double-bag-ftps 0.1.0

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Bryan Nix
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,65 @@
+DoubleBagFTPS
+=============
+
+DoubleBagFTPS extends the core Net::FTP class to provide implicit and explicit FTPS support.
+
+Install
+-------
+
+    $ [sudo] gem install double-bag-ftps
+
+**Note**: Your Ruby installation must have OpenSSL support.
+
+Usage
+-----
+    require 'double_bag_ftps'
+
+Example 1:
+
+    # Connect to a host using explicit FTPS and do not verify the host's cert
+    ftps = DoubleBagFTPS.new
+    ftps.ssl_context = DoubleBagFTPS.create_ssl_context(:verify_mode => OpenSSL::SSL::VERIFY_NONE)
+    ftps.connect('some host')
+    ftps.login('usr', 'passwd')
+
+Example 2:
+
+    DoubleBagFTPS.open('host', 'usr', 'passwd', nil, DoubleBagFTPS::IMPLICIT) do |ftps|
+      ...
+    end
+
+Interface
+---------
+
+    # Constants used for setting FTPS mode
+    DoubleBagFTPS::EXPLICIT
+    DoubleBagFTPS::IMPLICIT
+
+    DoubleBagFTPS.new(host = nil, user = nil, passwd = nil, acct = nil, ftps_mode = EXPLICIT, ssl_context_params = {})
+    DoubleBagFTPS.open(host, user = nil, passwd = nil, acct = nil, ftps_mode = EXPLICIT, ssl_context_params = {})
+
+    # Returns an OpenSSL::SSL::SSLContext using params to set set the corresponding SSLContext attributes.
+    DoubleBagFTPS.create_ssl_context(params = {})
+
+    # Set the FTPS mode to implicit (DoubleBagFTPS::IMPLICIT) or explicit (DoubleBagFTPS::EXPLICIT).
+    # The default FTPS mode is explicit. 
+    ftps_mode=(ftps_mode)
+
+    # Same as Net::FTP.connect, but will use port 990 when using implicit FTPS and a port is not specified.
+    connect(host, port = ftps_implicit? ? IMPLICIT_PORT : FTP_PORT)
+
+    # Same as Net::FTP.login, but with optional auth param to control the value that is sent with the AUTH command.
+    login(user = 'anonymous', passwd = nil, acct = nil, auth = 'TLS')
+
+    ftps_explicit?
+    ftps_implicit?
+
+More Information
+----------------
+
+* [Net::FTP RDoc](http://ruby-doc.org/stdlib/libdoc/net/ftp/rdoc/index.html)
+* [OpenSSL RDoc](http://ruby-doc.org/stdlib/libdoc/openssl/rdoc/index.html)
+
+License
+-------
+Copyright © 2011, Bryan Nix. DoubleBagFTPS is released under the MIT license. See LICENSE file for details.

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.rspec_opts = %w[--color]
+end
+
+task :default => :spec

data/double_bag_ftps.gemspec

@@ -0,0 +1,18 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = "double-bag-ftps"
+  s.version     = "0.1.0"
+  s.author      = "Bryan Nix"
+  s.homepage    = "https://github.com/bnix/double-bag-ftps"
+  s.summary     = "Provides a child class of Net::FTP to support implicit and explicit FTPS."
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency "bundler"
+  s.add_development_dependency "rspec"
+end

