puffing-billy 0.10.1 → 0.11.0

data/lib/billy/ssl/certificate_chain.rb

@@ -0,0 +1,41 @@
+# encoding: utf-8
+# frozen_string_literal: true
+
+require 'fileutils'
+
+module Billy
+  # This class is dedicated to the generation of a certificate chain in the
+  # PEM format. Fortunately we just have to concatenate the given certificates
+  # in the given order and write them to temporary file which will last until
+  # the current process terminates.
+  #
+  # We do not have to generate a certificate chain to make puffing billy work
+  # on modern browser like Chrome 59+ or Firefox 55+, but its good to ship it
+  # anyways. This mimics the behaviour of the mighty mitmproxy.
+  class CertificateChain
+    include Billy::CertificateHelpers
+
+    attr_reader :certificates, :domain
+
+    # Just pass all certificates into the new instance. We use the variadic
+    # argument feature here to ease the usage and improve the readability.
+    #
+    # Example:
+    #
+    #   certs_chain_file = Billy::CertificateChain.new('localhost',
+    #                                                  cert1,
+    #                                                  cert2, ..).file
+    def initialize(domain, *certs)
+      @domain = domain
+      @certificates = [certs].flatten
+    end
+
+    # Write out the certificates chain file and pass the path back. This will
+    # produce a temporary file which will be remove after the current process
+    # terminates.
+    def file
+      contents = certificates.map { |cert| cert.to_pem }.join
+      write_file("chain-#{domain}.pem", contents)
+    end
+  end
+end

data/lib/billy/ssl/certificate_helpers.rb

@@ -0,0 +1,36 @@
+# encoding: utf-8
+# frozen_string_literal: true
+
+require 'openssl'
+require 'fileutils'
+
+module Billy
+  # A set of common certificate helper methods.
+  module CertificateHelpers
+
+    # Give back the date from now plus given days.
+    def days_from_now(days)
+      Time.now + (days * 24 * 60 * 60)
+    end
+
+    # Give back the date from now minus given days.
+    def days_ago(days)
+      Time.now - (days * 24 * 60 * 60)
+    end
+
+    # Generate a random serial number for a certificate.
+    def serial
+      rand(1_000_000..100_000_000_000)
+    end
+
+    # Create/Overwrite a new file with the given name
+    # and ensure the location is safely created. Pass
+    # back the resulting path.
+    def write_file(name, contents)
+      path = File.join(Billy.config.certs_path, name)
+      FileUtils.mkdir_p(File.dirname(path))
+      File.write(path, contents)
+      path
+    end
+  end
+end

data/lib/billy/version.rb

@@ -1,3 +1,3 @@
 module Billy
-  VERSION = '0.10.1'
+  VERSION = '0.11.0'
 end

data/puffing-billy.gemspec

@@ -27,12 +27,12 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency 'rb-inotify'
   gem.add_development_dependency 'pry'
   gem.add_development_dependency 'cucumber'
-  gem.add_development_dependency 'watir-webdriver'
+  gem.add_development_dependency 'watir-webdriver', '0.9.1'
   # addressable 2.5.0 drops support for ruby 1.9.3
-  gem.add_runtime_dependency 'addressable', '~> 2.4.0'
-  gem.add_runtime_dependency 'eventmachine', '~> 1.0.4'
+  gem.add_runtime_dependency 'addressable', '~> 2.4', '>= 2.4.0'
+  gem.add_runtime_dependency 'eventmachine', '~> 1.0', '>= 1.0.4'
   gem.add_runtime_dependency 'em-synchrony'
-  gem.add_runtime_dependency 'em-http-request', '~> 1.1.0'
+  gem.add_runtime_dependency 'em-http-request', '~> 1.1', '>= 1.1.0'
   gem.add_runtime_dependency 'eventmachine_httpserver'
   gem.add_runtime_dependency 'http_parser.rb', '~> 0.6.0'
   gem.add_runtime_dependency 'multi_json'

data/spec/lib/billy/cache_spec.rb

@@ -1,18 +1,18 @@
 require 'spec_helper'
 
