fenris 0.0.5 → 0.0.6
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/fenris/client.rb +31 -14
- data/lib/fenris/em.rb +2 -1
- data/lib/fenris/version.rb +1 -1
- metadata +9 -9
data/lib/fenris/client.rb
CHANGED
|
@@ -109,8 +109,13 @@ module Fenris
|
|
|
109
109
|
OpenSSL::Digest::SHA1.new(obj.to_der).to_s
|
|
110
110
|
end
|
|
111
111
|
|
|
112
|
-
def generate_csr
|
|
113
|
-
|
|
112
|
+
def generate_csr(provider)
|
|
113
|
+
if provider == :self
|
|
114
|
+
subject = OpenSSL::X509::Name.parse "/DC=org/DC=fenris/CN=#{user_name}"
|
|
115
|
+
else
|
|
116
|
+
subject = OpenSSL::X509::Name.parse "/DC=org/DC=fenris/CN=#{user_name}:#{provider}"
|
|
117
|
+
end
|
|
118
|
+
log "CSR: #{subject}"
|
|
114
119
|
digest = OpenSSL::Digest::SHA1.new
|
|
115
120
|
req = OpenSSL::X509::Request.new
|
|
116
121
|
req.version = 0
|
|
@@ -130,13 +135,16 @@ module Fenris
|
|
|
130
135
|
cert_cn = get_cn(consumer_cert)
|
|
131
136
|
valid_peer_names = [ peer_name ] if peer_name
|
|
132
137
|
valid_peer_names ||= consumers.map { |c| c["name"] }
|
|
133
|
-
|
|
138
|
+
consumer_cn,provider_cn = cert_cn.split ":"
|
|
139
|
+
provider_cn_ok = !!user_name
|
|
140
|
+
consumer_cn_ok = !!valid_peer_names.detect { |name| name == consumer_cn }
|
|
134
141
|
cert_ok = !!consumer_cert.verify(broker.public_key)
|
|
135
|
-
log "Consumer Cert CN '#{cert_cn}'
|
|
142
|
+
log "Consumer Cert CN '#{cert_cn}' displays correct provider? #{provider_cn_ok}"
|
|
143
|
+
log "Consumer Cert CN '#{cert_cn}' in allowed_list? #{consumer_cn_ok}"
|
|
136
144
|
log "Consumer Cert Signed By Broker? '#{cert_ok}'"
|
|
137
|
-
result =
|
|
145
|
+
result = consumer_cn_ok and provider_cn_ok and cert_ok
|
|
138
146
|
unless result
|
|
139
|
-
log "Certificate verification failed. connection closed [#{
|
|
147
|
+
log "Certificate verification failed. connection closed [#{consumer_cn_ok}] [#{provider_cn_ok}] [#{cert_ok}]"
|
|
140
148
|
peer_connection.close_connection if peer_connection
|
|
141
149
|
end
|
|
142
150
|
result
|
|
@@ -147,7 +155,8 @@ module Fenris
|
|
|
147
155
|
log "Deleting socket '#{provider["binding"]}'."
|
|
148
156
|
File.delete provider["binding"] if File.exists? provider["binding"]
|
|
149
157
|
end
|
|
150
|
-
|
|
158
|
+
## TODO - gawd! ugly!
|
|
159
|
+
[ *providers.map { |c| c["name"] }.map { |provider| cert_path(provider) }, cert_path, key_path ].each do |f|
|
|
151
160
|
if File.exists? f
|
|
152
161
|
log "Deleting file #{f}"
|
|
153
162
|
File.delete f
|
|
@@ -156,12 +165,15 @@ module Fenris
|
|
|
156
165
|
end
|
|
157
166
|
|
|
158
167
|
def save_keys
|
|
168
|
+
providers.map { |c| c["name"] }.each do |provider|
|
|
169
|
+
File.open(cert_path(provider),"w") { |f| f.write cert(provider).to_pem } unless File.exists? cert_path(provider)
|
|
170
|
+
end
|
|
159
171
|
File.open(cert_path,"w") { |f| f.write cert.to_pem } unless File.exists? cert_path
|
|
160
172
|
File.open(key_path,"w") { |f| f.write key.to_pem } unless File.exists? key_path
|
|
161
173
|
end
|
|
162
174
|
|
|
163
|
-
def gen_cert
|
|
164
|
-
cert = OpenSSL::X509::Certificate.new(RestClient.post("#{@url}cert", :csr => generate_csr))
|
|
175
|
+
def gen_cert(provider)
|
|
176
|
+
cert = OpenSSL::X509::Certificate.new(RestClient.post("#{@url}cert", :csr => generate_csr(provider)))
|
|
165
177
|
log "new cert received #{digest cert}"
|
|
166
178
|
cert
|
|
167
179
|
end
|
|
@@ -182,9 +194,10 @@ module Fenris
|
|
|
182
194
|
@broker ||= OpenSSL::X509::Certificate.new(RestClient.get("#{@url}cert"))
|
|
183
195
|
end
|
|
184
196
|
|
|
185
|
-
def cert
|
|
186
|
-
@cert ||=
|
|
187
|
-
@cert ||=
|
|
197
|
+
def cert(provider = :self)
|
|
198
|
+
@cert ||= {}
|
|
199
|
+
@cert[provider] ||= OpenSSL::X509::Certificate.new(File.read(cert_path(provider))) rescue nil
|
|
200
|
+
@cert[provider] ||= gen_cert(provider)
|
|
188
201
|
end
|
|
189
202
|
|
|
190
203
|
def key
|
|
@@ -192,8 +205,12 @@ module Fenris
|
|
|
192
205
|
@key ||= gen_key
|
|
193
206
|
end
|
|
194
207
|
|
|
195
|
-
def cert_path
|
|
196
|
-
|
|
208
|
+
def cert_path(provider = :self)
|
|
209
|
+
if provider == :self
|
|
210
|
+
".#{user_name}.cert"
|
|
211
|
+
else
|
|
212
|
+
".#{user_name}:#{provider}.cert"
|
|
213
|
+
end
|
|
197
214
|
end
|
|
198
215
|
|
|
199
216
|
def key_path
|
data/lib/fenris/em.rb
CHANGED
|
@@ -69,6 +69,7 @@ module Fenris
|
|
|
69
69
|
EventMachine::__send__ *mkbinding(:connect, internal), Fenris::Connection do |provider|
|
|
70
70
|
client.log "start proxying"
|
|
71
71
|
provider.proxy consumer; consumer.proxy provider
|
|
72
|
+
provider.on_unbind { client.log "Connection closed" }
|
|
72
73
|
end
|
|
73
74
|
end
|
|
74
75
|
end
|
|
@@ -119,7 +120,7 @@ module Fenris
|
|
|
119
120
|
EventMachine::__send__ *mkbinding(:connect, provider), Fenris::Connection do |provider|
|
|
120
121
|
client.log "Connection to the server made, starting ssl"
|
|
121
122
|
provider.validate_peer { |pem| client.validate_peer pem, consumer, provider_name }
|
|
122
|
-
provider.begin_ssl :key_file => client.key_path , :cert_file => client.cert_path do
|
|
123
|
+
provider.begin_ssl :key_file => client.key_path , :cert_file => client.cert_path(provider_name) do
|
|
123
124
|
client.log "SSL complete - start proxying"
|
|
124
125
|
provider.proxy consumer; consumer.proxy provider
|
|
125
126
|
end
|
data/lib/fenris/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fenris
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
8
|
+
- 6
|
|
9
9
|
prerelease: false
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
@@ -13,12 +13,12 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date: 2011-10-
|
|
16
|
+
date: 2011-10-26 00:00:00.000000000 -07:00
|
|
17
17
|
default_executable:
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: eventmachine
|
|
21
|
-
requirement: &
|
|
21
|
+
requirement: &2153842880 !ruby/object:Gem::Requirement
|
|
22
22
|
none: false
|
|
23
23
|
requirements:
|
|
24
24
|
- - ! '>='
|
|
@@ -30,10 +30,10 @@ dependencies:
|
|
|
30
30
|
- 10
|
|
31
31
|
type: :runtime
|
|
32
32
|
prerelease: false
|
|
33
|
-
version_requirements: *
|
|
33
|
+
version_requirements: *2153842880
|
|
34
34
|
- !ruby/object:Gem::Dependency
|
|
35
35
|
name: rest-client
|
|
36
|
-
requirement: &
|
|
36
|
+
requirement: &2153842060 !ruby/object:Gem::Requirement
|
|
37
37
|
none: false
|
|
38
38
|
requirements:
|
|
39
39
|
- - ! '>='
|
|
@@ -45,10 +45,10 @@ dependencies:
|
|
|
45
45
|
- 7
|
|
46
46
|
type: :runtime
|
|
47
47
|
prerelease: false
|
|
48
|
-
version_requirements: *
|
|
48
|
+
version_requirements: *2153842060
|
|
49
49
|
- !ruby/object:Gem::Dependency
|
|
50
50
|
name: multi_json
|
|
51
|
-
requirement: &
|
|
51
|
+
requirement: &2153841300 !ruby/object:Gem::Requirement
|
|
52
52
|
none: false
|
|
53
53
|
requirements:
|
|
54
54
|
- - ! '>='
|
|
@@ -60,7 +60,7 @@ dependencies:
|
|
|
60
60
|
- 3
|
|
61
61
|
type: :runtime
|
|
62
62
|
prerelease: false
|
|
63
|
-
version_requirements: *
|
|
63
|
+
version_requirements: *2153841300
|
|
64
64
|
description: An authentication and service location service.
|
|
65
65
|
email: orion.henry@gmail.com
|
|
66
66
|
executables:
|