pcp-client 0.3.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/pcp/client.rb +62 -3
- metadata +22 -15
- checksums.yaml +0 -7
data/lib/pcp/client.rb
CHANGED
|
@@ -3,6 +3,52 @@ require 'faye/websocket'
|
|
|
3
3
|
require 'pcp/message'
|
|
4
4
|
require 'logger'
|
|
5
5
|
|
|
6
|
+
# So EventMachine when you specify :verify_peer => true in the TLS
|
|
7
|
+
# options decides what that means is it should just fire off a
|
|
8
|
+
# #ssl_verify_peer(cert) on the Connection object; which is expected
|
|
9
|
+
# to be user-supplied. In this case the user is
|
|
10
|
+
# Faye::Websocket::Client::Connection, so we monkey-patch it to have a
|
|
11
|
+
# #ssl_verify_peer method.
|
|
12
|
+
|
|
13
|
+
module Faye
|
|
14
|
+
class WebSocket
|
|
15
|
+
class Client
|
|
16
|
+
module Connection
|
|
17
|
+
def ssl_verify_peer(cert)
|
|
18
|
+
# The :@socket_tls instance variable of
|
|
19
|
+
# Faye::Websocket::Client is passed to tls_start, so we can
|
|
20
|
+
# get parameters from there.
|
|
21
|
+
start_tls_options = parent.instance_variable_get(:@socket_tls)
|
|
22
|
+
logger = start_tls_options[:xxx_logger]
|
|
23
|
+
logger.debug { [:ssl_verify_peer] }
|
|
24
|
+
|
|
25
|
+
peer_cert = OpenSSL::X509::Certificate.new cert
|
|
26
|
+
|
|
27
|
+
hostname = start_tls_options[:xxx_hostname]
|
|
28
|
+
if !OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
|
29
|
+
logger.error { [:ssl_verify_peer, :fail,
|
|
30
|
+
"Certificate presented does not match '#{hostname}'"] }
|
|
31
|
+
return false
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
ssl_ca_cert = start_tls_options[:xxx_ssl_ca_cert]
|
|
35
|
+
cert_store = OpenSSL::X509::Store.new
|
|
36
|
+
cert_store.add_file ssl_ca_cert
|
|
37
|
+
|
|
38
|
+
if !cert_store.verify(peer_cert)
|
|
39
|
+
logger.error { [:ssl_verify_peer, :ca_verify_failed,
|
|
40
|
+
"Peer certificate not verified by ca"] }
|
|
41
|
+
return false
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
logger.debug { [:ssl_verify_peer, :success] }
|
|
45
|
+
return true
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
6
52
|
module PCP
|
|
7
53
|
# Manages a client connection to a pcp broker
|
|
8
54
|
class Client
|
|
@@ -27,6 +73,7 @@ module PCP
|
|
|
27
73
|
@server = params[:server] || 'wss://localhost:8142/pcp'
|
|
28
74
|
@ssl_key = params[:ssl_key]
|
|
29
75
|
@ssl_cert = params[:ssl_cert]
|
|
76
|
+
@ssl_ca_cert = params[:ssl_ca_cert]
|
|
30
77
|
@logger = params[:logger] || Logger.new(STDOUT)
