omf_common 6.1.2.pre.4 → 6.1.2.pre.5

Sign up to get free protection for your applications and to get access to all the features.
data/Rakefile CHANGED
@@ -8,7 +8,7 @@ Rake::Task[:release].clear
8
8
 
9
9
  Rake::TestTask.new do |t|
10
10
  t.libs << 'test'
11
- t.pattern = "test/**/[^xmpp][^xml]*/topic_spec.rb"
12
- t.pattern = "test/**/*/*_spec.rb"
11
+ t.pattern = "test/**/*_spec.rb"
13
12
  t.verbose = true
14
13
  end
14
+
@@ -52,6 +52,9 @@ end
52
52
  op.on '--duration SEC', "Duration the cert will be valid for [#{OPTS[:duration]}]" do |secs|
53
53
  OPTS[:duration] = secs
54
54
  end
55
+ op.on '--root cert', "Root Certificate" do |root|
56
+ OPTS[:root_cert] = root
57
+ end
55
58
  op.on '--domain C:ST:O:OU', "Domain to us (components are ':' separated) [#{DEF_SUBJECT_PREFIX}]" do |domain|
56
59
  unless (p = domain.split(':')).length == 4
57
60
  $stderr.puts "ERROR: Domain needs to contain 4 parts separated by ':'\n"
@@ -125,13 +128,25 @@ when /^cre.*_root/
125
128
  write_cert cert
126
129
 
127
130
  when /^cre.*_user/
128
- root = Certificate.create_root()
131
+ if !OPTS[:root_cert].nil?
132
+ file = File.expand_path(OPTS[:root_cert])
133
+ root = Certificate.create_from_pem(File.read(file))
134
+ else
135
+ root = Certificate.create_root()
136
+ File.open('root.pem', 'w') {|f| f.puts root.to_pem_with_key}
137
+ end
129
138
  require_opts(:user, :email)
130
139
  cert = root.create_for_user(OPTS[:user], OPTS)
131
140
  write_cert cert
132
141
 
133
142
  when /^cre.*_resource/
134
- root = Certificate.create_root()
143
+ if !OPTS[:root_cert].nil?
144
+ file = File.expand_path(OPTS[:root_cert])
145
+ root = Certificate.create_from_pem(File.read(file))
146
+ else
147
+ root = Certificate.create_root()
148
+ File.open('root.pem', 'w') {|f| f.puts root.to_pem_with_key}
149
+ end
135
150
  require_opts(:resource_type)
136
151
  r_id = OPTS.delete(:resource_id)
137
152
  r_type = OPTS.delete(:resource_type)
@@ -26,7 +26,7 @@ OP_MODE = :development
26
26
  opts = {
27
27
  communication: {
28
28
  #url: 'xmpp://srv.mytestbed.net',
29
- auth: {}
29
+ #auth: {}
30
30
  },
31
31
  eventloop: { type: :em},
32
32
  logging: {
@@ -77,7 +77,7 @@ module OmfCommon::Auth
77
77
  # opts[:frcp_uri] || "URI:frcp:#{user_id}@#{opts[:frcp_domain] || @@def_email_domain}",
78
78
  # opts[:http_uri] || "URI:http://#{opts[:http_prefix] || @@def_email_domain}/users/#{user_id}"
79
79
  not_before = opts[:not_before] || Time.now
80
- duration = opts[:duration] = 3600
80
+ duration = opts[:duration] || 3600
81
81
  c = _create_x509_cert(subject, key, digest, issuer, not_before, duration, addresses)
82
82
  c[:addresses] = addresses
83
83
  c[:resource_id] = resource_id
@@ -50,6 +50,11 @@ module OmfCommon::Auth
50
50
 
51
51
  debug "Registering certificate for '#{certificate.addresses}' - #{certificate.subject}"
52
52
  @@instance.synchronize do
53
+ begin
54
+ @intermediate_store.add_cert(certificate.to_x509)
55
+ rescue OpenSSL::X509::StoreError => e
56
+ raise e unless e.message == "cert already in hash table"
57
+ end
53
58
  _set(certificate.subject, certificate)
54
59
  if rid = certificate.resource_id
55
60
  _set(rid, certificate)
@@ -81,7 +86,7 @@ module OmfCommon::Auth
81
86
  def verify(cert)
82
87
  #puts "VERIFY: #{cert}::#{cert.class}}"
83
88
  cert = cert.to_x509 if cert.kind_of? OmfCommon::Auth::Certificate
84
- v_result = @x509_store.verify(cert)
89
+ v_result = @x509_store.verify(cert) || @intermediate_store.verify(cert)
85
90
  warn "Cert verification failed: '#{@x509_store.error_string}'" unless v_result
86
91
  v_result
87
92
  end
@@ -100,6 +105,7 @@ module OmfCommon::Auth
100
105
 
101
106
  def initialize(opts)
102
107
  @x509_store = OpenSSL::X509::Store.new
108
+ @intermediate_store = OpenSSL::X509::Store.new
103
109
 
104
110
  @certs = {}
105
111
  if store = opts[:store]
@@ -72,7 +72,6 @@ class XML
72
72
  pem = "#{OmfCommon::Auth::Certificate::BEGIN_CERT}#{cert}#{OmfCommon::Auth::Certificate::END_CERT}"
73
73
  cert = OmfCommon::Auth::Certificate.create_from_pem(pem)
74
74
  cert.resource_id = iss
75
- OmfCommon::Auth::CertificateStore.instance.register(cert)
76
75
 
77
76
  if cert.nil?
78
77
  warn "Missing certificate of '#{iss}'"
@@ -84,6 +83,8 @@ class XML
84
83
  return nil
85
84
  end
86
85
 
86
+ OmfCommon::Auth::CertificateStore.instance.register(cert)
87
+
87
88
  canonicalised_xml_node = fix_canonicalised_xml(xml_node.canonicalize)
88
89
 
89
90
  unless cert.to_x509.public_key.verify(OpenSSL::Digest::SHA256.new(canonicalised_xml_node), Base64.decode64(sig), canonicalised_xml_node)
@@ -164,6 +164,7 @@ describe OmfCommon::Message::XML::Message do
164
164
  message.valid?.must_equal true
165
165
 
166
166
  OmfCommon.comm.unstub(:comm)
167
+ OmfCommon::Auth::CertificateStore.reset
167
168
  end
168
169
  end
169
170
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omf_common
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.1.2.pre.4
4
+ version: 6.1.2.pre.5
5
5
  prerelease: 6
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-05-15 00:00:00.000000000 Z
12
+ date: 2014-05-29 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: minitest