mallory 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2986cd40c0575541258ea30258a3647ba162d6c3
-  data.tar.gz: ffbeddde71442cb1fc00cab05f48f560cd6b2e19
+  metadata.gz: 36c6e50ca46bfb32d70ae47130ca7c7eb2913ed1
+  data.tar.gz: d6775624b84fa2e2986746ca8f81ba9366236984
 SHA512:
-  metadata.gz: 930f5970b48a7085b177b21da243ea8a4b598a150fdce183a1769036c7f8ede30d8f84080c230e883fc30d0204f687a434c3d5ac853bb3d97f6f9414357dc042
-  data.tar.gz: 7d5bf8c37b5335631e7b61cce9b0402ca99a4dbb6d33980b5670f32fc8741a0f51f5e4cc16e66698bfbc09fa043a00e24ff9079ff201c03f431c4969810995ba
+  metadata.gz: a5ddbc9ad9ca0e0aacbc83abf303e51586dc476d1a980809531371088ff9fdb416260a05963b8668e73e484e0f5e69387868ce4cb66ea4f2b7420a01000eeec5
+  data.tar.gz: c80700a945705fdb35ed0146879948489af144d694bfdcdd053e312f553e4bf23778240042b909a7af2607817109d18efd046c554cd13c4b10aa70d63a6b6a97

data/.gitignore

@@ -8,3 +8,6 @@ keys/*.key
 keys/*.csr
 proxies.txt
 mallory.log
+debug.log
+request.log
+output.log

data/Gemfile

@@ -1,3 +1,4 @@
 source "http://rubygems.org"
 
+gem 'certificate_authority', :git => "git://github.com/cchandler/certificate_authority",  :ref => '58161e4552cc1aeca846da3e25ed66721354ee11'
 gemspec

data/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Marcin Sawicki, Maria Kacik
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -5,22 +5,27 @@
 [![Dependency Status](https://gemnasium.com/odcinek/mallory.png?travis)](https://gemnasium.com/odcinek/mallory)
 [![Code Climate](https://codeclimate.com/github/odcinek/mallory.png)](https://codeclimate.com/github/odcinek/mallory)
 
-Man-in-the-middle http/https transparent http (CONNECT) proxy over bunch of (unreliable) backends.
-It is intended to be used for running test suits / scrapers. It basically shields the proxied application from low responsiveness / poor reliability of underlying proxies.
+Man-in-the-middle transparent HTTP/HTTPS CONNECT proxy, supports
+* both HTTP and HTTPS (via CONNECT https tunneling)
+* load balancing over external (unreliable) backend proxies, with some added reliability and retry policies
 
-Proxy list is provided by external backend (ActiveRecord model, Redis set) and is refreshed periodically. Original use case involves separate proxy-gathering daemon (out of the scope of this project).
+It is intended to be used for running test suits / scrapers. It basically shields the proxied application from low responsiveness / poor reliability of underlying proxies, while providing a full request log (both for HTTP and HTTPS).
+If not backends specified, requests will be performed directly.
 
-For the mallory to work properly client certificate validation needs to be turned off.
+Optional backend proxy list is fetched from Redis or flat file, and refreshed periodically. Original use case involves separate proxy-gathering daemon (out of the scope of this project).
+
+For mallory to work properly custom CA needs to be added as trusted. Optionally client certificate validation can be turned off.
 
