icfs 0.1.3 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0c6508e2169aa8ab7a2567c545e793c5f3af51a6b7d3426d7763ba148f1c2b71
-  data.tar.gz: fc121b8053444a4757d7c9a1d1247a691baa8217aecf7963ba0ba1ffcc4ca358
+  metadata.gz: 28031e9c5c67e30c2cf4778fbf56a7840117d256e4384e6e044e7cc888958d09
+  data.tar.gz: 3abea632e084b00bd09ac570710eab52e99a152d073c6f96779a04c23dbc1c21
 SHA512:
-  metadata.gz: bf90379adfeeb08e1cc1f8371eeb813d4259e187094b331f12d6232b6a10855044f0be14db531722b037b4a18c5c63be9830a13d24b443db4c98f1e62b8aaf25
-  data.tar.gz: d307474f2ae62e6b5f1da6d9128bccc122088e8e0bee1ee3f50f6ad3895906ce9c9136c5f9df39d812c9ea0a85309ed5ac897398097523bf1edfb51f04f633d0
+  metadata.gz: cd28dc30f59e5bec1b272508d5b64ecb950a3e2b6d26d4318156069d19c338093177302ac09207a4b76b7decfa8272f84a8839f3165eeee28fdb9f15ae5c6ef3
+  data.tar.gz: '08f19a62a3d3c21cdf46c8120bd0b5846107a57409aba71939587affed4e7daf32c4d0bd805919d884baa4d24b520521527f62e8edf66ed6f886cf2237122b27'

data/bin/icfs_demo_fcgi.rb

@@ -10,6 +10,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'yaml'
 require 'faraday'
 

data/{bin/icfs_demo_ssl_gen.rb → devel/demo/ssl_gen.rb}

@@ -10,15 +10,23 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'openssl'
+require 'yaml'
+
+# read the configuration
+cfg = YAML.load(File.read(ARGV[0]))
+
 
+serial = Time.now.to_i
 
-# make a CA key
+# make a CA cert
 ca_key = OpenSSL::PKey::RSA.new 2048
 ca_cert = OpenSSL::X509::Certificate.new
 ca_cert.version = 2
-ca_cert.serial = 1
-ca_cert.subject = OpenSSL::X509::Name.parse('/OU=org/OU=example/CN=Test Root CA')
+ca_cert.serial = serial
+ca_cert.subject = OpenSSL::X509::Name.parse(cfg['ca']['cn'])
 ca_cert.issuer = ca_cert.subject
 ca_cert.public_key = ca_key.public_key
 ca_cert.not_before = Time.now
@@ -36,11 +44,11 @@ ca_cert.sign(ca_key, OpenSSL::Digest::SHA256.new)
 File.open("ca_cert.pem", "wb"){|fi| fi.write ca_cert.to_pem }
 
 
-# make a server key
+# make a server cert & key
 srv_key = OpenSSL::PKey::RSA.new 2048
 srv_cert = OpenSSL::X509::Certificate.new
 srv_cert.version = 2
-srv_cert.serial = 2
+srv_cert.serial = serial + 1
 srv_cert.subject = OpenSSL::X509::Name.parse('/OU=org/OU=example/OU=Test Server/CN=localhost')
 srv_cert.issuer = ca_cert.subject
 srv_cert.public_key = srv_key.public_key
@@ -52,19 +60,22 @@ ef.issuer_certificate = ca_cert
 srv_cert.add_extension(ef.create_extension("basicConstraints", "CA:FALSE"))
 srv_cert.add_extension(ef.create_extension("keyUsage", "keyEncipherment,dataEncipherment,digitalSignature"))
 srv_cert.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
+srv_cert.add_extension(ef.create_extension("subjectAltName", "email:%s" % cfg['server']['email'], false))
 srv_cert.sign(ca_key, OpenSSL::Digest::SHA256.new)
 
-# save server key
+# save server cert & key
 File.open("srv_cert.pem", "wb"){|fi| fi.write srv_cert.to_pem }
 File.open("srv_key.pem", "wb"){|fi| fi.write srv_key.to_pem }
 
