reedb 0.11 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/reedb/constants.rb +4 -1
- data/lib/reedb/daemon_wrapper.rb +55 -23
- data/lib/reedb/security/certificate.rb +22 -0
- data/lib/reedb/utils/utilities.rb +25 -5
- data/tests/http_tester.py +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: afb9d2df4f9599ee730410f9158f1f77f2d33563
|
4
|
+
data.tar.gz: 5ecfd9f68b28d29fd1a66b0cf67679994e957ed2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 593db2a2b26de694231c17e75cb7c3f9e54a9bfff292f6da85015192e9a8d5ebe7083f78a15a91fe087087d4ed9763583800420d65ab2afe9bc190f4a931c4e1
|
7
|
+
data.tar.gz: d79c341ef3ac4dd42a5b045af456d4a774818534fe11527592e7f4542118e1986b1ec6688b4de08e6d2db56f7046cf3a2173d3c00f88e991c1922c2ea8273f0a
|
data/Gemfile.lock
CHANGED
data/lib/reedb/constants.rb
CHANGED
@@ -13,7 +13,7 @@ module Reedb
|
|
13
13
|
# The version of reedb. This is actually written into vaults to identify
|
14
14
|
# breaking changes and using an older sub-set of the API to interact with
|
15
15
|
# legacy vaults.
|
16
|
-
VERSION = '0.11'
|
16
|
+
VERSION = '0.11.2'
|
17
17
|
NET_PORT = 55736
|
18
18
|
TOKEN_BYTE_SIZE = 8 # in bytes
|
19
19
|
DEFAULT_PATH = '__sysmas__' # Placeholder
|
@@ -27,4 +27,7 @@ module Reedb
|
|
27
27
|
# Debouncer markers
|
28
28
|
DEB_ADD = :add
|
29
29
|
DEB_REM = :remove
|
30
|
+
|
31
|
+
CERT_PATH = 'reedb.crt'
|
32
|
+
KEY_PATH = 'reedb.key'
|
30
33
|
end
|
data/lib/reedb/daemon_wrapper.rb
CHANGED
@@ -13,8 +13,16 @@
|
|
13
13
|
# (unless you know what you're doing...)
|
14
14
|
|
15
15
|
# System requirements (HTTP stuff)
|
16
|
-
require '
|
16
|
+
require 'sinatra/base'
|
17
17
|
require 'sinatra'
|
18
|
+
|
19
|
+
require 'webrick/https'
|
20
|
+
require 'webrick'
|
21
|
+
|
22
|
+
require 'openssl/ssl'
|
23
|
+
require 'openssl'
|
24
|
+
|
25
|
+
require 'optparse'
|
18
26
|
require 'rack'
|
19
27
|
|
20
28
|
# Reedb requirements
|
@@ -25,30 +33,15 @@ rescue LoadError => e
|
|
25
33
|
require_relative '../reedb'
|
26
34
|
end
|
27
35
|
|
36
|
+
require_relative 'security/certificate'
|
28
37
|
require_relative 'errors/exit_errors'
|
38
|
+
require_relative 'constants'
|
29
39
|
|
30
40
|
# HTTP handler class that registers the functions
|
31
41
|
# for the vault interface
|
32
42
|
#
|
33
43
|
class ReedbHandler < Sinatra::Base
|
34
44
|
|
35
|
-
# funct url descr
|
36
|
-
#
|
37
|
-
# GET /vaults List of all vaults
|
38
|
-
# PUT /vaults Create a new vault.
|
39
|
-
# PUT /vaults/scope Scope a vault that already exists
|
40
|
-
|
41
|
-
# POST /vaults/*vault-id*/request_token Auth for vault with ID
|
42
|
-
# [AUTH] POST /vaults/*vault-id*/headers Return vault headers
|
43
|
-
# [AUTH] POST /vaults/*vault-id*/close Close vault with ID
|
44
|
-
|
45
|
-
# [AUTH] POST /vaults/*vault-id*/files/*file-id* Returns body of a file
|
46
|
-
# [AUTH] POST /vaults/*vault-id*/files/*file-id*/history Returns history of a file (???)
|
47
|
-
|
48
|
-
# [AUTH] PUT /vaults/*vault-id*/files Create file
|
49
|
-
# [AUTH] POST /vaults/*vault-id*/files/*file-id* Update file contents
|
50
|
-
# [AUTH] POST /vaults/*vault-id*/files/*file-id*/remove Removes a file
|
51
|
-
|
52
45
|
configure :production, :development do
|
53
46
|
enable :logging
|
54
47
|
end
|
@@ -65,7 +58,7 @@ class ReedbHandler < Sinatra::Base
|
|
65
58
|
# Returns a list of vaults scoped on the system
|
66
59
|
get '/vaults' do
|
67
60
|
payload = Reedb::Vault::available_vaults
|
68
|
-
return build_response(200,
|
61
|
+
return build_response(200, 'Currently scoped vaults', payload)
|
69
62
|
end
|
70
63
|
|
71
64
|
# Create a new vault on the system
|
@@ -167,8 +160,8 @@ class ReedbHandler < Sinatra::Base
|
|
167
160
|
return build_response(400, 'JSON data was malformed!')