 ## Usage
 
 ### Command line
 
-```bash
-./keys/keygen.sh
-bundle exec ./bin/mallory -v -l 9999 #default (no proxy backend, direct requests)
-bundle exec ./bin/mallory -v -b file://proxies.txt -l 9999 #start with proxy file
-bundle exec ./bin/mallory -v -b redis://127.0.0.1:6379 -l 9999 #start with Redis backend
+Generate keys with ```./keys/keygen.sh```
+
+```
+bundle exec ./bin/mallory -v -p 9999 #default (no proxy backend, direct requests)
+bundle exec ./bin/mallory -v -b file://proxies.txt -p 9999 #start with proxy file
+bundle exec ./bin/mallory -v -b redis://127.0.0.1:6379 -p 9999 #start with Redis backend
 ```
 
 ```bash
@@ -28,6 +33,8 @@ curl --insecure --proxy 127.0.0.1:9999 https://www.dropbox.com/login
 phantomjs --debug=yes --ignore-ssl-errors=yes --ssl-protocol=sslv2 --proxy=127.0.0.1:9999 --proxy-type=http hello.js
 ```
 
+Do ```bundle exec ./bin/mallory --help``` for help.
+
 ### Interface
 
 ```ruby
@@ -72,7 +79,3 @@ Redis key TODO
 
 - [Marcin Sawicki](https://github.com/odcinek)
 - [Maria Kacik](https://github.com/mkacik)
-
-## License
-
-(The MIT License)

data/bin/mallory

@@ -13,12 +13,20 @@ options = {}
 OptionParser.new do |opts|
   opts.banner = "Usage: proxybalancer [options]"
 
-  opts.on("-l", "--listen PORT", Integer, "Port to listen on (default 9999)") do |v|
-    options[:listen] = v
+  opts.on("-p", "--port PORT", Integer, "Port to listen on (default 9999)") do |v|
+    options[:port] = v
   end
 
   opts.on("-b", "--backend BACKEND", String, "Backend to use (default 'file://proxies.txt')") do |v|
-    options[:listen] = v
+    options[:backend] = v
+  end
+
+  opts.on("-cac", "--certificate-authority-cert CERT", String, "CA cert (default './keys/ca.crt')") do |v|
+    options[:ca_cert] = v
+  end
+
+  opts.on("-cak", "--certificate-authority-key KEY", String, "CA key (default './keys/ca.key')") do |v|
+    options[:ca_key] = v
   end
 
   opts.on("-ct", "--connect-timeout SECONDS", Integer, "Proxy connect timeout (default 2s)") do |v|
@@ -29,37 +37,51 @@ OptionParser.new do |opts|
     options[:it] = v
   end
 
+  opts.on("-l", "--activity-log LOGFILE", String, "Log events & debug (default STDOUT)") do |v|
+    options[:activity_log] = v
+  end
+
+  opts.on("-r", "--request-log LOGFILE", String, "Log requests (default none)") do |v|
+    options[:request_log] = v
+  end
+
   opts.on("-v", "--verbose", "Run in debug mode") do |v|
     options[:verbose] = v
   end
 end.parse!
 
-def get_logger(verbose)
+def get_logger(activity_log, request_log, verbose)
   # https://github.com/TwP/logging/blob/master/lib/logging/layouts/pattern.rb
+  Logging.init :request, :debug, :info
   layout = Logging::Layouts::Pattern.new({ :pattern => "%d %-5l : %m\n"})
   logger = Logging.logger['mallory']
-  file_appender = Logging.appenders.file("mallory.log")
-  file_appender.layout = layout
-  file_appender.level = :info
-  logger.add_appenders(file_appender)
-  stdout_appender = Logging.appenders.stdout
-  stdout_appender.layout = layout
-  stdout_appender.level = verbose ? :debug : :info
-  logger.add_appenders(
-      stdout_appender,
-      file_appender
-  )
+
+  activity_appender = Logging.appenders.stdout
+  activity_appender = Logging.appenders.file(activity_log) if not activity_log.nil?
+  activity_appender.layout = layout
+  activity_appender.level = verbose ? :debug : :info
+  logger.add_appenders(activity_appender)
+  
+  if not request_log.nil?
+    request_appender = Logging.appenders.file(request_log)
+    request_appender.layout = layout
+    request_appender.level = :request
+    logger.add_appenders(request_appender)
+  end
+
   logger
 end
 