-# make client certs
-5.times do |ix|
+# make client certs with key included
+cnt = 0
+cfg['clients'].each do |cc|
+  cnt += 1
   clt_key = OpenSSL::PKey::RSA.new 2048
   clt_cert = OpenSSL::X509::Certificate.new
   clt_cert.version = 2
-  clt_cert.serial = ix+3
-  clt_cert.subject = OpenSSL::X509::Name.parse('/OU=org/OU=example/OU=Test Client/CN=client %d' % ix)
+  clt_cert.serial = serial + 2 + cnt
+  clt_cert.subject = OpenSSL::X509::Name.parse(cc['cn'])
   clt_cert.issuer = ca_cert.subject
   clt_cert.public_key = clt_key.public_key
   clt_cert.not_before = Time.now
@@ -74,11 +85,12 @@ File.open("srv_key.pem", "wb"){|fi| fi.write srv_key.to_pem }
   ef.issuer_certificate = ca_cert
   clt_cert.add_extension(ef.create_extension("basicConstraints", "CA:FALSE"))
   clt_cert.add_extension(ef.create_extension("keyUsage", "keyEncipherment,dataEncipherment,digitalSignature"))
+  clt_cert.add_extension(ef.create_extension("subjectAltName", "email:%s" % cc['email'], false))
   clt_cert.sign(ca_key, OpenSSL::Digest::SHA256.new)
 
   # pkcs12
-  clt_pkcs12 = OpenSSL::PKCS12.create('demo', 'client-%d' % ix, clt_key, clt_cert)
+  clt_pkcs12 = OpenSSL::PKCS12.create('demo', 'client-%d' % cnt, clt_key, clt_cert)
 
-  # save cert
-  File.open('clt_%d.pfx' % ix, 'wb'){|fi| fi.write clt_pkcs12.to_der }
+  # save cert w/key
+  File.open('clt_%d.pfx' % cnt, 'wb'){|fi| fi.write clt_pkcs12.to_der }
 end

data/devel/demo/ssl_gen.yml

@@ -0,0 +1,14 @@
+
+ca:
+  cn: "/OU=org/OU=example/CN=Test Root CA"
+
+server:
+  cn: "/OU=org/OU=example/OU=Test Server/CN=localhost"
+  email: "server@example.org"
+
+clients:
+  - cn: "/OU=org/OU=example/OU=Test Client/CN=client 1"
+    email: "client1@example.org"
+
+  - cn: "/OU=org/OU=example/OU=Test Client/CN=client 2"
+    email: "client2example.org"

data/devel/icfs-wrk/Dockerfile

@@ -16,7 +16,7 @@ RUN apk update && \
     apk upgrade && \
     apk --update add ruby fcgi ruby-json tzdata vim curl git bash && \
     apk --update add --virtual build-deps ruby-dev build-base fcgi-dev && \
-    gem install -N rack webrick etc faraday yard aws-sdk-s3 redis && \
+    gem install -N rack webrick etc faraday yard aws-sdk-s3 redis mail && \
     apk del build-deps && \
     rm -rf /var/cache/apk/*
 