|
|
31
78
|
@logger.level = params[:loglevel] || Logger::WARN
|
|
32
79
|
@connection = nil
|
|
@@ -53,9 +100,21 @@ module PCP
|
|
|
53
100
|
@logger.debug { [:connect, :scheduling] }
|
|
54
101
|
EM.next_tick do
|
|
55
102
|
@logger.debug { [:connect, @server] }
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
103
|
+
|
|
104
|
+
start_tls_options = {
|
|
105
|
+
:ssl_version => ["TLSv1", "TLSv1_1", "TLSv1_2"],
|
|
106
|
+
:private_key_file => @ssl_key,
|
|
107
|
+
:cert_chain_file => @ssl_cert,
|
|
108
|
+
:verify_peer => true,
|
|
109
|
+
:fail_if_no_peer_cert => true,
|
|
110
|
+
# side-channeled properties we want around during ssl
|
|
111
|
+
# verification are prefixed with xxx_.
|
|
112
|
+
:xxx_logger => @logger,
|
|
113
|
+
:xxx_ssl_ca_cert => @ssl_ca_cert,
|
|
114
|
+
:xxx_hostname => URI.parse(@server).host,
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
@connection = Faye::WebSocket::Client.new(@server, nil, {:tls => start_tls_options})
|
|
59
118
|
|
|
60
119
|
@connection.on :open do |event|
|
|
61
120
|
begin
|
metadata
CHANGED
|
@@ -1,55 +1,62 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pcp-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
7
|
authors:
|
|
7
8
|
- Puppet Labs
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|
|
11
|
-
date: 2016-04-
|
|
12
|
+
date: 2016-04-18 00:00:00.000000000 Z
|
|
12
13
|
dependencies:
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: eventmachine
|
|
15
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
16
18
|
requirements:
|
|
17
|
-
- -
|
|
19
|
+
- - ~>
|
|
18
20
|
- !ruby/object:Gem::Version
|
|
19
21
|
version: '1.2'
|
|
20
22
|
type: :runtime
|
|
21
23
|
prerelease: false
|
|
22
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
23
26
|
requirements:
|
|
24
|
-
- -
|
|
27
|
+
- - ~>
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
26
29
|
version: '1.2'
|
|
27
30
|
- !ruby/object:Gem::Dependency
|
|
28
31
|
name: faye-websocket
|
|
29
32
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
30
34
|
requirements:
|
|
31
|
-
- -
|
|
35
|
+
- - ~>
|
|
32
36
|
- !ruby/object:Gem::Version
|
|
33
37
|
version: '0.10'
|
|
34
38
|
type: :runtime
|
|
35
39
|
prerelease: false
|
|
36
40
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
37
42
|
requirements:
|
|
38
|
-
- -
|
|
43
|
+
- - ~>
|
|
39
44
|
- !ruby/object:Gem::Version
|
|
40
45
|
version: '0.10'
|
|
41
46
|
- !ruby/object:Gem::Dependency
|
|
42
47
|
name: rschema
|
|
43
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
44
50
|
requirements:
|
|
45
|
-
- -
|
|
51
|
+
- - ~>
|
|
46
52
|
- !ruby/object:Gem::Version
|
|
47
53
|
version: '1.3'
|
|
48
54
|
type: :runtime
|
|
49
55
|
prerelease: false
|
|
50
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
none: false
|
|
51
58
|
requirements:
|
|
52
|
-
- -
|
|
59
|
+
- - ~>
|
|
53
60
|
- !ruby/object:Gem::Version
|
|
54
61
|
version: '1.3'
|
|
55
62
|
description: See https://github.com/puppetlabs/pcp-specifications
|
|
@@ -58,34 +65,34 @@ executables: []
|
|
|
58
65
|
extensions: []
|
|
59
66
|
extra_rdoc_files: []
|
|
60
67
|
files:
|
|
61
|
-
- lib/pcp.rb
|
|
62
68
|
- lib/pcp/client.rb
|
|
63
69
|
- lib/pcp/message.rb
|
|
64
70
|
- lib/pcp/protocol.rb
|
|
65
71
|
- lib/pcp/simple_logger.rb
|
|
72
|
+
- lib/pcp.rb
|
|
66
73
|
homepage: https://github.com/puppetlabs/ruby-pcp-client
|
|
67
74
|
licenses:
|
|
68
75
|
- ASL 2.0
|
|
69
|
-
metadata: {}
|
|
70
76
|
post_install_message:
|
|
71
77
|
rdoc_options: []
|
|
72
78
|
require_paths:
|
|
73
79
|
- lib
|
|
74
80
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
81
|
+
none: false
|
|
75
82
|
requirements:
|
|
76
|
-
- -
|
|
83
|
+
- - ! '>='
|
|
77
84
|
- !ruby/object:Gem::Version
|
|
78
85
|
version: '0'
|
|
79
86
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
87
|
+
none: false
|
|
80
88
|
requirements:
|
|
81
|
-
- -
|
|
89
|
+
- - ! '>='
|
|
82
90
|
- !ruby/object:Gem::Version
|
|
83
91
|
version: '0'
|
|
84
92
|
requirements: []
|
|
85
93
|
rubyforge_project:
|
|
86
|
-
rubygems_version:
|
|
94
|
+
rubygems_version: 1.8.23.2
|
|
87
95
|
signing_key:
|
|
88
|
-
specification_version:
|
|
96
|
+
specification_version: 3
|
|
89
97
|
summary: Client library for PCP
|
|
90
98
|
test_files: []
|
|
91
|
-
has_rdoc:
|
checksums.yaml
DELETED
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
SHA1:
|
|
3
|
-
metadata.gz: 8e54ff97949557ad0a4e596e76413517081ccd81
|
|
4
|
-
data.tar.gz: a0cea4f3e5409621326c214867455342bb268a55
|
|
5
|
-
SHA512:
|
|
6
|
-
metadata.gz: 90899dbd9a381d8e9fcdc43a679fb17667c60e354e7a8b8f2b1d0e31e565c5454b9d3d5b4243bea3df85d706e15798afc33c4326b2bedc995d050b7e9f556e2f
|
|
7
|
-
data.tar.gz: 43ed81721fbfd41efefd81c7c929b5da7ac464fbe174b2b19ef4f9ad1ae8433cd6e6d2c7133f30d6d1fab660227e20f799f07d5b4e9c700f850881032da41eef
|