 config = Mallory::Configuration.register do |c|
-  c.logger = get_logger(options.delete(:verbose))
+  c.logger = get_logger(options.delete(:activity_log), options.delete(:request_log), options.delete(:verbose))
   c.backend = Mallory::Backend::Self.new()
-  #c.backend = Mallory::Backend::File.new("#{Dir.pwd}/proxies.txt")
-#  c.backend = Mallory::Backend::Redis.new("127.0.0.1", 6379)
+  ca = options.has_key?(:ca_cert) ? Mallory::SSL::CA.new(options.delete(:ca_cert), options.delete(:ca_key)) : Mallory::SSL::CA.new("./keys/ca.crt", "./keys/ca.key")
+  cf = Mallory::SSL::CertificateFactory.new(ca)
+  st = Mallory::SSL::MemoryStorage.new()
+  c.certificate_manager = Mallory::SSL::CertificateManager.new(cf, st)
   c.connect_timeout = options.delete(:connect_timeout) || 2
   c.inactivity_timeout = options.delete(:inactivity_timeout) || 2
-  c.listen = options.delete(:listen) || 9999
+  c.port = options.delete(:port) || 9999
 end
 
 Mallory::Server.new(config).start!

data/bin/mallory-ca

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+lib = File.expand_path(File.dirname(__FILE__) + '/../lib')
+$LOAD_PATH.unshift(lib) if File.directory?(lib) && !$LOAD_PATH.include?(lib)
+
+require 'mallory'
+require 'optparse'
+
+key = OpenSSL::PKey::RSA.new 2048
+ca = OpenSSL::X509::Certificate.new
+ca.version = 2
+ca.serial = 1
+ca.subject = OpenSSL::X509::Name.parse "/CN=ROOT"
+ca.issuer = ca.subject
+ca.public_key = key.public_key
+ca.not_before = Time.now
+ca.not_after = ca.not_before + 365*24*3600
+ef = OpenSSL::X509::ExtensionFactory.new
+ef.subject_certificate = ca
+ef.issuer_certificate = ca
+ca.add_extension(ef.create_extension("basicConstraints","CA:TRUE",true))
+ca.add_extension(ef.create_extension("keyUsage","keyCertSign, cRLSign", true))
+ca.add_extension(ef.create_extension("subjectKeyIdentifier","hash",false))
+ca.add_extension(ef.create_extension("authorityKeyIdentifier","keyid:always",false))
+ca.sign(key, OpenSSL::Digest::SHA256.new)
+
+File.open("./keys/ca.crt", 'w') {|file| file.write(ca.to_pem) }
+File.open("./keys/ca.key", 'w') {|file| file.write(key.to_pem) }

data/lib/mallory.rb

@@ -2,7 +2,11 @@ require 'mallory/configuration'
 require 'mallory/backend/redis'
 require 'mallory/backend/file'
 require 'mallory/backend/self'
-require 'mallory/backend/activerecord'
+require 'mallory/ssl/memory_storage'
+require 'mallory/ssl/certificate'
+require 'mallory/ssl/certificate_factory'
+require 'mallory/ssl/certificate_manager'
+require 'mallory/ssl/ca'
 require 'mallory/request'
 require 'mallory/response'
 require 'mallory/proxy'

data/lib/mallory/configuration.rb

@@ -29,12 +29,20 @@ module Mallory
       @settings[:backend] = other
     end
 
-    def self.listen
-      @settings[:listen]
+    def self.certificate_manager
+      @settings[:certificate_manager]
     end
 