|
168
161
|
end
|
169
162
|
|
170
|
-
name = data[
|
171
|
-
path = data[
|
163
|
+
name = data['name'] if data['name']
|
164
|
+
path = data['path'] if data['path']
|
172
165
|
|
173
166
|
if name == nil || path == nil
|
174
167
|
return build_response(400, 'Required data fields are missing from JSON data body!')
|
@@ -181,7 +174,7 @@ class ReedbHandler < Sinatra::Base
|
|
181
174
|
end
|
182
175
|
|
183
176
|
# If everything went well
|
184
|
-
return build_response(200,
|
177
|
+
return build_response(200, 'Vault successfully unscoped and will not show up in vault lists anymore.')
|
185
178
|
end
|
186
179
|
|
187
180
|
# Request a token for a vault
|
@@ -600,6 +593,9 @@ end
|
|
600
593
|
@options[:dave] = false
|
601
594
|
@options[:force] = false
|
602
595
|
|
596
|
+
# Defines the folder to put the SSL certificate
|
597
|
+
@options[:cert_path] = File.join('/home/spacekookie/.config/reedb', '.sec')
|
598
|
+
|
603
599
|
# Create argument parsers and handle them
|
604
600
|
opts = OptionParser.new
|
605
601
|
opts.on('-l', '--pw-length INTEGER') { |o| @options[:pw_length] = o }
|
@@ -614,9 +610,45 @@ opts.parse! unless ARGV == []
|
|
614
610
|
# Define what to do when that evil SIGTERM comes
|
615
611
|
at_exit { Reedb::Core::terminate('root', true) }
|
616
612
|
|
613
|
+
# TODO: Move this function into the FUCKING security package.
|
614
|
+
def generate_cert(years, path)
|
615
|
+
root_key = OpenSSL::PKey::RSA.new 4096 # the CA's public/private key
|
616
|
+
root_ca = OpenSSL::X509::Certificate.new
|
617
|
+
root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
|
618
|
+
root_ca.serial = 1
|
619
|
+
root_ca.subject = OpenSSL::X509::Name.parse('/DC=org/DC=ruby-lang/CN=Ruby CA')
|
620
|
+
root_ca.issuer = root_ca.subject # root CA's are "self-signed"
|
621
|
+
root_ca.public_key = root_key.public_key
|
622
|
+
root_ca.not_before = Time.now
|
623
|
+
root_ca.not_after = root_ca.not_before + years * 365 * 24 * 60 * 60 # 2 years validity
|
624
|
+
|
625
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
626
|
+
ef.subject_certificate = root_ca
|
627
|
+
ef.issuer_certificate = root_ca
|
628
|
+
root_ca.add_extension(ef.create_extension('basicConstraints', 'CA:TRUE', true))
|
629
|
+
root_ca.add_extension(ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true))
|
630
|
+
root_ca.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
|
631
|
+
root_ca.add_extension(ef.create_extension('authorityKeyIdentifier', 'keyid:always', false))
|
632
|
+
root_ca.sign(root_key, OpenSSL::Digest::SHA512.new)
|
633
|
+
|
634
|
+
FileUtils::mkdir_p(path) unless File.directory?(path)
|
635
|
+
|
636
|
+
File.open(File.join(path, Reedb::CERT_PATH), 'w+') { |file| file.write(root_ca) }
|
637
|
+
File.open(File.join(path, Reedb::KEY_PATH), 'w+') { |file| file.write(root_key) }
|
638
|
+
end
|
639
|
+
|
617
640
|
# Next up we start the HTTP server and that's that. We're up and running :)
|
618
641
|
def http_server
|
619
|
-
|
642
|
+
|
643
|
+
if not Reedb::Utilities::check_port(@options[:port])
|
644
|
+
Rack::Handler::WEBrick.run(ReedbHandler.new, { :Port => @options[:port], :BindAddress => 'localhost' })
|
645
|
+
else
|
646
|
+
# This temporary
|
647
|
+
puts 'The port is closed. You should do this:'
|
648
|
+
puts '$ sudo netstat -lpn | grep 55736'
|
649
|
+
puts '$ kill -9 <pid>'
|
650
|
+
exit
|
651
|
+
end
|
620
652
|
end
|
621
653
|
|
622
654
|
# This creates the Reedb module and binds it to a variable to be interacted with in the future
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# ====================================================
|
2
|
+
# Copyright 2015 Lonely Robot (see @author)
|
3
|
+
# @author: Katharina Sabel | www.lonelyrobot.io
|
4
|
+
#
|
5
|
+
# Distributed under the GNU Lesser GPL Version 3
|
6
|
+
# (See accompanying LICENSE file or get a copy at
|
7
|
+
# https://www.gnu.org/licenses/lgpl.html)
|
8
|
+
# ====================================================
|
9
|
+
|
10
|
+
require_relative '../constants'
|
11
|
+
require 'openssl/digest'
|
12
|
+
require 'openssl'
|
13
|
+
require 'digest'
