certmeister 0.3.2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +5 -5
- data/README.md +2 -3
- data/lib/certmeister/policy/chain_all.rb +4 -13
- data/lib/certmeister/policy/chain_any.rb +27 -0
- data/lib/certmeister/policy.rb +7 -0
- data/lib/certmeister/version.rb +1 -1
- data/spec/certmeister/policy/chain_all_spec.rb +6 -6
- data/spec/certmeister/policy/chain_any_spec.rb +37 -0
- metadata +4 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 41a8e46ac96ea1df82ccd6bc6d1e7ac813c45b39
|
|
4
|
+
data.tar.gz: 7d3deab06f303c7725b316db513e1951d7ce2429
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 476a2abd15ebd45ac60facf0c6b3837ae08b3bc11d9785e230ecd94b58acad5aa3abf3a5b5db246be204a9400e1bf2aacc19173ff42f4d3cc721f1edb1f34ef4
|
|
7
|
+
data.tar.gz: e7385adbdb0288a486897979c64b459b1efb672bbc334502300ac35764bff158a7759060f748e68b5750d013f01b40e8281deb277786d13e06b0c6e16d9c7a7d
|
data/Gemfile.lock
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
certmeister (0.
|
|
5
|
-
certmeister-rack (0.
|
|
6
|
-
certmeister (= 0.
|
|
4
|
+
certmeister (0.4.0)
|
|
5
|
+
certmeister-rack (0.4.0)
|
|
6
|
+
certmeister (= 0.4.0)
|
|
7
7
|
rack (~> 1.5)
|
|
8
|
-
certmeister-redis (0.
|
|
9
|
-
certmeister (= 0.
|
|
8
|
+
certmeister-redis (0.4.0)
|
|
9
|
+
certmeister (= 0.4.0)
|
|
10
10
|
redis-sentinel (~> 1.4)
|
|
11
11
|
|
|
12
12
|
GEM
|
data/README.md
CHANGED
|
@@ -56,9 +56,8 @@ If you work at Hetzner and need to release new versions of the gems, do this
|
|
|
56
56
|
changes):
|
|
57
57
|
|
|
58
58
|
```
|
|
59
|
-
|
|
59
|
+
# edit lib/certmeister/version.rb
|
|
60
60
|
bundle
|
|
61
|
-
git
|
|
62
|
-
git commit -m "Bump to version $(bundle exec semver)"
|
|
61
|
+
git commit -m "Bump to version x.y.z" Gemfile.lock lib/certmeister/version.rb
|
|
63
62
|
bundle exec release
|
|
64
63
|
```
|
|
@@ -6,29 +6,20 @@ module Certmeister
|
|
|
6
6
|
|
|
7
7
|
class ChainAll
|
|
8
8
|
|
|
9
|
-
def initialize(
|
|
10
|
-
|
|
11
|
-
@
|
|
9
|
+
def initialize(policies)
|
|
10
|
+
Certmeister::Policy.validate_policies(policies)
|
|
11
|
+
@policies = policies
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def authenticate(request)
|
|
15
15
|
success = Certmeister::Policy::Response.new(true, nil)
|
|
16
|
-
@
|
|
16
|
+
@policies.inject(success) do |continue, policy|
|
|
17
17
|
response = policy.authenticate(request)
|
|
18
18
|
break response unless response.authenticated?
