RubyGems - fenris - Versions diffs - 0.0.1 - Mend

fenris 0.0.1

Files changed (6) hide show

data/bin/fenris ADDED Viewed

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+lib = File.expand_path(File.dirname(__FILE__) + '/../lib')
+$LOAD_PATH.unshift(lib) if File.directory?(lib) && !$LOAD_PATH.include?(lib)
+require 'fenris/em'
+require 'fenris/command'
+require 'fenris/client'
+args = ARGV.dup
+ARGV.clear
+command = args.shift.strip rescue 'help'
+#arg = args.shift.strip rescue nil
+Fenris::Command.run command, *args

data/lib/fenris/client.rb ADDED Viewed

@@ -0,0 +1,150 @@
+require 'restclient'
+require 'json'
+require 'openssl'
+module Fenris
+  class Client
+    def debug(message)
+      puts "DEBUG: #{message}" if ENV['DEBUG']
+    end
+    def log(message)
+      puts "LOG: #{message}"
+    end
+    def initialize(url)
+      @url = url
+    end
+    def update(ip, port)
+      RestClient.put("#{@url}", { :ip => ip, :port => port }, :content_type => :json, :accept => :json)
+    end
+    def user
+      @user ||= JSON.parse RestClient.get("#{@url}", :content_type => :json, :accept => :json)
+    end
+    def consumers
+      @consumers ||= JSON.parse RestClient.get("#{@url}consumers", :content_type => :json, :accept => :json);
+    end
+    def providers
+      @providers ||= JSON.parse RestClient.get("#{@url}providers", :content_type => :json, :accept => :json);
+    end
+    def user_name
+      user["name"]
+    end
+    def route
+      "#{user["ip"]}:#{user["port"]}" if user["ip"]
+    end
+    def remove(name)
+      RestClient.delete("#{@url}consumers/#{name}");
+    end
+    def add(name)
+      RestClient.post("#{@url}consumers", { :name => name }, :content_type => :json, :accept => :json);
+    end
+    def bind(name, binding)
+      RestClient.put("#{@url}providers/#{name}", { :binding => binding }, :content_type => :json, :accept => :json);
+    end
+    def digest obj
+      OpenSSL::Digest::SHA1.new(obj.to_der).to_s
+    end
+    def generate_csr
+      subject = OpenSSL::X509::Name.parse "/DC=org/DC=fenris/CN=#{user_name}"
+      digest = OpenSSL::Digest::SHA1.new
+      req = OpenSSL::X509::Request.new
+      req.version = 0
+      req.subject = subject
+      req.public_key = key.public_key
+      req.sign(key, digest)
+      log "generating csr        #{digest req} #{subject}"
+      req
+    end
+    def get_cn(cert)
+      cert.subject.to_a.detect { |a,b,c| a == "CN" }[1] rescue nil
+    end
+    def validate_peer(pem, peer_connection = nil, peer_name = nil)
+      consumer_cert = OpenSSL::X509::Certificate.new(pem)
+      cert_cn = get_cn(consumer_cert)
+      valid_peer_names = [ peer_name ] if peer_name
+      valid_peer_names ||= consumers.map { |c| c["name"] }
+      cn_ok = !!valid_peer_names.detect { |name| name == cert_cn }
+      cert_ok = !!consumer_cert.verify(broker.public_key)
+      log "Consumer Cert CN '#{cert_cn}' in allowed_list? #{cn_ok}"
+      log "Consumer Cert Signed By Broker? '#{cert_ok}'"
+      result = cn_ok and cert_ok
+      unless result
+        log "Certificate verification failed.  connection closed [#{cn_ok}] [#{cert_ok}]"
+        peer_connection.close_connection if peer_connection
+      end
+      result
+    end
+    def cleanup
+      providers.each do |provider|
+        log "Deleting socket '#{provider["binding"]}'."
+        File.delete provider["binding"] if File.exists? provider["binding"]
+      end
+      [ cert_path, key_path ].each do |f|
+        if File.exists? f
+          log "Deleting file #{f}"
+          File.delete f
+        end
+      end
+    end
+    def save_keys
+      File.open(cert_path,"w") { |f| f.write cert.to_pem } unless File.exists? cert_path
+      File.open(key_path,"w") { |f| f.write key.to_pem } unless File.exists? key_path
+    end
+    def gen_cert
+      cert = OpenSSL::X509::Certificate.new(RestClient.post("#{@url}cert", :csr => generate_csr))
+      log "new cert received     #{digest cert}"
+      cert
+    end
+    def gen_key
+      key = OpenSSL::PKey::RSA.new(2048)
+      log "new rsa key generated #{digest key}"
+      key
+    end
+    def get_broker
+      cert = OpenSSL::X509::Certificate.new(RestClient.get("#{@url}cert"))
+      log "got cert from broker #{digest cert} #{cert.subject}"
+      cert
+    end
+    def broker
+      @broker ||= OpenSSL::X509::Certificate.new(RestClient.get("#{@url}cert"))
+    end
+    def cert
+      @cert ||= OpenSSL::X509::Certificate.new(File.read(cert_path)) rescue nil
+      @cert ||= gen_cert
+    end
+    def key
+      @key ||= OpenSSL::PKey::RSA.new(File.read(key_path)) rescue nil
+      @key ||= gen_key
+    end
+    def cert_path
+      ".#{user_name}.cert"
+    end
+    def key_path
+      ".#{user_name}.key"
+    end
+  end
+end