data/devel/run/base.rb

@@ -0,0 +1,92 @@
+#!/usr/bin/env ruby
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# frozen_string_literal: true
+
+require 'faraday'
+require 'aws-sdk-s3'
+require 'redis'
+
+require_relative '../../lib/icfs'
+require_relative '../../lib/icfs/cache_elastic'
+require_relative '../../lib/icfs/store_s3'
+require_relative '../../lib/icfs/users_s3'
+require_relative '../../lib/icfs/users_redis'
+require_relative '../../lib/icfs/config_s3'
+require_relative '../../lib/icfs/config_redis'
+
+#################################################
+# Get the API
+#
+def get_base
+
+  # the log
+  log = Logger.new(STDERR)
+  log.level = Logger::INFO
+
+  # S3
+  s3 = Aws::S3::Client.new(
+    endpoint: 'http://minio:9000',
+    access_key_id: 'minio_key',
+    secret_access_key: 'minio_secret',
+    force_path_style: true,
+    region: 'us-east-1'
+  )
+
+  # redis
+  redis = Redis.new(host: 'redis')
+
+  # elasic
+  es = Faraday.new('http://elastic:9200')
+
+  # default mapping
+  map = {
+    entry: 'entry',
+    case: 'case',
+    action: 'action',
+    index: 'index',
+    log: 'log',
+    lock: 'lock',
+    current: 'current',
+  }.freeze
+
+  # default config
+  defaults = {
+    'tz' => '-04:00'
+  }
+
+  # base objects
+  cache = ICFS::CacheElastic.new(map, es)
+  store = ICFS::StoreS3.new(s3, 'icfs', 'case/')
+  users_base = ICFS::UsersS3.new(s3, 'icfs', 'users/')
+  users = ICFS::UsersRedis.new(redis, users_base, {
+      prefix: 'users/',
+      expires: 60, # one minute cache for testing
+      log: log,
+    })
+  config_base = ICFS::ConfigS3.new(defaults, s3, 'icfs', 'config/')
+  config = ICFS::ConfigRedis.new(redis, config_base, {
+      prefix: 'config/',
+      expires: 60,  # debug, only cache for one minute
+    })
+  api = ICFS::Api.new([], users, cache, store, config)
+
+  return {
+    cache: cache,
+    store: store,
+    users: users,
+    config: config,
+    api: api,
+    log: log,
+  }
+
+end # def base

data/devel/run/copy-s3.rb

@@ -10,6 +10,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'aws-sdk-s3'
 require 'find'
 

data/devel/run/email.rb

@@ -0,0 +1,36 @@
+#!/usr/bin/env ruby
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# frozen_string_literal: true
+
+require_relative 'base'
+require_relative '../../lib/icfs/email/from'
+require_relative '../../lib/icfs/email/basic'
+
+# api
+base = get_base
+api = base[:api]
+log = base[:log]
+log.level = Logger::DEBUG
+
+# load the email map
+map_email = JSON.parse(File.read(ARGV[0]))
+
+# email gateway
+email_basic = ICFS::Email::Basic.new
+email_from = ICFS::Email::From.new(map_email)
+email = ICFS::Email::Core.new(api, log, [email_from, email_basic])
+
+txt = STDIN.read
+res = email.receive(txt)
+
+p res

data/devel/run/email_imap.rb

@@ -0,0 +1,43 @@
+#!/usr/bin/env ruby
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# frozen_string_literal: true
+
+# <app> <email_map.json> <config.json>
+
+require_relative 'base'
+require_relative '../../lib/icfs/email/from'
+require_relative '../../lib/icfs/email/basic'
+require_relative '../../lib/icfs/email/imap'
+
+# api
+base = get_base
+api = base[:api]
+log = base[:log]
+log.level = Logger::DEBUG
+
+# load the email map
+map_email = JSON.parse(File.read(ARGV[0]))
+
+# load the IMAP config
+cfg_raw = JSON.parse(File.read(ARGV[1]))
+cfg = {}
+cfg_raw.each{|key, val| cfg[key.to_sym] = val}
+
+# email gateway
+email_basic = ICFS::Email::Basic.new
+email_from = ICFS::Email::From.new(map_email)
+email = ICFS::Email::Core.new(api, log, [email_from, email_basic])
+imap = ICFS::Email::Imap.new(email, log, cfg)
+
+# and fetch
+imap.reconnect

