orthrus-ssh 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.autotest +23 -0
- data/.gemtest +0 -0
- data/History.txt +6 -0
- data/Manifest.txt +31 -0
- data/README.txt +61 -0
- data/Rakefile +12 -0
- data/bin/orthrus +16 -0
- data/lib/orthrus.rb +2 -0
- data/lib/orthrus/key.rb +12 -0
- data/lib/orthrus/key_holder.rb +15 -0
- data/lib/orthrus/ssh.rb +50 -0
- data/lib/orthrus/ssh/agent.rb +176 -0
- data/lib/orthrus/ssh/buffer.rb +343 -0
- data/lib/orthrus/ssh/dsa.rb +88 -0
- data/lib/orthrus/ssh/http_agent.rb +83 -0
- data/lib/orthrus/ssh/key.rb +50 -0
- data/lib/orthrus/ssh/public_key_set.rb +30 -0
- data/lib/orthrus/ssh/rack_app.rb +62 -0
- data/lib/orthrus/ssh/rsa.rb +51 -0
- data/lib/orthrus/ssh/utils.rb +26 -0
- data/test/data/authorized_keys +2 -0
- data/test/data/id_dsa +12 -0
- data/test/data/id_dsa.pub +1 -0
- data/test/data/id_rsa +27 -0
- data/test/data/id_rsa.pub +1 -0
- data/test/sessions.rb +28 -0
- data/test/test_orthrus_ssh_agent.rb +31 -0
- data/test/test_orthrus_ssh_dsa.rb +46 -0
- data/test/test_orthrus_ssh_http_agent.rb +71 -0
- data/test/test_orthrus_ssh_public_key_set.rb +29 -0
- data/test/test_orthrus_ssh_rackapp.rb +84 -0
- data/test/test_orthrus_ssh_rsa.rb +46 -0
- metadata +149 -0
@@ -0,0 +1 @@
|
|
1
|
+
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDgYlt6gUVZUZE4xgW2TRvi8HjVgrWZ5e6Av76/H3PzvZpsgHSZyDiU1rgVsgwfb1NmJiwflNpILLprSmp3RRqdOEKzEPgxdscQY1sJtTQcmdlWeIvN6KvmImPwV9krqtN8vji7Zqr0N3mcDmdK1MbQ56Cjx5l6/y9rYGLmIZvoLOLDVe3olOHjpapHQLHrQL3c/2Il5y+9aXR1c/gKFeEwwhRL6hcSIufBnanXqVGa5QNrfzw4si8oAIWDNfXDGRdFkxrnGxHOguj8hFeYXNtz6OHu2UPbvum9sUNHXdDHBYSTPqUJfdLvo49ZMqShcEgNrlBe8rx7ooPdDas40mH evan@aero.local
|
data/test/sessions.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
class OrthrusTestSessions
|
2
|
+
def initialize
|
3
|
+
@keys = Hash.new { |h,k| h[k] = {} }
|
4
|
+
end
|
5
|
+
|
6
|
+
def add_key(user, key)
|
7
|
+
@keys[user][key.public_identity] = key
|
8
|
+
end
|
9
|
+
|
10
|
+
def find_key(user, id)
|
11
|
+
@keys[user][id]
|
12
|
+
end
|
13
|
+
|
14
|
+
def new_session(user, pub)
|
15
|
+
@user = user
|
16
|
+
@pub = pub
|
17
|
+
[1, "secret"]
|
18
|
+
end
|
19
|
+
|
20
|
+
def find_session(id)
|
21
|
+
["secret", @pub]
|
22
|
+
end
|
23
|
+
|
24
|
+
def access_token
|
25
|
+
1
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require 'minitest/unit'
|
2
|
+
|
3
|
+
require 'orthrus/ssh/agent'
|
4
|
+
|
5
|
+
class TestOrthrusSSHAgent < MiniTest::Unit::TestCase
|
6
|
+
def setup
|
7
|
+
@agent = nil
|
8
|
+
skip unless Orthrus::SSH::Agent.available?
