raptor-io 0.0.1

data/lib/raptor-io/protocol/http/request/manipulators/authenticators/digest.rb

@@ -0,0 +1,135 @@
+require 'digest'
+
+module RaptorIO
+module Protocol::HTTP
+class Request
+
+module Manipulators
+module Authenticators
+
+#
+# Implements HTTP Digest authentication as per RFC2069.
+#
+# @see http://tools.ietf.org/html/rfc2069
+# @see http://en.wikipedia.org/wiki/Digest_access_authentication
+#
+# @author Tasos Laskos
+#
+class Digest < Manipulator
+
+  def run
+    request.headers['Authorization'] = {
+        'Digest username' => username,
+        realm:               challenge[:realm],
+        nonce:               challenge[:nonce],
+        uri:                 request.resource,
+        qop:                 challenge[:qop],
+        nc:                  nc,
+        cnonce:              cnonce,
+        response:            response,
+        algorithm:           algorithm_name,
+        opaque:              challenge[:opaque]
+    }.map { |k, v| "#{k}=\"#{v}\"" }.join( ', ' )
+  end
+
+  private
+
+  def algorithm_klass
+    if challenge[:algorithm].to_s =~ /(.+)(-sess)?$/
+      case $1
+        when 'MD5' then ::Digest::MD5
+        when 'SHA1' then ::Digest::SHA1
+        when 'SHA2' then ::Digest::SHA2
+        when 'SHA256' then ::Digest::SHA256
+        when 'SHA384' then ::Digest::SHA384
+        when 'SHA512' then ::Digest::SHA512
+        when 'RMD160' then ::Digest::RMD160
+        else raise Error, "Unknown algorithm \"#{$1}\"."
+      end
+    else
+      ::Digest::MD5
+    end
+  end
+
+  def algorithm_name
+    algorithm_klass.to_s.split( '::' ).last
+  end
+
+  def sess?
+    challenge[:algorithm].to_s.include? '-sess'
+  end
+
+  def H( data )
+    algorithm_klass.hexdigest( data )
+  end
+
+  def A1
+    without_sess = [ username, challenge[:realm], password ] * ':'
+
+    if sess?
+      H( [without_sess, challenge[:nonce], cnonce ] * ':' )
+    else
+      without_sess
+    end
+  end
+
+  def A2
+    [ request.http_method.to_s.upcase, request.resource ] * ':'
+  end
+
+  def H1
+    H( A1() )
+  end
+
+  def H2
+    H( A2() )
+  end
+
+  def response
+    if ['auth', 'auth-int'].include? challenge[:qop]
+      return H( [H1(), challenge[:nonce], nc, cnonce, challenge[:qop],  H2()] * ':' )
+    end
+
+    H( [H1(), challenge[:nonce], H2()] * ':' )
+  end
+
+  def cnonce
+    [Time.now.to_i.to_s].pack( 'm*' ).strip
+  end
+
+  def nc
+    @nc ||= self.class.nc
+  end
+  def self.nc
+    @nc ||= 0
+    @nc += 1
+  end
+
+  def challenge
+    return @challenge if @challenge
+
+    challenge_options = {}
+    options[:response].headers['www-authenticate'].split( ',' ).each do |pair|
+      matches = pair.strip.match( /(.+)="(.*)"/ )
+      challenge_options[matches[1].to_sym] = matches[2]
+    end
+    challenge_options[:realm] = challenge_options.delete( :'Digest realm' )
+
+    @challenge = challenge_options
+  end
+
+  def username
+    options[:username]
+  end
+
+  def password
+    options[:password]
+  end
+
+end
+
+end
+end
+end
+end
+end

data/lib/raptor-io/protocol/http/request/manipulators/authenticators/negotiate.rb

