owlet 0.1.1

data/.gitignore

@@ -0,0 +1,9 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+spec/fixtures/*.alulaextz
+spec/fixtures/*.alulathmz
+/spec/reports/
+/spec/fixtures/fixture.alulaextz
+/spec/fixtures/fixture.alulathmz

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in owlet.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,6 @@
+guard 'rspec', :version => 2, :cli => "--color --format documentation" do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^lib/(.+)/(.+)\.rb$})     { |m| "spec/#{m[1]}/#{m[2]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end

data/README.md

@@ -0,0 +1,17 @@
+# Owlet
+
+Owlet is a package system for Alula extensions and themes. Using custom packages for extensions
+gives benefits of easier distribution, downloading and management. Using single file packages
+it is easy to upload required extensions and themes directly to the server from your computer.
+
+In addition, all Owlets are digitally signed to make sure that package is not altered in any ways.
+
+## Technical
+
+Basically Owlets are simple ZIP files which as `_Signature` file as addition.
+Signature file is simple YAML file, which contains signatures in base64 encoded
+for all files that are in package, as well public certificate that was used
+in signing process.
+
+Owlets can be signed more than once, every additional signing round adds more signatures and
+public key. While verifying packages, all signatures must match to public keys.

data/Rakefile

@@ -0,0 +1,9 @@
+require 'bundler/gem_tasks'
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+require 'rubygems'
+require 'ci/reporter/rake/rspec'

data/bin/owlet

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+$LOAD_PATH.unshift File.join(File.dirname(__FILE__), '..', 'lib')
+
+require 'owlet/cli'
+
+Owlet::CLI.start

data/lib/owlet/cli.rb

@@ -0,0 +1,38 @@
+require 'thor'
+require 'owlet'
+
+module Owlet
+  class CLI < Thor
+    # Signing operations
+    desc "sign PACKAGE", "Signs Owlet package with supplied key."
+    method_option :key, :required => true, :description => "Private and public key to be used for signing. Must be in PKCS12 format."
+    def sign(package)
+      Owlet::Signer.sign_package(package, options[:key])
+    end
+
+    desc "verify PACKAGE", "Verifies Alula extension or theme"
+    def verify(package)
+      begin
+        Owlet::Signer.verify_package(package)
+        puts "Verify OK."
+      rescue
+        puts "Verify FAILED."
+      end
+    end
+    
+    # Packaking operations
+    desc "package DIRECTORY", "Create owlet package from given directory."
+    method_option :key
+    def package(dir)
+      pkg = Owlet::Package.create_from_dir(dir)
+      if (options[:key] and pkg)
+        Owlet::Signer.sign_package(pkg, options[:key])
+      end
+    end
+    
+    desc "extract PACKAGE [DIR]", "Extracts contents of given package, optionally to given directory"
+    def extract(package, dir = ".")
+      Owlet::Package.extract(package, dir)
+    end
+  end
+end

data/lib/owlet/package.rb

@@ -0,0 +1,35 @@
+require 'zip/zip'
+
+module Owlet
+  class Package
+    
+    def self.create(args = {})
+      source = args[:source]
+      
+      # Validate source
+      unless File.directory?(source)
+        raise "Invalid source directory."
+      end
+      
+      ext = File.extname(source)
+      dest_ext = case ext[1..-1]
+      when "alulaextension"
+        "alulaextz"
+      when "alulatheme"
+        "alulathmz"
+      else
+        raise "Unknown owlet type."
+      end
+      destination = args[:destination] || File.join(File.dirname(source), "#{File.basename(source, ext)}.#{dest_ext}")
+      
+      Zip::ZipFile.open(destination, Zip::ZipFile::CREATE) do |zip|
+        Dir.glob("#{source}/**/*").each do |entry|
+          zip.add(entry.gsub("#{source}/", ''), entry)
+        end
+      end
+      
+      # All done
+      return destination
+    end
+  end
+end

