7 @@ impl IntValidator {
|
|
235
255
|
fn new(trust_checker: AnyObject, pubs: AnyObject) -> Self {
|
236
256
|
IntValidator {
|
237
257
|
trust_checker,
|
238
|
-
pubs
|
258
|
+
pubs,
|
239
259
|
}
|
240
260
|
}
|
241
261
|
}
|
@@ -244,30 +264,36 @@ impl capbac::TrustChecker for IntValidator {
|
|
244
264
|
fn is_trusted(&self, id: &Url) -> bool {
|
245
265
|
let args = vec![URI::from(id).to_any_object()];
|
246
266
|
self.trust_checker
|
247
|
-
.
|
267
|
+
.protect_send("trusted?", &args)
|
268
|
+
.map_err(VM::raise_ex)
|
269
|
+
.unwrap()
|
248
270
|
.try_convert_to::<Boolean>()
|
249
|
-
.
|
271
|
+
.unwrap_or_else(|_| Boolean::new(false))
|
250
272
|
.to_bool()
|
251
273
|
}
|
252
274
|
}
|
253
275
|
|
254
276
|
impl capbac::Pubs for IntValidator {
|
255
277
|
fn get(&self, id: &Url) -> Option<EcKey<Public>> {
|
256
|
-
let
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
278
|
+
let args = [URI::from(id).to_any_object()];
|
279
|
+
let res = self
|
280
|
+
.pubs
|
281
|
+
.protect_send("get", &args)
|
282
|
+
.map_err(VM::raise_ex)
|
283
|
+
.unwrap()
|
284
|
+
.try_convert_to::<RString>();
|
285
|
+
|
286
|
+
match res {
|
287
|
+
Ok(pk) => {
|
288
|
+
Some(
|
289
|
+
PKey::public_key_from_pem(&pk.to_string_unchecked().as_bytes())
|
290
|
+
.unwrap()
|
291
|
+
.ec_key()
|
292
|
+
.unwrap(),
|
293
|
+
)
|
266
294
|
}
|
267
|
-
|
268
|
-
pk_content.push(n.unwrap().to_i64() as u8);
|
295
|
+
Err(_) => None
|
269
296
|
}
|
270
|
-
Some(PKey::public_key_from_der(&pk_content).unwrap().ec_key().unwrap())
|
271
297
|
}
|
272
298
|
}
|
273
299
|
|
@@ -290,56 +316,48 @@ methods!(
|
|
290
316
|
.wrap_data(validator, &*INT_VALIDATOR_WRAPPER)
|
291
317
|
}
|
292
318
|
|
293
|
-
fn ruby_validator_validate_cert(cert:
|
294
|
-
|
295
|
-
VM::
|
296
|
-
|
297
|
-
|
298
|
-
if let Err(ref error) = now {
|
299
|
-
VM::raise(error.class(), &error.to_string());
|
300
|
-
}
|
301
|
-
|
302
|
-
let mut cert_content: Vec<u8> = Vec::new();
|
303
|
-
for n in cert.unwrap().into_iter() {
|
304
|
-
let n = n.try_convert_to::<Fixnum>();
|
319
|
+
fn ruby_validator_validate_cert(cert: RString, now: Fixnum) -> Boolean {
|
320
|
+
let ruby_cert = cert
|
321
|
+
.map_err(VM::raise_ex)
|
322
|
+
.unwrap()
|
323
|
+
.to_string_unchecked();
|
305
324
|
|
306
|
-
if let Err(ref error) = n {
|
307
|
-
VM::raise(error.class(), &error.to_string());
|
308
|
-
}
|
309
|
-
|
310
|
-
cert_content.push(n.unwrap().to_i64() as u8);
|
311
|
-
}
|
312
325
|
let mut cert = capbac::proto::Certificate::new();
|
313
|
-
cert.merge_from_bytes(&
|
326
|
+
cert.merge_from_bytes(&ruby_cert.as_bytes()).unwrap();
|
314
327
|
|
315
|
-
let now = now.unwrap().to_i64() as u64;
|
328
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
316
329
|
|
317
330
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
318
331
|
let validator = capbac::Validator::new(x, x);
|
319
332
|
|
320
333
|
match validator.validate_cert(&cert, now) {
|
321
334
|
Result::Ok(_) => Boolean::new(true),
|
322
|
-
Err(x) =>
|
335
|
+
Err(x) => {
|
323
336
|
let capbac_class = Class::from_existing("CapBAC");
