net-tofu 0.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 326660f0872c1d0c73301704a577a046edf4934cacaf5236acd16d3ebb81d2ad
+  data.tar.gz: 47ece363c905ff8ab0df56e8a4ed6ae7a3ee52115baf3def5b6fa7b728ea4c90
+SHA512:
+  metadata.gz: ba6fff1abc4d1fed80f41d3f9a42b30b35f427ace5886a8bfceb0e8f1cf011bb2b5c57da4f6a5f0cc599618d5eac9dbb6c23bdeb00d3d10e798a4dd0e1595994
+  data.tar.gz: 0b7e90ea5fd91e44cc72a1c6c488cc676d8ddab67f205dd5765e3a7e1f70b1e2501df066456acad6f3e6bb5b461643d96c15fb2e12bc6b444e268cf2514bb311

data/.rubocop.yml

@@ -0,0 +1,37 @@
+AllCops:
+  TargetRubyVersion: 2.6
+
+Layout/HeredocIndentation:
+  Enabled: false
+
+Metrics/AbcSize:
+  Enabled: true
+  Max: 25
+
+Metrics/MethodLength:
+  Enabled: true
+  Max: 18
+
+Style/Next:
+  Enabled: false
+
+Style/Semicolon:
+  Enabled: true
+  Exclude:
+    - "lib/net/tofu/response.rb"
+
+Style/SingleLineMethods:
+  Enabled: false
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/LineLength:
+  Max: 120
+  Exclude:
+    - "test/test_net_tofu_pub.rb"

data/CHANGELOG.md

@@ -0,0 +1,61 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.3.0] - 2023-07-29
+
+### Fixed
+
+- Renamed the library to something more appropriate `opentofu -> net-tofu`.
+- Fixed Github workflows.
+- Using my fork of the `gemtext` gem, until my PR is finialized.
+
+## [0.2.0] - 2023-07-29
+
+### Added
+
+- Certificate checking and pinning logic.
+- Tests for certificate and pinning logic.
+
+### Fixed
+
+- Tests involving fetching data, as they need to trust the host now.
+
+## [0.1.1] - 2023-07-28
+
+### Added
+
+- Tests.
+- The `simplecov` gem to view testing coverage.
+- A new error, for if the server doesn't send any data.
+- The Linux platform to the bundle platform.
+
+### Fixed
+
+- Complexity issues in the Response class from the linter.
+
+### Removed
+
+- The `@@current_host` class variable from Request. Clients should handle keeping track of the current host, Tofu should just fetch data.
+- The complicated logic used to parse host names from the Request class, as per the above point.
+
+## [0.1.0] - 2023-07-27
+
+First release. Still lots of improvements to be made.
+
+### Added
+
+- Custom error classes for the library.
+- A Request model for handling client requests.
+  - Handles the URI parsing logic.
+  - Holds a Response type.
+  - Does some basic error checking based on the Gemini Protocol specification.
+- A Response model for handling server responses.
+  - Holds a Socket type.
+  - Does some basic error checking based on the Gemini Protocol specification.
+- A Socket model for handling raw socket connections, as well as TLS security settings.
+- A top-level module for making get and get_response requests.
+- Added a 'trust' parameter to the Net::Tofu.get and Net::Tofu.get_response methods. This will later be used for certificate management, but it isn't in use yet.

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Rory Dudley
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,42 @@
+# Net::Tofu
+
+Net::Tofu is a certificate pinning and client library for Geminispace.
+It is based off of the ['trust on first use'](https://en.wikipedia.org/wiki/Trust_on_first_use) authentication scheme.
+
+## Installation
+
+To install the gem standalone:
+
+```sh
+gem install net-tofu
+```
+
+Or to use it as part of a project, place the following line in your Gemfile, then run `bundle install` in your project directory:
+
+```ruby
+gem "net-tofu", "~> 0.2.0"
+```
+
+## Usage
+
+```ruby
+require "net/tofu"
+```
+
+## Credits
+
+I'd like to thank Étienne Deparis, author of [ruby-net-text](https://git.umaneti.net/ruby-net-text/) for releasing their code under the MIT license so that some of it can be used in this project. In particular, `lib/ui/gemini.rb` is taken straight from that codebase. The license for it is present in the aformentioned file.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/pinecat/net-tofu.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/test_*.rb"]
+end
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[test rubocop]

data/exe/tofu

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require "optparse"
+require "net/tofu"
+
+OptionParser.new do |p|
+  p.banner = "Usage: tofu [options]"
+
+  p.on("-rHOST", "--remove=HOST", "Host to remove from the ~/.tofu/known_hosts file") do |host|
+    Net::Tofu::Pub.db_exist?
+
+    lines = File.read(Net::Tofu::Pub::DB).split("\n")
+
+    idx = nil
+    lines.each_with_index do |l, i|
+      h = l.split[0]
+      if host == h
+        idx = i
+        break
+      end
+    end
+
+    lines.delete_at(idx) unless idx.nil?
+
+    f = File.open(Net::Tofu::Pub::DB, "w")
+    f.write lines.join("\n")
+    f.write "\n" unless lines.nil? || lines.empty?
+
+    exit 0
+  ensure
+    f&.close
+  end
+
+  p.on("-V", "--version", "Print the version then quit") do
+    puts "tofu v#{Net::Tofu::VERSION}"
+    exit 0
+  end
+end.parse!

data/lib/net/tofu/error.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    class Response
+      # Raised when a server doesn't send any data.
+      class NoServerResponseError < StandardError; end
+
+      # Raised when a server sends an invalid header.
+      class InvalidHeaderError < StandardError; end
+
+      # Raised when a server sends an invalid status code.
+      class InvalidStatusCodeError < StandardError; end
+
+      # Raised when a server sends an invalid meta field.
+      class InvalidMetaError < StandardError; end
+
+      # Raised when a server sends an invalid redirect link.
+      class InvalidRedirectError < StandardError; end
+    end
+
+    class Request
+      # Raised when a request contains an invalid scheme.
+      class InvalidSchemeError < StandardError; end
+
+      # Raised when a request contains an invalid URI.
+      class InvalidURIError < StandardError; end
+    end
+
+    # Raised if the host in a get request doesn't have a cached public key.
+    class UnknownHostError < StandardError; end
+
+    # Raised if the host returns an invalid certificate (usually, it means it is out of date).
+    class InvalidCertificateError < StandardError; end
+
+    # Raised if the host returns a different public key.
+    class PublicKeyMismatchError < StandardError; end
+  end
+end

data/lib/net/tofu/pub.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    # Intermediate container for an X509 certificate public key.
+    # Manages Geminispace public certificates.
+    class Pub
+      DIR = File.expand_path("~/.tofu")
+      DB = File.expand_path("~/.tofu/known_hosts")
+
+      # @return [String] The host associated with the certificate public key.
+      attr_reader :host
+
+      # @return [String] The certificate public key associated with the host.
+      attr_reader :key
+
+      # @return [OpenSSL::X509::Certificate] The X509 certificate.
+      attr_reader :x509
+
+      # Constructor for the cert type.
+      # @param host [String] Host to associate with the certificate public key.
+      # @param data [String] Certificate public key to associate with the host.
+      def initialize(host, data)
+        @host = host
+        @key = data
+        @key = format_hosts(data) if data.start_with?("-----BEGIN CERTIFICATE-----")
+        @x509 = OpenSSL::X509::Certificate.new(to_x509)
+      end
+
+      # Lookup a host in the known_hosts table.
+      # @param host [String] the hostname to lookup
+      # @return [Cert] An instance of this class if found, or nil if not found.
+      def self.lookup(host)
+        db_exist?
+
+        f = File.read(DB)
+        includes = nil
+        f.lines.each_with_index do |l, i|
+          if l.split[0].include? host
+            @line = i
+            includes = l.split[1]
+            break
+          end
+        end
+        return nil if includes.nil? || includes.empty?
+
+        new(host, includes)
+      end
+
+      def line
+        @line ||= nil
+      end
+
+      # Pin a certificate public key to the known_hosts file
+      def pin
+        Net::Tofu::Pub.db_exist?
+
+        f = File.open(DB, "a")
+        f.puts self
+      ensure
+        f&.close
+      end
+
+      # Conver the certificate public key to a properly formatted X509 string.
+      def to_x509
+        lines = @key.chars.each_slice(64).map(&:join)
+        "-----BEGIN CERTIFICATE-----\n#{lines.join("\n")}\n-----END CERTIFICATE-----"
+      end
+
+      # Hosts file format.
+      def to_s
+        "#{@host} #{@key}"
+      end
+
+      # Compare certificate public keys
+      def ==(other)
+        @key == other.key
+      end
+
+      # Check if known_hosts file exists, try to create it if it doesn't.
+      def self.db_exist?
+        return true if File.exist?(DB)
+
+        FileUtils.mkdir_p(DIR) unless File.directory?(DIR)
+        FileUtils.touch(DB)
+        true
+      end
+
+      private
+
+      # Strip header, tail, and newlines from base64 encoded certificate public key.
+      def format_hosts(key)
+        key.gsub("-----BEGIN CERTIFICATE-----", "").gsub("-----END CERTIFICATE-----", "").gsub("\n", "")
+      end
+    end
+  end
+end