data/lib/double_bag_ftps.rb

@@ -0,0 +1,164 @@
+require 'net/ftp'
+begin
+  require 'openssl'
+rescue LoadError
+end
+
+class DoubleBagFTPS < Net::FTP
+  EXPLICIT = :explicit
+  IMPLICIT = :implicit
+  IMPLICIT_PORT = 990
+
+  # The form of FTPS that should be used. Either EXPLICIT or IMPLICIT.
+  # Defaults to EXPLICIT.
+  attr_reader :ftps_mode
+
+  # The OpenSSL::SSL::SSLContext to use for creating all OpenSSL::SSL::SSLSocket objects.
+  attr_accessor :ssl_context
+
+  def initialize(host = nil, user = nil, passwd = nil, acct = nil, ftps_mode = EXPLICIT, ssl_context_params = {})
+    raise ArgumentError unless valid_ftps_mode?(ftps_mode)
+    @ftps_mode = ftps_mode
+    @ssl_context = DoubleBagFTPS.create_ssl_context(ssl_context_params)
+    super(host, user, passwd, acct)
+  end
+
+  def DoubleBagFTPS.open(host, user = nil, passwd = nil, acct = nil, ftps_mode = EXPLICIT, ssl_context_params = {})
+    if block_given?
+      ftps = new(host, user, passwd, acct, ftps_mode, ssl_context_params)
+      begin
+        yield ftps
+      ensure
+        ftps.close
+      end
+    else
+      new(host, user, passwd, acct, ftps_mode, ssl_context_params)
+    end
+  end
+
+  #
+  # Allow @ftps_mode to be set when @sock is not connected
+  #
+  def ftps_mode=(ftps_mode)
+    # Ruby 1.8.7/1.9.2 compatible check
+    if (defined?(NullSocket) && @sock.kind_of?(NullSocket)) || @sock.nil? || @sock.closed?
+      raise ArgumentError unless valid_ftps_mode?(ftps_mode)
+      @ftps_mode = ftps_mode
+    else
+      raise 'Cannot set ftps_mode while connected'
+    end
+  end
+
+  #
+  # Establishes the command channel.
+  # Override parent to record host name for verification, and allow default implicit port.
+  #
+  def connect(host, port = ftps_implicit? ? IMPLICIT_PORT : FTP_PORT)
+    @hostname = host
+    super
+  end
+
+  def login(user = 'anonymous', passwd = nil, acct = nil, auth = 'TLS')
+    if ftps_explicit?
+      synchronize do
+        sendcmd('AUTH ' + auth) # Set the security mechanism
+        @sock = ssl_socket(@sock)
+      end
+    end
+    
+    super(user, passwd, acct)
+    voidcmd('PBSZ 0') # The expected value for Protection Buffer Size (PBSZ) is 0 for TLS/SSL 
+    voidcmd('PROT P') # Set data channel protection level to Private
+  end
+
+  #
+  # Override parent to allow an OpenSSL::SSL::SSLSocket to be returned
+  # when using implicit FTPS
+  #
+  def open_socket(host, port, defer_implicit_ssl = false)
+    if defined? SOCKSSocket and ENV["SOCKS_SERVER"]
+      @passive = true
+      sock = SOCKSSocket.open(host, port)
+    else
+      sock = TCPSocket.open(host, port)
+    end
+    return (!defer_implicit_ssl && ftps_implicit?) ? ssl_socket(sock) : sock
+  end
+  private :open_socket
+
+  #
+  # Override parent to support ssl sockets
+  #
+  def transfercmd(cmd, rest_offset = nil)
+    if @passive
+      host, port = makepasv
+
+      if @resume and rest_offset
+        resp = sendcmd('REST ' + rest_offset.to_s)
+        if resp[0] != ?3
+          raise FTPReplyError, resp
+        end
+      end
+      conn = open_socket(host, port, true)
+      resp = sendcmd(cmd)
+      # skip 2XX for some ftp servers
+      resp = getresp if resp[0] == ?2
+      if resp[0] != ?1
+        raise FTPReplyError, resp
+      end
+      conn = ssl_socket(conn) # SSL connection now possible after cmd sent
+    else
+      sock = makeport
+      if @resume and rest_offset
+        resp = sendcmd('REST ' + rest_offset.to_s)
+        if resp[0] != ?3
+          raise FTPReplyError, resp
+        end
+      end
+      resp = sendcmd(cmd)
+      # skip 2XX for some ftp servers
+      resp = getresp if resp[0] == ?2
+      if resp[0] != ?1
+        raise FTPReplyError, resp
+      end
+
+      temp_ssl_sock = ssl_socket(sock)
+      conn = temp_ssl_sock.accept
+      temp_ssl_sock.close
+    end
+    return conn
+  end
+  private :transfercmd
+
+  def ftps_explicit?; @ftps_mode == EXPLICIT end
+  def ftps_implicit?; @ftps_mode == IMPLICIT end
+
+  def valid_ftps_mode?(mode)
+    mode == EXPLICIT || mode == IMPLICIT
+  end
+  private :valid_ftps_mode?
+
+  #
+  # Returns a connected OpenSSL::SSL::SSLSocket
+  #
+  def ssl_socket(sock)
+    raise 'SSL extension not installed' unless defined?(OpenSSL)
+    sock = OpenSSL::SSL::SSLSocket.new(sock, @ssl_context)
+    sock.sync_close = true
+    sock.connect
+    print "get: #{sock.peer_cert.to_text}" if @debug_mode
+    unless @ssl_context.verify_mode == OpenSSL::SSL::VERIFY_NONE
+      sock.post_connection_check(@hostname)
+    end
+    return sock
+  end
+  private :ssl_socket
+
+  def DoubleBagFTPS.create_ssl_context(params = {})
+    raise 'SSL extension not installed' unless defined?(OpenSSL)
+    context = OpenSSL::SSL::SSLContext.new
+    context.set_params(params)
+    return context
+  end
+  
+end