|
9
|
+
@agent = Orthrus::SSH::Agent.connect
|
10
|
+
end
|
11
|
+
|
12
|
+
def teardown
|
13
|
+
@agent.close if @agent
|
14
|
+
end
|
15
|
+
|
16
|
+
def test_identities
|
17
|
+
assert_kind_of Array, @agent.identities
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_sign
|
21
|
+
id = @agent.identities.first
|
22
|
+
|
23
|
+
data = "hello"
|
24
|
+
|
25
|
+
type, sign = @agent.sign id, data
|
26
|
+
|
27
|
+
assert id.verify(sign, data)
|
28
|
+
end
|
29
|
+
|
30
|
+
|
31
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
require 'minitest/autorun'
|
2
|
+
require 'minitest/unit'
|
3
|
+
|
4
|
+
require 'orthrus/ssh'
|
5
|
+
|
6
|
+
class TestOrthrusSSHDSA < MiniTest::Unit::TestCase
|
7
|
+
DATA_PATH = File.expand_path "../data", __FILE__
|
8
|
+
|
9
|
+
def setup
|
10
|
+
@id_dsa = File.join DATA_PATH, "id_dsa"
|
11
|
+
@id_dsa_pub = File.join DATA_PATH, "id_dsa.pub"
|
12
|
+
end
|
13
|
+
|
14
|
+
def pub_key
|
15
|
+
Orthrus::SSH.load_public @id_dsa_pub
|
16
|
+
end
|
17
|
+
|
18
|
+
def priv_key
|
19
|
+
Orthrus::SSH.load_private @id_dsa
|
20
|
+
end
|
21
|
+
|
22
|
+
def test_load_private
|
23
|
+
s = Orthrus::SSH.load_private @id_dsa
|
24
|
+
assert_kind_of Orthrus::SSH::PrivateKey, s
|
25
|
+
assert s.dsa?, "key not dsa"
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_load_public
|
29
|
+
s = Orthrus::SSH.load_public @id_dsa_pub
|
30
|
+
assert_kind_of Orthrus::SSH::PublicKey, s
|
31
|
+
assert s.dsa?, "key not dsa"
|
32
|
+
end
|
33
|
+
|
34
|
+
def test_sign_and_verify
|
35
|
+
data = "hello"
|
36
|
+
|
37
|
+
assert pub_key.verify(priv_key.sign(data), data)
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_public_identity
|
41
|
+
s = Orthrus::SSH.load_private @id_dsa
|
42
|
+
check = File.read(@id_dsa_pub).split(" ")[1]
|
43
|
+
|
44
|
+
assert_equal check, s.public_identity
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
require 'minitest/unit'
|
2
|
+
require 'minitest/autorun'
|
3
|
+
|
4
|
+
require 'orthrus/ssh/rack_app'
|
5
|
+
require 'orthrus/ssh/http_agent'
|
6
|
+
|
7
|
+
require 'stringio'
|
8
|
+
|
9
|
+
require 'sessions'
|
10
|
+
|
11
|
+
class TestOrthrusSSHHTTPAgent < MiniTest::Unit::TestCase
|
12
|
+
DATA_PATH = File.expand_path "../data", __FILE__
|
13
|
+
|
14
|
+
def setup
|
15
|
+
@@app ||= Orthrus::SSH::RackApp.new OrthrusTestSessions.new
|
16
|
+
@app = @@app
|
17
|
+
@@server ||= begin
|
18
|
+
s = Rack::Server.new :app => @app, :Port => 8787
|
19
|
+
Thread.new { s.start }
|
20
|
+
s
|
21
|
+
end
|
22
|
+
|
23
|
+
@old_stderr = $stderr
|
24
|
+
$stderr = StringIO.new
|
25
|
+
|
26
|
+
sleep 1
|
27
|
+
|
28
|
+
@id_rsa = File.join DATA_PATH, "id_rsa"
|
29
|
+
@rsa = Orthrus::SSH.load_private @id_rsa
|
30
|
+
|
31
|
+
@rsa_pub = Orthrus::SSH.load_public File.join(DATA_PATH, "id_rsa.pub")
|
32
|
+
@app.sessions.add_key "evan", @rsa_pub
|
33
|
+
end
|
34
|
+
|
35
|
+
def teardown
|
36
|
+
# @thread.kill
|
37
|
+
$stderr = @old_stderr
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_access_token
|
41
|
+
url = URI.parse "http://127.0.0.1:8787/"
|
42
|
+
h = Orthrus::SSH::HTTPAgent.new url
|
43
|
+
|
44
|
+
h.add_key @id_rsa
|
45
|
+
|
46
|
+
h.start "evan"
|
47
|
+
|
48
|
+
assert_equal "1", h.access_token
|
49
|
+
end
|
50
|
+
|
51
|
+
def test_access_token_from_agent
|
52
|
+
skip unless Orthrus::SSH::Agent.available?
