capbac_cli 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +35 -0
- data/cli_lib/capbac_cli.rb +159 -0
- data/exe/capbac-cli +5 -0
- metadata +75 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 886d97ead136540c97f3294c37d77d5a982933ee449b405e44d91629974efb92
|
4
|
+
data.tar.gz: 1934bac409b4e2c3f83efae982f597507ffa27fdacd68ee7f7290bf9147c1fdb
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: a49c48ff999c693f66c07474caaa4abf77b5648b7e38298789ee01591f43dcb35f45ce54c357dee9d36711e44ea9d094de9246e1758722cd55de4389b32c5d01
|
7
|
+
data.tar.gz: e49baea931de42f78c8774fad81ee613f7cfd021cde1ea53c87ee8ebe975ec7ad95961692c7791d0f7b3e63f1c08084fe44868e95485df44b4842328c0c8a39e
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2020 Xapix GmbH
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,35 @@
|
|
1
|
+
# Capbac
|
2
|
+
|
3
|
+
Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/capbac`. To experiment with that code, run `bin/console` for an interactive prompt.
|
4
|
+
|
5
|
+
TODO: Delete this and the text above, and describe your gem
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'capbac'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install capbac
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
TODO: Write usage instructions here
|
26
|
+
|
27
|
+
## Development
|
28
|
+
|
29
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
30
|
+
|
31
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
32
|
+
|
33
|
+
## Contributing
|
34
|
+
|
35
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/capbac.
|
@@ -0,0 +1,159 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'capbac'
|
4
|
+
require 'capbac/version'
|
5
|
+
require 'commander/import'
|
6
|
+
require 'optparse/uri'
|
7
|
+
require 'uri'
|
8
|
+
|
9
|
+
class RegexpTrustChecker < CapBAC::TrustChecker
|
10
|
+
def initialize(regex)
|
11
|
+
@check_regex = regex
|
12
|
+
end
|
13
|
+
|
14
|
+
def trusted?(id)
|
15
|
+
!!@check_regex.match(id.to_s)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
class HashPubs < CapBAC::Pubs
|
20
|
+
def initialize(pubs)
|
21
|
+
@pubs = {}
|
22
|
+
pubs.each do |pub|
|
23
|
+
pair = pub.split('=')
|
24
|
+
@pubs[URI.parse(pair[0])] = File.read(pair[1])
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def get(id)
|
29
|
+
@pubs[id]
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
# :name is optional, otherwise uses the basename of this executable
|
34
|
+
program :name, 'CapBAC CLI'
|
35
|
+
program :version, CapBAC::VERSION
|
36
|
+
program :description, 'CapBAC CLI tool to forge, delegate and validate certificates and invocations.'
|
37
|
+
|
38
|
+
command :forge do |c|
|
39
|
+
c.option '--capability CAPABILITY', String
|
40
|
+
c.option '--subject SUBJECT', URI
|
41
|
+
c.option '--me ME', URI
|
42
|
+
c.option '--sk SK', String
|
43
|
+
c.option '--exp [EXP]', Integer
|
44
|
+
c.action do |_args, options|
|
45
|
+
holder = CapBAC::Holder.new(options.me, File.read(options.sk))
|
46
|
+
ios = IO.new STDOUT.fileno
|
47
|
+
cert = holder.forge(subject: options.subject, capability: options.capability)
|
48
|
+
ios.write cert
|
49
|
+
ios.close
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
command :delegate do |c|
|
54
|
+
c.option '--capability CAPABILITY', String
|
55
|
+
c.option '--subject SUBJECT', URI
|
56
|
+
c.option '--me ME', URI
|
57
|
+
c.option '--sk SK', String
|
58
|
+
c.option '--exp [EXP]', Integer
|
59
|
+
c.action do |_args, options|
|
60
|
+
holder = CapBAC::Holder.new(options.me, File.read(options.sk))
|
61
|
+
cert = holder.delegate(STDIN.read, subject: options.subject, capability: options.capability)
|
62
|
+
ios = IO.new STDOUT.fileno
|
63
|
+
ios.write cert
|
64
|
+
ios.close
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
command :invoke do |c|
|
69
|
+
c.option '--action ACTION', String
|
70
|
+
c.option '--cert CERT', String
|
71
|
+
c.option '--me ME', URI
|
72
|
+
c.option '--sk SK', String
|
73
|
+
c.option '--exp EXP', Integer
|
74
|
+
c.action do |_args, options|
|
75
|
+
holder = CapBAC::Holder.new(options.me, File.read(options.sk))
|
76