|
|
19
19
|
continue
|
|
20
20
|
end
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
private
|
|
24
|
-
|
|
25
|
-
def validate_policys(policys)
|
|
26
|
-
unless policys.is_a?(Enumerable) and policys.respond_to?(:size) and policys.size > 0 and
|
|
27
|
-
policys.all? { |policy| Certmeister::Policy.validate_authenticate_signature(policy) }
|
|
28
|
-
raise ArgumentError.new("enumerable collection of policys required")
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
|
|
32
23
|
end
|
|
33
24
|
|
|
34
25
|
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
require 'certmeister/policy'
|
|
2
|
+
|
|
3
|
+
module Certmeister
|
|
4
|
+
|
|
5
|
+
module Policy
|
|
6
|
+
|
|
7
|
+
class ChainAny
|
|
8
|
+
|
|
9
|
+
def initialize(policies)
|
|
10
|
+
Certmeister::Policy.validate_policies(policies)
|
|
11
|
+
@policies = policies
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def authenticate(request)
|
|
15
|
+
failure = Certmeister::Policy::Response.new(false, "no conditions satisifed")
|
|
16
|
+
@policies.inject(failure) do |continue, policy|
|
|
17
|
+
response = policy.authenticate(request)
|
|
18
|
+
break response if response.authenticated?
|
|
19
|
+
continue
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
end
|
data/lib/certmeister/policy.rb
CHANGED
|
@@ -11,6 +11,13 @@ module Certmeister
|
|
|
11
11
|
response.respond_to?(:authenticated?) and response.respond_to?(:error)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
+
def self.validate_policies(policies)
|
|
15
|
+
unless policies.is_a?(Enumerable) and policies.respond_to?(:size) and policies.size > 0 and
|
|
16
|
+
policies.all? { |policy| self.validate_authenticate_signature(policy) }
|
|
17
|
+
raise ArgumentError.new("enumerable collection of policies required")
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
14
21
|
end
|
|
15
22
|
|
|
16
23
|
end
|
data/lib/certmeister/version.rb
CHANGED
|
@@ -6,8 +6,8 @@ require 'certmeister/policy/chain_all'
|
|
|
6
6
|
|
|
7
7
|
describe Certmeister::Policy::ChainAll do
|
|
8
8
|
|
|
9
|
-
it "must be configured with a list of
|
|
10
|
-
expected_error = "enumerable collection of
|
|
9
|
+
it "must be configured with a list of policies" do
|
|
10
|
+
expected_error = "enumerable collection of policies required"
|
|
11
11
|
expect { Certmeister::Policy::ChainAll.new }.to raise_error(ArgumentError)
|
|
12
12
|
expect { Certmeister::Policy::ChainAll.new(Certmeister::Policy::Noop.new) }.to raise_error(ArgumentError, expected_error)
|
|
13
13
|
expect { Certmeister::Policy::ChainAll.new([]) }.to raise_error(ArgumentError, expected_error)
|
|
@@ -18,18 +18,18 @@ describe Certmeister::Policy::ChainAll do
|
|
|
18
18
|
expect { policy.authenticate }.to raise_error(ArgumentError)
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
it "authenticates a request that all its chained
|
|
21
|
+
it "authenticates a request that all its chained policies authenticate" do
|
|
22
22
|
policy = Certmeister::Policy::ChainAll.new([Certmeister::Policy::Noop.new, Certmeister::Policy::Noop.new])
|
|
23
23
|
response = policy.authenticate({anything: 'something'})
|
|
24
24
|
expect(response).to be_authenticated
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
it "refuses a request that any one of its chained
|
|
27
|
+
it "refuses a request that any one of its chained policies refuses" do
|
|
28
28
|
refuse_last = Certmeister::Policy::ChainAll.new([ Certmeister::Policy::Noop.new, Certmeister::Policy::Blackhole.new])
|
|
29
29
|
refuse_first = Certmeister::Policy::ChainAll.new([ Certmeister::Policy::Blackhole.new, Certmeister::Policy::Noop.new])