|
53
|
+
|
54
|
+
begin
|
55
|
+
`ssh-add #{@id_rsa} 2>&1`
|
56
|
+
|
57
|
+
assert Orthrus::SSH::Agent.connect.identities.any? { |id|
|
58
|
+
id.public_identity == @rsa_pub.public_identity
|
59
|
+
}
|
60
|
+
|
61
|
+
url = URI.parse "http://127.0.0.1:8787/"
|
62
|
+
h = Orthrus::SSH::HTTPAgent.new url
|
63
|
+
|
64
|
+
h.start "evan"
|
65
|
+
|
66
|
+
assert_equal "1", h.access_token
|
67
|
+
ensure
|
68
|
+
`ssh-add -d #{@id_rsa} 2>&1`
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
require 'minitest/autorun'
|
2
|
+
require 'minitest/unit'
|
3
|
+
|
4
|
+
require 'orthrus/ssh/public_key_set'
|
5
|
+
|
6
|
+
class TestOrthrusSSHPublicKeySet < MiniTest::Unit::TestCase
|
7
|
+
DATA_PATH = File.expand_path "../data", __FILE__
|
8
|
+
|
9
|
+
def setup
|
10
|
+
@auth_keys = File.join DATA_PATH, "authorized_keys"
|
11
|
+
@id_dsa = File.join DATA_PATH, "id_dsa"
|
12
|
+
@id_rsa = File.join DATA_PATH, "id_rsa"
|
13
|
+
end
|
14
|
+
|
15
|
+
def test_load_authorized_keys
|
16
|
+
s = Orthrus::SSH::PublicKeySet.load_file @auth_keys
|
17
|
+
assert_equal 2, s.num_keys
|
18
|
+
end
|
19
|
+
|
20
|
+
def test_find
|
21
|
+
s = Orthrus::SSH::PublicKeySet.load_file @auth_keys
|
22
|
+
k = Orthrus::SSH.load_private @id_rsa
|
23
|
+
|
24
|
+
j = s.find(k.public_identity)
|
25
|
+
|
26
|
+
assert_kind_of Orthrus::SSH::RSAPublicKey, j
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
require 'minitest/unit'
|
2
|
+
require 'minitest/autorun'
|
3
|
+
|
4
|
+
require 'orthrus/ssh'
|
5
|
+
require 'orthrus/ssh/rack_app'
|
6
|
+
|
7
|
+
require 'stringio'
|
8
|
+
|
9
|
+
require 'sessions'
|
10
|
+
|
11
|
+
class TestOrthrusSSHRackApp < MiniTest::Unit::TestCase
|
12
|
+
DATA_PATH = File.expand_path "../data", __FILE__
|
13
|
+
|
14
|
+
def setup
|
15
|
+
@id_rsa = File.join DATA_PATH, "id_rsa"
|
16
|
+
@rsa = Orthrus::SSH.load_private @id_rsa
|
17
|
+
|
18
|
+
@id_rsa_pub = File.join DATA_PATH, "id_rsa.pub"
|
19
|
+
@rsa_pub = Orthrus::SSH.load_public @id_rsa_pub
|
20
|
+
|
21
|
+
@app = Orthrus::SSH::RackApp.new OrthrusTestSessions.new
|
22
|
+
end
|
23
|
+
|
24
|
+
def test_call_unable_to_find_identity
|
25
|
+
id = @rsa.public_identity
|
26
|
+
|
27
|
+
env = {
|
28
|
+
"rack.input" => StringIO.new,
|
29
|
+
"QUERY_STRING" => "state=find&user=evan&id=#{Rack::Utils.escape(id)}"
|
30
|
+
}
|
31
|
+
|
32
|
+
code, headers, body = @app.call(env)
|
33
|
+
|
34
|
+
assert_equal "application/x-www-form-urlencoded",
|
35
|
+
headers["Content-Type"]
|
36
|
+
|
37
|
+
assert_equal "code=unknown", body[0]
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_call_requests_signature
|
41
|
+
id = @rsa.public_identity
|
42
|
+
@app.sessions.add_key "evan", @rsa_pub
|
43
|
+
|
44
|
+
env = {
|
45
|
+
"rack.input" => StringIO.new,
|
46
|
+
"QUERY_STRING" => "state=find&user=evan&id=#{Rack::Utils.escape(id)}"
|
47
|
+
}
|
48
|
+
|
49
|
+
code, headers, body = @app.call(env)
|
50
|
+
|
51
|
+
assert_equal "application/x-www-form-urlencoded",
|
52
|
+
headers["Content-Type"]
|
53
|
+
|
54
|
+
params = Rack::Utils.parse_query body.first
|
55
|
+
|
56
|
+
assert_equal "check", params['code']
|
57
|
+
assert_equal "1", params["session_id"]
|
58
|
+
refute params["nonce"].empty?