|
+
inv = holder.invoke(cert: File.read(options.cert), action: options.action, exp: options.exp)
|
77
|
+
ios = IO.new STDOUT.fileno
|
78
|
+
ios.write inv
|
79
|
+
ios.close
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
command 'certificate-validate' do |c|
|
84
|
+
pubs = []
|
85
|
+
c.option '--now NOW', Integer
|
86
|
+
c.option '--trust-ids REGEX', Regexp
|
87
|
+
c.option('--pub PUB', String) { |x| pubs << x }
|
88
|
+
c.action do |_args, options|
|
89
|
+
trust_checker = RegexpTrustChecker.new(options.trust_ids)
|
90
|
+
pubs = HashPubs.new(pubs)
|
91
|
+
validator = CapBAC::Validator.new(trust_checker, pubs)
|
92
|
+
begin
|
93
|
+
validator.validate_cert(STDIN.read, options.now)
|
94
|
+
rescue CapBAC::Malformed => e
|
95
|
+
say e
|
96
|
+
exit 11
|
97
|
+
rescue CapBAC::BadURL => e
|
98
|
+
say e
|
99
|
+
exit 12
|
100
|
+
rescue CapBAC::UnknownPub => e
|
101
|
+
say e
|
102
|
+
exit 12
|
103
|
+
rescue CapBAC::BadIssuer => e
|
104
|
+
say e
|
105
|
+
exit 13
|
106
|
+
rescue CapBAC::BadInvoker => e
|
107
|
+
say e
|
108
|
+
exit 13
|
109
|
+
rescue CapBAC::Untrusted => e
|
110
|
+
say e
|
111
|
+
exit 13
|
112
|
+
rescue CapBAC::Expired
|
113
|
+
say 'Expired'
|
114
|
+
exit 14
|
115
|
+
rescue CapBAC::BadSign
|
116
|
+
say 'Bad sign'
|
117
|
+
exit 15
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
command 'invocation-validate' do |c|
|
123
|
+
pubs = []
|
124
|
+
c.option '--now NOW', Integer
|
125
|
+
c.option '--trust-ids REGEX', Regexp
|
126
|
+
c.option('--pub PUB', String) { |x| pubs << x }
|
127
|
+
c.action do |_args, options|
|
128
|
+
trust_checker = RegexpTrustChecker.new(options.trust_ids)
|
129
|
+
pubs = HashPubs.new(pubs)
|
130
|
+
validator = CapBAC::Validator.new(trust_checker, pubs)
|
131
|
+
begin
|
132
|
+
validator.validate_invocation(STDIN.read, options.now)
|
133
|
+
rescue CapBAC::Malformed => e
|
134
|
+
say e
|
135
|
+
exit 11
|
136
|
+
rescue CapBAC::BadURL => e
|
137
|
+
say e
|
138
|
+
exit 12
|
139
|
+
rescue CapBAC::UnknownPub => e
|
140
|
+
say e
|
141
|
+
exit 12
|
142
|
+
rescue CapBAC::BadIssuer => e
|
143
|
+
say e
|
144
|
+
exit 13
|
145
|
+
rescue CapBAC::BadInvoker => e
|
146
|
+
say e
|
147
|
+
exit 13
|
148
|
+
rescue CapBAC::Untrusted => e
|
149
|
+
say e
|
150
|
+
exit 13
|
151
|
+
rescue CapBAC::Expired
|
152
|
+
say 'Expired'
|
153
|
+
exit 14
|
154
|
+
rescue CapBAC::BadSign
|
155
|
+
say 'Bad sign'
|
156
|
+
exit 15
|
157
|
+
end
|
158
|
+
end
|
159
|
+
end
|
data/exe/capbac-cli
ADDED
metadata
ADDED
@@ -0,0 +1,75 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: capbac_cli
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.4.3
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Kirill Chernyshov
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-08-11 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: capbac
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.4.3
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.4.3
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: commander
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 4.5.2
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 4.5.2
|
41
|
+
description:
|
42
|
+
email: delaguardo@gmail.com
|
43
|
+
executables:
|
44
|
+
- capbac-cli
|
45
|
+
extensions: []
|
46
|
+
extra_rdoc_files: []
|
47
|
+
files:
|
48
|
+
- LICENSE
|
49
|
+
- README.md
|
50
|
+
- cli_lib/capbac_cli.rb
|
51
|
+
- exe/capbac-cli
|
52
|
+
homepage: http://capbac.org
|
53
|
+
licenses:
|
54
|
+
- MIT
|
55
|
+
metadata: {}
|
56
|
+
post_install_message:
|
57
|
+
rdoc_options: []
|
58
|
+
require_paths:
|
59
|
+
- cli_lib
|
60
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
61
|
+
requirements:
|
62
|
+
- - ">="
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: '0'
|
65
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - ">="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
requirements: []
|
71
|
+
rubygems_version: 3.1.2
|
72
|
+
signing_key:
|
73
|
+
specification_version: 4
|
74
|
+
summary: Command line utility for Capability-based Access Control model
|
75
|
+
test_files: []
|