data/lib/owlet/signer.rb

@@ -0,0 +1,104 @@
+require 'openssl'
+require 'base64'
+
+module Owlet
+  class Signer
+    # Sign arbitary data using private_key
+    # Return Base 64 (RFC 4648) encoded signature
+    def self.sign(data, private_key)
+      Base64.encode64(private_key.sign(OpenSSL::Digest::SHA256.new, data)).gsub(/\n/, '')
+    end
+    
+    # Verify arbitary data against given signature and public key.
+    # Signature must be Base64 encoded, RFC 4648 compliat.
+    def self.verify(data, signature, public_key)
+      public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(signature).gsub(/\n/, ''), data)
+    end
+    
+    def self.list_certificates(package)
+      # Check that package exists.
+      raise "Cannot file package #{package}" unless File.exists?(package)
+      
+      sig_data = Zip::ZipFile.open(package) do |zip|
+        entry = zip.find_entry("_Signature")
+        unless entry.nil?
+          YAML.load(entry.get_input_stream.read)
+        else
+          {:certificates => []}
+        end
+      end
+      
+      sig_data[:certificates]
+    end
+    
+    # Signs given package with PKCS12 file
+    # p12 is either OpenSSL::PKCS!@ or file
+    def self.sign_package(package, p12)
+      # Get private key
+      unless p12.kind_of? OpenSSL::PKCS12
+        p12 = OpenSSL::PKCS12.new(File.read(p12))
+      end
+      
+      raise "Cannot find package #{package}" unless File.exists?(package)
+      
+      # Initialize signature data
+      sig_data = { :signatures => {}, :certificates => []}
+      
+      # Open and sign files
+      Zip::ZipFile.open(package) do |zip|
+        sig_meta = zip.find_entry("_Signature")
+        unless sig_meta.nil?
+          sig_data = YAML.load(sig_meta.get_input_stream.read)
+        end
+        
+        zip.each do |entry|
+          data = entry.get_input_stream.read
+          next if data.nil?
+          
+          sig_data[:signatures][entry.name] ||= []
+          sig_data[:signatures][entry.name].push sign(data, p12.key)
+        end
+        
+        sig_data[:certificates].push p12.certificate.to_pem
+        
+        zip.get_output_stream("_Signature") do |io|
+          io.puts sig_data.to_yaml
+        end
+      end
+      
+      true
+    end
+    
+    def self.verify_package(package)
+      raise "Cannot find package #{package}" unless File.exists?(package)
+      
+      Zip::ZipFile.open(package) do |zip|
+        entry = zip.find_entry("_Signature")
+        raise "Package not signed." if entry.nil?
+        
+        sig_data = YAML.load(entry.get_input_stream.read)
+        sig_data[:certificates].map! { |c| OpenSSL::X509::Certificate.new(c) }
+        
+        zip.each do |entry|
+          next if entry.name == "_Signature"
+          
+          # Check for all certificates
+          sig_data[:certificates].each_index do |i|
+            data = entry.get_input_stream.read
+            next if data.nil?
+            
+            if sig_data[:signatures][entry.name].nil? or sig_data[:signatures][entry.name][i].nil?
+              raise "Cannot find signature for #{entry.name}"
+            end
+            
+            unless verify(data, sig_data[:signatures][entry.name][i], sig_data[:certificates][i].public_key)
+              raise "Signature for #{entry.name} for certicate #{sig_data[:certificates][i].subject} failed."
+            end
+          end
+        end
+      end
+      
+      return true
+    end
+  end
+end

data/lib/owlet/version.rb

@@ -0,0 +1,3 @@
+module Owlet
+  VERSION = "0.1.1"
+end

data/lib/owlet.rb

@@ -0,0 +1,6 @@
+require "owlet/version"
+
+module Owlet
+  autoload :Package, 'owlet/package'
+  autoload :Signer, 'owlet/signer'
+end

data/owlet.gemspec

@@ -0,0 +1,28 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "owlet/version"
+
+Gem::Specification.new do |s|
+  s.name        = "owlet"
+  s.version     = Owlet::VERSION
+  s.authors     = ["Mikko Kokkonen"]
+  s.email       = ["mikko@mikian.com"]
+  s.homepage    = "http://alula.in/owlet"
+  s.summary     = %q{Owlet is a packaging system for distributing extensions and themes for Alula Engine}
+  s.description = %q{Use Owlet library to create and alter and gather information about owlets.}
+
+  s.rubyforge_project = "owlet"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency 'thor'
+  s.add_dependency 'rubyzip'
+
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'guard-rspec'
+  s.add_development_dependency 'ci_reporter'
+end

