opentofu 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a69c67e3a0d558a57695eafff1a69d111d8ff7ccc6c74de393efe6cb5f0bf276
-  data.tar.gz: 780851bb7b0166ec9ea945f71735eba1c795cd399a7633606bdd4639762c6b59
+  metadata.gz: 1af62b16fa0e24d835f5255f5fc81526831f2ebbb06730ca257940057ff5e4b9
+  data.tar.gz: 2adbc048e86b177b764cfc9ec874f99142e814eb16de722779207e425cb87452
 SHA512:
-  metadata.gz: c506b5667e6e99e717f0455c94a6e362664a5c299d880f465b031aa684969120c5484175c28606fc5aaabc39bd1fa577c89f6d05374e1df8ea37642dd4bf91e3
-  data.tar.gz: 5d6f6f2ea96f1ea01a5b442dba6f1f8ef8f83f40f852866b28995fcd879a96a6914030f20303a71d6c9b21e2a56346aba28ad74b9a03a832a71b34e57325a1c2
+  metadata.gz: aa68f3a49de9f18d8a3a700757fd974528d1a503f562084d9e28385ac8aaadb4f6398fcd3e271643dc595b9308cdf91520cd9e9cb829113647025d458b68bb28
+  data.tar.gz: 12fe5263618be4a044d585b5f573248550ec8a91318e80c444e77158e79c18832390f3439e772cd4cb4ed0bb891128426667688aae1915bf00a7001828848e8d

data/.rubocop.yml

@@ -1,6 +1,9 @@
 AllCops:
   TargetRubyVersion: 2.6
 
+Layout/HeredocIndentation:
+  Enabled: false
+
 Metrics/AbcSize:
   Enabled: true
   Max: 25
@@ -9,6 +12,9 @@ Metrics/MethodLength:
   Enabled: true
   Max: 18
 
+Style/Next:
+  Enabled: false
+
 Style/Semicolon:
   Enabled: true
   Exclude:
@@ -27,3 +33,5 @@ Style/StringLiteralsInInterpolation:
 
 Layout/LineLength:
   Max: 120
+  Exclude:
+    - "test/test_net_tofu_pub.rb"

data/CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.2.0] - 2023-07-29
+
+### Added
+
+- Certificate checking and pinning logic.
+- Tests for certificate and pinning logic.
+
+### Fixed
+
+- Tests involving fetching data, as they need to trust the host now.
+
 ## [0.1.1] - 2023-07-28
 
 ### Added

data/README.md

@@ -14,7 +14,7 @@ gem install opentofu
 Or to use it as part of a project, place the following line in your Gemfile, then run `bundle install` in your project directory:
 
 ```ruby
-gem "opentofu", "~> 0.1.0"
+gem "opentofu", "~> 0.2.0"
 ```
 
 ## Usage

data/exe/tofu

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require "optparse"
+require "net/tofu"
+
+OptionParser.new do |p|
+  p.banner = "Usage: tofu [options]"
+
+  p.on("-rHOST", "--remove=HOST", "Host to remove from the ~/.tofu/known_hosts file") do |host|
+    Net::Tofu::Pub.db_exist?
+
+    lines = File.read(Net::Tofu::Pub::DB).split("\n")
+
+    idx = nil
+    lines.each_with_index do |l, i|
+      h = l.split[0]
+      if host == h
+        idx = i
+        break
+      end
+    end
+
+    lines.delete_at(idx) unless idx.nil?
+
+    f = File.open(Net::Tofu::Pub::DB, "w")
+    f.write lines.join("\n")
+    f.write "\n" unless lines.nil? || lines.empty?
+
+    exit 0
+  ensure
+    f&.close
+  end
+
+  p.on("-V", "--version", "Print the version then quit") do
+    puts "tofu v#{Net::Tofu::VERSION}"
+    exit 0
+  end
+end.parse!

