opentofu 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1eeac402d86ae7cc5b5f2e9be3327a60f8f3132453854ea9ee5f477462e58fc7
-  data.tar.gz: 54f68d912adb5e14a39ddde842ad4acf5ff3664923815138e5a30fcc8ba87881
+  metadata.gz: 1af62b16fa0e24d835f5255f5fc81526831f2ebbb06730ca257940057ff5e4b9
+  data.tar.gz: 2adbc048e86b177b764cfc9ec874f99142e814eb16de722779207e425cb87452
 SHA512:
-  metadata.gz: c74b24eada5091a0d37eb1a97b871838744e2169b36974fed374900c0a64e73acafe019751341da153f6f5e59a0b6e48e2c4aa9b1674fa65aa3573a74be44528
-  data.tar.gz: 8c00e948a371088cd8e87698d3884fe55d7aa8b84ac65c5a5d64d6b0a53cbf505fed91010cd4d83e53f820a1b2a6dac46a9ad5947733546404e1d992d0301bf5
+  metadata.gz: aa68f3a49de9f18d8a3a700757fd974528d1a503f562084d9e28385ac8aaadb4f6398fcd3e271643dc595b9308cdf91520cd9e9cb829113647025d458b68bb28
+  data.tar.gz: 12fe5263618be4a044d585b5f573248550ec8a91318e80c444e77158e79c18832390f3439e772cd4cb4ed0bb891128426667688aae1915bf00a7001828848e8d

data/.rubocop.yml

@@ -1,16 +1,19 @@
 AllCops:
   TargetRubyVersion: 2.6
 
+Layout/HeredocIndentation:
+  Enabled: false
+
+Metrics/AbcSize:
+  Enabled: true
+  Max: 25
+
 Metrics/MethodLength:
   Enabled: true
   Max: 18
-  Exclude:
-    - "lib/net/tofu/response.rb"
 
-Style/ClassVars:
-  Enabled: true
-  Exclude:
-    - "lib/net/tofu/request.rb"
+Style/Next:
+  Enabled: false
 
 Style/Semicolon:
   Enabled: true
@@ -18,9 +21,7 @@ Style/Semicolon:
     - "lib/net/tofu/response.rb"
 
 Style/SingleLineMethods:
-  Enabled: true
-  Exclude:
-    - "lib/net/tofu/response.rb"
+  Enabled: false
 
 Style/StringLiterals:
   Enabled: true
@@ -32,3 +33,5 @@ Style/StringLiteralsInInterpolation:
 
 Layout/LineLength:
   Max: 120
+  Exclude:
+    - "test/test_net_tofu_pub.rb"

data/CHANGELOG.md

@@ -5,7 +5,36 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.1.0] - 2023-07027
+## [0.2.0] - 2023-07-29
+
+### Added
+
+- Certificate checking and pinning logic.
+- Tests for certificate and pinning logic.
+
+### Fixed
+
+- Tests involving fetching data, as they need to trust the host now.
+
+## [0.1.1] - 2023-07-28
+
+### Added
+
+- Tests.
+- The `simplecov` gem to view testing coverage.
+- A new error, for if the server doesn't send any data.
+- The Linux platform to the bundle platform.
+
+### Fixed
+
+- Complexity issues in the Response class from the linter.
+
+### Removed
+
+- The `@@current_host` class variable from Request. Clients should handle keeping track of the current host, Tofu should just fetch data.
+- The complicated logic used to parse host names from the Request class, as per the above point.
+
+## [0.1.0] - 2023-07-27
 
 First release. Still lots of improvements to be made.
 

data/README.md

@@ -14,7 +14,7 @@ gem install opentofu
 Or to use it as part of a project, place the following line in your Gemfile, then run `bundle install` in your project directory:
 
 ```ruby
-gem "opentofu", "~> 0.1.0"
+gem "opentofu", "~> 0.2.0"
 ```
 
 ## Usage

data/exe/tofu

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require "optparse"
+require "net/tofu"
+
+OptionParser.new do |p|
+  p.banner = "Usage: tofu [options]"
+
+  p.on("-rHOST", "--remove=HOST", "Host to remove from the ~/.tofu/known_hosts file") do |host|
+    Net::Tofu::Pub.db_exist?
+
+    lines = File.read(Net::Tofu::Pub::DB).split("\n")
+
+    idx = nil
+    lines.each_with_index do |l, i|
+      h = l.split[0]
+      if host == h
+        idx = i
+        break
+      end
+    end
+
+    lines.delete_at(idx) unless idx.nil?
+
+    f = File.open(Net::Tofu::Pub::DB, "w")
+    f.write lines.join("\n")
+    f.write "\n" unless lines.nil? || lines.empty?
+
+    exit 0
+  ensure
+    f&.close
+  end
+
+  p.on("-V", "--version", "Print the version then quit") do
+    puts "tofu v#{Net::Tofu::VERSION}"
+    exit 0
+  end
+end.parse!