data/lib/fenris/command.rb ADDED Viewed

@@ -0,0 +1,51 @@
+module Fenris
+  module Command
+    def self.run(command, arg=nil, name=nil)
+      begin
+        client = Fenris::Client.new(ENV['FENRIS_URL']);
+        help = [ "Usage: fenris help\n",
+                 "       fenris info\n",
+                 "       fenris bind PROVIDER BINDING\n",
+                 "       fenris add CONSUMER\n",
+                 "       fenris remove CONSUMER\n",
+                 "       fenris serve BINDING\n",
+                 "       fenris connect [ USER [ BINDING ] ]" ]
+        case command
+          when "cert"
+            puts client.cert.to_text
+          when "bind"
+            client.bind(arg,name)
+          when "add"
+            client.add(arg)
+          when "remove"
+            client.remove(arg)
+          when "info"
+            puts "INFO:"
+            puts "     #{client.user["name"]} #{client.route}"
+            unless client.consumers.empty?
+              puts "CLIENTS:"
+              client.consumers.each { |c| puts "    #{c["name"]} (#{c["binding"]})" }
+            end
+            unless client.providers.empty?
+              puts "SERVICES:"
+              client.providers.each { |c| puts "    #{c["binding"] || "unbound"} #{c["name"]} (#{c["provider"]}) #{c["ip"]} #{c["port"]}" }
+            end
+          when "serve"
+            from = 10001
+            to = arg
+            Fenris::Base.serve(client, from, to)
+          when "connect"
+            Fenris::Base.connect(client, arg, name)
+          else
+            puts command.inspect
+            puts help
+        end
+        exit
+      end
+    rescue SystemExit
+    rescue RestClient::ResourceNotFound
+      puts "Resource Not Found"
+      exit
+    end
+  end
+end

data/lib/fenris/em.rb ADDED Viewed

@@ -0,0 +1,145 @@
+require 'eventmachine'
+module Fenris
+  module Connection
+    def initialize
+      @peer = []
+    end
+    def push(data)
+      # this is the black magic to switch @peer between a connection and an array
+      send_data data
+    end
+    def begin_ssl(opts, &blk)
+      @post_ssl = blk
+      start_tls :private_key_file => opts[:key_file], :cert_chain_file => opts[:cert_file], :verify_peer => true
+    end
+    def post_init
+    end
+    def validate_peer(&blk)
+      @validator = blk;
+    end
+    def ssl_verify_peer(pem)
+      @verify ||= @validator.call(pem)
+    end
+    def unbind
+      @unbound = true
+      puts "DEBUG: unbind #{@signature}"
+      EM::stop if @signature < 3 ## this is for attach($stdin)
+      @peer.close_connection_after_writing rescue nil
+      close_connection
+    end
+    def ssl_handshake_completed
+      @post_ssl.call
+    end
+    def proxy(peer)
+      peer.close if @unbound
+      @peer.each { |d| peer.push d}
+      @peer = peer
+    end
+    def receive_data data
+      @peer.push data
+    end
+  end
+  module Base
+    extend self
+    def producer_server(client, from, to)
+      return producer_server_stdio(client, from, to) if to == "--"
+      EventMachine::__send__ *mkbinding(:start_server, from), Fenris::Connection do |consumer|
+        client.log "New connection - begin ssl handshake"
+        consumer.validate_peer { |pem| client.validate_peer pem  }
+        consumer.begin_ssl :key_file =>  client.key_path , :cert_file => client.cert_path do
+          client.log "SSL complete - open local connection"
+          EventMachine::__send__ *mkbinding(:connect, to), Fenris::Connection do |producer|
+            client.log "start proxying"
+            producer.proxy consumer; consumer.proxy producer
+          end
+        end
+      end
+    end
+    def producer_server_stdio(client, from, to)
+      EventMachine::__send__ *mkbinding(:connect, to), Fenris::Connection do |producer|
+        EventMachine::__send__ *mkbinding(:start_server, from), Fenris::Connection do |consumer|
+          client.log "stdio connection - begin ssl handshake"
+          consumer.validate_peer { |pem| client.validate_peer pem  }
+          consumer.begin_ssl :key_file =>  client.key_path , :cert_file => client.cert_path do
+            client.log "SSL complete - start proxying"
+            producer.proxy consumer; consumer.proxy producer
+          end
+        end
+      end
+    end
+    def serve(client, listen_port, to)
+      at_exit { client.cleanup }
+      EventMachine::run do
+        client.save_keys
+        client.update "0.0.0.0", listen_port
+        from = "0.0.0.0:#{listen_port}"
+        client.log "Serving port #{to} on #{from}"
+        producer_server(client, from, to)
+      end
+    end
+    def mkbinding(action, binding)
+      if binding =~ /^:?(\d+)$/
+        [ action, "0.0.0.0", $1.to_i ]
+      elsif binding =~ /^(.+):(\d+)/
+        [ action, $1, $2.to_i ]
+      elsif binding == "--"
+        [ :attach, $stdin ]
+      else
+        [ action, binding ]
+      end
+    end
+    ## really want to unify all these :(
+    def consumer_connect(client, consumer, provider_name, provider)
+      EventMachine::__send__ *mkbinding(:start_server, consumer), Fenris::Connection do |consumer|
+        client.log "New connection: opening connection to the server"
+        EventMachine::__send__ *mkbinding(:connect, provider), Fenris::Connection do |provider|
+          client.log "Connection to the server made, starting ssl"
+          provider.validate_peer { |pem| client.validate_peer pem, consumer, provider_name }
+          provider.begin_ssl :key_file =>  client.key_path , :cert_file => client.cert_path do
+            client.log "SSL complete - start proxying"
+            provider.proxy consumer; consumer.proxy provider
+          end
+        end
+      end
+    end
+    def connect(client, overide_provider = nil, override_binding = nil)
+      at_exit { client.cleanup }
+      client.save_keys
+      abort "No providers" if client.providers.empty?
+      providers = client.providers.reject { |p| overide_provider && p["name"] != overide_provider }
+      abort "No provider named #{overide_provider}" if providers.empty?
+      abort "Can only pass a binding for a single provider" if override_binding && providers.length != 1
+      EventMachine::run do
+        providers.each do |p|
+          binding = override_binding || p["binding"]
+          consumer_connect(client, binding, p["name"], "#{p["ip"]}:#{p["port"]}")
+        end
+      end
+    end
+  end
+end

data/lib/fenris/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Fenris
+  VERSION = "0.0.1"
+end

metadata ADDED Viewed

@@ -0,0 +1,105 @@
+--- !ruby/object:Gem::Specification
+name: fenris
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  segments:
+  - 0
+  - 0
+  - 1
+  prerelease: false
+platform: ruby
+authors:
+- Orion Henry
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2011-10-18 00:00:00.000000000 -07:00
+default_executable:
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: eventmachine
+  requirement: &2168813480 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.12.10
+        segments:
+        - 0
+        - 12
+        - 10
+  type: :runtime
+  prerelease: false
+  version_requirements: *2168813480
+- !ruby/object:Gem::Dependency
+  name: rest-client
+  requirement: &2168811760 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.6.7
+        segments:
+        - 1
+        - 6
+        - 7
+  type: :runtime
+  prerelease: false
+  version_requirements: *2168811760
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: &2168810220 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.0.3
+        segments:
+        - 1
+        - 0
+        - 3
+  type: :runtime
+  prerelease: false
+  version_requirements: *2168810220
+description: An authentication and service location service.
+email: orion.henry@gmail.com
+executables:
+- fenris
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/fenris
+- lib/fenris/client.rb
+- lib/fenris/command.rb
+- lib/fenris/em.rb
+- lib/fenris/version.rb
+has_rdoc: true
+homepage: http://github.com/orionz/fenris
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+requirements: []
+rubyforge_project:
+rubygems_version: 1.3.7
+signing_key:
+specification_version: 3
+summary: An authentication and service location service.
+test_files: []