RubyGems - omf_common - Versions diffs - 6.1.2.pre.4 → 6.1.2.pre.5 - Mend

omf_common 6.1.2.pre.4 → 6.1.2.pre.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

data/Rakefile +2 -2
data/bin/omf_cert.rb +17 -2
data/bin/omf_monitor_topic +1 -1
data/lib/omf_common/auth/certificate.rb +1 -1
data/lib/omf_common/auth/certificate_store.rb +7 -1
data/lib/omf_common/message/xml/message.rb +2 -1
data/test/omf_common/message/xml/message_spec.rb +1 -0
metadata +2 -2

data/Rakefile CHANGED

@@ -8,7 +8,7 @@ Rake::Task[:release].clear
 Rake::TestTask.new do |t|
   t.libs << 'test'
-  t.pattern = "test/**/[^xmpp][^xml]*/topic_spec.rb"
-  t.pattern = "test/**/*/*_spec.rb"
+  t.pattern = "test/**/*_spec.rb"
   t.verbose = true
 end

data/bin/omf_cert.rb CHANGED

@@ -52,6 +52,9 @@ end
 op.on '--duration SEC', "Duration the cert will be valid for [#{OPTS[:duration]}]" do |secs|
   OPTS[:duration] = secs
 end
+op.on '--root cert', "Root Certificate" do |root|
+  OPTS[:root_cert] = root
+end
 op.on '--domain C:ST:O:OU', "Domain to us (components are ':' separated) [#{DEF_SUBJECT_PREFIX}]" do |domain|
   unless (p = domain.split(':')).length == 4
     $stderr.puts "ERROR: Domain needs to contain 4 parts separated by ':'\n"
@@ -125,13 +128,25 @@ when /^cre.*_root/
   write_cert cert
 when /^cre.*_user/
-  root = Certificate.create_root()
+  if !OPTS[:root_cert].nil?
+    file = File.expand_path(OPTS[:root_cert])
+    root = Certificate.create_from_pem(File.read(file))
+  else
+    root = Certificate.create_root()
+    File.open('root.pem', 'w') {|f| f.puts root.to_pem_with_key}
+  end
   require_opts(:user, :email)
   cert = root.create_for_user(OPTS[:user], OPTS)
   write_cert cert
 when /^cre.*_resource/
-  root = Certificate.create_root()
+  if !OPTS[:root_cert].nil?
+    file = File.expand_path(OPTS[:root_cert])
+    root = Certificate.create_from_pem(File.read(file))
+  else
+    root = Certificate.create_root()
+    File.open('root.pem', 'w') {|f| f.puts root.to_pem_with_key}
+  end
   require_opts(:resource_type)
   r_id = OPTS.delete(:resource_id)
   r_type = OPTS.delete(:resource_type)

data/bin/omf_monitor_topic CHANGED

@@ -26,7 +26,7 @@ OP_MODE = :development
 opts = {
   communication: {
     #url: 'xmpp://srv.mytestbed.net',
-    auth: {}
+    #auth: {}
   },
   eventloop: { type: :em},
   logging: {

data/lib/omf_common/auth/certificate.rb CHANGED

@@ -77,7 +77,7 @@ module OmfCommon::Auth
           # opts[:frcp_uri] || "URI:frcp:#{user_id}@#{opts[:frcp_domain] || @@def_email_domain}",
           # opts[:http_uri] || "URI:http://#{opts[:http_prefix] || @@def_email_domain}/users/#{user_id}"
       not_before = opts[:not_before] || Time.now
-      duration = opts[:duration] = 3600
+      duration = opts[:duration] || 3600
       c = _create_x509_cert(subject, key, digest, issuer, not_before, duration, addresses)
       c[:addresses] = addresses
       c[:resource_id] = resource_id

data/lib/omf_common/auth/certificate_store.rb CHANGED

@@ -50,6 +50,11 @@ module OmfCommon::Auth
       debug "Registering certificate for '#{certificate.addresses}' - #{certificate.subject}"
       @@instance.synchronize do
+        begin
+          @intermediate_store.add_cert(certificate.to_x509)
+        rescue OpenSSL::X509::StoreError => e
+          raise e unless e.message == "cert already in hash table"
+        end
         _set(certificate.subject, certificate)
         if rid = certificate.resource_id
           _set(rid, certificate)
@@ -81,7 +86,7 @@ module OmfCommon::Auth
     def verify(cert)
       #puts "VERIFY: #{cert}::#{cert.class}}"
       cert = cert.to_x509 if cert.kind_of? OmfCommon::Auth::Certificate
-      v_result = @x509_store.verify(cert)
+      v_result = @x509_store.verify(cert) || @intermediate_store.verify(cert)
       warn "Cert verification failed: '#{@x509_store.error_string}'" unless v_result
       v_result
     end
@@ -100,6 +105,7 @@ module OmfCommon::Auth
     def initialize(opts)
       @x509_store = OpenSSL::X509::Store.new
+      @intermediate_store = OpenSSL::X509::Store.new
       @certs = {}
       if store = opts[:store]

data/lib/omf_common/message/xml/message.rb CHANGED

@@ -72,7 +72,6 @@ class XML
             pem = "#{OmfCommon::Auth::Certificate::BEGIN_CERT}#{cert}#{OmfCommon::Auth::Certificate::END_CERT}"
             cert = OmfCommon::Auth::Certificate.create_from_pem(pem)
             cert.resource_id = iss
-            OmfCommon::Auth::CertificateStore.instance.register(cert)
             if cert.nil?
               warn "Missing certificate of '#{iss}'"
@@ -84,6 +83,8 @@ class XML
               return nil
             end
+            OmfCommon::Auth::CertificateStore.instance.register(cert)
             canonicalised_xml_node = fix_canonicalised_xml(xml_node.canonicalize)
             unless cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(canonicalised_xml_node), Base64.decode64(sig), canonicalised_xml_node)

data/test/omf_common/message/xml/message_spec.rb CHANGED

@@ -164,6 +164,7 @@ describe OmfCommon::Message::XML::Message do
         message.valid?.must_equal true
         OmfCommon.comm.unstub(:comm)
+        OmfCommon::Auth::CertificateStore.reset
       end
     end
   end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omf_common
 version: !ruby/object:Gem::Version
-  version: 6.1.2.pre.4
+  version: 6.1.2.pre.5
   prerelease: 6
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-05-15 00:00:00.000000000 Z
+date: 2014-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest