fenris 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/fenris/client.rb +31 -14
- data/lib/fenris/em.rb +2 -1
- data/lib/fenris/version.rb +1 -1
- metadata +9 -9
data/lib/fenris/client.rb
CHANGED
|
@@ -109,8 +109,13 @@ module Fenris
|
|
|
109
109
|
OpenSSL::Digest::SHA1.new(obj.to_der).to_s
|
|
110
110
|
end
|
|
111
111
|
|
|
112
|
-
def generate_csr
|
|
113
|
-
|
|
112
|
+
def generate_csr(provider)
|
|
113
|
+
if provider == :self
|
|
114
|
+
subject = OpenSSL::X509::Name.parse "/DC=org/DC=fenris/CN=#{user_name}"
|
|
115
|
+
else
|
|
116
|
+
subject = OpenSSL::X509::Name.parse "/DC=org/DC=fenris/CN=#{user_name}:#{provider}"
|
|
117
|
+
end
|
|
118
|
+
log "CSR: #{subject}"
|
|
114
119
|
digest = OpenSSL::Digest::SHA1.new
|
|
115
120
|
req = OpenSSL::X509::Request.new
|
|
116
121
|
req.version = 0
|
|
@@ -130,13 +135,16 @@ module Fenris
|
|
|
130
135
|
cert_cn = get_cn(consumer_cert)
|
|
131
136
|
valid_peer_names = [ peer_name ] if peer_name
|
|
132
137
|
valid_peer_names ||= consumers.map { |c| c["name"] }
|
|
133
|
-
|
|
138
|
+
consumer_cn,provider_cn = cert_cn.split ":"
|
|
139
|
+
provider_cn_ok = !!user_name
|
|
140
|
+
consumer_cn_ok = !!valid_peer_names.detect { |name| name == consumer_cn }
|
|
134
141
|
cert_ok = !!consumer_cert.verify(broker.public_key)
|
|
135
|
-
log "Consumer Cert CN '#{cert_cn}'
|
|
142
|
+
log "Consumer Cert CN '#{cert_cn}' displays correct provider? #{provider_cn_ok}"
|
|
143
|
+
log "Consumer Cert CN '#{cert_cn}' in allowed_list? #{consumer_cn_ok}"
|
|
136
144
|
log "Consumer Cert Signed By Broker? '#{cert_ok}'"
|
|
137
|
-
result =
|
|
145
|
+
result = consumer_cn_ok and provider_cn_ok and cert_ok
|
|
138
146
|
unless result
|
|
139
|
-
log "Certificate verification failed. connection closed [#{
|
|
147
|
+
log "Certificate verification failed. connection closed [#{consumer_cn_ok}] [#{provider_cn_ok}] [#{cert_ok}]"
|
|
140
148
|
peer_connection.close_connection if peer_connection
|
|
141
149
|
end
|
|
142
150
|
result
|
|
@@ -147,7 +155,8 @@ module Fenris
|
|
|
147
155
|
log "Deleting socket '#{provider["binding"]}'."
|
|
148
156
|
File.delete provider["binding"] if File.exists? provider["binding"]
|
|
149
157
|
end
|
|
150
|
-
|
|
158
|
+
## TODO - gawd! ugly!
|
|
159
|
+
[ *providers.map { |c| c["name"] }.map { |provider| cert_path(provider) }, cert_path, key_path ].each do |f|
|
|
151
160
|
if File.exists? f
|
|
152
161
|
log "Deleting file #{f}"
|
|
153
162
|
File.delete f
|
|
@@ -156,12 +165,15 @@ module Fenris
|
|
|
156
165
|
end
|
|
157
166
|
|
|
158
167
|
def save_keys
|
|
168
|
+
providers.map { |c| c["name"] }.each do |provider|
|
|
169
|
+
File.open(cert_path(provider),"w") { |f| f.write cert(provider).to_pem } unless File.exists? cert_path(provider)
|
|
170
|
+
end
|
|
159
171
|
File.open(cert_path,"w") { |f| f.write cert.to_pem } unless File.exists? cert_path
|
|
160
172
|
File.open(key_path,"w") { |f| f.write key.to_pem } unless File.exists? key_path
|
|
161
173
|
end
|
|
162
174
|
|
|
163
|
-
def gen_cert
|
|
164
|
-
cert = OpenSSL::X509::Certificate.new(RestClient.post("#{@url}cert", :csr => generate_csr))
|
|
175
|
+
def gen_cert(provider)
|
|
176
|
+
cert = OpenSSL::X509::Certificate.new(RestClient.post("#{@url}cert", :csr => generate_csr(provider)))
|
|
165
177
|
log "new cert received #{digest cert}"
|
|
166
178
|
cert
|
|
167
179
|
end
|
|
@@ -182,9 +194,10 @@ module Fenris
|
|
|
182
194
|
@broker ||= OpenSSL::X509::Certificate.new(RestClient.get("#{@url}cert"))
|
|
183
195
|
end
|
|
184
196
|
|
|
185
|
-
def cert
|
|
186
|
-
@cert ||=
|
|
187
|
-
@cert ||=
|
|
197
|
+
