manticore 0.4.0-java → 0.4.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 19e1191d64f814d4e5eeac2a74ea1cb9ec964451
-  data.tar.gz: 973396d996c2d9bb26491fe88e8566ee27809304
+  metadata.gz: c68549109cd024c3e482eaed8cd316d9c316570d
+  data.tar.gz: 6844c804051ce09e9f31ccf3ffd4d14d5d294fe9
 SHA512:
-  metadata.gz: 0dbfd05b0f5a02a31cde7696dac20baacfa9c981ae0c054d91fd203d2165d3fb42bf3add0363a7b49cb1a91e4c9047911be823c0409238783d8b19acad078088
-  data.tar.gz: 6eeeded09429d4275256cc81a70e8e12314f70ca7d7c9276160d2c0f982323aa23d3658315dec7dac64b11fed97e5d402fdb728d23224d8f7330ac08f06dfd70
+  metadata.gz: 5f98cbb04885e180f8b692338648460a6b51220168e648629f5dcea0281871e94f16ca8cfd0470bcd33cceb2fed2914fe50b25e00f5226fc59c9e3786005feb9
+  data.tar.gz: d0a49ec53bb0286a2b6eed9cff0d819f80749317d280150040bf43d54126a9ec6e0a5bf2262c0d13b6c2f297fa8b3b8004e8f02b6e3ae0a2e9c179060a9753b6

data/CHANGELOG.md

@@ -1,4 +1,9 @@
-## v0.4.1 (pending)
+## v0.4
+
+### v0.4.1 (pending)
+
+* Add support for ssl[:ca_file], ssl[:client_cert], and ssl[:client_key], to emulate OpenSSL features in other Ruby HTTP clients
+* Integrate Faraday adapter for Manticore
 
 ### v0.4.0
 

data/lib/faraday/adapter/manticore.rb

@@ -0,0 +1,101 @@
+require 'faraday'
+
+module Faraday
+  class Adapter
+    class Manticore < Faraday::Adapter
+      dependency { require 'manticore' }
+
+      class ParallelManager
+        def client=(client)
+          @client ||= client
+        end
+
+        def run
+          @client.execute! if @client
+        end
+      end
+
+      self.supports_parallel = true
+      def self.setup_parallel_manager(options = {})
+        ParallelManager.new
+      end
+
+      def client(env)
+        @client ||= begin
+          opts = {}
+          if ssl = env[:ssl].to_hash
+            opts[:ssl] = {}
+            opts[:ssl][:verify]      = :disable if ssl[:verify] == false
+            opts[:ssl][:ca_file]     = ssl[:ca_file]
+            opts[:ssl][:client_cert] = ssl[:client_cert]
+            opts[:ssl][:client_key]  = ssl[:client_key]
+          end
+          ::Manticore::Client.new(opts)
+        end
+      end
+
+      def call(env)
+        super
+
+        opts = {}
+        if env.key? :request_headers
+          opts[:headers] = env[:request_headers]
+          opts[:headers].reject! {|k, _| k.downcase == "content-length" }  # Manticore computes Content-Length
+        end
+        body = read_body(env)
+        opts[:body] = body if body
+
+        if req = env[:request]
+          opts[:request_timeout] = opts[:connect_timeout] = opts[:socket_timeout] = req[:timeout] if req.key?(:timeout)
+          opts[:connect_timeout] = opts[:socket_timeout] = req[:open_timeout] if req.key?(:open_timeout)
+          if prx = req[:proxy]
+            opts[:proxy] = {
+              :url      => prx[:uri].to_s,
+              :user     => prx[:user],
+              :password => prx[:password]
+            }
+          end
+        end
+
+        cl = client(env)
+        if parallel?(env)
+          env[:parallel_manager].client = cl
+          cl = cl.async
+        end
+
+        last_exception = nil
+
+        req = cl.send(env[:method].to_s.downcase, env[:url].to_s, opts)
+        req.on_success do |response|
+          save_response(env, response.code, response.body || "", response.headers)
+          env[:response].finish(env) if parallel?(env)
+        end
+
+        req.on_failure do |err|
+          case err
+          when ::Manticore::Timeout
+            raise TimeoutError, err
+          when ::Manticore::SocketException, ::Java::JavaUtilConcurrent::ExecutionException
+            raise ConnectionFailed, err
+          when ::Manticore::ClientProtocolException
+            raise Faraday::SSLError, err
+          else
+            raise err
+          end
+        end
+
+        req.call unless parallel?(env)
+        @app.call env
+      end
+
+      def parallel?(env)
+        !env[:parallel_manager].nil?
+      end
+
+      def read_body(env)
+        env[:body].respond_to?(:read) ? env[:body].read : env[:body]
+      end
+    end
+    register_middleware nil, :manticore => :Manticore
+  end
+end