|
14
|
+
|
15
|
+
module Reedb
|
16
|
+
|
17
|
+
# Class that generates SSL certificates.
|
18
|
+
#
|
19
|
+
class Certificates
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
@@ -8,12 +8,15 @@
|
|
8
8
|
# ====================================================
|
9
9
|
|
10
10
|
require 'socket'
|
11
|
+
require 'timeout'
|
12
|
+
|
11
13
|
|
12
14
|
module Reedb
|
13
15
|
|
14
16
|
class Timestamp
|
15
17
|
attr_accessor :utc
|
16
|
-
|
18
|
+
|
19
|
+
def initialize
|
17
20
|
@utc = Time.now.getutc
|
18
21
|
end
|
19
22
|
|
@@ -76,17 +79,18 @@ module Reedb
|
|
76
79
|
def is_i?(i)
|
77
80
|
i.to_i.to_s == i
|
78
81
|
end
|
82
|
+
|
79
83
|
is_i?(version[0]) and is_i?(version[2]) ? true : false
|
80
84
|
end
|
81
85
|
|
82
86
|
# Fix the actual inputs (aka test on virtual machines)
|
83
87
|
def self.parse_os
|
84
88
|
platform = RUBY_PLATFORM
|
85
|
-
if platform.end_with?(
|
89
|
+
if platform.end_with?('linux')
|
86
90
|
return :linux
|
87
|
-
elsif platform.end_with?(
|
91
|
+
elsif platform.end_with?('Windows')
|
88
92
|
return :win
|
89
|
-
elsif platform.end_with?(
|
93
|
+
elsif platform.end_with?('Mac OS X')
|
90
94
|
return :osx
|
91
95
|
end
|
92
96
|
end
|
@@ -105,11 +109,27 @@ module Reedb
|
|
105
109
|
end
|
106
110
|
end
|
107
111
|
|
112
|
+
def self.check_port(port)
|
113
|
+
begin
|
114
|
+
Timeout::timeout(1) do
|
115
|
+
begin
|
116
|
+
s = TCPSocket.new('127.0.0.1', port)
|
117
|
+
s.close
|
118
|
+
return true
|
119
|
+
rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH
|
120
|
+
return false
|
121
|
+
end
|
122
|
+
end
|
123
|
+
rescue Timeout::Error
|
124
|
+
return false
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
108
128
|
def self.get_time(only_date = false)
|
109
129
|
time = Time.now
|
110
130
|
val_h = "#{time.year}-#{'%02d' % time.month}-#{'%02d' % time.day}"
|
111
131
|
val_t = "#{time.hour}:#{'%02d' % time.min}:#{'%02d' % time.sec}"
|
112
|
-
|
132
|
+
|
113
133
|
# => TODO: Make this more Ruby-Like
|
114
134
|
if only_date
|
115
135
|
return "#{val_h}"
|
data/tests/http_tester.py
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: reedb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 0.11.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Katharina Sabel
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-06-
|
11
|
+
date: 2015-06-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -179,6 +179,7 @@ files:
|
|
179
179
|
- lib/reedb/errors/vault_errors.rb
|
180
180
|
- lib/reedb/reevault.rb
|
181
181
|
- lib/reedb/security/aes.rb
|
182
|
+
- lib/reedb/security/certificate.rb
|
182
183
|
- lib/reedb/security/encryption.rb
|
183
184
|
- lib/reedb/security/multifish.rb
|
184
185
|
- lib/reedb/security/secure_hash.rb
|
@@ -230,7 +231,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
230
231
|
version: '0'
|
231
232
|
requirements: []
|
232
233
|
rubyforge_project:
|
233
|
-
rubygems_version: 2.4.
|
234
|
+
rubygems_version: 2.4.7
|
234
235
|
signing_key:
|
235
236
|
specification_version: 4
|
236
237
|
summary: Ruby database that uses completely encrypted files for maximum security
|