opentofu 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1eeac402d86ae7cc5b5f2e9be3327a60f8f3132453854ea9ee5f477462e58fc7
+  data.tar.gz: 54f68d912adb5e14a39ddde842ad4acf5ff3664923815138e5a30fcc8ba87881
+SHA512:
+  metadata.gz: c74b24eada5091a0d37eb1a97b871838744e2169b36974fed374900c0a64e73acafe019751341da153f6f5e59a0b6e48e2c4aa9b1674fa65aa3573a74be44528
+  data.tar.gz: 8c00e948a371088cd8e87698d3884fe55d7aa8b84ac65c5a5d64d6b0a53cbf505fed91010cd4d83e53f820a1b2a6dac46a9ad5947733546404e1d992d0301bf5

data/.rubocop.yml

@@ -0,0 +1,34 @@
+AllCops:
+  TargetRubyVersion: 2.6
+
+Metrics/MethodLength:
+  Enabled: true
+  Max: 18
+  Exclude:
+    - "lib/net/tofu/response.rb"
+
+Style/ClassVars:
+  Enabled: true
+  Exclude:
+    - "lib/net/tofu/request.rb"
+
+Style/Semicolon:
+  Enabled: true
+  Exclude:
+    - "lib/net/tofu/response.rb"
+
+Style/SingleLineMethods:
+  Enabled: true
+  Exclude:
+    - "lib/net/tofu/response.rb"
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/LineLength:
+  Max: 120

data/CHANGELOG.md

@@ -0,0 +1,24 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.1.0] - 2023-07027
+
+First release. Still lots of improvements to be made.
+
+### Added
+
+- Custom error classes for the library.
+- A Request model for handling client requests.
+  - Handles the URI parsing logic.
+  - Holds a Response type.
+  - Does some basic error checking based on the Gemini Protocol specification.
+- A Response model for handling server responses.
+  - Holds a Socket type.
+  - Does some basic error checking based on the Gemini Protocol specification.
+- A Socket model for handling raw socket connections, as well as TLS security settings.
+- A top-level module for making get and get_response requests.
+- Added a 'trust' parameter to the Net::Tofu.get and Net::Tofu.get_response methods. This will later be used for certificate management, but it isn't in use yet.

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Rory Dudley
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,42 @@
+# OpenTOFU
+
+OpenTOFU is a certificate pinning and client library for Geminispace.
+It is based off of the ['trust on first use'](https://en.wikipedia.org/wiki/Trust_on_first_use) authentication scheme.
+
+## Installation
+
+To install the gem standalone:
+
+```sh
+gem install opentofu
+```
+
+Or to use it as part of a project, place the following line in your Gemfile, then run `bundle install` in your project directory:
+
+```ruby
+gem "opentofu", "~> 0.1.0"
+```
+
+## Usage
+
+```ruby
+require "net/tofu"
+```
+
+## Credits
+
+I'd like to thank Étienne Deparis, author of [ruby-net-text](https://git.umaneti.net/ruby-net-text/) for releasing their code under the MIT license so that some of it can be used in this project. In particular, `lib/ui/gemini.rb` is taken straight from that codebase. The license for it is present in the aformentioned file.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/pinecat/opentofu.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/test_*.rb"]
+end
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[test rubocop]

data/lib/net/tofu/error.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    class Response
+      # Raised when a server sends an invalid header.
+      class InvalidHeaderError < StandardError; end
+
+      # Raised when a server sends an invalid status code.
+      class InvalidStatusCodeError < StandardError; end
+
+      # Raised when a server sends an invalid meta field.
+      class InvalidMetaError < StandardError; end
+
+      # Raised when a server sends an invalid redirect link.
+      class InvalidRedirectError < StandardError; end
+    end
+
+    class Request
+      # Raised when a request contains an invalid scheme.
+      class InvalidSchemeError < StandardError; end
+
+      # Raised when a request contains an invalid URI.
+      class InvalidURIError < StandardError; end
+    end
+  end
+end

