mod-auth-pubtkt-rb 0.0.1

data/README.md

@@ -0,0 +1,49 @@
+# mod\_auth_pubtkt.rb
+
+Here is a simple module for generating correctly signed tickets for use with the mod\_auth_pubtkt Apache module, pretty basic stuff but usefully abstracts the OpenSSL complications.
+
+For more info on mod\_auth\_pubtkt see: [https://neon1.net/mod\_auth_pubtkt](https://neon1.net/mod\_auth_pubtkt/)
+
+## Install
+
+	sudo gem install mod-auth-pubtkt-rb
+
+## Usage
+
+### Generate a public / private key pair
+
+Taken from: [https://neon1.net/mod\_auth_pubtkt/install.html](https://neon1.net/mod\_auth_pubtkt/install.html)
+
+#### DSA 
+
+	# openssl dsaparam -out dsaparam.pem 1024
+	# openssl gendsa -out privkey.pem dsaparam.pem
+	# openssl dsa -in privkey.pem -out pubkey.pem -pubout
+
+The dsaparam.pem file is not needed anymore after key generation and can safely be deleted.
+	
+#### RSA
+
+	# openssl genrsa -out privkey.pem 1024
+	# openssl rsa -in privkey.pem -out pubkey.pem -pubout
+
+### Use it in your code
+
+	require 'mod_auth_pubtkt'
+	
+	# This will generate the ticket, see ./lib/mod_auth_pubtkt for available options
+	tkt = ModAuthPubTkt.create_ticket 12345, Time.now + 3600, "/my/privkey.pem", "DSA"
+	
+	# Now you can use the ticket as a cookie value in your web app!
+	
+## License
+
+(GPLv3)
+
+Copyright (C) 2010 Matt Haynes
+
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with this program. If not, see <www.gnu.org/licenses/>

data/lib/mod_auth_pubtkt.rb

@@ -0,0 +1,110 @@
+require 'openssl'
+require 'base64'
+
+#
+# A ruby module for creating tickets that are compatible with the Apache module
+# mod_auth_pubtkt.
+#
+# See https://neon1.net/mod_auth_pubtkt/ for more details
+#
+# @author Matt Haynes <matt@matthaynes.net>
+#
+module ModAuthPubTkt
+
+  #
+  # Create a ticket for use in a mod_auth_pubtkt cookie
+  #
+  # See https://neon1.net/mod_auth_pubtkt/ for more details
+  #
+  # === Parameters
+  #
+  # - uid:      (required; 32 chars max.) 
+  #             The user ID / username the ticket has been issued for, passed to the environment in REMOTE_USER
+  #
+  # - expires:  (required.) 
+  #             A Time object that describes when this ticket will expire
+  #
+  # - key_path: (required.) 
+  #             Path to your SSL key to sign the ticket with
+  #
+  # - key_type: (required.) 
+  #             The type of key ("RSA" or "DSA")
+  #
+  # - cip:      (optional; 39 chars max.) 
+  #             The client IP address.
+  #
+  # - tokens:   (optional; 255 chars max.)
+  #             A comma-separated list of words (group names etc.) The contents of this field are available 
+  #             to the environment in REMOTE_USER_TOKENS
+  #
+  # - udata:    (optional; 255 chars max.)
+  #             User data, for use by scripts; made available to the environment in REMOTE_USER_DATA
+  # 
+  # - grace_period: (optional)
+  #             A number of seconds grace period before ticket is refreshed
+  #
+  def create_ticket(uid, expires, key_path, key_type, cip = '', tokens = '', udata = '', grace_period = 0)
+        
+    key    = open_key_file(key_path, key_type)
+    
+    tkt    = "uid=#{uid};validuntil=#{expires.to_i};cip=#{cip};tokens=#{tokens};udata=#{udata};grace_period=17987";
+    
+    sig    = encrypt tkt, key
+    
+    tkt + ";sig=" + Base64.b64encode(sig).gsub("\n", '').strip
+    
+  end
+  
+  # Verify a ticket is good / not been tampered with. 
+  # NB: This should be done by the apache module but is useful for testing here too
+  def verify(tkt, key)
+    
+    if tkt =~ /(.*);sig=(.*)/
+      str = $1
+      sig = Base64.decode64($2)
+    else
+      raise "Invalid ticket format"
+    end
+
+    if key.class == OpenSSL::PKey::DSA
+      key.verify(OpenSSL::Digest::DSS1.new, sig, str)
+    elsif key.class == OpenSSL::PKey::RSA
+      key.verify(OpenSSL::Digest::SHA1.new, sig, str)      
+    end   
+     
+  end
+  
+  # Encrypt the string using key
+  def encrypt(string, key)
+    
+    if key.class == OpenSSL::PKey::DSA
+      key.sign(OpenSSL::Digest::DSS1.new, string)
+    elsif key.class == OpenSSL::PKey::RSA
+      key.sign(OpenSSL::Digest::SHA1.new, string)
+    end
+    
+  end
+      
+  # Get the SSL key
+  def open_key_file(path, type)
+    if type == 'DSA'
+      OpenSSL::PKey::DSA.new File.read(path)
+    elsif type == 'RSA'
+      OpenSSL::PKey::RSA.new File.read(path)
+    end
+  end
+  
+  
+  # function adapted according to php: generates an IPv4 Internet network address 
+  # from its Internet standard format (dotted string) representation.
+  def ip2long(ip)
+    long = 0
+    ip.split( /\./ ).reverse.each_with_index do |x, i|
+      long += x.to_i << ( i * 8 )
+    end
+    long
+  end
+
+  module_function :create_ticket, :encrypt, :verify, :open_key_file, :ip2long
+      
+end

metadata

@@ -0,0 +1,65 @@
+--- !ruby/object:Gem::Specification 
+name: mod-auth-pubtkt-rb
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Matt Haynes
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-08-03 00:00:00 +01:00
+default_executable: 
+dependencies: []
+
+description: Here is a simple module for generating correctly signed tickets for use with the mod_auth_pubtkt Apache module, pretty basic stuff but usefully abstracts the OpenSSL complications.
+email: matt@matthaynes.net
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/mod_auth_pubtkt.rb
+- README.md
+has_rdoc: false
+homepage: http://github.com/matth/mod_auth_pubtkt_rb
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: A ruby library for creating tickets for the Apache mod_auth_pubtkt module
+test_files: []
+