data/lib/net/tofu/error.rb

@@ -3,6 +3,9 @@
 module Net
   module Tofu
     class Response
+      # Raised when a server doesn't send any data.
+      class NoServerResponseError < StandardError; end
+
       # Raised when a server sends an invalid header.
       class InvalidHeaderError < StandardError; end
 
@@ -23,5 +26,14 @@ module Net
       # Raised when a request contains an invalid URI.
       class InvalidURIError < StandardError; end
     end
+
+    # Raised if the host in a get request doesn't have a cached public key.
+    class UnknownHostError < StandardError; end
+
+    # Raised if the host returns an invalid certificate (usually, it means it is out of date).
+    class InvalidCertificateError < StandardError; end
+
+    # Raised if the host returns a different public key.
+    class PublicKeyMismatchError < StandardError; end
   end
 end

data/lib/net/tofu/pub.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    # Intermediate container for an X509 certificate public key.
+    # Manages Geminispace public certificates.
+    class Pub
+      DIR = File.expand_path("~/.tofu")
+      DB = File.expand_path("~/.tofu/known_hosts")
+
+      # @return [String] The host associated with the certificate public key.
+      attr_reader :host
+
+      # @return [String] The certificate public key associated with the host.
+      attr_reader :key
+
+      # @return [OpenSSL::X509::Certificate] The X509 certificate.
+      attr_reader :x509
+
+      # Constructor for the cert type.
+      # @param host [String] Host to associate with the certificate public key.
+      # @param data [String] Certificate public key to associate with the host.
+      def initialize(host, data)
+        @host = host
+        @key = data
+        @key = format_hosts(data) if data.start_with?("-----BEGIN CERTIFICATE-----")
+        @x509 = OpenSSL::X509::Certificate.new(to_x509)
+      end
+
+      # Lookup a host in the known_hosts table.
+      # @param host [String] the hostname to lookup
+      # @return [Cert] An instance of this class if found, or nil if not found.
+      def self.lookup(host)
+        db_exist?
+
+        f = File.read(DB)
+        includes = nil
+        f.lines.each_with_index do |l, i|
+          if l.split[0].include? host
+            @line = i
+            includes = l.split[1]
+            break
+          end
+        end
+        return nil if includes.nil? || includes.empty?
+
+        new(host, includes)
+      end
+
+      def line
+        @line ||= nil
+      end
+
+      # Pin a certificate public key to the known_hosts file
+      def pin
+        Net::Tofu::Pub.db_exist?
+
+        f = File.open(DB, "a")
+        f.puts self
+      ensure
+        f&.close
+      end
+
+      # Conver the certificate public key to a properly formatted X509 string.
+      def to_x509
+        lines = @key.chars.each_slice(64).map(&:join)
+        "-----BEGIN CERTIFICATE-----\n#{lines.join("\n")}\n-----END CERTIFICATE-----"
+      end
+
+      # Hosts file format.
+      def to_s
+        "#{@host} #{@key}"
+      end
+
+      # Compare certificate public keys
+      def ==(other)
+        @key == other.key
+      end
+
+      # Check if known_hosts file exists, try to create it if it doesn't.
+      def self.db_exist?
+        return true if File.exist?(DB)
+
+        FileUtils.mkdir_p(DIR) unless File.directory?(DIR)
+        FileUtils.touch(DB)
+        true
+      end
+
+      private
+
+      # Strip header, tail, and newlines from base64 encoded certificate public key.
+      def format_hosts(key)
+        key.gsub("-----BEGIN CERTIFICATE-----", "").gsub("-----END CERTIFICATE-----", "").gsub("\n", "")
+      end
+    end
+  end
+end

data/lib/net/tofu/request.rb

@@ -4,8 +4,6 @@ module Net
   module Tofu
     # Stores a client request to a Gemini server.
     class Request
-      SCHEME = "gemini"
-
       MAX_URI_BYTESIZE = 1024
 
       # @return [URI] The full URI object of the request.
@@ -35,18 +33,13 @@ module Net
       # Constructor for the request type.
       # @param host [String] A host string, optionally with the gemini:// scheme.
       # @param port [Integer] Optional parameter to specify the server port to connect to.
-      def initialize(host, port: nil)
-        # Keeps track of the current host for links with only paths.
-        @@current_host ||= ""
+      def initialize(host, port: nil, trust: false)
+        @uri = URI(host)
+        @uri.port = port unless port.nil?
 