|
324
337
|
match x {
|
325
|
-
capbac::ValidateError::Malformed { .. } =>
|
326
|
-
|
327
|
-
|
338
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
339
|
+
capbac_class.get_nested_class("Malformed"),
|
340
|
+
&format!("{}", x),
|
341
|
+
),
|
328
342
|
capbac::ValidateError::BadURL { .. } => {
|
329
343
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
330
|
-
}
|
331
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
332
|
-
|
333
|
-
|
334
|
-
|
335
|
-
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
}
|
340
|
-
|
341
|
-
|
342
|
-
|
344
|
+
}
|
345
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
346
|
+
capbac_class.get_nested_class("UnknownPub"),
|
347
|
+
&format!("{}", x),
|
348
|
+
),
|
349
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
350
|
+
capbac_class.get_nested_class("BadIssuer"),
|
351
|
+
&format!("{}", x),
|
352
|
+
),
|
353
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
354
|
+
capbac_class.get_nested_class("BadInvoker"),
|
355
|
+
&format!("{}", x),
|
356
|
+
),
|
357
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
358
|
+
capbac_class.get_nested_class("Untrusted"),
|
359
|
+
&format!("{}", x),
|
360
|
+
),
|
343
361
|
capbac::ValidateError::Expired => {
|
344
362
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
345
363
|
}
|
@@ -352,56 +370,50 @@ methods!(
|
|
352
370
|
}
|
353
371
|
}
|
354
372
|
|
355
|
-
fn ruby_validator_validate_invocation(invocation:
|
356
|
-
|
357
|
-
VM::
|
358
|
-
|
373
|
+
fn ruby_validator_validate_invocation(invocation: RString, now: Fixnum) -> Boolean {
|
374
|
+
let ruby_invocation = invocation
|
375
|
+
.map_err(VM::raise_ex)
|
376
|
+
.unwrap()
|
377
|
+
.to_string_unchecked();
|
359
378
|
|
360
|
-
if let Err(ref error) = now {
|
361
|
-
VM::raise(error.class(), &error.to_string());
|
362
|
-
}
|
363
|
-
|
364
|
-
let mut invocation_content: Vec<u8> = Vec::new();
|
365
|
-
for n in invocation.unwrap().into_iter() {
|
366
|
-
let n = n.try_convert_to::<Fixnum>();
|
367
|
-
|
368
|
-
if let Err(ref error) = n {
|
369
|
-
VM::raise(error.class(), &error.to_string());
|
370
|
-
}
|
371
|
-
|
372
|
-
invocation_content.push(n.unwrap().to_i64() as u8);
|
373
|
-
}
|
374
379
|
let mut invocation = capbac::proto::Invocation::new();
|
375
|
-
invocation
|
380
|
+
invocation
|
381
|
+
.merge_from_bytes(&ruby_invocation.as_bytes())
|
382
|
+
.unwrap();
|
376
383
|
|
377
|
-
let now = now.unwrap().to_i64() as u64;
|
384
|
+
let now = now.map_err(VM::raise_ex).unwrap().to_i64() as u64;
|
378
385
|
|
379
386
|
let x = itself.get_data(&*INT_VALIDATOR_WRAPPER);
|
380
387
|
let validator = capbac::Validator::new(x, x);
|
381
388
|
|
382
389
|
match validator.validate_invocation(&invocation, now) {
|
383
390
|
Result::Ok(_) => Boolean::new(true),
|
384
|
-
Err(x) =>
|
391
|
+
Err(x) => {
|
385
392
|
let capbac_class = Class::from_existing("CapBAC");
|
386
393
|
match x {
|
387
|
-
capbac::ValidateError::Malformed { .. } =>
|
388
|
-
|
389
|
-
|
394
|
+
capbac::ValidateError::Malformed { .. } => VM::raise(
|
395
|
+