-    def self.listen=(other)
-      @settings[:listen] = other
+    def self.certificate_manager=(other)
+      @settings[:certificate_manager] = other
+    end
+
+    def self.port
+      @settings[:port]
+    end
+
+    def self.port=(other)
+      @settings[:port] = other
     end
 
     def self.connect_timeout

data/lib/mallory/connection.rb

@@ -5,10 +5,11 @@ require 'redis'
 
 module Mallory
   class Connection < EM::Connection
-    def initialize(request_builder, proxy_builder, logger)
+    def initialize(request_builder, proxy_builder, logger, certificate_manager)
       @logger = logger
       @request_builder = request_builder
       @proxy_builder = proxy_builder
+      @certificate_manager = certificate_manager
       @start = Time.now
       @secure = false
       @proto = "http"
@@ -41,8 +42,17 @@ module Mallory
         return
       end
       if not @secure and request.method.eql?('connect')
+        #TEMPORARY FIXME
+        cc = @certificate_manager.get(request.host)
+        ca = File.read("./keys/ca.crt")
+        private_key_file = Tempfile.new('private_key_file')
+        private_key_file.write (cc.key)
+        private_key_file.close()
+        cert_chain_file = Tempfile.new('cert_chain_file')
+        cert_chain_file.write (cc.cert + ca)
+        cert_chain_file.close()
         send_data "HTTP/1.0 200 Connection established\r\n\r\n"
-        start_tls :private_key_file => './keys/server.key', :cert_chain_file => './keys/server.crt', :verify_peer => false
+        start_tls :private_key_file => private_key_file.path, :cert_chain_file => cert_chain_file.path, :verify_peer => true
         return true
       end
       proxy = @proxy_builder.build
@@ -57,4 +67,4 @@ module Mallory
       proxy.perform(request)
     end
   end
-end
+end

data/lib/mallory/proxy.rb

@@ -7,12 +7,13 @@ module Mallory
 
     include EventMachine::Deferrable
 
-    def initialize(ct, it, backend, response_builder, logger)
+    def initialize(ct, it, backend, response_builder, logger, certificate_authority)
       @connect_timeout = ct
       @inactivity_timeout = it
       @backend = backend
       @response_builder = response_builder
       @logger = logger
+      @certificate_authority = certificate_authority
       @retries = 0
       @response = ''
     end
@@ -72,6 +73,7 @@ module Mallory
       http.callback {
         @logger.debug "Attempt #{@retries} - Success"
         response = @response_builder.build(http)
+        @logger.request response.body
         if response.status > 400
           @logger.debug "#{response.status} > 400"
           resubmit

data/lib/mallory/proxy_builder.rb

@@ -5,6 +5,6 @@ class Mallory::ProxyBuilder
   end
 
   def build
-    Mallory::Proxy.new(@config.connect_timeout, @config.inactivity_timeout, @config.backend, @response_builder, @config.logger)
+    Mallory::Proxy.new(@config.connect_timeout, @config.inactivity_timeout, @config.backend, @response_builder, @config.logger, @config.certificate_manager)
   end
 end

data/lib/mallory/request.rb

@@ -25,6 +25,10 @@ module Mallory
       "#{@protocol}://#{@request['host']}#{@request.path}"
     end
 
+    def host
+      @request['host'].split(":")[0]
+    end
+
     def method
       @request.request_method.downcase
     end

data/lib/mallory/server.rb

@@ -13,16 +13,17 @@ module Mallory
   class Server
     def initialize config
       @logger = config.logger
-      @listen = config.listen
+      @port = config.port
       @request_builder = Mallory::RequestBuilder.new(config)
       response_builder = Mallory::ResponseBuilder.new(config)
       @proxy_builder = Mallory::ProxyBuilder.new(config, response_builder)
+      @certificate_manager = config.certificate_manager
     end
 
     def start!
       EventMachine.run {
         @logger.info "Starting mallory"
-        EventMachine.start_server '127.0.0.1', @listen, Mallory::Connection, @request_builder, @proxy_builder, @logger
+        EventMachine.start_server '127.0.0.1', @port, Mallory::Connection, @request_builder, @proxy_builder, @logger, @certificate_manager
       }
     end
   end

data/lib/mallory/ssl/ca.rb

@@ -0,0 +1,36 @@
+#!/usr/bin/env ruby
+module Mallory
+  module SSL
+    class CA
+      def initialize crt, key
+        @crt = OpenSSL::X509::Certificate.new(File.read(crt))
+        @key = OpenSSL::PKey::RSA.new(File.read(key))
+      end
+
+      def to_pem
+        @crt.to_pem
+      end
+
+      def sign csr
+        cert = OpenSSL::X509::Certificate.new
+        cert.serial = 12158693495562452430+rand(10000)
+        cert.version = 0 #2
+        cert.not_before = Time.now - 3600
+        cert.not_after = Time.now + 365*24*3600
+        cert.subject = csr.subject
+        cert.public_key = csr.public_key
+        cert.issuer = @crt.subject
+
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate = @crt
+        ef.create_extension 'basicConstraints', 'CA:FALSE'
+        ef.create_extension 'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature'
+        ef.create_extension 'subjectKeyIdentifier', 'hash'
+
+        cert.sign @key, OpenSSL::Digest::SHA1.new
+      end
+
+    end
+  end
+end

data/lib/mallory/ssl/certificate.rb

@@ -0,0 +1,30 @@
+module Mallory
+  module SSL
+    class Certificate
+
+      def initialize key, cert
+        @key = key
+        @cert = cert
+      end
+
+      def self.csr domain
+        key = OpenSSL::PKey::RSA.new 1024
+        csr = OpenSSL::X509::Request.new
+        csr.version = 0
+        csr.subject = OpenSSL::X509::Name.parse "/CN=#{domain}"
+        csr.public_key = key.public_key
+        signed = csr.sign key, OpenSSL::Digest::SHA1.new
+        return key, signed
+      end
+
+      def cert
+        @cert.to_pem
+      end
+
+      def key
+        @key.to_pem
+      end
+
+    end
+  end
+end

data/lib/mallory/ssl/certificate_factory.rb

@@ -0,0 +1,17 @@
+module Mallory
+  module SSL
+    class CertificateFactory
+
+      def initialize ca
+        @ca = ca
+      end
+
+      def get domain
+        key, csr = Mallory::SSL::Certificate.csr(domain)
+        signed = @ca.sign(csr)
+        Mallory::SSL::Certificate.new(key, signed)
+      end
+  
+    end
+  end
+end

data/lib/mallory/ssl/certificate_manager.rb

@@ -0,0 +1,22 @@
+module Mallory
+  module SSL
+    class CertificateManager
+
+      def initialize storage, factory
+        @storage = storage
+        @factory = factory
+      end
+
+      def get domain
+        key = @storage.get(domain)
+        if not key.nil?
+          return key
+        end
+        key = @factory.get(domain)
+        @storage.put(key)
+        return key
+      end
+
+    end
+  end
+end

data/lib/mallory/ssl/memory_storage.rb

@@ -0,0 +1,20 @@
+module Mallory
+  module SSL
+    class MemoryStorage
+
+      def initialize
+        @certs = {}
+      end
+
+      def get domain
+        @certs[domain]
+      end
+
+      def put cert
+        domain = cert.subject.to_a.select{|x|x[0]=="CN"}.first[1] #OpenSSL::X509::Name could have hash interface. Could.
+        @certs[domain] = cert
+      end
+
+    end
+  end
+end

data/lib/mallory/version.rb

@@ -1,3 +1,3 @@
 module Mallory
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

data/mallory.gemspec

@@ -17,6 +17,7 @@ Gem::Specification.new do |s|
   s.add_dependency "redis"
   s.add_dependency "em-http-request"
   s.add_dependency "logging"
+  s.add_dependency "certificate_authority"
   s.add_development_dependency "rspec"
   s.add_development_dependency "sinatra"
   s.add_development_dependency "sinatra-contrib"

data/spec/mallory/ca_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+require 'mallory/ssl/ca'
+require 'mallory/ssl/certificate'
+
+describe Mallory::SSL::CA do
+
+  let(:domain) { "example.com" }
+
+  before(:each) do 
+    @crt = <<eos
+-----BEGIN CERTIFICATE-----
+MIIBrjCCAWqgAwIBAgIJAI9Jet0z2WxsMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTMxMDI3MDkzODI4WhcNMTQxMDI3MDkzODI4WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMEkwDQYJKoZIhvcNAQEBBQADOAAwNQIuATk8
+6gLLDreN38mrzriz9YG7M+mac0+y+aIP1K8tdZ8YvUKMzlzeC4eKnD4FzwIDAQAB
+o1AwTjAdBgNVHQ4EFgQU9WaQgAp6p34/notUvUlRK/dUlA8wHwYDVR0jBBgwFoAU
+9WaQgAp6p34/notUvUlRK/dUlA8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
+AAMvAAAfhV/bVru7TPf16ip7Q0vBYX1imJJXZV72aTOmHXuQ06wbYQ0zkBmxyNe/
+jTQ=
+-----END CERTIFICATE-----
+eos
+    @key = <<eos
+-----BEGIN RSA PRIVATE KEY-----
+MIHkAgEAAi4BOTzqAssOt43fyavOuLP1gbsz6ZpzT7L5og/Ury11nxi9QozOXN4L
+h4qcPgXPAgMBAAECLgCCtONlJPxQJbhzO+j388gHSWmBGfzx/guAg7RljGrPI1Ml
+0ZFD03gWr4oLNqkCFxmupXAH1DbNXgAj7XZ4qr4dG8uBzvNtAhcMMloyUncI47Ov
+WT6Th8Fzkv+LT3ecqwIXCI9H/o3tchKCuQNAexL+vXyQLgTmyAUCFmJJYpIj+xyn
+2Fo31Q8N8ORstObwffcCFxlbbXtpwyj9lQcnH0hgQka0iyO2oe5P
+-----END RSA PRIVATE KEY-----
+eos
+    @dir = Dir.mktmpdir
+    @crt_file = "#{@dir}/test.crt"
+    @key_file = "#{@dir}/test.key"
+    File.open(@crt_file, 'w') { |file| file.write(@crt) }
+    File.open(@key_file, 'w') { |file| file.write(@key) }
+  end
+
+  after(:each) do
+    FileUtils.remove_entry_secure @dir
+  end
+
+  it "Reads a cert from a file" do
+    Mallory::SSL::CA.new(@crt_file, @key_file).to_pem.should eq(@crt)
+  end
+
+  it "Signs a given csr" do
+    key, csr = Mallory::SSL::Certificate.csr(domain)
+    ca = Mallory::SSL::CA.new(@crt_file, @key_file)
+    cert = ca.sign(csr)
+    cert.subject.should eq(OpenSSL::X509::Name.parse "/CN=#{domain}")
+    Mallory::SSL::Certificate.new(key, cert).cert
+  end
+
+end

data/spec/mallory/certificate_factory_spec.rb

@@ -0,0 +1,12 @@
+require 'spec_helper'
+require 'mallory/ssl/certificate_factory'
+
+describe Mallory::SSL::CertificateFactory do
+
+  it "Generate a cert" do
+    #ca = ""
+    #cf = Mallory::SSL::CertificateFactory.new(ca)
+    #cf.get(cert)
+  end
+
+end

data/spec/mallory/certificate_manager_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+require 'mallory/ssl/certificate_manager'
+
+describe Mallory::SSL::CertificateManager do
+
+  before(:each) do 
+    @domain = "domain.com"
+    @cs = double("certificate_storage")
+    expect(@cs).to receive(:get).with(@domain).and_return(nil)
+    expect(@cs).to receive(:put)
+    @cf = double("certificate_factory")
+    expect(@cf).to receive(:get).with(@domain).and_return("CERT")
+  end
+
+  it "Gets a new cert" do
+    cf = Mallory::SSL::CertificateManager.new(@cs, @cf)
+    cf.get(@domain).should eq("CERT")
+  end
+
+  it "Gets the same cert" do
+    expect(@cs).to receive(:get).with(@domain).and_return("CERT")
+    cf = Mallory::SSL::CertificateManager.new(@cs, @cf)
+    cf.get(@domain).should eq("CERT")
+    cf.get(@domain).should eq("CERT")
+  end
+
+end