|
|
30
|
-
|
|
30
|
+
policies = [refuse_last, refuse_first]
|
|
31
31
|
|
|
32
|
-
|
|
32
|
+
policies.each do |policy|
|
|
33
33
|
response = policy.authenticate({anything: 'something'})
|
|
34
34
|
expect(response).to_not be_authenticated
|
|
35
35
|
expect(response.error).to eql "blackholed"
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
require 'certmeister/policy/blackhole'
|
|
3
|
+
require 'certmeister/policy/noop'
|
|
4
|
+
|
|
5
|
+
require 'certmeister/policy/chain_any'
|
|
6
|
+
|
|
7
|
+
describe Certmeister::Policy::ChainAny do
|
|
8
|
+
|
|
9
|
+
it "must be configured with a list of policies" do
|
|
10
|
+
expected_error = "enumerable collection of policies required"
|
|
11
|
+
expect { Certmeister::Policy::ChainAny.new }.to raise_error(ArgumentError)
|
|
12
|
+
expect { Certmeister::Policy::ChainAny.new(Certmeister::Policy::Noop.new) }.to raise_error(ArgumentError, expected_error)
|
|
13
|
+
expect { Certmeister::Policy::ChainAny.new([]) }.to raise_error(ArgumentError, expected_error)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it "demands a request" do
|
|
17
|
+
policy = Certmeister::Policy::ChainAny.new([Certmeister::Policy::Noop.new])
|
|
18
|
+
expect { policy.authenticate }.to raise_error(ArgumentError)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
it "authenticates a request that any of its chained policies authenticate" do
|
|
22
|
+
policy = Certmeister::Policy::ChainAny.new([Certmeister::Policy::Blackhole.new, Certmeister::Policy::Noop.new, Certmeister::Policy::Blackhole.new])
|
|
23
|
+
response = policy.authenticate({anything: 'something'})
|
|
24
|
+
expect(response).to be_authenticated
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
it "refuses a request that none of its chained policies refuses" do
|
|
28
|
+
policy = Certmeister::Policy::ChainAll.new([ Certmeister::Policy::Blackhole.new, Certmeister::Policy::Blackhole.new])
|
|
29
|
+
response = policy.authenticate({anything: 'something'})
|
|
30
|
+
expect(response).to_not be_authenticated
|
|
31
|
+
expect(response.error).to eql "blackholed"
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
it "uses the error message of the last encountered refusal in the chain"
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: certmeister
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sheldon Hearn
|
|
@@ -93,6 +93,7 @@ files:
|
|
|
93
93
|
- lib/certmeister/policy.rb
|
|
94
94
|
- lib/certmeister/policy/blackhole.rb
|
|
95
95
|
- lib/certmeister/policy/chain_all.rb
|
|
96
|
+
- lib/certmeister/policy/chain_any.rb
|
|
96
97
|
- lib/certmeister/policy/domain.rb
|
|
97
98
|
- lib/certmeister/policy/existing.rb
|
|
98
99
|
- lib/certmeister/policy/fcrdns.rb
|
|
@@ -109,6 +110,7 @@ files:
|
|
|
109
110
|
- spec/certmeister/in_memory_store_spec.rb
|
|
110
111
|
- spec/certmeister/policy/blackhole_spec.rb
|
|
111
112
|
- spec/certmeister/policy/chain_all_spec.rb
|
|
113
|
+
- spec/certmeister/policy/chain_any_spec.rb
|
|
112
114
|
- spec/certmeister/policy/domain_spec.rb
|
|
113
115
|
- spec/certmeister/policy/existing_spec.rb
|
|
114
116
|
- spec/certmeister/policy/fcrdns_spec.rb
|
|
@@ -153,6 +155,7 @@ test_files:
|
|
|
153
155
|
- spec/certmeister/in_memory_store_spec.rb
|
|
154
156
|
- spec/certmeister/policy/blackhole_spec.rb
|
|
155
157
|
- spec/certmeister/policy/chain_all_spec.rb
|
|
158
|
+
- spec/certmeister/policy/chain_any_spec.rb
|
|
156
159
|
- spec/certmeister/policy/domain_spec.rb
|
|
157
160
|
- spec/certmeister/policy/existing_spec.rb
|
|
158
161
|
- spec/certmeister/policy/fcrdns_spec.rb
|