data/spec/fixtures/fixture.alulaextension/init.rb

@@ -0,0 +1,25 @@
+extension "GoSquared"
+
+description "GoSquared - real-time web analytics"
+
+configuration do
+  desc "Site Token for your site"
+  option :token, :type => String
+end
+
+analytics :position => :body_bottom, do |c|
+  <<<-EOD
+  <script type="text/javascript">
+      var GoSquared={};
+      GoSquared.acct = "#{c.token}";
+      (function(w){
+          function gs(){
+              w._gstc_lt=+(new Date); var d=document;
+              var g = d.createElement("script"); g.type = "text/javascript"; g.async = true; g.src = "//d1l6p2sc9645hc.cloudfront.net/tracker.js";
+              var s = d.getElementsByTagName("script")[0]; s.parentNode.insertBefore(g, s);
+          }
+          w.addEventListener?w.addEventListener("load",gs,false):w.attachEvent("onload",gs);
+      })(window);
+  </script>
+  EOD
+end

data/spec/fixtures/fixture.alulatheme/init.rb

@@ -0,0 +1,8 @@
+theme "fixture"
+
+description "Fixture theme for Alula"
+
+configuration do
+  desc "Header logo"
+  option :header, :type => :image, :size => [960, 80]
+end

data/spec/fixtures/fixture.alulatheme/javascripts/application.js.coffeescript

@@ -0,0 +1 @@
+alert("Hello World!")

data/spec/fixtures/fixture.alulatheme/stylesheets/application.css.scss

@@ -0,0 +1,5 @@
+$background: #efefef;
+
+body {
+	background-color: $background;
+}

data/spec/owlet/package_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+describe Owlet::Package do
+  let(:fixture_path) { fixture_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "fixtures")) }
+
+  before(:all) do
+    %w{fixture.alulaextz fixture.alulathmz}.each do |fixture|
+      File.unlink(File.join(fixture_path, fixture)) if File.exists?(File.join(fixture_path, fixture))
+    end
+  end
+    
+  it "should raise error for invalid source path" do
+    lambda { Owlet::Package.create(:source => File.join(fixture_path, "missing_path")) }.should raise_error("Invalid source directory.")
+  end
+  
+  it "should create a package from extension" do
+    pkg = Owlet::Package.create(:source => File.join(fixture_path, "fixture.alulaextension"))
+    pkg.should eq(File.join(fixture_path, "fixture.alulaextz"))
+  end
+  
+  it "should create package from theme" do
+    pkg = Owlet::Package.create(:source => File.join(fixture_path, "fixture.alulatheme"))
+    pkg.should eq(File.join(fixture_path, "fixture.alulathmz"))
+  end
+end