data/spec/double_bag_ftps_spec.rb

@@ -0,0 +1,72 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+shared_examples_for "DoubleBagFTPS" do
+  it "connects to a remote host" do
+    lambda {@ftp.connect(HOST)}.should_not raise_error
+  end
+
+  it "logs in with a user name and password" do
+  	@ftp.connect(HOST)
+    lambda {@ftp.login(USR, PASSWD)}.should_not raise_error
+  end
+
+  it "can open a secure data channel" do
+  	@ftp.connect(HOST)
+    @ftp.login(USR, PASSWD)
+    @ftp.send(:transfercmd, 'nlst').should be_an_instance_of OpenSSL::SSL::SSLSocket
+  end
+
+  it "prevents setting the FTPS mode while connected" do
+    @ftp.connect(HOST)
+    lambda {@ftp.ftps_mode = 'dummy value'}.should raise_error
+  end
+
+  it "prevents setting the FTPS mode to an unrecognized value" do
+    lambda {@ftp.ftps_mode = 'dummy value'}.should raise_error
+  end
+
+end
+
+describe DoubleBagFTPS do
+  context "implicit" do
+    before(:each) do
+      @ftp = DoubleBagFTPS.new
+      @ftp.ftps_mode = DoubleBagFTPS::IMPLICIT
+      @ftp.passive = true
+      @ftp.ssl_context = DoubleBagFTPS.create_ssl_context(:verify_mode => OpenSSL::SSL::VERIFY_NONE)
+    end
+
+    after(:each) do
+      @ftp.close unless @ftp.welcome.nil?
+    end
+
+    it "uses an SSLSocket when first connected" do
+      @ftp.connect(HOST)
+      @ftp.instance_eval {def socket; @sock; end}
+      @ftp.socket.should be_an_instance_of OpenSSL::SSL::SSLSocket
+    end
+
+    it_should_behave_like "DoubleBagFTPS"
+  end
+
+  context "explicit" do
+    before(:each) do
+    	@ftp = DoubleBagFTPS.new
+    	@ftp.ftps_mode = DoubleBagFTPS::EXPLICIT
+      @ftp.passive = true
+    	@ftp.ssl_context = DoubleBagFTPS.create_ssl_context(:verify_mode => OpenSSL::SSL::VERIFY_NONE)
+    end
+
+    after(:each) do
+    	@ftp.close unless @ftp.welcome.nil?
+    end
+
+    it "does not use an SSLSocket when first connected" do
+      @ftp.connect(HOST)
+      @ftp.instance_eval {def socket; @sock; end}
+      @ftp.socket.should_not be_an_instance_of OpenSSL::SSL::SSLSocket
+    end
+
+    it_should_behave_like "DoubleBagFTPS"
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'double_bag_ftps'
+
+HOST   = 'ftp.secureftp-test.com'
+USR    = 'test'
+PASSWD = 'test'

metadata

@@ -0,0 +1,74 @@
+--- !ruby/object:Gem::Specification
+name: double-bag-ftps
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Bryan Nix
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-10-03 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: &75184820 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *75184820
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &75184600 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *75184600
+description: 
+email: 
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- LICENSE
+- README.md
+- Rakefile
+- double_bag_ftps.gemspec
+- lib/double_bag_ftps.rb
+- spec/double_bag_ftps_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/bnix/double-bag-ftps
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Provides a child class of Net::FTP to support implicit and explicit FTPS.
+test_files: []