data/lib/net/tofu/request.rb

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    # Stores a client request to a Gemini server.
+    class Request
+      SCHEME = "gemini"
+
+      MAX_URI_BYTESIZE = 1024
+
+      # @return [URI] The full URI object of the request.
+      attr_reader :uri
+
+      # @return [String] The request scheme (i.e. gemini://, http://).
+      attr_reader :scheme
+
+      # @return [String] The hostname of the request.
+      attr_reader :host
+
+      # @return [Integer] The server port to connect on.
+      attr_reader :port
+
+      # @return [String] The requested path on the host.
+      attr_reader :path
+
+      # @return [Array] Additional queries to send to the host.
+      attr_reader :queries
+
+      # @return [String] A fragment to request from the host.
+      attr_reader :fragment
+
+      # @return [Response] The response from the server after calling #{gets}.
+      attr_reader :resp
+
+      # Constructor for the request type.
+      # @param host [String] A host string, optionally with the gemini:// scheme.
+      # @param port [Integer] Optional parameter to specify the server port to connect to.
+      def initialize(host, port: nil)
+        # Keeps track of the current host for links with only paths.
+        @@current_host ||= ""
+
+        @host = host
+        @port = port unless port.nil?
+        determine_host
+        parse_head
+        parse_tail
+
+        puts format
+
+        # Make sure the URI isn't too large
+        if format.bytesize > MAX_URI_BYTESIZE
+          raise InvalidURIError,
+                "The URI is too large, should be #{MAX_URI_BYTESIZE} bytes, instead is #{format.bytesize} bytes"
+        end
+
+        # Create a socket
+        @sock = Socket.new(@host, @port)
+      end
+
+      # Format the URI for sending over a socket to a Gemini server.
+      # @return [String] The URI string appended with a carriage return and linefeed.
+      def format
+        "#{@uri}\r\n"
+      end
+
+      # Connect to the server and try to fetch data.
+      def gets
+        @sock.connect
+        @resp = @sock.gets(self)
+      ensure
+        @sock.close
+      end
+
+      private
+
+      # Parses the host and the path, and sets the current_host.
+      def determine_host
+        puts "current: #{@@current_host}"
+        @uri = URI(@host)
+
+        unless @uri.host.nil? || @uri.host.empty?
+          @host = @uri.host
+          @@current_host = @host
+          return
+        end
+
+        return if @uri.path.nil? || @uri.path.empty?
+        return unless @uri.host.nil? || @uri.host.empty?
+
+        if @uri.path.start_with?("/")
+          raise InvalidURIError, "No host specified" if @@current_host.nil? || @@current_host.empty?
+
+          unless @@current_host.nil? || @@current_host.empty?
+            @uri.host = @@current_host
+            @host = @uri.host
+            @@current_host = @host
+          end
+
+          return
+        end
+
+        paths = @uri.path.split("/")
+        puts paths
+
+        @uri.host = paths[0]
+        @host = @uri.host
+        @@current_host = @host
+        @uri.path = nil if paths.length == 1
+        return unless paths.length > 1
+
+        @uri.path = paths[1..].join("/")
+        @uri.path = "/#{uri.path}"
+      end
+
+      # Parses the scheme, the host, and the port for the request.
+      def parse_head
+        # Check if a scheme was specified, if not, default to gemini://
+        # Also set the port if this happens
+        if @uri.scheme.nil? || @uri.scheme.empty?
+          @uri.scheme = SCHEME
+          @uri.port = URI::Gemini::DEFAULT_PORT
+        end
+
+        # Set member parts
+        @scheme = @uri.scheme
+        @port = @uri.port
+
+        # Check if a scheme is present that isn't gemini://
+        return if @uri.scheme == SCHEME
+
+        raise InvalidSchemeError,
+              "Request uses an invalid scheme (has: #{@uri.scheme}, wants: #{SCHEME}"
+      end
+
+      # Parses the path, the query, and the fragment for the request.
+      def parse_tail
+        # Set path to '/' if one isn't specified
+        @uri.path = "/" if @uri.path.nil? || @uri.path.empty?
+
+        # Set member parts
+        @path = @uri.path
+        @queries = @uri.query.split("&") unless @uri.query.nil? || @uri.query.empty?
+        @fragment = @uri.fragment
+      end
+    end
+  end
+end