@@ -0,0 +1,69 @@
+require 'net/ntlm'
+
+module RaptorIO
+module Protocol::HTTP
+class Request
+
+module Manipulators
+module Authenticators
+
+#
+# Implements HTTP Negotiate authentication.
+#
+# @author Tasos Laskos
+#
+class Negotiate < Manipulator
+
+  def run
+    return if skip?
+    client.manipulators.delete shortname
+
+    t2 = authorize( type1 ).headers['www-authenticate'].split( ' ' ).last
+
+    if authorize( type3( t2 ) ).code == 401 && client.manipulators['authenticator']
+      client.datastore['authenticator'][:failed] = true
+    end
+  end
+
+  private
+
+  def provider
+    'Negotiate'
+  end
+
+  def authorize( message )
+    client.get( request.url,
+                mode: :sync,
+                manipulators: {
+                    'authenticator' => { skip: true },
+                    shortname       => { skip: true },
+                },
+                headers: { 'Authorization' => "#{provider} #{message}" } )
+  end
+
+  def skip?
+    !!options[:skip]
+  end
+
+  def type1
+    Net::NTLM::Message::Type1.new.encode64
+  end
+
+  def type3( type2 )
+    Net::NTLM::Message.decode64( type2 ).response(
+        {
+            user:     options[:username],
+            password: options[:password],
+            domain:   options[:domain]
+        },
+        { ntlmv2: true }
+    ).encode64
+  end
+
+end
+
+end
+end
+end
+end
+end

data/lib/raptor-io/protocol/http/request/manipulators/authenticators/ntlm.rb

@@ -0,0 +1,29 @@
+module RaptorIO
+module Protocol::HTTP
+class Request
+
+module Manipulators
+module Authenticators
+
+if !const_defined?( :Negotiate )
+  load File.dirname( __FILE__ ) + '/negotiate.rb'
+end
+
+#
+# Implements HTTP NTLM authentication.
+#
+# @author Tasos Laskos
+#
+class NTLM < Negotiate
+
+  def provider
+    'NTLM'
+  end
+
+end
+
+end
+end
+end
+end
+end

data/lib/raptor-io/protocol/http/request/manipulators/redirect_follower.rb

@@ -0,0 +1,65 @@
+module RaptorIO
+module Protocol::HTTP
+class Request
+
+module Manipulators
+
+#
+# Implements automatic HTTP redirect following.
+#
+# @author Tasos Laskos
+#
+class RedirectFollower < Manipulator
+
+  def run
+    # This request has already been handled.
+    return if request.root_redirect_id
+
+    callbacks = request.callbacks.dup
+    request.clear_callbacks
+
+    request.on_complete do |response|
+      root_redirect_id = request.root_redirect_id ?
+          request.root_redirect_id : request.object_id
+
+      if response.redirect?
+        if redirections[root_redirect_id].size < max
+          redirections[root_redirect_id] << response
+
+          crequest = request.dup
+          crequest.root_redirect_id = root_redirect_id
+
+          # RFC says the Location URI must be a full absolute URL however not
+          # all webapps respect that.
+          crequest.url = crequest.parsed_url.merge( response.headers['Location'] ).to_s
+
+          client.queue( crequest )
+          next
+        else
+          response.redirections = redirections.delete( root_redirect_id )
+        end
+      end
+
+      request.callbacks = callbacks
+      request.handle_response response
+    end
+  end
+
+  private
+
+  # @return [Hash<Integer, Array<RaptorIO::Protocol::HTTP::Response>]
+  #   Keeps track of stacked redirections based on the ID of their root request.
+  def redirections
+    datastore[:redirections] ||= Hash.new { |h, k| h[k] = [] }
+  end
+
+  def max
+    @max ||= (options[:max] || 5).to_i
+  end
+
+end
+
+end
+end
+end
+end