|
59
|
+
end
|
60
|
+
|
61
|
+
def test_call_verifies_signature
|
62
|
+
id = @rsa.public_identity
|
63
|
+
@app.sessions.add_key "evan", @rsa_pub
|
64
|
+
|
65
|
+
env = {
|
66
|
+
"rack.input" => StringIO.new,
|
67
|
+
"QUERY_STRING" => "state=find&user=evan&id=#{Rack::Utils.escape(id)}"
|
68
|
+
}
|
69
|
+
|
70
|
+
code, headers, body = @app.call(env)
|
71
|
+
|
72
|
+
params = Rack::Utils.parse_query(body.first)
|
73
|
+
|
74
|
+
data = params['nonce']
|
75
|
+
|
76
|
+
sig = Rack::Utils.escape @rsa.hexsign(data)
|
77
|
+
|
78
|
+
env["QUERY_STRING"] = "state=signed&sig=#{sig}&session_id=1"
|
79
|
+
|
80
|
+
code, headers, body = @app.call(env)
|
81
|
+
|
82
|
+
assert_equal ["code=verified&access_token=1"], body
|
83
|
+
end
|
84
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
require 'minitest/autorun'
|
2
|
+
require 'minitest/unit'
|
3
|
+
|
4
|
+
require 'orthrus/ssh'
|
5
|
+
|
6
|
+
class TestOrthrusSSHRSA < MiniTest::Unit::TestCase
|
7
|
+
DATA_PATH = File.expand_path "../data", __FILE__
|
8
|
+
|
9
|
+
def setup
|
10
|
+
@id_rsa = File.join DATA_PATH, "id_rsa"
|
11
|
+
@id_rsa_pub = File.join DATA_PATH, "id_rsa.pub"
|
12
|
+
end
|
13
|
+
|
14
|
+
def pub_key
|
15
|
+
Orthrus::SSH.load_public @id_rsa_pub
|
16
|
+
end
|
17
|
+
|
18
|
+
def priv_key
|
19
|
+
Orthrus::SSH.load_private @id_rsa
|
20
|
+
end
|
21
|
+
|
22
|
+
def test_load_private
|
23
|
+
s = Orthrus::SSH.load_private @id_rsa
|
24
|
+
assert_kind_of Orthrus::SSH::PrivateKey, s
|
25
|
+
assert s.rsa?, "key not RSA"
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_load_public
|
29
|
+
s = Orthrus::SSH.load_public @id_rsa_pub
|
30
|
+
assert_kind_of Orthrus::SSH::PublicKey, s
|
31
|
+
assert s.rsa?, "key not RSA"
|
32
|
+
end
|
33
|
+
|
34
|
+
def test_sign_and_verify
|
35
|
+
data = "hello"
|
36
|
+
|
37
|
+
assert pub_key.verify(priv_key.sign(data), data)
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_public_identity
|
41
|
+
s = Orthrus::SSH.load_private @id_rsa
|
42
|
+
check = File.read(@id_rsa_pub).split(" ")[1]
|
43
|
+
|
44
|
+
assert_equal check, s.public_identity
|
45
|
+
end
|
46
|
+
end
|
metadata
ADDED
@@ -0,0 +1,149 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: orthrus-ssh
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 11
|
5
|
+
prerelease:
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 5
|
9
|
+
- 0
|
10
|
+
version: 0.5.0
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Evan Phoenix
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2012-03-25 00:00:00 Z
|
19
|
+
dependencies:
|
20
|
+
- !ruby/object:Gem::Dependency
|
21
|
+
name: minitest
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
+
none: false
|
25
|
+
requirements:
|
26
|
+
- - ~>
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
hash: 21
|
29
|
+
segments:
|
30
|
+
- 2
|
31
|
+
- 11
|
32
|
+
version: "2.11"
|
33
|
+
type: :development
|
34
|
+
version_requirements: *id001
|
35
|
+
- !ruby/object:Gem::Dependency
|
36
|
+
name: rdoc
|
37
|
+
prerelease: false
|
38
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ~>
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
hash: 19
|
44
|
+
segments:
|
45
|
+
- 3
|
46
|
+
- 10
|
47
|
+
version: "3.10"
|
48
|
+
type: :development
|
49
|
+
version_requirements: *id002
|
50
|
+
- !ruby/object:Gem::Dependency
|
51
|
+
name: hoe
|
52
|
+
prerelease: false
|
53
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
54
|
+
none: false
|
55
|
+
requirements:
|
56
|
+
- - ~>
|
57
|
+
- !ruby/object:Gem::Version
|
58
|
+
hash: 31
|
59
|
+
segments:
|
60
|
+
- 2
|
61
|
+
- 14
|
62
|
+
version: "2.14"
|
63
|
+
type: :development
|
64
|
+
version_requirements: *id003
|
65
|
+
description: A user authentication system built on SSH's key
|
66
|
+
email:
|
67
|
+
- evan@phx.io
|
68
|
+
executables:
|
69
|
+
- orthrus
|
70
|
+
extensions: []
|
71
|
+
|
72
|
+
extra_rdoc_files:
|
73
|
+
- History.txt
|
74
|
+
- Manifest.txt
|
75
|
+
- README.txt
|
76
|
+
files:
|
77
|
+
- .autotest
|
78
|
+
- History.txt
|
79
|
+
- Manifest.txt
|
80
|
+
- README.txt
|
81
|
+
- Rakefile
|
82
|
+
- bin/orthrus
|
83
|
+
- lib/orthrus.rb
|
84
|
+
- lib/orthrus/key.rb
|
85
|
+
- lib/orthrus/key_holder.rb
|
86
|
+
- lib/orthrus/ssh.rb
|
87
|
+
- lib/orthrus/ssh/agent.rb
|
88
|
+
- lib/orthrus/ssh/buffer.rb
|
89
|
+
- lib/orthrus/ssh/dsa.rb
|
90
|
+
- lib/orthrus/ssh/http_agent.rb
|
91
|
+
- lib/orthrus/ssh/key.rb
|
92
|
+
- lib/orthrus/ssh/public_key_set.rb
|
93
|
+
- lib/orthrus/ssh/rack_app.rb
|
94
|
+
- lib/orthrus/ssh/rsa.rb
|
95
|
+
- lib/orthrus/ssh/utils.rb
|
96
|
+
- test/data/authorized_keys
|
97
|
+
- test/data/id_dsa
|
98
|
+
- test/data/id_dsa.pub
|
99
|
+
- test/data/id_rsa
|
100
|
+
- test/data/id_rsa.pub
|
101
|
+
- test/sessions.rb
|
102
|
+
- test/test_orthrus_ssh_agent.rb
|
103
|
+
- test/test_orthrus_ssh_dsa.rb
|
104
|
+
- test/test_orthrus_ssh_http_agent.rb
|
105
|
+
- test/test_orthrus_ssh_public_key_set.rb
|
106
|
+
- test/test_orthrus_ssh_rackapp.rb
|
107
|
+
- test/test_orthrus_ssh_rsa.rb
|
108
|
+
- .gemtest
|
109
|
+
homepage: http://github.com/evanphx/orthrus
|
110
|
+
licenses: []
|
111
|
+
|
112
|
+
post_install_message:
|
113
|
+
rdoc_options:
|
114
|
+
- --main
|
115
|
+
- README.txt
|
116
|
+
require_paths:
|
117
|
+
- lib
|
118
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
119
|
+
none: false
|
120
|
+
requirements:
|
121
|
+
- - ">="
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
hash: 3
|
124
|
+
segments:
|
125
|
+
- 0
|
126
|
+
version: "0"
|
127
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
128
|
+
none: false
|
129
|
+
requirements:
|
130
|
+
- - ">="
|
131
|
+
- !ruby/object:Gem::Version
|
132
|
+
hash: 3
|
133
|
+
segments:
|
134
|
+
- 0
|
135
|
+
version: "0"
|
136
|
+
requirements: []
|
137
|
+
|
138
|
+
rubyforge_project: orthrus-ssh
|
139
|
+
rubygems_version: 1.8.18
|
140
|
+
signing_key:
|
141
|
+
specification_version: 3
|
142
|
+
summary: A user authentication system built on SSH's key
|
143
|
+
test_files:
|
144
|
+
- test/test_orthrus_ssh_agent.rb
|
145
|
+
- test/test_orthrus_ssh_dsa.rb
|
146
|
+
- test/test_orthrus_ssh_http_agent.rb
|
147
|
+
- test/test_orthrus_ssh_public_key_set.rb
|
148
|
+
- test/test_orthrus_ssh_rackapp.rb
|
149
|
+
- test/test_orthrus_ssh_rsa.rb
|