data/lib/net/tofu/response.rb

@@ -0,0 +1,179 @@
+# frozen_string_literal: true
+
+class String # :nodoc:
+  def numerical?
+    to_i.to_s == self
+  end
+end
+
+module Net
+  module Tofu
+    # Stores a response from a Gemini server.
+    class Response
+      # Response types
+      INPUT = 1
+      SUCCESS = 2
+      REDIRECT = 3
+      TEMPORARY_FAILURE = 4
+      PERMANENT_FAILURE = 5
+      REQUEST_CERTIFICATE = 6
+
+      # Limits
+      MAX_META_BYTESIZE = 1024
+
+      # @return [String] The full response header from the server.
+      attr_reader :header
+
+      # @return [Integer] The 2-digit, server response status.
+      attr_reader :status
+
+      # @return [Integer] The first digit of the server response status.
+      attr_reader :status_maj
+
+      # @return [Integer] The second digit of the server response status.
+      attr_reader :status_min
+
+      # Dependent on the #{status} ->
+      # => 1x: (INPUT)     A prompt line that should be displayed to the user.
+      # => 2x: (SUCCESS)   A MIME media type.
+      # => 3x: (REDIRECT)  A new URL for the requested resource.
+      # => 4x: (TEMP FAIL) Additional information regarding the temporary failure.
+      # => 5x: (PERM FAIL) Additional information regarding the temporary failure.
+      # => 6x: (RQST CERT) Additional information regarding the client certificate requirements.
+      #
+      # According to the specification for the Gemini Protocol, clients SHOULD close a connection to servers which send
+      # a meta over 1024 bytes. This library complies with this specification, although, it is conceivable that meta
+      # could be an arbitrarily long string.
+      #
+      # @return [String] The UTF-8 encoded message from the response header.
+      attr_reader :meta
+
+      # @return [String] The message body.
+      attr_reader :body
+
+      # Constructor for the response type.
+      # @param data [String] A raw Gemini server response.
+      def initialize(data)
+        @data = data
+        parse
+      end
+
+      # Get a human readable response type.
+      # @return [String] The response type as a human readable string.
+      def type
+        case @status_maj
+        when INPUT then return "Input"
+        when SUCCESS then return "Success"
+        when REDIRECT then return "Redirect"
+        when TEMPORARY_FAILURE then return "Temporary failure"
+        when PERMANENT_FAILURE then return "Permanent failure"
+        when REQUEST_CERTIFICATE then return "Request certificate"
+        end
+        "Unknown"
+      end
+
+      def input?; return true if @status_maj == INPUT; false; end
+      def success?; return true if @status_maj == SUCCESS; false; end
+      def redirect?; return true if @status_maj == REDIRECT; false; end
+      def temporary_failure?; return true if @status_maj == TEMPORARY_FAILURE; false; end
+      def permanent_failure?; return true if @status_maj == PERMANENT_FAILURE; false; end
+      def request_certificate?; return true if @status_maj == REQUEST_CERTIFICATE; false; end
+
+      private
+
+      # Splits up the responseinto a header and a body.
+      def parse
+        # Extract the header and parse it
+        a = @data.split("\n")
+        @header = a[0].strip
+        parse_header
+
+        # Remove the first element from the array,
+        # then populate body with the rest of the data
+        a.shift
+        @body = a.join("\n") if a.length.positive?
+      end
+
+      # Splits upt the header into a status code and a meta.
+      def parse_header
+        a = @header.split
+
+        # Make sure there are only one or two elements in the header
+        raise InvalidHeaderError, "The server did not send a header" unless a.length.positive?
+
+        # Parse the status code
+        @status = a[0]
+        parse_status
+
+        # Parse the meta
+        @meta = ""
+        @meta = a[1..].join(" ") if a.length >= 2
+        parse_meta
+      end
+
+      # Splits up the status into a major and minor, checks for invalid status codes.
+      def parse_status
+        # Make sure the status is numerical
+        unless @status.numerical?
+          raise InvalidStatusCodeError,
+                "The server sent a non-numerical status code: #{@status}"
+        end
+
+        # Allow status code to only be a single digit, or two digits (as the spec says it should be)
+        if @status.length == 1
+          @status_maj = Integer(@status)
+          @status_min = 0
+        elsif @status.length == 2
+          @status_maj = Integer(@status[0])
+          @status_min = Integer(@status[1])
+        else
+          raise InvalidStatusCodeError, "The server sent a status code that is longer than 2 digits: #{@status}"
+        end
+
+        # Make sure the major status code is between 1 and 6, including 1 and 6
+        unless @status_maj >= 1 && @status_maj <= 6
+          raise InvalidStatusCodeError,
+                "The server sent an invalid, major status code: #{@status_maj}"
+        end
+
+        # Make sure #{status} is an Integer
+        @status = Integer(@status)
+      end
+
+      # Checks the meta size, does extra checking depending on #{status} type.
+      def parse_meta
+        # Make sure the meta isn't too large
+        if @meta.bytesize > MAX_META_BYTESIZE
+          raise InvalidMetaError,
+                "The server sent a meta that was too large, should be #{MAX_META_BYTESIZE} bytes, instead is #{@meta.bytesize} bytes"
+        end
+
+        if @status_maj == TEMPORARY_FAILURE || @status_maj == PERMANENT_FAILURE || @status_maj == REQUEST_CERTIFICATE
+          return
+        end
+
+        # Make sure meta exists (i.e. has length)
+        # This satisfies the INPUT and SUCCESS
+        unless @meta.length.positive?
+          raise InvalidMetaError,
+                "The server sent an empty meta, should've sent a user prompt"
+        end
+
+        # TODO: Possibly check for valid MIME type for the SUCCESS response
+        return if @status_maj == INPUT || @status_maj == SUCCESS
+
+        # The meta needs a specific URI if @status_maj == REDIRECT
+        uri = URI(@meta)
+
+        # Make sure the URI has a scheme
+        raise InvalidRedirectError, "The redirect link does not have a scheme" if uri.scheme.nil? || uri.scheme.empty?
+
+        # Make sure the URI scheme is 'gemini'
+        return if uri.scheme == "gemini"
+
+        raise InvalidRedirectError,
+              "The redirect link has an invalid scheme (has: #{uri.scheme}, wants: gemini)"
+      end
+    end
+  end
+end