data/spec/owlet/signer_spec.rb

@@ -0,0 +1,91 @@
+require 'spec_helper'
+
+describe Owlet::Signer do
+  let(:fixture_path) { fixture_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "fixtures")) }
+
+  context "Helper Methods" do
+    let(:first_p12) { OpenSSL::PKCS12.new(File.read(File.join(fixture_path, "first.p12"))) }
+    let(:pleco_p12) { OpenSSL::PKCS12.new(File.read(File.join(fixture_path, "pleco.p12"))) }
+    let(:first_signature) { "lu2zFctrv7ssmcudjTVNoj9xS47GpMsYBxF8tQVhXnpOBXIM/7TuY+ZpHkxUqzgWssJdrUqLpC6t9OoUyLbUOU2HI4aNdmwOHv3XmpuIazmELEz/aCbwuCnwIAw6YtQiF14GQhUqR2A/6LE9ZB3+bKBDuxSMRY9WbRHELjoeXyg=" }
+    
+    it "should sign data" do
+      # Load private key
+      data = "aaaa/bbbb/cccc"
+      signature = Owlet::Signer.sign(data, first_p12.key)
+    
+      signature.should == first_signature
+    end
+  
+    it "should verify data" do
+      data = "aaaa/bbbb/cccc"
+
+      Owlet::Signer.verify(data, first_signature, first_p12.certificate.public_key).should be_true
+    end
+
+    it "should not verify invalid data" do
+      data = "aaaa/bbbb/cccc/dddd"
+
+      Owlet::Signer.verify(data, first_signature, first_p12.certificate.public_key).should be_false
+    end
+
+    it "should not verify with wrong public key" do
+      data = "aaaa/bbbb/cccc"
+
+      Owlet::Signer.verify(data, first_signature, pleco_p12.certificate.public_key).should be_false
+    end
+  end
+  
+  context "Package" do
+    let(:first_p12) { OpenSSL::PKCS12.new(File.read(File.join(fixture_path, "first.p12"))) }
+    let(:pleco_p12) { OpenSSL::PKCS12.new(File.read(File.join(fixture_path, "pleco.p12"))) }
+    
+    before(:each) do
+      # Create package
+      File.unlink(File.join(fixture_path, "fixture.alulaextz")) if File.exists?(File.join(fixture_path, "fixture.alulaextz"))
+      @pkg = Owlet::Package.create(:source => File.join(fixture_path, "fixture.alulaextension"))
+    end
+    
+    it "should have no certificates" do
+      signatures = Owlet::Signer.list_certificates(@pkg)
+      signatures.should be_empty
+    end
+    
+    it "should be signed succesfully" do
+      Owlet::Signer.sign_package(@pkg, first_p12).should be_true
+    end
+
+    it "should have one certificate" do
+      Owlet::Signer.sign_package(@pkg, first_p12).should be_true
+      signatures = Owlet::Signer.list_certificates(@pkg)
+      signatures[0].should_not be_nil
+      cert = OpenSSL::X509::Certificate.new(signatures[0])
+      cert.subject.to_s.should == "/O=Owl Forestry/CN=Alula Extension"
+      signatures[1].should be_nil
+    end
+    
+    it "should verify signed package" do
+      Owlet::Signer.sign_package(@pkg, first_p12).should be_true
+      Owlet::Signer.verify_package(@pkg).should be_true
+    end
+    
+    it "should signed twice" do
+      Owlet::Signer.sign_package(@pkg, first_p12).should be_true
+      Owlet::Signer.sign_package(@pkg, pleco_p12).should be_true
+      signatures = Owlet::Signer.list_certificates(@pkg)
+      signatures[1].should_not be_nil
+      cert = OpenSSL::X509::Certificate.new(signatures[1])
+      cert.subject.to_s.should == "/O=Owl Forestry/CN=Alula Pleco - Extension"      
+    end
+    
+    it "should fail with modified package" do
+      Owlet::Signer.sign_package(@pkg, first_p12).should be_true
+      Zip::ZipFile.open(@pkg) do |zip|
+        zip.get_output_stream("init.rb") do |io|
+          io.puts "# Fail this thanks."
+        end
+      end
+      
+      lambda { Owlet::Signer.verify_package(@pkg)}.should raise_error "Signature for init.rb for certicate /O=Owl Forestry/CN=Alula Extension failed."
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,12 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rspec'
+require 'owlet'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  
+end

metadata

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: owlet
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+  prerelease: 
+platform: ruby
+authors:
+- Mikko Kokkonen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-08-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: &70162863022180 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70162863022180
+- !ruby/object:Gem::Dependency
+  name: rubyzip
+  requirement: &70162863021740 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70162863021740
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &70162863021240 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70162863021240
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70162863020600 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70162863020600
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: &70162863019940 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70162863019940
+- !ruby/object:Gem::Dependency
+  name: ci_reporter
+  requirement: &70162863019520 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70162863019520
+description: Use Owlet library to create and alter and gather information about owlets.
+email:
+- mikko@mikian.com
+executables:
+- owlet
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Guardfile
+- README.md
+- Rakefile
+- bin/owlet
+- lib/owlet.rb
+- lib/owlet/cli.rb
+- lib/owlet/package.rb
+- lib/owlet/signer.rb
+- lib/owlet/version.rb
+- owlet.gemspec
+- spec/fixtures/first.p12
+- spec/fixtures/fixture.alulaextension/init.rb
+- spec/fixtures/fixture.alulatheme/init.rb
+- spec/fixtures/fixture.alulatheme/javascripts/application.js.coffeescript
+- spec/fixtures/fixture.alulatheme/stylesheets/application.css.scss
+- spec/fixtures/pleco.p12
+- spec/owlet/cli_spec.rb
+- spec/owlet/package_spec.rb
+- spec/owlet/signer_spec.rb
+- spec/spec_helper.rb
+homepage: http://alula.in/owlet
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: owlet
+rubygems_version: 1.8.6
+signing_key: 
+specification_version: 3
+summary: Owlet is a packaging system for distributing extensions and themes for Alula
+  Engine
+test_files:
+- spec/fixtures/first.p12
+- spec/fixtures/fixture.alulaextension/init.rb
+- spec/fixtures/fixture.alulatheme/init.rb
+- spec/fixtures/fixture.alulatheme/javascripts/application.js.coffeescript
+- spec/fixtures/fixture.alulatheme/stylesheets/application.css.scss
+- spec/fixtures/pleco.p12
+- spec/owlet/cli_spec.rb
+- spec/owlet/package_spec.rb
+- spec/owlet/signer_spec.rb
+- spec/spec_helper.rb