-        @host = host
-        @port = port unless port.nil?
-        determine_host
         parse_head
         parse_tail
 
-        puts format
-
         # Make sure the URI isn't too large
         if format.bytesize > MAX_URI_BYTESIZE
           raise InvalidURIError,
@@ -54,7 +47,7 @@ module Net
         end
 
         # Create a socket
-        @sock = Socket.new(@host, @port)
+        @sock = Socket.new(@host, @port, trust)
       end
 
       # Format the URI for sending over a socket to a Gemini server.
@@ -73,63 +66,28 @@ module Net
 
       private
 
-      # Parses the host and the path, and sets the current_host.
-      def determine_host
-        puts "current: #{@@current_host}"
-        @uri = URI(@host)
-
-        unless @uri.host.nil? || @uri.host.empty?
-          @host = @uri.host
-          @@current_host = @host
-          return
-        end
-
-        return if @uri.path.nil? || @uri.path.empty?
-        return unless @uri.host.nil? || @uri.host.empty?
-
-        if @uri.path.start_with?("/")
-          raise InvalidURIError, "No host specified" if @@current_host.nil? || @@current_host.empty?
-
-          unless @@current_host.nil? || @@current_host.empty?
-            @uri.host = @@current_host
-            @host = @uri.host
-            @@current_host = @host
-          end
-
-          return
-        end
-
-        paths = @uri.path.split("/")
-        puts paths
-
-        @uri.host = paths[0]
-        @host = @uri.host
-        @@current_host = @host
-        @uri.path = nil if paths.length == 1
-        return unless paths.length > 1
-
-        @uri.path = paths[1..].join("/")
-        @uri.path = "/#{uri.path}"
-      end
-
       # Parses the scheme, the host, and the port for the request.
       def parse_head
         # Check if a scheme was specified, if not, default to gemini://
         # Also set the port if this happens
         if @uri.scheme.nil? || @uri.scheme.empty?
-          @uri.scheme = SCHEME
-          @uri.port = URI::Gemini::DEFAULT_PORT
+          @uri.scheme = URI::Gemini::DEFAULT_SCHEME
+          @uri.port = URI::Gemini::DEFAULT_PORT if @uri.port.nil?
         end
 
+        # Check if a host was specified.
+        raise InvalidURIError, "Request does not contain a host" if @uri.host.nil? || @uri.host.empty?
+
         # Set member parts
         @scheme = @uri.scheme
+        @host = @uri.host
         @port = @uri.port
 
         # Check if a scheme is present that isn't gemini://
-        return if @uri.scheme == SCHEME
+        return if @uri.scheme == URI::Gemini::DEFAULT_SCHEME
 
         raise InvalidSchemeError,
-              "Request uses an invalid scheme (has: #{@uri.scheme}, wants: #{SCHEME}"
+              "Request uses an invalid scheme (has: #{@uri.scheme}, wants: #{URI::Gemini::DEFAULT_SCHEME}"
       end
 
       # Parses the path, the query, and the fragment for the request.

data/lib/net/tofu/response.rb

@@ -83,6 +83,8 @@ module Net
 
       # Splits up the responseinto a header and a body.
       def parse
+        raise NoServerResponseError if @data.nil? || @data.empty?
+
         # Extract the header and parse it
         a = @data.split("\n")
         @header = a[0].strip
@@ -108,6 +110,7 @@ module Net
         # Parse the meta
         @meta = ""
         @meta = a[1..].join(" ") if a.length >= 2
+        @meta.strip!
         parse_meta
       end
 
@@ -144,14 +147,21 @@ module Net
       def parse_meta
         # Make sure the meta isn't too large
         if @meta.bytesize > MAX_META_BYTESIZE
-          raise InvalidMetaError,
-                "The server sent a meta that was too large, should be #{MAX_META_BYTESIZE} bytes, instead is #{@meta.bytesize} bytes"
+          raise InvalidMetaError, <<-TXT
+                The server sent a meta that was too large, should be #{MAX_META_BYTESIZE} bytes,
+                instead is #{@meta.bytesize} bytes
+          TXT
         end
 
         if @status_maj == TEMPORARY_FAILURE || @status_maj == PERMANENT_FAILURE || @status_maj == REQUEST_CERTIFICATE
           return
         end
 
+        # Handle extra checks based on the @status type
+        handle_type
+      end
+
+      def handle_type
         # Make sure meta exists (i.e. has length)
         # This satisfies the INPUT and SUCCESS
         unless @meta.length.positive?
@@ -169,10 +179,10 @@ module Net
         raise InvalidRedirectError, "The redirect link does not have a scheme" if uri.scheme.nil? || uri.scheme.empty?
 
