certmeister 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +3 -3
  3. data/lib/certmeister/policy/ip.rb +35 -0
  4. data/lib/certmeister/version.rb +1 -1
  5. data/spec/certmeister/policy/ip_spec.rb +36 -0
  6. metadata +4 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 45294a93b1babeea90937ee91c345bddefa60b25
4
- data.tar.gz: 1c0f12426788ad03d9952e2e3532128951d9575e
3
+ metadata.gz: 4a9c4caa4ce477f7481e1357d98f142638e9a531
4
+ data.tar.gz: c81a795d5f84058b66cdbb0f9a7ae8f2adc94554
5
5
  SHA512:
6
- metadata.gz: 763ed829a24c1002c00e3732b41db17d013195ad61686f6552d07424ed4ba101f5ff18545c47a1caa50c81228cb46961dac32048227b2ec9fcc164b69aab91cb
7
- data.tar.gz: a953b468dddfdf2a27f381b1c9b316926ee7397011b9e28cbb9fd9834cfd439073ccf7a8c52fdeb98985785479ebe4b510f0ead3a791872aa31128239a05d463
6
+ metadata.gz: 2e11877e3183bd036e954a0b8f961ba4ca6941c74785b04929db9ae1f02d8cf3cca0f602f233d162494e7fe4414f09e165fe54ff4bd5728724fb35dfa2d59b67
7
+ data.tar.gz: 1fbe2145d82e9a3d41441ec3d3806b9e94497bd94f438680e0f7ea93b1a267cb5d37b7e4192146099864c1f6fdf902986d5bbbe9c4d773ee5182a780c3b23aee
data/Gemfile.lock CHANGED
@@ -1,9 +1,9 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- certmeister (0.1.0)
5
- certmeister-redis (0.1.0)
6
- certmeister (= 0.1.0)
4
+ certmeister (0.2.0)
5
+ certmeister-redis (0.2.0)
6
+ certmeister (= 0.2.0)
7
7
  redis-sentinel (~> 1.4)
8
8
 
9
9
  GEM
data/lib/certmeister/policy/ip.rb ADDED
@@ -0,0 +1,35 @@
1
+ require 'certmeister/policy/response'
2
+ require 'ipaddr'
3
+
4
+ module Certmeister
5
+
6
+ module Policy
7
+
8
+ class IP
9
+
10
+ def initialize(networks)
11
+ @networks = networks.map { |n| IPAddr.new(n) }
12
+ end
13
+
14
+ def authenticate(request)
15
+ begin
16
+ if !request[:ip]
17
+ Certmeister::Policy::Response.new(false, "missing ip")
18
+ else
19
+ ip = IPAddr.new(request[:ip])
20
+ if @networks.any? { |n| n.include?(ip) }
21
+ Certmeister::Policy::Response.new(true, nil)
22
+ else
23
+ Certmeister::Policy::Response.new(false, "unauthorized ip")
24
+ end
25
+ end
26
+ rescue IPAddr::Error
27
+ Certmeister::Policy::Response.new(false, "invalid ip")
28
+ end
29
+ end
30
+
31
+ end
32
+
33
+ end
34
+
35
+ end
data/lib/certmeister/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Certmeister
2
2
 
3
- VERSION = '0.1.0' unless defined?(VERSION)
3
+ VERSION = '0.2.0' unless defined?(VERSION)
4
4
 
5
5
  end
data/spec/certmeister/policy/ip_spec.rb ADDED
@@ -0,0 +1,36 @@
1
+ require 'spec_helper'
2
+
3
+ require 'certmeister/policy/ip'
4
+
5
+ describe Certmeister::Policy::IP do
6
+
7
+ subject { Certmeister::Policy::IP.new(['127.0.0.0/8', '192.168.0.0/23']) }
8
+
9
+ it "demands a request" do
10
+ expect { subject.authenticate }.to raise_error(ArgumentError)
11
+ end
12
+
13
+ it "refuses to authenticate a request with a missing ip" do
14
+ response = subject.authenticate(cn: 'localhost')
15
+ expect(response).to_not be_authenticated
16
+ expect(response.error).to eql "missing ip"
17
+ end
18
+
19
+ it "refuses to authenticate a request with a malformed ip" do
20
+ response = subject.authenticate(cn: 'localhost', ip: '127.1')
21
+ expect(response).to_not be_authenticated
22
+ expect(response.error).to eql "invalid ip"
23
+ end
24
+
25
+ it "refuses to authenticate an IP outside the configured list of networks" do
26
+ response = subject.authenticate(cn: 'localhost', ip: '172.16.0.1')
27
+ expect(response).to_not be_authenticated
28
+ expect(response.error).to eql "unauthorized ip"
29
+ end
30
+
31
+ it "allows an IP inside a configured network" do
32
+ response = subject.authenticate(cn: 'localhost', ip: '192.168.0.1')
33
+ expect(response).to be_authenticated
34
+ end
35
+
36
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: certmeister
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sheldon Hearn
@@ -96,6 +96,7 @@ files:
96
96
  - lib/certmeister/policy/domain.rb
97
97
  - lib/certmeister/policy/existing.rb
98
98
  - lib/certmeister/policy/fcrdns.rb
99
+ - lib/certmeister/policy/ip.rb
99
100
  - lib/certmeister/policy/noop.rb
100
101
  - lib/certmeister/policy/psk.rb
101
102
  - lib/certmeister/policy/response.rb
@@ -112,6 +113,7 @@ files:
112
113
  - spec/certmeister/policy/domain_spec.rb
113
114
  - spec/certmeister/policy/existing_spec.rb
114
115
  - spec/certmeister/policy/fcrdns_spec.rb
116
+ - spec/certmeister/policy/ip_spec.rb
115
117
  - spec/certmeister/policy/noop_spec.rb
116
118
  - spec/certmeister/policy/psk_spec.rb
117
119
  - spec/certmeister/policy/response_spec.rb
@@ -155,6 +157,7 @@ test_files:
155
157
  - spec/certmeister/policy/domain_spec.rb
156
158
  - spec/certmeister/policy/existing_spec.rb
157
159
  - spec/certmeister/policy/fcrdns_spec.rb
160
+ - spec/certmeister/policy/ip_spec.rb
158
161
  - spec/certmeister/policy/noop_spec.rb
159
162
  - spec/certmeister/policy/psk_spec.rb
160
163
  - spec/certmeister/policy/response_spec.rb