 describe Billy::Cache do
-  describe 'format_url' do
-    let(:cache) { Billy::Cache.instance }
-    let(:params) { '?foo=bar' }
-    let(:callback) { '&callback=quux' }
-    let(:fragment) { '#baz' }
-    let(:base_url) { 'http://example.com' }
-    let(:pipe_url) { 'https://fonts.googleapis.com:443/css?family=Cabin+Sketch:400,700|Love+Ya+Like+A+Sister' }
-    let(:fragment_url) { "#{base_url}/#{fragment}" }
-    let(:params_url) { "#{base_url}#{params}" }
-    let(:params_url_with_callback) { "#{base_url}#{params}#{callback}" }
-    let(:params_fragment_url) { "#{base_url}#{params}#{fragment}" }
+  let(:cache) { Billy::Cache.instance }
+  let(:params) { '?foo=bar' }
+  let(:callback) { '&callback=quux' }
+  let(:fragment) { '#baz' }
+  let(:base_url) { 'http://example.com' }
+  let(:pipe_url) { 'https://fonts.googleapis.com:443/css?family=Cabin+Sketch:400,700|Love+Ya+Like+A+Sister' }
+  let(:fragment_url) { "#{base_url}/#{fragment}" }
+  let(:params_url) { "#{base_url}#{params}" }
+  let(:params_url_with_callback) { "#{base_url}#{params}#{callback}" }
+  let(:params_fragment_url) { "#{base_url}#{params}#{fragment}" }
 
+  describe 'format_url' do
     context 'with ignore_params set to false' do
       it 'is a no-op if there are no params' do
         expect(cache.format_url(base_url)).to eq base_url
@@ -115,4 +115,44 @@ describe Billy::Cache do
       end
     end
   end
+
+  describe 'key' do
+    context 'with use_ignore_params set to false' do
+      before do
+        allow(Billy.config).to receive(:use_ignore_params) { false }
+      end
+
+      it "should use the same cache key if the base url IS NOT whitelisted in allow_params" do
+        key1 = cache.key('put', params_url, 'body')
+        key2 = cache.key('put', params_url, 'body')
+        expect(key1).to eq key2
+      end
+
+      it "should have the same cache key if the base IS whitelisted in allow_params" do
+        allow(Billy.config).to receive(:allow_params) { [base_url] }
+        key1 = cache.key('put', params_url, 'body')
+        key2 = cache.key('put', params_url, 'body')
+        expect(key1).to eq key2
+      end
+
+      it "should have different cache keys if the base url is added in between two requests" do
+        key1 = cache.key('put', params_url, 'body')
+        allow(Billy.config).to receive(:allow_params) { [base_url] }
+        key2 = cache.key('put', params_url, 'body')
+        expect(key1).not_to eq key2
+      end
+
+      it "should not use ignore_params when whitelisted" do
+        allow(Billy.config).to receive(:allow_params) { [base_url] }
+        expect(cache).to receive(:format_url).once.with(params_url, true).and_call_original
+        expect(cache).to receive(:format_url).once.with(params_url, false).and_call_original
+        key1 = cache.key('put', params_url, 'body')
+      end
+
+      it "should use ignore_params when not whitelisted" do
+        expect(cache).to receive(:format_url).twice.with(params_url, true).and_call_original
+        cache.key('put', params_url, 'body')
+      end
+    end
+  end
 end