data/lib/net/tofu/request.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    # Stores a client request to a Gemini server.
+    class Request
+      MAX_URI_BYTESIZE = 1024
+
+      # @return [URI] The full URI object of the request.
+      attr_reader :uri
+
+      # @return [String] The request scheme (i.e. gemini://, http://).
+      attr_reader :scheme
+
+      # @return [String] The hostname of the request.
+      attr_reader :host
+
+      # @return [Integer] The server port to connect on.
+      attr_reader :port
+
+      # @return [String] The requested path on the host.
+      attr_reader :path
+
+      # @return [Array] Additional queries to send to the host.
+      attr_reader :queries
+
+      # @return [String] A fragment to request from the host.
+      attr_reader :fragment
+
+      # @return [Response] The response from the server after calling #{gets}.
+      attr_reader :resp
+
+      # Constructor for the request type.
+      # @param host [String] A host string, optionally with the gemini:// scheme.
+      # @param port [Integer] Optional parameter to specify the server port to connect to.
+      def initialize(host, port: nil, trust: false)
+        @uri = URI(host)
+        @uri.port = port unless port.nil?
+
+        parse_head
+        parse_tail
+
+        # Make sure the URI isn't too large
+        if format.bytesize > MAX_URI_BYTESIZE
+          raise InvalidURIError,
+                "The URI is too large, should be #{MAX_URI_BYTESIZE} bytes, instead is #{format.bytesize} bytes"
+        end
+
+        # Create a socket
+        @sock = Socket.new(@host, @port, trust)
+      end
+
+      # Format the URI for sending over a socket to a Gemini server.
+      # @return [String] The URI string appended with a carriage return and linefeed.
+      def format
+        "#{@uri}\r\n"
+      end
+
+      # Connect to the server and try to fetch data.
+      def gets
+        @sock.connect
+        @resp = @sock.gets(self)
+      ensure
+        @sock.close
+      end
+
+      private
+
+      # Parses the scheme, the host, and the port for the request.
+      def parse_head
+        # Check if a scheme was specified, if not, default to gemini://
+        # Also set the port if this happens
+        if @uri.scheme.nil? || @uri.scheme.empty?
+          @uri.scheme = URI::Gemini::DEFAULT_SCHEME
+          @uri.port = URI::Gemini::DEFAULT_PORT if @uri.port.nil?
+        end
+
+        # Check if a host was specified.
+        raise InvalidURIError, "Request does not contain a host" if @uri.host.nil? || @uri.host.empty?
+
+        # Set member parts
+        @scheme = @uri.scheme
+        @host = @uri.host
+        @port = @uri.port
+
+        # Check if a scheme is present that isn't gemini://
+        return if @uri.scheme == URI::Gemini::DEFAULT_SCHEME
+
+        raise InvalidSchemeError,
+              "Request uses an invalid scheme (has: #{@uri.scheme}, wants: #{URI::Gemini::DEFAULT_SCHEME}"
+      end
+
+      # Parses the path, the query, and the fragment for the request.
+      def parse_tail
+        # Set path to '/' if one isn't specified
+        @uri.path = "/" if @uri.path.nil? || @uri.path.empty?
+
+        # Set member parts
+        @path = @uri.path
+        @queries = @uri.query.split("&") unless @uri.query.nil? || @uri.query.empty?
+        @fragment = @uri.fragment
+      end
+    end
+  end
+end