data/lib/net/tofu/error.rb

@@ -26,5 +26,14 @@ module Net
       # Raised when a request contains an invalid URI.
       class InvalidURIError < StandardError; end
     end
+
+    # Raised if the host in a get request doesn't have a cached public key.
+    class UnknownHostError < StandardError; end
+
+    # Raised if the host returns an invalid certificate (usually, it means it is out of date).
+    class InvalidCertificateError < StandardError; end
+
+    # Raised if the host returns a different public key.
+    class PublicKeyMismatchError < StandardError; end
   end
 end

data/lib/net/tofu/pub.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module Net
+  module Tofu
+    # Intermediate container for an X509 certificate public key.
+    # Manages Geminispace public certificates.
+    class Pub
+      DIR = File.expand_path("~/.tofu")
+      DB = File.expand_path("~/.tofu/known_hosts")
+
+      # @return [String] The host associated with the certificate public key.
+      attr_reader :host
+
+      # @return [String] The certificate public key associated with the host.
+      attr_reader :key
+
+      # @return [OpenSSL::X509::Certificate] The X509 certificate.
+      attr_reader :x509
+
+      # Constructor for the cert type.
+      # @param host [String] Host to associate with the certificate public key.
+      # @param data [String] Certificate public key to associate with the host.
+      def initialize(host, data)
+        @host = host
+        @key = data
+        @key = format_hosts(data) if data.start_with?("-----BEGIN CERTIFICATE-----")
+        @x509 = OpenSSL::X509::Certificate.new(to_x509)
+      end
+
+      # Lookup a host in the known_hosts table.
+      # @param host [String] the hostname to lookup
+      # @return [Cert] An instance of this class if found, or nil if not found.
+      def self.lookup(host)
+        db_exist?
+
+        f = File.read(DB)
+        includes = nil
+        f.lines.each_with_index do |l, i|
+          if l.split[0].include? host
+            @line = i
+            includes = l.split[1]
+            break
+          end
+        end
+        return nil if includes.nil? || includes.empty?
+
+        new(host, includes)
+      end
+
+      def line
+        @line ||= nil
+      end
+
+      # Pin a certificate public key to the known_hosts file
+      def pin
+        Net::Tofu::Pub.db_exist?
+
+        f = File.open(DB, "a")
+        f.puts self
+      ensure
+        f&.close
+      end
+
+      # Conver the certificate public key to a properly formatted X509 string.
+      def to_x509
+        lines = @key.chars.each_slice(64).map(&:join)
+        "-----BEGIN CERTIFICATE-----\n#{lines.join("\n")}\n-----END CERTIFICATE-----"
+      end
+
+      # Hosts file format.
+      def to_s
+        "#{@host} #{@key}"
+      end
+
+      # Compare certificate public keys
+      def ==(other)
+        @key == other.key
+      end
+
+      # Check if known_hosts file exists, try to create it if it doesn't.
+      def self.db_exist?
+        return true if File.exist?(DB)
+
+        FileUtils.mkdir_p(DIR) unless File.directory?(DIR)
+        FileUtils.touch(DB)
+        true
+      end
+
+      private
+
+      # Strip header, tail, and newlines from base64 encoded certificate public key.
+      def format_hosts(key)
+        key.gsub("-----BEGIN CERTIFICATE-----", "").gsub("-----END CERTIFICATE-----", "").gsub("\n", "")
+      end
+    end
+  end
+end

data/lib/net/tofu/request.rb

@@ -33,7 +33,7 @@ module Net
       # Constructor for the request type.
       # @param host [String] A host string, optionally with the gemini:// scheme.
       # @param port [Integer] Optional parameter to specify the server port to connect to.
-      def initialize(host, port: nil)
+      def initialize(host, port: nil, trust: false)
         @uri = URI(host)
         @uri.port = port unless port.nil?
 