capbac_class.get_nested_class("Malformed"),
|
396
|
+
&format!("{}", x),
|
397
|
+
),
|
390
398
|
capbac::ValidateError::BadURL { .. } => {
|
391
399
|
VM::raise(capbac_class.get_nested_class("BadURL"), &format!("{}", x))
|
392
|
-
}
|
393
|
-
capbac::ValidateError::UnknownPub { .. } =>
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
|
401
|
-
}
|
402
|
-
|
403
|
-
|
404
|
-
|
400
|
+
}
|
401
|
+
capbac::ValidateError::UnknownPub { .. } => VM::raise(
|
402
|
+
capbac_class.get_nested_class("UnknownPub"),
|
403
|
+
&format!("{}", x),
|
404
|
+
),
|
405
|
+
capbac::ValidateError::BadIssuer { .. } => VM::raise(
|
406
|
+
capbac_class.get_nested_class("BadIssuer"),
|
407
|
+
&format!("{}", x),
|
408
|
+
),
|
409
|
+
capbac::ValidateError::BadInvoker { .. } => VM::raise(
|
410
|
+
capbac_class.get_nested_class("BadInvoker"),
|
411
|
+
&format!("{}", x),
|
412
|
+
),
|
413
|
+
capbac::ValidateError::Untrusted { .. } => VM::raise(
|
414
|
+
capbac_class.get_nested_class("Untrusted"),
|
415
|
+
&format!("{}", x),
|
416
|
+
),
|
405
417
|
capbac::ValidateError::Expired => {
|
406
418
|
VM::raise(capbac_class.get_nested_class("Expired"), &format!("{}", x))
|
407
419
|
}
|
@@ -412,34 +424,6 @@ methods!(
|
|
412
424
|
Boolean::new(false)
|
413
425
|
}
|
414
426
|
}
|
415
|
-
|
416
|
-
}
|
417
|
-
);
|
418
|
-
|
419
|
-
class!(KeyGen);
|
420
|
-
|
421
|
-
methods!(
|
422
|
-
KeyGen,
|
423
|
-
itself,
|
424
|
-
|
425
|
-
fn ruby_generate_keypair() -> Hash {
|
426
|
-
let rng = rand::SystemRandom::new();
|
427
|
-
let key_pair = EcdsaKeyPair::generate_pkcs8(&signature::ECDSA_P256_SHA256_FIXED_SIGNING, &rng).unwrap();
|
428
|
-
let mut sk = Array::new();
|
429
|
-
for item in key_pair.as_ref().iter() {
|
430
|
-
sk.push(Fixnum::new(i64::from(*item)));
|
431
|
-
};
|
432
|
-
|
433
|
-
let key_pair = EcdsaKeyPair::from_pkcs8(&signature::ECDSA_P256_SHA256_FIXED_SIGNING, &key_pair.as_ref()).unwrap();
|
434
|
-
let mut pk = Array::new();
|
435
|
-
for item in key_pair.public_key().as_ref().iter() {
|
436
|
-
pk.push(Fixnum::new(i64::from(*item)));
|
437
|
-
};
|
438
|
-
|
439
|
-
let mut res = Hash::new();
|
440
|
-
res.store(Symbol::new("sk"), sk);
|
441
|
-
res.store(Symbol::new("pk"), pk);
|
442
|
-
res
|
443
427
|
}
|
444
428
|
);
|
445
429
|
|
@@ -454,14 +438,12 @@ pub extern "C" fn Init_capbac() {
|
|
454
438
|
itself.def("invoke", ruby_holder_invoke);
|
455
439
|
});
|
456
440
|
|
457
|
-
itself
|
458
|
-
|
459
|
-
|
460
|
-
|
461
|
-
|
462
|
-
|
463
|
-
|
464
|
-
itself.def("generate!", ruby_generate_keypair);
|
465
|
-
});
|
441
|
+
itself
|
442
|
+
.define_nested_class("Validator", None)
|
443
|
+
.define(|itself| {
|
444
|
+
itself.def_self("new", ruby_validator_new);
|
445
|
+
itself.def("validate_cert", ruby_validator_validate_cert);
|
446
|
+
itself.def("validate_invocation", ruby_validator_validate_invocation);
|
447
|
+
});
|
466
448
|
});
|
467
449
|
}
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: capbac
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kirill Chernyshov
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thermite
|