data/lib/net/tofu/response.rb

@@ -0,0 +1,189 @@
+# frozen_string_literal: true
+
+class String # :nodoc:
+  def numerical?
+    to_i.to_s == self
+  end
+end
+
+module Net
+  module Tofu
+    # Stores a response from a Gemini server.
+    class Response
+      # Response types
+      INPUT = 1
+      SUCCESS = 2
+      REDIRECT = 3
+      TEMPORARY_FAILURE = 4
+      PERMANENT_FAILURE = 5
+      REQUEST_CERTIFICATE = 6
+
+      # Limits
+      MAX_META_BYTESIZE = 1024
+
+      # @return [String] The full response header from the server.
+      attr_reader :header
+
+      # @return [Integer] The 2-digit, server response status.
+      attr_reader :status
+
+      # @return [Integer] The first digit of the server response status.
+      attr_reader :status_maj
+
+      # @return [Integer] The second digit of the server response status.
+      attr_reader :status_min
+
+      # Dependent on the #{status} ->
+      # => 1x: (INPUT)     A prompt line that should be displayed to the user.
+      # => 2x: (SUCCESS)   A MIME media type.
+      # => 3x: (REDIRECT)  A new URL for the requested resource.
+      # => 4x: (TEMP FAIL) Additional information regarding the temporary failure.
+      # => 5x: (PERM FAIL) Additional information regarding the temporary failure.
+      # => 6x: (RQST CERT) Additional information regarding the client certificate requirements.
+      #
+      # According to the specification for the Gemini Protocol, clients SHOULD close a connection to servers which send
+      # a meta over 1024 bytes. This library complies with this specification, although, it is conceivable that meta
+      # could be an arbitrarily long string.
+      #
+      # @return [String] The UTF-8 encoded message from the response header.
+      attr_reader :meta
+
+      # @return [String] The message body.
+      attr_reader :body
+
+      # Constructor for the response type.
+      # @param data [String] A raw Gemini server response.
+      def initialize(data)
+        @data = data
+        parse
+      end
+
+      # Get a human readable response type.
+      # @return [String] The response type as a human readable string.
+      def type
+        case @status_maj
+        when INPUT then return "Input"
+        when SUCCESS then return "Success"
+        when REDIRECT then return "Redirect"
+        when TEMPORARY_FAILURE then return "Temporary failure"
+        when PERMANENT_FAILURE then return "Permanent failure"
+        when REQUEST_CERTIFICATE then return "Request certificate"
+        end
+        "Unknown"
+      end
+
+      def input?; return true if @status_maj == INPUT; false; end
+      def success?; return true if @status_maj == SUCCESS; false; end
+      def redirect?; return true if @status_maj == REDIRECT; false; end
+      def temporary_failure?; return true if @status_maj == TEMPORARY_FAILURE; false; end
+      def permanent_failure?; return true if @status_maj == PERMANENT_FAILURE; false; end
+      def request_certificate?; return true if @status_maj == REQUEST_CERTIFICATE; false; end
+
+      private
+
+      # Splits up the responseinto a header and a body.
+      def parse
+        raise NoServerResponseError if @data.nil? || @data.empty?
+
+        # Extract the header and parse it
+        a = @data.split("\n")
+        @header = a[0].strip
+        parse_header
+
+        # Remove the first element from the array,
+        # then populate body with the rest of the data
+        a.shift
+        @body = a.join("\n") if a.length.positive?
+      end
+
+      # Splits upt the header into a status code and a meta.
+      def parse_header
+        a = @header.split
+
+        # Make sure there are only one or two elements in the header
+        raise InvalidHeaderError, "The server did not send a header" unless a.length.positive?
+
+        # Parse the status code
+        @status = a[0]
+        parse_status
+
+        # Parse the meta
+        @meta = ""
+        @meta = a[1..].join(" ") if a.length >= 2
+        @meta.strip!
+        parse_meta
+      end
+
+      # Splits up the status into a major and minor, checks for invalid status codes.
+      def parse_status
+        # Make sure the status is numerical
+        unless @status.numerical?
+          raise InvalidStatusCodeError,
+                "The server sent a non-numerical status code: #{@status}"
+        end
+
+        # Allow status code to only be a single digit, or two digits (as the spec says it should be)
+        if @status.length == 1
+          @status_maj = Integer(@status)
+          @status_min = 0
+        elsif @status.length == 2
+          @status_maj = Integer(@status[0])
+          @status_min = Integer(@status[1])
+        else
+          raise InvalidStatusCodeError, "The server sent a status code that is longer than 2 digits: #{@status}"
+        end
+
+        # Make sure the major status code is between 1 and 6, including 1 and 6
+        unless @status_maj >= 1 && @status_maj <= 6
+          raise InvalidStatusCodeError,
+                "The server sent an invalid, major status code: #{@status_maj}"
+        end
+
+        # Make sure #{status} is an Integer
+        @status = Integer(@status)
+      end
+
+      # Checks the meta size, does extra checking depending on #{status} type.
+      def parse_meta
+        # Make sure the meta isn't too large
+        if @meta.bytesize > MAX_META_BYTESIZE
+          raise InvalidMetaError, <<-TXT
+                The server sent a meta that was too large, should be #{MAX_META_BYTESIZE} bytes,
+                instead is #{@meta.bytesize} bytes
+          TXT
+        end
+
+        if @status_maj == TEMPORARY_FAILURE || @status_maj == PERMANENT_FAILURE || @status_maj == REQUEST_CERTIFICATE
+          return
+        end
+
+        # Handle extra checks based on the @status type
+        handle_type
+      end
+
+      def handle_type
+        # Make sure meta exists (i.e. has length)
+        # This satisfies the INPUT and SUCCESS
+        unless @meta.length.positive?
+          raise InvalidMetaError,
+                "The server sent an empty meta, should've sent a user prompt"
+        end
+
+        # TODO: Possibly check for valid MIME type for the SUCCESS response
+        return if @status_maj == INPUT || @status_maj == SUCCESS
+
+        # The meta needs a specific URI if @status_maj == REDIRECT
+        uri = URI(@meta)
+
+        # Make sure the URI has a scheme
+        raise InvalidRedirectError, "The redirect link does not have a scheme" if uri.scheme.nil? || uri.scheme.empty?
+
+        # Make sure the URI scheme is 'gemini'
+        return if uri.scheme == URI::Gemini::DEFAULT_SCHEME
+
+        raise InvalidRedirectError,
+              "The redirect link has an invalid scheme (has: #{uri.scheme}, wants: #{URI::Gemini::DEFAULT_SCHEME})"
+      end
+    end
+  end
+end

