pcp-client 0.3.1 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/lib/pcp/client.rb +62 -3
  2. metadata +22 -15
  3. checksums.yaml +0 -7
@@ -3,6 +3,52 @@ require 'faye/websocket'
3
3
  require 'pcp/message'
4
4
  require 'logger'
5
5
 
6
+ # So EventMachine when you specify :verify_peer => true in the TLS
7
+ # options decides what that means is it should just fire off a
8
+ # #ssl_verify_peer(cert) on the Connection object; which is expected
9
+ # to be user-supplied. In this case the user is
10
+ # Faye::Websocket::Client::Connection, so we monkey-patch it to have a
11
+ # #ssl_verify_peer method.
12
+
13
+ module Faye
14
+ class WebSocket
15
+ class Client
16
+ module Connection
17
+ def ssl_verify_peer(cert)
18
+ # The :@socket_tls instance variable of
19
+ # Faye::Websocket::Client is passed to tls_start, so we can
20
+ # get parameters from there.
21
+ start_tls_options = parent.instance_variable_get(:@socket_tls)
22
+ logger = start_tls_options[:xxx_logger]
23
+ logger.debug { [:ssl_verify_peer] }
24
+
25
+ peer_cert = OpenSSL::X509::Certificate.new cert
26
+
27
+ hostname = start_tls_options[:xxx_hostname]
28
+ if !OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
29
+ logger.error { [:ssl_verify_peer, :fail,
30
+ "Certificate presented does not match '#{hostname}'"] }
31
+ return false
32
+ end
33
+
34
+ ssl_ca_cert = start_tls_options[:xxx_ssl_ca_cert]
35
+ cert_store = OpenSSL::X509::Store.new
36
+ cert_store.add_file ssl_ca_cert
37
+
38
+ if !cert_store.verify(peer_cert)
39
+ logger.error { [:ssl_verify_peer, :ca_verify_failed,
40
+ "Peer certificate not verified by ca"] }
41
+ return false
42
+ end
43
+
44
+ logger.debug { [:ssl_verify_peer, :success] }
45
+ return true
46
+ end
47
+ end
48
+ end
49
+ end
50
+ end
51
+
6
52
  module PCP
7
53
  # Manages a client connection to a pcp broker
8
54
  class Client
@@ -27,6 +73,7 @@ module PCP
27
73
  @server = params[:server] || 'wss://localhost:8142/pcp'
28
74
  @ssl_key = params[:ssl_key]
29
75
  @ssl_cert = params[:ssl_cert]
76
+ @ssl_ca_cert = params[:ssl_ca_cert]
30
77
  @logger = params[:logger] || Logger.new(STDOUT)
31
78
  @logger.level = params[:loglevel] || Logger::WARN
32
79
  @connection = nil
@@ -53,9 +100,21 @@ module PCP
53
100
  @logger.debug { [:connect, :scheduling] }
54
101
  EM.next_tick do
55
102
  @logger.debug { [:connect, @server] }
56
- @connection = Faye::WebSocket::Client.new(@server, nil, {:tls => {:private_key_file => @ssl_key,
57
- :cert_chain_file => @ssl_cert,
58
- :ssl_version => ["TLSv1", "TLSv1_1", "TLSv1_2"]}})
103
+
104
+ start_tls_options = {
105
+ :ssl_version => ["TLSv1", "TLSv1_1", "TLSv1_2"],
106
+ :private_key_file => @ssl_key,
107
+ :cert_chain_file => @ssl_cert,
108
+ :verify_peer => true,
109
+ :fail_if_no_peer_cert => true,
110
+ # side-channeled properties we want around during ssl
111
+ # verification are prefixed with xxx_.
112
+ :xxx_logger => @logger,
113
+ :xxx_ssl_ca_cert => @ssl_ca_cert,
114
+ :xxx_hostname => URI.parse(@server).host,
115
+ }
116
+
117
+ @connection = Faye::WebSocket::Client.new(@server, nil, {:tls => start_tls_options})
59
118
 
60
119
  @connection.on :open do |event|
61
120
  begin
metadata CHANGED
@@ -1,55 +1,62 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pcp-client
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.4.0
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Puppet Labs
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2016-04-06 00:00:00.000000000 Z
12
+ date: 2016-04-18 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: eventmachine
15
16
  requirement: !ruby/object:Gem::Requirement
17
+ none: false
16
18
  requirements:
17
- - - "~>"
19
+ - - ~>
18
20
  - !ruby/object:Gem::Version
19
21
  version: '1.2'
20
22
  type: :runtime
21
23
  prerelease: false
22
24
  version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
23
26
  requirements:
24
- - - "~>"
27
+ - - ~>
25
28
  - !ruby/object:Gem::Version
26
29
  version: '1.2'
27
30
  - !ruby/object:Gem::Dependency
28
31
  name: faye-websocket
29
32
  requirement: !ruby/object:Gem::Requirement
33
+ none: false
30
34
  requirements:
31
- - - "~>"
35
+ - - ~>
32
36
  - !ruby/object:Gem::Version
33
37
  version: '0.10'
34
38
  type: :runtime
35
39
  prerelease: false
36
40
  version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
37
42
  requirements:
38
- - - "~>"
43
+ - - ~>
39
44
  - !ruby/object:Gem::Version
40
45
  version: '0.10'
41
46
  - !ruby/object:Gem::Dependency
42
47
  name: rschema
43
48
  requirement: !ruby/object:Gem::Requirement
49
+ none: false
44
50
  requirements:
45
- - - "~>"
51
+ - - ~>
46
52
  - !ruby/object:Gem::Version
47
53
  version: '1.3'
48
54
  type: :runtime
49
55
  prerelease: false
50
56
  version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
51
58
  requirements:
52
- - - "~>"
59
+ - - ~>
53
60
  - !ruby/object:Gem::Version
54
61
  version: '1.3'
55
62
  description: See https://github.com/puppetlabs/pcp-specifications
@@ -58,34 +65,34 @@ executables: []
58
65
  extensions: []
59
66
  extra_rdoc_files: []
60
67
  files:
61
- - lib/pcp.rb
62
68
  - lib/pcp/client.rb
63
69
  - lib/pcp/message.rb
64
70
  - lib/pcp/protocol.rb
65
71
  - lib/pcp/simple_logger.rb
72
+ - lib/pcp.rb
66
73
  homepage: https://github.com/puppetlabs/ruby-pcp-client
67
74
  licenses:
68
75
  - ASL 2.0
69
- metadata: {}
70
76
  post_install_message:
71
77
  rdoc_options: []
72
78
  require_paths:
73
79
  - lib
74
80
  required_ruby_version: !ruby/object:Gem::Requirement
81
+ none: false
75
82
  requirements:
76
- - - ">="
83
+ - - ! '>='
77
84
  - !ruby/object:Gem::Version
78
85
  version: '0'
79
86
  required_rubygems_version: !ruby/object:Gem::Requirement
87
+ none: false
80
88
  requirements:
81
- - - ">="
89
+ - - ! '>='
82
90
  - !ruby/object:Gem::Version
83
91
  version: '0'
84
92
  requirements: []
85
93
  rubyforge_project:
86
- rubygems_version: 2.2.5
94
+ rubygems_version: 1.8.23.2
87
95
  signing_key:
88
- specification_version: 4
96
+ specification_version: 3
89
97
  summary: Client library for PCP
90
98
  test_files: []
91
- has_rdoc:
checksums.yaml DELETED
@@ -1,7 +0,0 @@
1
- ---
2
- SHA1:
3
- metadata.gz: 8e54ff97949557ad0a4e596e76413517081ccd81
4
- data.tar.gz: a0cea4f3e5409621326c214867455342bb268a55
5
- SHA512:
6
- metadata.gz: 90899dbd9a381d8e9fcdc43a679fb17667c60e354e7a8b8f2b1d0e31e565c5454b9d3d5b4243bea3df85d706e15798afc33c4326b2bedc995d050b7e9f556e2f
7
- data.tar.gz: 43ed81721fbfd41efefd81c7c929b5da7ac464fbe174b2b19ef4f9ad1ae8433cd6e6d2c7133f30d6d1fab660227e20f799f07d5b4e9c700f850881032da41eef