data/lib/net/tofu/socket.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    # Stoes an SSLSocket for making requests and receiving data.
+    class Socket
+      # Constructor for the socket type.
+      # @param host [String] Hostname of the server to connect to.
+      # @param port [Integer] Server port to connect to (typically 1965).
+      def initialize(host, port)
+        @host = host
+        @port = port
+        @sock = OpenSSL::SSL::SSLSocket.open(@host, @port, context: generate_secure_context)
+      end
+
+      # Open a connection to the server.
+      def connect
+        @sock.hostname = @host
+        @sock.connect
+      end
+
+      # Try and retrieve data from a request.
+      def gets(req)
+        @sock.puts req.format
+
+        io = StringIO.new
+        while (line = @sock.gets)
+          io.puts line
+        end
+
+        Response.new(io.string)
+      ensure
+        io.close
+      end
+
+      # Close the connection with the server.
+      def close
+        @sock.close
+      end
+
+      private
+
+      # Configure the TLS security options to use on the socket.
+      def generate_secure_context
+        ctx = OpenSSL::SSL::SSLContext.new
+        ctx.verify_hostname = true
+        ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
+        ctx.options |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
+        ctx
+      end
+    end
+  end
+end

data/lib/net/tofu/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Tofu
+  VERSION = "0.1.0"
+end

data/lib/net/tofu.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative "tofu/error"
+require_relative "tofu/request"
+require_relative "tofu/response"
+require_relative "tofu/socket"
+require_relative "tofu/version"
+
+require "openssl"
+require "stringio"
+require "uri/gemini"
+
+module Net
+  # Top level module for Geminispace requests.
+  module Tofu
+    def self.get(uri, trust: true)
+      req = Request.new(uri)
+      req.gets
+
+      return req.resp.body if req.resp.success?
+
+      req.resp.meta
+    end
+
+    def self.get_response(uri, trust: true)
+      req = Request.new(uri)
+      req.gets
+
+      req.resp
+    end
+  end
+end

data/lib/uri/gemini.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# MIT License
+#
+# Copyright (c) 2020 Étienne Deparis
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+require "uri"
+
+module URI # :nodoc:
+  #
+  # The syntax of Gemini URIs is defined in the Gemini specification,
+  # section 1.2.
+  #
+  # @see https://gemini.circumlunar.space/docs/specification.html
+  #
+  class Gemini < HTTP
+    # A Default port of 1965 for URI::Gemini.
+    DEFAULT_PORT = 1965
+
+    # An Array of the available components for URI::Gemini.
+    COMPONENT = %i[scheme host port
+                   path query fragment].freeze
+  end
+
+  if respond_to? :register_scheme
+    # Introduced somewhere in ruby 3.0.x
+    register_scheme "GEMINI", Gemini
+  else
+    @@schemes["GEMINI"] = Gemini
+  end
+end

data/sig/opentofu.rbs

@@ -0,0 +1,4 @@
+module Opentofu
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+end

metadata

@@ -0,0 +1,62 @@
+--- !ruby/object:Gem::Specification
+name: opentofu
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Rory Dudley
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2023-07-27 00:00:00.000000000 Z
+dependencies: []
+description: |2
+      OpenTOFU is a client and certificate pinning library for Geminispace, derived from
+      the 'trust on first use' authentication scheme (https://en.wikipedia.org/wiki/Trust_on_first_use).
+email:
+- rory.dudley@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rubocop.yml"
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/net/tofu.rb
+- lib/net/tofu/error.rb
+- lib/net/tofu/request.rb
+- lib/net/tofu/response.rb
+- lib/net/tofu/socket.rb
+- lib/net/tofu/version.rb
+- lib/uri/gemini.rb
+- sig/opentofu.rbs
+homepage: https://github.com/pinecat/opentofu
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/pinecat/opentofu
+  source_code_uri: https://github.com/pinecat/opentofu
+  changelog_uri: https://github.com/pinecat/opentofu
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.17
+signing_key:
+specification_version: 4
+summary: A Gemini client and certificate manager.
+test_files: []