data/lib/net/tofu/socket.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    # Stoes an SSLSocket for making requests and receiving data.
+    class Socket
+      # Constructor for the socket type.
+      # @param host [String] Hostname of the server to connect to.
+      # @param port [Integer] Server port to connect to (typically 1965).
+      def initialize(host, port, trust)
+        @host = host
+        @port = port
+        @trust = trust
+        @sock = OpenSSL::SSL::SSLSocket.open(@host, @port, context: generate_secure_context)
+      end
+
+      # Open a connection to the server.
+      def connect
+        @sock.hostname = @host
+        @sock.connect
+        validate_certs
+      end
+
+      # Try and retrieve data from a request.
+      def gets(req)
+        @sock.puts req.format
+
+        io = StringIO.new
+        while (line = @sock.gets)
+          io.puts line
+        end
+
+        Response.new(io.string)
+      ensure
+        io.close
+      end
+
+      # Close the connection with the server.
+      def close
+        @sock.close
+      end
+
+      private
+
+      # Configure the TLS security options to use on the socket.
+      def generate_secure_context
+        ctx = OpenSSL::SSL::SSLContext.new
+        ctx.verify_hostname = true
+        ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
+        ctx.options |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+        ctx
+      end
+
+      # Validate a remote certificate with a local one
+      def validate_certs
+        remote = Pub.new(@host, @sock.peer_cert.to_pem)
+        local = Pub.lookup(@host)
+
+        raise UnknownHostError if local.nil? && !@trust
+
+        remote.pin if local.nil? && @trust
+        local = Pub.lookup(@host)
+
+        unless local == remote
+          raise PublicKeyMismatchError, <<-TXT
+The remote host has a different certificate than what is cached locally.
+This could be because a new certificate was issued, or because of a MITM attack.
+Please verify the new public certificate, then you may run:
+
+  tofu -r #{@host}
+
+Once you remove the old certificate public key, you will be able to add the new one.
+          TXT
+        end
+
+        validate_timestamp(remote)
+      end
+
+      # Validate certificate timestamps
+      def validate_timestamp(remote)
+        raise InvalidCertificateError, "Certificate is not valid yet" if remote.x509.not_before > Time.now.utc
+        raise InvalidCertificateError, "Certificate is no longer valid" if remote.x509.not_after < Time.now.utc
+      end
+    end
+  end
+end