         # Make sure the URI scheme is 'gemini'
-        return if uri.scheme == "gemini"
+        return if uri.scheme == URI::Gemini::DEFAULT_SCHEME
 
         raise InvalidRedirectError,
-              "The redirect link has an invalid scheme (has: #{uri.scheme}, wants: gemini)"
+              "The redirect link has an invalid scheme (has: #{uri.scheme}, wants: #{URI::Gemini::DEFAULT_SCHEME})"
       end
     end
   end

data/lib/net/tofu/socket.rb

@@ -7,9 +7,10 @@ module Net
       # Constructor for the socket type.
       # @param host [String] Hostname of the server to connect to.
       # @param port [Integer] Server port to connect to (typically 1965).
-      def initialize(host, port)
+      def initialize(host, port, trust)
         @host = host
         @port = port
+        @trust = trust
         @sock = OpenSSL::SSL::SSLSocket.open(@host, @port, context: generate_secure_context)
       end
 
@@ -17,6 +18,7 @@ module Net
       def connect
         @sock.hostname = @host
         @sock.connect
+        validate_certs
       end
 
       # Try and retrieve data from a request.
@@ -49,6 +51,37 @@ module Net
         ctx.options |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
         ctx
       end
+
+      # Validate a remote certificate with a local one
+      def validate_certs
+        remote = Pub.new(@host, @sock.peer_cert.to_pem)
+        local = Pub.lookup(@host)
+
+        raise UnknownHostError if local.nil? && !@trust
+
+        remote.pin if local.nil? && @trust
+        local = Pub.lookup(@host)
+
+        unless local == remote
+          raise PublicKeyMismatchError, <<-TXT
+The remote host has a different certificate than what is cached locally.
+This could be because a new certificate was issued, or because of a MITM attack.
+Please verify the new public certificate, then you may run:
+
+  tofu -r #{@host}
+
+Once you remove the old certificate public key, you will be able to add the new one.
+          TXT
+        end
+
+        validate_timestamp(remote)
+      end
+
+      # Validate certificate timestamps
+      def validate_timestamp(remote)
+        raise InvalidCertificateError, "Certificate is not valid yet" if remote.x509.not_before > Time.now.utc
+        raise InvalidCertificateError, "Certificate is no longer valid" if remote.x509.not_after < Time.now.utc
+      end
     end
   end
 end

data/lib/net/tofu/version.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
-module Tofu
-  VERSION = "0.1.0"
+module Net
+  module Tofu
+    VERSION = "0.2.0"
+  end
 end

data/lib/net/tofu.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
 require_relative "tofu/error"
+require_relative "tofu/pub"
 require_relative "tofu/request"
 require_relative "tofu/response"
 require_relative "tofu/socket"
 require_relative "tofu/version"
 
+require "fileutils"
 require "openssl"
 require "stringio"
 require "uri/gemini"
@@ -13,8 +15,8 @@ require "uri/gemini"
 module Net
   # Top level module for Geminispace requests.
   module Tofu
-    def self.get(uri, trust: true)
-      req = Request.new(uri)
+    def self.get(uri, trust: false)
+      req = Request.new(uri, trust: trust)
       req.gets
 
       return req.resp.body if req.resp.success?
@@ -22,8 +24,8 @@ module Net
       req.resp.meta
     end
 
-    def self.get_response(uri, trust: true)
-      req = Request.new(uri)
+    def self.get_response(uri, trust: false)
+      req = Request.new(uri, trust: trust)
       req.gets
 
       req.resp

data/lib/uri/gemini.rb

@@ -35,6 +35,9 @@ module URI # :nodoc:
     # A Default port of 1965 for URI::Gemini.
     DEFAULT_PORT = 1965
 
+    # A Default scheme of gemini for URI::Gemini.
+    DEFAULT_SCHEME = "gemini"
+
     # An Array of the available components for URI::Gemini.
     COMPONENT = %i[scheme host port
                    path query fragment].freeze

metadata

@@ -1,21 +1,22 @@
 --- !ruby/object:Gem::Specification
 name: opentofu
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Rory Dudley
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-07-27 00:00:00.000000000 Z
+date: 2023-07-29 00:00:00.000000000 Z
 dependencies: []
 description: |2
       OpenTOFU is a client and certificate pinning library for Geminispace, derived from
       the 'trust on first use' authentication scheme (https://en.wikipedia.org/wiki/Trust_on_first_use).
 email:
 - rory.dudley@gmail.com
-executables: []
+executables:
+- tofu
 extensions: []
 extra_rdoc_files: []
 files:
@@ -24,8 +25,10 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- exe/tofu
 - lib/net/tofu.rb
 - lib/net/tofu/error.rb
+- lib/net/tofu/pub.rb
 - lib/net/tofu/request.rb
 - lib/net/tofu/response.rb
 - lib/net/tofu/socket.rb
@@ -39,7 +42,7 @@ metadata:
   allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/pinecat/opentofu
   source_code_uri: https://github.com/pinecat/opentofu
-  changelog_uri: https://github.com/pinecat/opentofu
+  changelog_uri: https://github.com/pinecat/opentofu/blob/master/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths: