RubyGems - fenris - Versions diffs - 0.0.1 - Mend

fenris 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

data/bin/fenris ADDED Viewed

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+lib = File.expand_path(File.dirname(__FILE__) + '/../lib')
+$LOAD_PATH.unshift(lib) if File.directory?(lib) && !$LOAD_PATH.include?(lib)
+require 'fenris/em'
+require 'fenris/command'
+require 'fenris/client'
+args = ARGV.dup
+ARGV.clear
+command = args.shift.strip rescue 'help'
+#arg = args.shift.strip rescue nil
+Fenris::Command.run command, *args

data/lib/fenris/client.rb ADDED Viewed

@@ -0,0 +1,150 @@
+require 'restclient'
+require 'json'
+require 'openssl'
+module Fenris
+  class Client
+    def debug(message)
+      puts "DEBUG: #{message}" if ENV['DEBUG']
+    end
+    def log(message)
+      puts "LOG: #{message}"
+    end
+    def initialize(url)
+      @url = url
+    end
+    def update(ip, port)
+      RestClient.put("#{@url}", { :ip => ip, :port => port }, :content_type => :json, :accept => :json)
+    end
+    def user
+      @user ||= JSON.parse RestClient.get("#{@url}", :content_type => :json, :accept => :json)
+    end
+    def consumers
+      @consumers ||= JSON.parse RestClient.get("#{@url}consumers", :content_type => :json, :accept => :json);
+    end
+    def providers
+      @providers ||= JSON.parse RestClient.get("#{@url}providers", :content_type => :json, :accept => :json);
+    end
+    def user_name
+      user["name"]
+    end
+    def route
+      "#{user["ip"]}:#{user["port"]}" if user["ip"]
+    end
+    def remove(name)
+      RestClient.delete("#{@url}consumers/#{name}");
+    end
+    def add(name)
+      RestClient.post("#{@url}consumers", { :name => name }, :content_type => :json, :accept => :json);
+    end
+    def bind(name, binding)
+      RestClient.put("#{@url}providers/#{name}", { :binding => binding }, :content_type => :json, :accept => :json);
+    end
+    def digest obj
+      OpenSSL::Digest::SHA1.new(obj.to_der).to_s
+    end
+    def generate_csr
+      subject = OpenSSL::X509::Name.parse "/DC=org/DC=fenris/CN=#{user_name}"
+      digest = OpenSSL::Digest::SHA1.new
+      req = OpenSSL::X509::Request.new
+      req.version = 0
+      req.subject = subject
+      req.public_key = key.public_key
+      req.sign(key, digest)
+      log "generating csr        #{digest req} #{subject}"
+      req
+    end
+    def get_cn(cert)
+      cert.subject.to_a.detect { |a,b,c| a == "CN" }[1] rescue nil
+    end
+    def validate_peer(pem, peer_connection = nil, peer_name = nil)
+      consumer_cert = OpenSSL::X509::Certificate.new(pem)
+      cert_cn = get_cn(consumer_cert)
+      valid_peer_names = [ peer_name ] if peer_name
+      valid_peer_names ||= consumers.map { |c| c["name"] }
+      cn_ok = !!valid_peer_names.detect { |name| name == cert_cn }
+      cert_ok = !!consumer_cert.verify(broker.public_key)
+      log "Consumer Cert CN '#{cert_cn}' in allowed_list? #{cn_ok}"
+      log "Consumer Cert Signed By Broker? '#{cert_ok}'"
+      result = cn_ok and cert_ok
+      unless result
+        log "Certificate verification failed.  connection closed [#{cn_ok}] [#{cert_ok}]"
+        peer_connection.close_connection if peer_connection
+      end
+      result
+    end
+    def cleanup
+      providers.each do |provider|
+        log "Deleting socket '#{provider["binding"]}'."
+        File.delete provider["binding"] if File.exists? provider["binding"]
+      end
+      [ cert_path, key_path ].each do |f|
+        if File.exists? f
+          log "Deleting file #{f}"
+          File.delete f
+        end
+      end
+    end
+    def save_keys
+      File.open(cert_path,"w") { |f| f.write cert.to_pem } unless File.exists? cert_path
+      File.open(key_path,"w") { |f| f.write key.to_pem } unless File.exists? key_path
+    end
+    def gen_cert
+      cert = OpenSSL::X509::Certificate.new(RestClient.post("#{@url}cert", :csr => generate_csr))
+      log "new cert received     #{digest cert}"
+      cert
+    end
+    def gen_key
+      key = OpenSSL::PKey::RSA.new(2048)
+      log "new rsa key generated #{digest key}"
+      key
+    end
+    def get_broker
+      cert = OpenSSL::X509::Certificate.new(RestClient.get("#{@url}cert"))
+      log "got cert from broker #{digest cert} #{cert.subject}"
+      cert
+    end
+    def broker
+      @broker ||= OpenSSL::X509::Certificate.new(RestClient.get("#{@url}cert"))
+    end
+    def cert
+      @cert ||= OpenSSL::X509::Certificate.new(File.read(cert_path)) rescue nil
+      @cert ||= gen_cert
+    end
+    def key
+      @key ||= OpenSSL::PKey::RSA.new(File.read(key_path)) rescue nil
+      @key ||= gen_key
+    end
+    def cert_path
+      ".#{user_name}.cert"
+    end
+    def key_path
+      ".#{user_name}.key"
+    end
+  end
+end

data/lib/fenris/command.rb ADDED Viewed

@@ -0,0 +1,51 @@
+module Fenris
+  module Command
+    def self.run(command, arg=nil, name=nil)
+      begin
+        client = Fenris::Client.new(ENV['FENRIS_URL']);
+        help = [ "Usage: fenris help\n",
+                 "       fenris info\n",
+                 "       fenris bind PROVIDER BINDING\n",
+                 "       fenris add CONSUMER\n",
+                 "       fenris remove CONSUMER\n",
+                 "       fenris serve BINDING\n",
+                 "       fenris connect [ USER [ BINDING ] ]" ]
+        case command
+          when "cert"
+            puts client.cert.to_text
+          when "bind"
+            client.bind(arg,name)
+          when "add"
+            client.add(arg)
+          when "remove"
+            client.remove(arg)
+          when "info"
+            puts "INFO:"
+            puts "     #{client.user["name"]} #{client.route}"
+            unless client.consumers.empty?
+              puts "CLIENTS:"
+              client.consumers.each { |c| puts "    #{c["name"]} (#{c["binding"]})" }
+            end
+            unless client.providers.empty?
+              puts "SERVICES:"
+              client.providers.each { |c| puts "    #{c["binding"] || "unbound"} #{c["name"]} (#{c["provider"]}) #{c["ip"]} #{c["port"]}" }
+            end
+          when "serve"
+            from = 10001
+            to = arg
+            Fenris::Base.serve(client, from, to)
+          when "connect"
+            Fenris::Base.connect(client, arg, name)
+          else
+            puts command.inspect
+            puts help
+        end
+        exit
+      end
+    rescue SystemExit
+    rescue RestClient::ResourceNotFound
+      puts "Resource Not Found"
+      exit
+    end
+  end
+end

data/lib/fenris/em.rb ADDED Viewed

@@ -0,0 +1,145 @@
+require 'eventmachine'
+module Fenris
+  module Connection
+    def initialize
+      @peer = []
+    end
+    def push(data)
+      # this is the black magic to switch @peer between a connection and an array
+      send_data data
+    end
+    def begin_ssl(opts, &blk)
+      @post_ssl = blk
+      start_tls :private_key_file => opts[:key_file], :cert_chain_file => opts[:cert_file], :verify_peer => true
+    end
+    def post_init
+    end
+    def validate_peer(&blk)
+      @validator = blk;
+    end
+    def ssl_verify_peer(pem)
+      @verify ||= @validator.call(pem)
+    end
+    def unbind
+      @unbound = true
+      puts "DEBUG: unbind #{@signature}"
+      EM::stop if @signature < 3 ## this is for attach($stdin)
+      @peer.close_connection_after_writing rescue nil
+      close_connection
+    end
+    def ssl_handshake_completed
+      @post_ssl.call
+    end
+    def proxy(peer)
+      peer.close if @unbound
+      @peer.each { |d| peer.push d}
+      @peer = peer
+    end
+    def receive_data data
+      @peer.push data
+    end
+  end
+  module Base
+    extend self
+    def producer_server(client, from, to)
+      return producer_server_stdio(client, from, to) if to == "--"
+      EventMachine::__send__ *mkbinding(:start_server, from), Fenris::Connection do |consumer|
+        client.log "New connection - begin ssl handshake"
+        consumer.validate_peer { |pem| client.validate_peer pem  }
+        consumer.begin_ssl :key_file =>  client.key_path , :cert_file => client.cert_path do
+          client.log "SSL complete - open local connection"
+          EventMachine::__send__ *mkbinding(:connect, to), Fenris::Connection do |producer|
+            client.log "start proxying"
+            producer.proxy consumer; consumer.proxy producer
+          end
+        end
+      end
+    end
+    def producer_server_stdio(client, from, to)
+      EventMachine::__send__ *mkbinding(:connect, to), Fenris::Connection do |producer|
+        EventMachine::__send__ *mkbinding(:start_server, from), Fenris::Connection do |consumer|
+          client.log "stdio connection - begin ssl handshake"
+          consumer.validate_peer { |pem| client.validate_peer pem  }
+          consumer.begin_ssl :key_file =>  client.key_path , :cert_file => client.cert_path do
+            client.log "SSL complete - start proxying"
+            producer.proxy consumer; consumer.proxy producer
+          end
+        end
+      end
+    end
+    def serve(client, listen_port, to)
+      at_exit { client.cleanup }
+      EventMachine::run do
+        client.save_keys
+        client.update "0.0.0.0", listen_port
+        from = "0.0.0.0:#{listen_port}"
+        client.log "Serving port #{to} on #{from}"
+        producer_server(client, from, to)
+      end
+    end
+    def mkbinding(action, binding)
+      if binding =~ /^:?(\d+)$/
+        [ action, "0.0.0.0", $1.to_i ]
+      elsif binding =~ /^(.+):(\d+)/
+        [ action, $1, $2.to_i ]
+      elsif binding == "--"
+        [ :attach, $stdin ]
+      else
+        [ action, binding ]
+      end
+    end
+    ## really want to unify all these :(
+    def consumer_connect(client, consumer, provider_name, provider)
+      EventMachine::__send__ *mkbinding(:start_server, consumer), Fenris::Connection do |consumer|
+        client.log "New connection: opening connection to the server"
+        EventMachine::__send__ *mkbinding(:connect, provider), Fenris::Connection do |provider|
+          client.log "Connection to the server made, starting ssl"
+          provider.validate_peer { |pem| client.validate_peer pem, consumer, provider_name }
+          provider.begin_ssl :key_file =>  client.key_path , :cert_file => client.cert_path do
+            client.log "SSL complete - start proxying"
+            provider.proxy consumer; consumer.proxy provider
+          end
+        end
+      end
+    end
+    def connect(client, overide_provider = nil, override_binding = nil)
+      at_exit { client.cleanup }
+      client.save_keys
+      abort "No providers" if client.providers.empty?
+      providers = client.providers.reject { |p| overide_provider && p["name"] != overide_provider }
+      abort "No provider named #{overide_provider}" if providers.empty?
+      abort "Can only pass a binding for a single provider" if override_binding && providers.length != 1
+      EventMachine::run do
+        providers.each do |p|
+          binding = override_binding || p["binding"]
+          consumer_connect(client, binding, p["name"], "#{p["ip"]}:#{p["port"]}")
+        end
+      end
+    end
+  end
+end

data/lib/fenris/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Fenris
+  VERSION = "0.0.1"
+end

metadata ADDED Viewed

@@ -0,0 +1,105 @@
+--- !ruby/object:Gem::Specification
+name: fenris
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  segments:
+  - 0
+  - 0
+  - 1
+  prerelease: false
+platform: ruby
+authors:
+- Orion Henry
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2011-10-18 00:00:00.000000000 -07:00
+default_executable:
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: eventmachine
+  requirement: &2168813480 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.12.10
+        segments:
+        - 0
+        - 12
+        - 10
+  type: :runtime
+  prerelease: false
+  version_requirements: *2168813480
+- !ruby/object:Gem::Dependency
+  name: rest-client
+  requirement: &2168811760 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.6.7
+        segments:
+        - 1
+        - 6
+        - 7
+  type: :runtime
+  prerelease: false
+  version_requirements: *2168811760
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: &2168810220 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.0.3
+        segments:
+        - 1
+        - 0
+        - 3
+  type: :runtime
+  prerelease: false
+  version_requirements: *2168810220
+description: An authentication and service location service.
+email: orion.henry@gmail.com
+executables:
+- fenris
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/fenris
+- lib/fenris/client.rb
+- lib/fenris/command.rb
+- lib/fenris/em.rb
+- lib/fenris/version.rb
+has_rdoc: true
+homepage: http://github.com/orionz/fenris
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+requirements: []
+rubyforge_project:
+rubygems_version: 1.3.7
+signing_key:
+specification_version: 3
+summary: An authentication and service location service.
+test_files: []