data/lib/raptor-io/protocol/http/response.rb

@@ -0,0 +1,166 @@
+require 'zlib'
+require 'stringio'
+
+module RaptorIO
+module Protocol::HTTP
+
+#
+# HTTP Response.
+#
+# @author Tasos Laskos <tasos_laskos@rapid7.com>
+#
+class Response < Message
+
+  # @return [Integer] HTTP response status code.
+  attr_accessor :code
+
+  # @return [String] HTTP response status message.
+  attr_accessor :message
+
+  # @return [Request] HTTP {Request} which triggered this {Response}.
+  attr_accessor :request
+
+  # @return [Array<Response>]
+  #   Automatically followed redirections that eventually led to this response.
+  attr_accessor :redirections
+
+  # @return [Exception] Exception representing the error that occurred.
+  attr_accessor :error
+
+  #
+  # @note This class' options are in addition to {Message#initialize}.
+  #
+  # @param  [Hash]  options Request options.
+  # @option options [Integer] :code HTTP response status code.
+  # @option options [Request] :request HTTP request that triggered this response.
+  #
+  # @see Message#initialize
+  #
+  def initialize( options = {} )
+    super( options )
+
+    @body = @body.force_utf8 if text?
+    @code ||= 0
+
+    # Holds the redirection responses that eventually led to this one.
+    @redirections ||= []
+  end
+
+  # @return [Boolean]
+  #   `true` if the response is a `3xx` redirect **and** there is a `Location`
+  #   header field.
+  def redirect?
+    code >= 300 && code <= 399 && !!headers['Location']
+  end
+
+  # @note Depends on the response code.
+  #
+  # @return [Boolean]
+  #   `true` if the remote resource has been modified since the date given in
+  #   the `If-Modified-Since` request header field, `false` otherwise.
+  def modified?
+    code != 304
+  end
+
+  # @return [Bool]
+  #   `true` if the response body is textual in nature, `false` otherwise
+  #   (if binary).
+  def text?
+    return if !@body
+
+    if (type = headers['content-type'])
+      return true if type.start_with?( 'text/' )
+
+      # Non "application/" content types will surely not be text-based
+      # so bail out early.
+      return false if !type.start_with?( 'application/' )
+    end
+
+    # Last resort, more resource intensive binary detection.
+    !@body.binary?
+  end
+
+  # @return [String]
+  #   String representation of the response.
+  def to_s
+    headers['Content-Length'] = body.to_s.size
+
+    r = "HTTP/#{version} #{code}"
+    r <<  " #{message}" if message
+    r <<  "\r\n"
+    r << "#{headers.to_s}\r\n\r\n"
+    r << body.to_s
+  end
+
+  # @param  [String]  response  HTTP response.
+  # @return [Response]
+  def self.parse( response )
+    options ||= {}
+
+    # FIXME: The existence of this extra newline at the beginning of a
+    # response suggests a bug somewhere else in the response parsing
+    # code.
+    response = response.gsub(/\A\r\n/, '')
+
+    headers_string, options[:body] = response.split( HEADER_SEPARATOR_PATTERN, 2 )
+    request_line   = headers_string.to_s.lines.first.to_s.chomp
+
+    options[:version], options[:code], options[:message] =
+        request_line.scan( /HTTP\/([\d.]+)\s+(\d+)\s*(.*)\s*$/ ).flatten
+
+    options.delete(:message) if options[:message].to_s.empty?
+
+    options[:code] = options[:code].to_i
+
+    if !headers_string.to_s.empty?
+      options[:headers] =
+          Headers.parse( headers_string.split( CRLF_PATTERN )[1..-1].join( "\r\n" ) )
+    else
+      options[:headers] = Headers.new
+    end
+
+    if !options[:body].to_s.empty?
+
+      # If any encoding has been applied to the body, remove all evidence of it
+      # and adjust the content-length accordingly.
+
+      case options[:headers]['content-encoding'].to_s.downcase
+        when 'gzip', 'x-gzip'
+          options[:body] = unzip( options[:body] )
+        when 'deflate', 'compress', 'x-compress'
+          options[:body] = inflate( options[:body] )
+      end
+
+      if options[:headers].delete( 'content-encoding' ) ||
+          options[:headers].delete( 'transfer-encoding' )
+        options[:headers]['content-length'] = options[:body].size
+      end
+    end
+
+    new( options )
+  end
+
+  # @param  [String]  str Inflates `str`.
+  # @return [String]  Inflated `str`.
+  def self.inflate( str )
+    z = Zlib::Inflate.new
+    s = z.inflate( str )
+    z.close
+    s
+  end
+
+  # @param  [String]  str Unzips `str`.
+  # @return [String]  Unziped `str`.
+  def self.unzip( str )
+    s = ''
+    s.force_encoding( 'ASCII-8BIT' ) if s.respond_to?( :encoding )
+    gz = Zlib::GzipReader.new( StringIO.new( str, 'rb' ) )
+    s << gz.read
+    gz.close
+    s
+  end
+
+end
+
+end
+end