data/devel/run/email_smime.rb

@@ -0,0 +1,47 @@
+#!/usr/bin/env ruby
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# <app> <srv_cert.pem> <srv_key.pem> <ca.pem> < <email.eml>
+
+# frozen_string_literal: true
+
+require_relative 'base'
+require_relative '../../lib/icfs/email/smime'
+require_relative '../../lib/icfs/email/basic'
+
+# api
+base = get_base
+api = base[:api]
+log = base[:log]
+log.level = Logger::DEBUG
+
+# load the email map
+cert = ::OpenSSL::X509::Certificate.new(File.read(ARGV[0]))
+key = ::OpenSSL::PKey.read(File.read(ARGV[1]))
+ca = ::OpenSSL::X509::Store.new
+ca.add_file(ARGV[2])
+
+map_cn = {
+  'CN=client 1,OU=Test Client,OU=example,OU=org' => 'user1',
+  'CN=client 2,OU=Test Client,OU=example,OU=org' => 'user2',
+  'CN=client 3,OU=Test Client,OU=example,OU=org' => 'user3',
+}
+
+# email gateway
+email_basic = ICFS::Email::Basic.new
+email_smime = ICFS::Email::Smime.new(key, cert, ca, map_cn)
+email = ICFS::Email::Core.new(api, log, [email_smime, email_basic])
+
+txt = STDIN.read
+res = email.receive(txt)
+
+p res

data/devel/run/init-icfs.rb

@@ -10,6 +10,8 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
+# frozen_string_literal: true
+
 require 'json'
 require 'faraday'
 require 'aws-sdk-s3'

data/devel/run/webrick.rb

@@ -10,68 +10,16 @@
 # This program is distributed WITHOUT ANY WARRANTY; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
-require 'faraday'
-require 'aws-sdk-s3'
-require 'redis'
+# frozen_string_literal: true
 
-require_relative '../../lib/icfs'
-require_relative '../../lib/icfs/cache_elastic'
-require_relative '../../lib/icfs/store_s3'
-require_relative '../../lib/icfs/users_s3'
-require_relative '../../lib/icfs/users_redis'
+require_relative 'base'
 require_relative '../../lib/icfs/web/client'
-require_relative '../../lib/icfs/web/config_s3'
-require_relative '../../lib/icfs/web/config_redis'
 require_relative '../../lib/icfs/demo/auth'
 require_relative '../../lib/icfs/demo/static'
 
-# Minio config
-Aws.config.update(
-  endpoint: 'http://minio:9000',
-  access_key_id: 'minio_key',
-  secret_access_key: 'minio_secret',
-  force_path_style: true,
-  region: 'us-east-1'
-)
+base = get_base()
+api = base[:api]
 
-# default mapping
-map = {
-  entry: 'entry',
-  case: 'case',
-  action: 'action',
-  index: 'index',
-  log: 'log',
-  lock: 'lock',
-  current: 'current',
-}.freeze
-
-# default config
-defaults = {
-  'tz' => '-04:00'
-}
-
-# the log
-log = Logger.new(STDERR)
-log.level = Logger::INFO
-
-# base items
-s3 = Aws::S3::Client.new
-redis = Redis.new(host: 'redis')
-es = Faraday.new('http://elastic:9200')
-cache = ICFS::CacheElastic.new(map, es)
-store = ICFS::StoreS3.new(s3, 'icfs'.freeze, 'case/'.freeze)
-users_base = ICFS::UsersS3.new(s3, 'icfs'.freeze, 'users/'.freeze)
-users = ICFS::UsersRedis.new(redis, users_base, {
-    prefix: 'users/'.freeze,
-    expires: 60, # one minute cache for testing
-    log: log,
-  })
-api = ICFS::Api.new([], users, cache, store)
-config_base = ICFS::Web::ConfigS3.new(defaults, s3, 'icfs', 'config/')
-config = ICFS::Web::ConfigRedis.new(redis, config_base, {
-    prefix: 'config/',
-    expires: 60,  # debug, only cache for one minute
-  })
 web = ICFS::Web::Client.new('/static/icfs.css', '/static/icfs.js')
 
 # static files
@@ -87,7 +35,7 @@ static = {
 }
 
 app = Rack::Builder.new do
-  use(ICFS::Demo::Auth, api, config)
+  use(ICFS::Demo::Auth, api)
   use(ICFS::Demo::Static, static)
   run web
 end