def cert(provider = :self)
|
|
198
|
+
@cert ||= {}
|
|
199
|
+
@cert[provider] ||= OpenSSL::X509::Certificate.new(File.read(cert_path(provider))) rescue nil
|
|
200
|
+
@cert[provider] ||= gen_cert(provider)
|
|
188
201
|
end
|
|
189
202
|
|
|
190
203
|
def key
|
|
@@ -192,8 +205,12 @@ module Fenris
|
|
|
192
205
|
@key ||= gen_key
|
|
193
206
|
end
|
|
194
207
|
|
|
195
|
-
def cert_path
|
|
196
|
-
|
|
208
|
+
def cert_path(provider = :self)
|
|
209
|
+
if provider == :self
|
|
210
|
+
".#{user_name}.cert"
|
|
211
|
+
else
|
|
212
|
+
".#{user_name}:#{provider}.cert"
|
|
213
|
+
end
|
|
197
214
|
end
|
|
198
215
|
|
|
199
216
|
def key_path
|
data/lib/fenris/em.rb
CHANGED
|
@@ -69,6 +69,7 @@ module Fenris
|
|
|
69
69
|
EventMachine::__send__ *mkbinding(:connect, internal), Fenris::Connection do |provider|
|
|
70
70
|
client.log "start proxying"
|
|
71
71
|
provider.proxy consumer; consumer.proxy provider
|
|
72
|
+
provider.on_unbind { client.log "Connection closed" }
|
|
72
73
|
end
|
|
73
74
|
end
|
|
74
75
|
end
|
|
@@ -119,7 +120,7 @@ module Fenris
|
|
|
119
120
|
EventMachine::__send__ *mkbinding(:connect, provider), Fenris::Connection do |provider|
|
|
120
121
|
client.log "Connection to the server made, starting ssl"
|
|
121
122
|
provider.validate_peer { |pem| client.validate_peer pem, consumer, provider_name }
|
|
122
|
-
provider.begin_ssl :key_file => client.key_path , :cert_file => client.cert_path do
|
|
123
|
+
provider.begin_ssl :key_file => client.key_path , :cert_file => client.cert_path(provider_name) do
|
|
123
124
|
client.log "SSL complete - start proxying"
|
|
124
125
|
provider.proxy consumer; consumer.proxy provider
|
|
125
126
|
end
|
data/lib/fenris/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fenris
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.6
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
8
|
+
- 6
|
|
9
9
|
prerelease: false
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
@@ -13,12 +13,12 @@ authors:
|
|
|
13
13
|
autorequire:
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
|
-
date: 2011-10-
|
|
16
|
+
date: 2011-10-26 00:00:00.000000000 -07:00
|
|
17
17
|
default_executable:
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: eventmachine
|
|
21
|
-
requirement: &
|
|
21
|
+
requirement: &2153842880 !ruby/object:Gem::Requirement
|
|
22
22
|
none: false
|
|
23
23
|
requirements:
|
|
24
24
|
- - ! '>='
|
|
@@ -30,10 +30,10 @@ dependencies:
|
|
|
30
30
|
- 10
|
|
31
31
|
type: :runtime
|
|
32
32
|
prerelease: false
|
|
33
|
-
version_requirements: *
|
|
33
|
+
version_requirements: *2153842880
|
|
34
34
|
- !ruby/object:Gem::Dependency
|
|
35
35
|
name: rest-client
|
|
36
|
-
requirement: &
|
|
36
|
+
requirement: &2153842060 !ruby/object:Gem::Requirement
|
|
37
37
|
none: false
|
|
38
38
|
requirements:
|
|
39
39
|
- - ! '>='
|
|
@@ -45,10 +45,10 @@ dependencies:
|
|
|
45
45
|
- 7
|
|
46
46
|
type: :runtime
|
|
47
47
|
prerelease: false
|
|
48
|
-
version_requirements: *
|
|
48
|
+
version_requirements: *2153842060
|
|
49
49
|
- !ruby/object:Gem::Dependency
|
|
50
50
|
name: multi_json
|
|
51
|
-
requirement: &
|
|
51
|
+
requirement: &2153841300 !ruby/object:Gem::Requirement
|
|
52
52
|
none: false
|
|
53
53
|
requirements:
|
|
54
54
|
- - ! '>='
|
|
@@ -60,7 +60,7 @@ dependencies:
|
|
|
60
60
|
- 3
|
|
61
61
|
type: :runtime
|
|
62
62
|
prerelease: false
|
|
63
|
-
version_requirements: *
|
|
63
|
+
version_requirements: *2153841300
|
|
64
64
|
description: An authentication and service location service.
|
|
65
65
|
email: orion.henry@gmail.com
|
|
66
66
|
executables:
|