@@ -47,7 +47,7 @@ module Net
         end
 
         # Create a socket
-        @sock = Socket.new(@host, @port)
+        @sock = Socket.new(@host, @port, trust)
       end
 
       # Format the URI for sending over a socket to a Gemini server.

data/lib/net/tofu/socket.rb

@@ -7,9 +7,10 @@ module Net
       # Constructor for the socket type.
       # @param host [String] Hostname of the server to connect to.
       # @param port [Integer] Server port to connect to (typically 1965).
-      def initialize(host, port)
+      def initialize(host, port, trust)
         @host = host
         @port = port
+        @trust = trust
         @sock = OpenSSL::SSL::SSLSocket.open(@host, @port, context: generate_secure_context)
       end
 
@@ -17,6 +18,7 @@ module Net
       def connect
         @sock.hostname = @host
         @sock.connect
+        validate_certs
       end
 
       # Try and retrieve data from a request.
@@ -49,6 +51,37 @@ module Net
         ctx.options |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
         ctx
       end
+
+      # Validate a remote certificate with a local one
+      def validate_certs
+        remote = Pub.new(@host, @sock.peer_cert.to_pem)
+        local = Pub.lookup(@host)
+
+        raise UnknownHostError if local.nil? && !@trust
+
+        remote.pin if local.nil? && @trust
+        local = Pub.lookup(@host)
+
+        unless local == remote
+          raise PublicKeyMismatchError, <<-TXT
+The remote host has a different certificate than what is cached locally.
+This could be because a new certificate was issued, or because of a MITM attack.
+Please verify the new public certificate, then you may run:
+
+  tofu -r #{@host}
+
+Once you remove the old certificate public key, you will be able to add the new one.
+          TXT
+        end
+
+        validate_timestamp(remote)
+      end
+
+      # Validate certificate timestamps
+      def validate_timestamp(remote)
+        raise InvalidCertificateError, "Certificate is not valid yet" if remote.x509.not_before > Time.now.utc
+        raise InvalidCertificateError, "Certificate is no longer valid" if remote.x509.not_after < Time.now.utc
+      end
     end
   end
 end

data/lib/net/tofu/version.rb

@@ -2,6 +2,6 @@
 
 module Net
   module Tofu
-    VERSION = "0.1.1"
+    VERSION = "0.2.0"
   end
 end

data/lib/net/tofu.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
 require_relative "tofu/error"
+require_relative "tofu/pub"
 require_relative "tofu/request"
 require_relative "tofu/response"
 require_relative "tofu/socket"
 require_relative "tofu/version"
 
+require "fileutils"
 require "openssl"
 require "stringio"
 require "uri/gemini"
@@ -13,8 +15,8 @@ require "uri/gemini"
 module Net
   # Top level module for Geminispace requests.
   module Tofu
-    def self.get(uri, trust: true)
-      req = Request.new(uri)
+    def self.get(uri, trust: false)
+      req = Request.new(uri, trust: trust)
       req.gets
 
       return req.resp.body if req.resp.success?
@@ -22,8 +24,8 @@ module Net
       req.resp.meta
     end
 
-    def self.get_response(uri, trust: true)
-      req = Request.new(uri)
+    def self.get_response(uri, trust: false)
+      req = Request.new(uri, trust: trust)
       req.gets
 
       req.resp

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: opentofu
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Rory Dudley
@@ -15,7 +15,8 @@ description: |2
       the 'trust on first use' authentication scheme (https://en.wikipedia.org/wiki/Trust_on_first_use).
 email:
 - rory.dudley@gmail.com
-executables: []
+executables:
+- tofu
 extensions: []
 extra_rdoc_files: []
 files:
@@ -24,8 +25,10 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- exe/tofu
 - lib/net/tofu.rb
 - lib/net/tofu/error.rb
+- lib/net/tofu/pub.rb
 - lib/net/tofu/request.rb
 - lib/net/tofu/response.rb
 - lib/net/tofu/socket.rb