data/lib/manticore.rb

@@ -1,7 +1,6 @@
 require 'java'
 require 'uri'
 require 'cgi'
-require 'cgi/cookie'
 
 jars = ["httpcore-4.3.3", "httpclient-4.3.6", "commons-logging-1.1.3", "commons-codec-1.6.jar", "httpmime-4.3.6.jar"]
 jars.each do |jar|

data/lib/manticore/client.rb

@@ -1,4 +1,5 @@
 require 'thread'
+require 'base64'
 
 module Manticore
   # General Timeout exception thrown for various Manticore timeouts
@@ -72,9 +73,11 @@ module Manticore
     include_package "java.util.concurrent"
     include_package "org.apache.http.client.protocol"
     include_package 'org.apache.http.conn.ssl'
+    include_package "java.security.cert"
+    include_package "java.security.spec"
+    include_package "java.security"
     java_import "org.apache.http.HttpHost"
     java_import "javax.net.ssl.SSLContext"
-    java_import "java.security.KeyStore"
     java_import "org.manticore.HttpGetWithEntity"
     java_import "org.apache.http.auth.UsernamePasswordCredentials"
 
@@ -141,6 +144,9 @@ module Manticore
     # @option options [String]          ssl[:keystore]            (nil)        Path to a custom key store to use for client certificate authentication
     # @option options [String]          ssl[:keystore_password]   (nil)        Password used for decrypting the client auth key store
     # @option options [String]          ssl[:keystore_type]       (nil)        Format of the key store, ie "JKS" or "PKCS12". If left nil, the type will be inferred from the keystore filename.
+    # @option options [String]          ssl[:ca_file]             (nil)        OpenSSL-style path to an X.509 certificate to use to validate SSL certificates
+    # @option options [String]          ssl[:client_cert]         (nil)        OpenSSL-style path to an X.509 certificate to use for client authentication
+    # @option options [String]          ssl[:client_key]          (nil)        OpenSSL-style path to an RSA key to use for client authentication
     # @option options [boolean]         ssl[:track_state]         (false)      Turn on or off connection state tracking. This helps prevent SSL information from leaking across threads, but means that connections
     #                                                                             can't be shared across those threads. This should generally be left off unless you know what you're doing.
     def initialize(options = {})
@@ -554,18 +560,59 @@ module Manticore
         raise "Invalid value for :verify. Valid values are (:all, :browser, :default)"
       end
 
-
       context = SSLContexts.custom
+      setup_trust_store ssl_options, context, trust_strategy
+      setup_key_store ssl_options, context
 
+      SSLConnectionSocketFactory.new context.build, ssl_options[:protocols].to_java(:string), ssl_options[:cipher_suites].to_java(:string), verifier
+    end
+
+    def setup_trust_store(ssl_options, context, trust_strategy)
       trust_store = get_store(:truststore, ssl_options) if ssl_options.key?(:truststore)
+
+      # Support OpenSSL-style ca_file. We don't support ca_path for now.
+      if ssl_options[:ca_file]
+        trust_store ||= blank_keystore
+        open(ssl_options[:ca_file]) do |fp|
+          cert_collection = CertificateFactory.get_instance("X509").generate_certificates(fp.to_inputstream).to_a
+          cert_collection.each do |cert|
+            trust_store.set_certificate_entry(cert.getSubjectX500Principal.name, cert)
+          end
+        end
+      end
+
       context.load_trust_material(trust_store, trust_strategy)
+    end
+
+    KEY_EXTRACTION_REGEXP = /(?:^-----BEGIN(.* )PRIVATE KEY-----\n)(.*?)(?:-----END\1PRIVATE KEY.*$)/m
+    def setup_key_store(ssl_options, context)
+      key_store = get_store(:keystore, ssl_options) if ssl_options.key?(:keystore)
 
-      if ssl_options.key?(:keystore)
-        key_store = get_store(:keystore, ssl_options)
-        context.load_key_material(key_store, ssl_options.fetch(:keystore_password, nil).to_java.toCharArray)
+      # Support OpenSSL-style bare X.509 certs with an RSA key
+      # This is really dumb - we have to b64-decode the key ourselves.
+      if ssl_options[:client_cert] && ssl_options[:client_key]
+        key_store ||= blank_keystore
+        certs, key = nil, nil
+        open(ssl_options[:client_cert]) do |fp|
+          certs = CertificateFactory.get_instance("X509").generate_certificates(fp.to_inputstream).to_array([].to_java(Certificate))
+        end
+
+        keystore_password = ssl_options.fetch(:keystore_password, "").to_java.toCharArray
+        # Add each of the keys in the given keyfile into the keystore.
+        open(ssl_options[:client_key]) do |fp|
+          key_parts = fp.read.scan(KEY_EXTRACTION_REGEXP)
+          key_parts.each do |type, b64key|
+            body = Base64.decode64 b64key
+            spec = PKCS8EncodedKeySpec.new(body.to_java_bytes)
+            type = type.strip
+            type = "RSA" if type == ""
+            key = KeyFactory.getInstance(type).generatePrivate(spec)
+            key_store.set_key_entry("key-#{Digest::SHA1.hexdigest(body)}", key, keystore_password, certs)
+          end
+        end
       end
 
-      SSLConnectionSocketFactory.new context.build, ssl_options[:protocols].to_java(:string), ssl_options[:cipher_suites].to_java(:string), verifier
+      context.load_key_material(key_store, keystore_password) if key_store
     end
 
     def get_trust_store(options)
@@ -583,6 +630,10 @@ module Manticore
       end
     end
 
+    def blank_keystore
+      KeyStore.get_instance(KeyStore.get_default_type).tap {|k| k.load(nil, nil) }
+    end
+
     def guess_store_type(filename)
       if filename.end_with?(".p12")
         "pkcs12"

data/lib/manticore/version.rb

@@ -1,3 +1,3 @@
 module Manticore
-  VERSION = "0.4.0"
+  VERSION = "0.4.1"
 end

data/spec/manticore/client_spec.rb

@@ -112,6 +112,29 @@ describe Manticore::Client do
         end
       end
 
+      context 'when ca_file is given' do
+        let(:client) { Manticore::Client.new :ssl => {verify: :strict, ca_file: File.expand_path("../../ssl/ca_cert.crt", __FILE__) } }
+
+        it "should verify the request and succeed" do
+          expect { client.get("https://localhost:55444/").body }.to_not raise_exception
+        end
+      end
+
+      context 'when client_cert and client_key are given' do
+        let(:client) { Manticore::Client.new(
+          :ssl => {
+            verify: :strict,
+            ca_file: File.expand_path("../../ssl/ca_cert.crt", __FILE__),
+            client_cert: File.expand_path("../../ssl/client.crt", __FILE__),
+            client_key: File.expand_path("../../ssl/client.key", __FILE__)
+          })
+        }
+
+        it "should successfully auth requests" do
+          expect(client.get("https://localhost:55445/").body).to match("hello")
+        end
+      end
+
       context 'when off' do
         let(:client) { Manticore::Client.new :ssl => {:verify => :none} }
 

data/spec/ssl/client.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDlTCCAX0CAQEwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAk1EMRIwEAYDVQQHDAlCYWx0aW1vcmUxEDAOBgNVBAMMB1Rlc3QgQ0ExHzAd
+BgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20wIBcNMTQxMjEwMjIwMzMxWhgP
+MjExNDExMTYyMjAzMzFaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0
+IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBANf8i2rFB1llfRuNuERJyvXCR9cHEvW7jAXXUbrWRAFJ
+yAE466ZYPWBZZ241iQOFsEAtjldly80USyD0Nfx18M6FR6dppH/cqEsLKT6Esa5X
+ASOMJhgftiU2CvjIkVSVlIdTACetnoLLGF926F7lyNgAS4b9PZdg4QFr2Ih04NSx
+AgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAKWAYd1Cgzu9lvhjweeO2HI9eLk7pr/c
+1f6yOLxwfZyxCVYkQ906/YVcO+vvb+R1gbHEw3cHED9SgIZARvNNM9I2YFk/KFEg
+3N8mo37KOHu4HGyhRcJqB90P7umwVyWJn2iXe8Wus/eWsszBgXyPM3Xa7Wwy7aBw
+AXAnrRhESethWI3vH3yAJeT1RG1rGjEqEuojfDxgzKvt08PgMwkN8VY0b7XdAdXj
+ycXCmhaTLveM9BQVYY/LrrMR4ynVM6Fv3GXR3Sz/Eup4sJTXo3DhZ4rSBAPkyHCD
+wxcmrjEL9eMG8kqXT4y/UQyXYhWKbFB3InnfZCh/QJ1+JqpIhi+tEMrVRvMrYp7l
+/6ZGml4wHlCL+ky/wG30sgTHpj+S8PG96LnJ+kXnkxycq6vCRJEfRmXhh70swIiv
+Pgh6RAZu6AdVX+gztnD0oSbez39hb4qcolLjlSO2msBTbQ2lp9zNrB4MqzuAgC1K
+CWs2oBm6NrrR4+Sx/JjLmQcoSeuFooUmloL1c5XRv1B7vpx9P2Do0aF6Xksvli0w
+62n72nI7nF8VfyKjjEABk6dNBK0dYFrO+5pWJ4KEdOt2fVw5pduB4K2TN12z0LlY
+ItFnYxmFPzUGleMHZsHASsMPlNtroE4p6O+ofNfrwwBzSQ+G+KDoC94TzOF2pf69
+A3NjNKNgxgG5
+-----END CERTIFICATE-----