data/lib/net/tofu/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    VERSION = "0.3.0"
+  end
+end

data/lib/net/tofu.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative "tofu/error"
+require_relative "tofu/pub"
+require_relative "tofu/request"
+require_relative "tofu/response"
+require_relative "tofu/socket"
+require_relative "tofu/version"
+
+require "fileutils"
+require "openssl"
+require "stringio"
+require "uri/gemini"
+
+module Net
+  # Top level module for Geminispace requests.
+  module Tofu
+    def self.get(uri, trust: false)
+      req = Request.new(uri, trust: trust)
+      req.gets
+
+      return req.resp.body if req.resp.success?
+
+      req.resp.meta
+    end
+
+    def self.get_response(uri, trust: false)
+      req = Request.new(uri, trust: trust)
+      req.gets
+
+      req.resp
+    end
+  end
+end

data/lib/uri/gemini.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+# MIT License
+#
+# Copyright (c) 2020 Étienne Deparis
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+require "uri"
+
+module URI # :nodoc:
+  #
+  # The syntax of Gemini URIs is defined in the Gemini specification,
+  # section 1.2.
+  #
+  # @see https://gemini.circumlunar.space/docs/specification.html
+  #
+  class Gemini < HTTP
+    # A Default port of 1965 for URI::Gemini.
+    DEFAULT_PORT = 1965
+
+    # A Default scheme of gemini for URI::Gemini.
+    DEFAULT_SCHEME = "gemini"
+
+    # An Array of the available components for URI::Gemini.
+    COMPONENT = %i[scheme host port
+                   path query fragment].freeze
+  end
+
+  if respond_to? :register_scheme
+    # Introduced somewhere in ruby 3.0.x
+    register_scheme "GEMINI", Gemini
+  else
+    @@schemes["GEMINI"] = Gemini
+  end
+end

data/sig/net-tofu.rbs

@@ -0,0 +1,4 @@
+module Net::Tofu
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,65 @@
+--- !ruby/object:Gem::Specification
+name: net-tofu
+version: !ruby/object:Gem::Version
+  version: 0.3.0
+platform: ruby
+authors:
+- Rory Dudley
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2023-07-29 00:00:00.000000000 Z
+dependencies: []
+description: |2
+      Net::Tofu is a client and certificate pinning library for Geminispace, derived from
+      the 'trust on first use' authentication scheme (https://en.wikipedia.org/wiki/Trust_on_first_use).
+email:
+- rory.dudley@gmail.com
+executables:
+- tofu
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rubocop.yml"
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- exe/tofu
+- lib/net/tofu.rb
+- lib/net/tofu/error.rb
+- lib/net/tofu/pub.rb
+- lib/net/tofu/request.rb
+- lib/net/tofu/response.rb
+- lib/net/tofu/socket.rb
+- lib/net/tofu/version.rb
+- lib/uri/gemini.rb
+- sig/net-tofu.rbs
+homepage: https://github.com/pinecat/net-tofu
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/pinecat/net-tofu
+  source_code_uri: https://github.com/pinecat/net-tofu
+  changelog_uri: https://github.com/pinecat/net-tofu/blob/master/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.17
+signing_key:
+specification_version: 4
+summary: A Gemini client and certificate manager.
+test_files: []