data/spec/mallory/certificate_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+require 'mallory/ssl/certificate'
+
+describe Mallory::SSL::Certificate do
+
+  it "Generates a csr" do
+    Mallory::SSL::Certificate.csr("example.com")[1].to_s.should match /^-----BEGIN CERTIFICATE REQUEST.*END CERTIFICATE REQUEST-----$/m
+  end
+
+end

data/spec/mallory/memory_storage_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+require 'mallory/ssl/memory_storage'
+
+describe Mallory::SSL::MemoryStorage do
+
+  let(:domain) { "example.com" }
+  let(:name) { OpenSSL::X509::Name.parse "/DC=unknown/CN=#{domain}" }
+  let(:cert) do
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = name
+    cert
+  end
+
+  it "Put a cert" do
+    Mallory::SSL::MemoryStorage.new().put(cert)
+  end
+
+  it "Get a cert" do
+    ms = Mallory::SSL::MemoryStorage.new()
+    ms.put(cert)
+    ms.get(domain).should eq(ms.get(domain))
+  end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mallory
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Marcin Sawicki
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-24 00:00:00.000000000 Z
+date: 2013-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eventmachine
@@ -66,6 +66,20 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: certificate_authority
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -142,6 +156,7 @@ email:
 - odcinek@gmail.com
 executables:
 - mallory
+- mallory-ca
 extensions: []
 extra_rdoc_files: []
 files:
@@ -149,9 +164,11 @@ files:
 - .rspec
 - .travis.yml
 - Gemfile
+- LICENSE
 - README.md
 - Rakefile
 - bin/mallory
+- bin/mallory-ca
 - keys/keygen.sh
 - lib/mallory.rb
 - lib/mallory/backend/file.rb
@@ -166,12 +183,22 @@ files:
 - lib/mallory/response.rb
 - lib/mallory/response_builder.rb
 - lib/mallory/server.rb
+- lib/mallory/ssl/ca.rb
+- lib/mallory/ssl/certificate.rb
+- lib/mallory/ssl/certificate_factory.rb
+- lib/mallory/ssl/certificate_manager.rb
+- lib/mallory/ssl/memory_storage.rb
 - lib/mallory/version.rb
 - mallory.gemspec
 - spec/mallory.rb
+- spec/mallory/ca_spec.rb
+- spec/mallory/certificate_factory_spec.rb
+- spec/mallory/certificate_manager_spec.rb
+- spec/mallory/certificate_spec.rb
 - spec/mallory/configuration_spec.rb
 - spec/mallory/connection_spec.rb
 - spec/mallory/file_backend_spec.rb
+- spec/mallory/memory_storage_spec.rb
 - spec/mallory/proxy_spec.rb
 - spec/mallory/request_spec.rb
 - spec/mallory/response_spec.rb
@@ -204,9 +231,14 @@ summary: Man-in-the-middle http/https transparent http (CONNECT) proxy over bunc
   of (unreliable) backends
 test_files:
 - spec/mallory.rb
+- spec/mallory/ca_spec.rb
+- spec/mallory/certificate_factory_spec.rb
+- spec/mallory/certificate_manager_spec.rb
+- spec/mallory/certificate_spec.rb
 - spec/mallory/configuration_spec.rb
 - spec/mallory/connection_spec.rb
 - spec/mallory/file_backend_spec.rb
+- spec/mallory/memory_storage_spec.rb
 - spec/mallory/proxy_spec.rb
 - spec/mallory/request_spec.rb
 - spec/mallory/response_spec.rb