data/spec/ssl/client.key

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANf8i2rFB1llfRuN
+uERJyvXCR9cHEvW7jAXXUbrWRAFJyAE466ZYPWBZZ241iQOFsEAtjldly80USyD0
+Nfx18M6FR6dppH/cqEsLKT6Esa5XASOMJhgftiU2CvjIkVSVlIdTACetnoLLGF92
+6F7lyNgAS4b9PZdg4QFr2Ih04NSxAgMBAAECgYEAg0qy/P40D3WP7VXiszAgPfAR
+d3aHYfTVkx9mQSrKP/Y3q/aL2Jw/AviV1PqaBRgZIYoPwrTQhCNX3/pTbtnKvMDr
+Py5l9AHGvzWx9ThYV/ErcVNEFUNegTeiIKPcX8jh72s62PVRU0ZYUNPUh2cShZjr
+qcLn+QKpxpnuuMPxgDkCQQD7NRFbkfq3Q7lwDN8/GMmBHxv/HOpLdLmWT7ua9OE9
+JnVjml89fT31rM9D/YVZaf3kIe6y1xehRhCUfrlhnufnAkEA3Bt0E5DT0/utRgXS
+4xA5LHvnZ0R5mHGPd6m0/3c7uf3epeHUakE3HBvsp9Ys/87hByq/R7QCoTE2MVhg
+uSZrpwJAIgeoWE1IN3dXMZSs0XFcKr+6HS8fliUz1ubqNS2jLZN+J4YMDNpggF1u
+nnlDjT9Mg5ENMvDsZI6HRHZ+SnkqVQJAApzo0dqkSR3xvqUPDdcBdr+5zYYIk4C1
+nUwMdAPsV5bl774wkVpY1yKVuqBWRGsmTLl7L9S5O0SkSg2siEYmfQJBAOEwqhs7
+tkLpUpWv3+0V2Lv/0CuXrqgacXxebQ8MfcH9YpWV0M54kJ7u/4gNCXgj66pDAqfE
+bU+RhxY82ohb5uo=
+-----END PRIVATE KEY-----

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: manticore
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: java
 authors:
 - Chris Heald
@@ -92,6 +92,7 @@ files:
 - ext/manticore/org/manticore/HttpGetWithEntity.java
 - ext/manticore/org/manticore/Manticore.java
 - gem-public_cert.pem
+- lib/faraday/adapter/manticore.rb
 - lib/jar/commons-codec-1.6.jar
 - lib/jar/commons-logging-1.1.3.jar
 - lib/jar/httpclient-4.3.6.jar
@@ -114,8 +115,11 @@ files:
 - spec/manticore/response_spec.rb
 - spec/manticore/stubbed_response_spec.rb
 - spec/spec_helper.rb
+- spec/ssl/ca_cert.crt
 - spec/ssl/ca_cert.pem
 - spec/ssl/ca_key.pem
+- spec/ssl/client.crt
+- spec/ssl/client.key
 - spec/ssl/client.p12
 - spec/ssl/localhost.key
 - spec/ssl/localhost.pem
@@ -153,8 +157,11 @@ test_files:
 - spec/manticore/response_spec.rb
 - spec/manticore/stubbed_response_spec.rb
 - spec/spec_helper.rb
+- spec/ssl/ca_cert.crt
 - spec/ssl/ca_cert.pem
 - spec/ssl/ca_key.pem
+- spec/ssl/client.crt
+- spec/ssl/client.key
 - spec/ssl/client.p12
 - spec/ssl/localhost.key
 - spec/ssl/localhost.pem