data/spec/lib/billy/ssl/authority_spec.rb

@@ -0,0 +1,84 @@
+require 'spec_helper'
+
+describe Billy::Authority do
+  let(:auth1) { Billy::Authority.new }
+  let(:auth2) { Billy::Authority.new }
+
+  context('#key') do
+    it 'generates a new key each time' do
+      expect(auth1.key).not_to be(auth2.key)
+    end
+
+    it 'generates 2048 bit keys' do
+      expect(auth1.key.n.num_bytes * 8).to be(2048)
+    end
+  end
+
+  context('#cert') do
+    it 'generates a new certificate each time' do
+      expect(auth1.cert).not_to be(auth2.cert)
+    end
+
+    it 'generates unique serials' do
+      expect(auth1.cert.serial).not_to be(auth2.cert.serial)
+    end
+
+    it 'configures a start date some days ago' do
+      expect(auth1.cert.not_before).to \
+        be_between((Date.today - 3).to_time, Date.today.to_time)
+    end
+
+    it 'configures an end date in some days' do
+      expect(auth1.cert.not_after).to \
+        be_between(Date.today.to_time, (Date.today + 3).to_time)
+    end
+
+    it 'configures the subject' do
+      expect(auth1.cert.subject.to_s).to \
+        be_eql('/CN=Puffing Billy/O=Puffing Billy')
+    end
+
+    it 'configures the certificate authority constrain' do
+      expect(auth1.cert.extensions.first.to_s).to \
+        be_eql('basicConstraints = critical, CA:TRUE')
+    end
+
+    it 'configures SSLv3' do
+      # Zero-index version numbers. Yay.
+      expect(auth1.cert.version).to be(2)
+    end
+  end
+
+  context('#key_file') do
+    it 'pass back the path' do
+      expect(auth1.key_file).to match(/ca.key$/)
+    end
+
+    it 'creates a temporary file' do
+      expect(File.exist?(auth1.key_file)).to be(true)
+    end
+
+    it 'creates a PEM formatted certificate' do
+      expect(File.read(auth1.key_file)).to match(/^[A-Za-z0-9\-\+\/\=]+$/)
+    end
+
+    it 'writes out a private key' do
+      key = OpenSSL::PKey::RSA.new(File.read(auth1.key_file))
+      expect(key.private?).to be(true)
+    end
+  end
+
+  context('#cert_file') do
+    it 'pass back the path' do
+      expect(auth1.cert_file).to match(/ca.crt$/)
+    end
+
+    it 'creates a temporary file' do
+      expect(File.exist?(auth1.cert_file)).to be(true)
+    end
+
+    it 'creates a PEM formatted certificate' do
+      expect(File.read(auth1.cert_file)).to match(/^[A-Za-z0-9\-\+\/\=]+$/)
+    end
+  end
+end

data/spec/lib/billy/ssl/certificate_chain_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe Billy::CertificateChain do
+  let(:cert1) { Billy::Certificate.new('localhost') }
+  let(:cert2) { Billy::Certificate.new('localhost.localdomain') }
+  let(:chain) do
+    Billy::CertificateChain.new('localhost', cert1.cert, cert2.cert)
+  end
+
+  context('#initialize') do
+    it 'holds all certificates in order' do
+      expect(chain.certificates).to be_eql([cert1.cert, cert2.cert])
+    end
+
+    it 'holds the domain' do
+      expect(chain.domain).to be_eql('localhost')
+    end
+  end
+
+  context('#file') do
+    it 'pass back the path' do
+      expect(chain.file).to match(/chain-localhost.pem/)
+    end
+
+    it 'writes out all certificates' do
+      chain.certificates.each do |cert|
+        expect(File.read(chain.file)).to include(cert.to_pem)
+      end
+    end
+
+    it 'creates a temporary file' do
+      expect(File.exist?(chain.file)).to be(true)
+    end
+
+    it 'creates a PEM formatted certificate chain' do
+      expect(File.read(chain.file)).to match(/^[A-Za-z0-9\-\+\/\=]+$/)
+    end
+  end
+end

data/spec/lib/billy/ssl/certificate_spec.rb

@@ -0,0 +1,89 @@
+require 'spec_helper'
+
+describe Billy::Certificate do
+  let(:cert1) { Billy::Certificate.new('localhost') }
+  let(:cert2) { Billy::Certificate.new('localhost.localdomain') }
+
+  context('#domain') do
+    it 'holds the domain' do
+      expect(Billy::Certificate.new('test.tld').domain).to be_eql('test.tld')
+    end
+  end
+
+  context('#key') do
+    it 'generates a new key each time' do
+      expect(cert1.key).not_to be(cert2.key)
+    end
+
+    it 'generates 2048 bit keys' do
+      expect(cert1.key.n.num_bytes * 8).to be(2048)
+    end
+  end
+
+  context('#cert') do
+    it 'generates a new certificate each time' do
+      expect(cert1.cert).not_to be(cert2.cert)
+    end
+
+    it 'generates unique serials' do
+      expect(cert1.cert.serial).not_to be(cert2.cert.serial)
+    end
+
+    it 'configures a start date some days ago' do
+      expect(cert1.cert.not_before).to \
+        be_between((Date.today - 3).to_time, Date.today.to_time)
+    end
+
+    it 'configures an end date in some days' do
+      expect(cert1.cert.not_after).to \
+        be_between(Date.today.to_time, (Date.today + 3).to_time)
+    end
+
+    it 'configures the correct subject' do
+      expect(cert1.cert.subject.to_s).to be_eql('/CN=localhost')
+    end
+
+    it 'configures the subject alternative names' do
+      expect(cert1.cert.extensions.first.to_s).to \
+        be_eql('subjectAltName = DNS:localhost')
+    end
+
+    it 'configures SSLv3' do
+      # Zero-index version numbers. Yay.
+      expect(cert1.cert.version).to be(2)
+    end
+  end
+
+  context('#key_file') do
+    it 'pass back the path' do
+      expect(cert1.key_file).to match(/request-localhost.key$/)
+    end
+
+    it 'creates a temporary file' do
+      expect(File.exist?(cert1.key_file)).to be(true)
+    end
+
+    it 'creates a PEM formatted certificate' do
+      expect(File.read(cert1.key_file)).to match(/^[A-Za-z0-9\-\+\/\=]+$/)
+    end
+
+    it 'writes out a private key' do
+      key = OpenSSL::PKey::RSA.new(File.read(cert1.key_file))
+      expect(key.private?).to be(true)
+    end
+  end
+
+  context('#cert_file') do
+    it 'pass back the path' do
+      expect(cert1.cert_file).to match(/request-localhost.crt$/)
+    end
+
+    it 'creates a temporary file' do
+      expect(File.exist?(cert1.cert_file)).to be(true)
+    end
+
+    it 'creates a PEM formatted certificate' do
+      expect(File.read(cert1.cert_file)).to match(/^[A-Za-z0-9\-\+\/\=]+$/)
+    end
+  end
+end

data/spec/lib/proxy_spec.rb

@@ -297,9 +297,13 @@ describe Billy::Proxy do
       proxy: { uri: proxy.url },
       request: { timeout: 1.0 }
     }
+    faraday_ssl_options = faraday_options.merge(ssl: {
+      verify: true,
+      ca_file: Billy.certificate_authority.cert_file
+    })
 
     @http       = Faraday.new @http_url,  faraday_options
-    @https      = Faraday.new @https_url, faraday_options.merge(ssl: { verify: false })
+    @https      = Faraday.new @https_url, faraday_ssl_options
     @http_error = Faraday.new @error_url, faraday_options
   end
 

data/spec/spec_helper.rb

@@ -5,6 +5,7 @@ require 'billy/capybara/rspec'
 require 'billy/watir/rspec'
 require 'rack'
 require 'logger'
+require 'fileutils'
 
 browser = Billy::Browsers::Watir.new :phantomjs
 Capybara.app = Rack::Directory.new(File.expand_path('../../examples', __FILE__))
@@ -20,6 +21,11 @@ RSpec.configure do |config|
   config.filter_run :focus
   config.order = 'random'
 
+  config.before :suite do
+    FileUtils.rm_rf(Billy.config.certs_path)
+    FileUtils.rm_rf(Billy.config.cache_path)
+  end
+
   config.before :all do
     start_test_servers
     @browser = browser

data/spec/support/test_server.rb

@@ -57,14 +57,20 @@ module Billy
       end
     end
 
+    def certificate_chain(domain)
+      ca = Billy.certificate_authority.cert
+      cert = Billy::Certificate.new(domain)
+      chain = Billy::CertificateChain.new(domain, cert.cert, ca)
+      { private_key_file: cert.key_file,
+        cert_chain_file: chain.file }
+
+    end
+
     def start_server(echo, ssl = false)
       http_server = Thin::Server.new '127.0.0.1', 0, echo
       if ssl
         http_server.ssl = true
-        http_server.ssl_options = {
-          private_key_file: File.expand_path('../../fixtures/test-server.key', __FILE__),
-          cert_chain_file: File.expand_path('../../fixtures/test-server.crt', __FILE__)
-        }
+        http_server.ssl_options = certificate_chain('localhost')
       end
       http_server.start
       http_server