reedb 0.11 → 0.11.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/reedb/constants.rb +4 -1
- data/lib/reedb/daemon_wrapper.rb +55 -23
- data/lib/reedb/security/certificate.rb +22 -0
- data/lib/reedb/utils/utilities.rb +25 -5
- data/tests/http_tester.py +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: afb9d2df4f9599ee730410f9158f1f77f2d33563
|
4
|
+
data.tar.gz: 5ecfd9f68b28d29fd1a66b0cf67679994e957ed2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 593db2a2b26de694231c17e75cb7c3f9e54a9bfff292f6da85015192e9a8d5ebe7083f78a15a91fe087087d4ed9763583800420d65ab2afe9bc190f4a931c4e1
|
7
|
+
data.tar.gz: d79c341ef3ac4dd42a5b045af456d4a774818534fe11527592e7f4542118e1986b1ec6688b4de08e6d2db56f7046cf3a2173d3c00f88e991c1922c2ea8273f0a
|
data/Gemfile.lock
CHANGED
data/lib/reedb/constants.rb
CHANGED
@@ -13,7 +13,7 @@ module Reedb
|
|
13
13
|
# The version of reedb. This is actually written into vaults to identify
|
14
14
|
# breaking changes and using an older sub-set of the API to interact with
|
15
15
|
# legacy vaults.
|
16
|
-
VERSION = '0.11'
|
16
|
+
VERSION = '0.11.2'
|
17
17
|
NET_PORT = 55736
|
18
18
|
TOKEN_BYTE_SIZE = 8 # in bytes
|
19
19
|
DEFAULT_PATH = '__sysmas__' # Placeholder
|
@@ -27,4 +27,7 @@ module Reedb
|
|
27
27
|
# Debouncer markers
|
28
28
|
DEB_ADD = :add
|
29
29
|
DEB_REM = :remove
|
30
|
+
|
31
|
+
CERT_PATH = 'reedb.crt'
|
32
|
+
KEY_PATH = 'reedb.key'
|
30
33
|
end
|
data/lib/reedb/daemon_wrapper.rb
CHANGED
@@ -13,8 +13,16 @@
|
|
13
13
|
# (unless you know what you're doing...)
|
14
14
|
|
15
15
|
# System requirements (HTTP stuff)
|
16
|
-
require '
|
16
|
+
require 'sinatra/base'
|
17
17
|
require 'sinatra'
|
18
|
+
|
19
|
+
require 'webrick/https'
|
20
|
+
require 'webrick'
|
21
|
+
|
22
|
+
require 'openssl/ssl'
|
23
|
+
require 'openssl'
|
24
|
+
|
25
|
+
require 'optparse'
|
18
26
|
require 'rack'
|
19
27
|
|
20
28
|
# Reedb requirements
|
@@ -25,30 +33,15 @@ rescue LoadError => e
|
|
25
33
|
require_relative '../reedb'
|
26
34
|
end
|
27
35
|
|
36
|
+
require_relative 'security/certificate'
|
28
37
|
require_relative 'errors/exit_errors'
|
38
|
+
require_relative 'constants'
|
29
39
|
|
30
40
|
# HTTP handler class that registers the functions
|
31
41
|
# for the vault interface
|
32
42
|
#
|
33
43
|
class ReedbHandler < Sinatra::Base
|
34
44
|
|
35
|
-
# funct url descr
|
36
|
-
#
|
37
|
-
# GET /vaults List of all vaults
|
38
|
-
# PUT /vaults Create a new vault.
|
39
|
-
# PUT /vaults/scope Scope a vault that already exists
|
40
|
-
|
41
|
-
# POST /vaults/*vault-id*/request_token Auth for vault with ID
|
42
|
-
# [AUTH] POST /vaults/*vault-id*/headers Return vault headers
|
43
|
-
# [AUTH] POST /vaults/*vault-id*/close Close vault with ID
|
44
|
-
|
45
|
-
# [AUTH] POST /vaults/*vault-id*/files/*file-id* Returns body of a file
|
46
|
-
# [AUTH] POST /vaults/*vault-id*/files/*file-id*/history Returns history of a file (???)
|
47
|
-
|
48
|
-
# [AUTH] PUT /vaults/*vault-id*/files Create file
|
49
|
-
# [AUTH] POST /vaults/*vault-id*/files/*file-id* Update file contents
|
50
|
-
# [AUTH] POST /vaults/*vault-id*/files/*file-id*/remove Removes a file
|
51
|
-
|
52
45
|
configure :production, :development do
|
53
46
|
enable :logging
|
54
47
|
end
|
@@ -65,7 +58,7 @@ class ReedbHandler < Sinatra::Base
|
|
65
58
|
# Returns a list of vaults scoped on the system
|
66
59
|
get '/vaults' do
|
67
60
|
payload = Reedb::Vault::available_vaults
|
68
|
-
return build_response(200,
|
61
|
+
return build_response(200, 'Currently scoped vaults', payload)
|
69
62
|
end
|
70
63
|
|
71
64
|
# Create a new vault on the system
|
@@ -167,8 +160,8 @@ class ReedbHandler < Sinatra::Base
|
|
167
160
|
return build_response(400, 'JSON data was malformed!')
|
168
161
|
end
|
169
162
|
|
170
|
-
name = data[
|
171
|
-
path = data[
|
163
|
+
name = data['name'] if data['name']
|
164
|
+
path = data['path'] if data['path']
|
172
165
|
|
173
166
|
if name == nil || path == nil
|
174
167
|
return build_response(400, 'Required data fields are missing from JSON data body!')
|
@@ -181,7 +174,7 @@ class ReedbHandler < Sinatra::Base
|
|
181
174
|
end
|
182
175
|
|
183
176
|
# If everything went well
|
184
|
-
return build_response(200,
|
177
|
+
return build_response(200, 'Vault successfully unscoped and will not show up in vault lists anymore.')
|
185
178
|
end
|
186
179
|
|
187
180
|
# Request a token for a vault
|
@@ -600,6 +593,9 @@ end
|
|
600
593
|
@options[:dave] = false
|
601
594
|
@options[:force] = false
|
602
595
|
|
596
|
+
# Defines the folder to put the SSL certificate
|
597
|
+
@options[:cert_path] = File.join('/home/spacekookie/.config/reedb', '.sec')
|
598
|
+
|
603
599
|
# Create argument parsers and handle them
|
604
600
|
opts = OptionParser.new
|
605
601
|
opts.on('-l', '--pw-length INTEGER') { |o| @options[:pw_length] = o }
|
@@ -614,9 +610,45 @@ opts.parse! unless ARGV == []
|
|
614
610
|
# Define what to do when that evil SIGTERM comes
|
615
611
|
at_exit { Reedb::Core::terminate('root', true) }
|
616
612
|
|
613
|
+
# TODO: Move this function into the FUCKING security package.
|
614
|
+
def generate_cert(years, path)
|
615
|
+
root_key = OpenSSL::PKey::RSA.new 4096 # the CA's public/private key
|
616
|
+
root_ca = OpenSSL::X509::Certificate.new
|
617
|
+
root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
|
618
|
+
root_ca.serial = 1
|
619
|
+
root_ca.subject = OpenSSL::X509::Name.parse('/DC=org/DC=ruby-lang/CN=Ruby CA')
|
620
|
+
root_ca.issuer = root_ca.subject # root CA's are "self-signed"
|
621
|
+
root_ca.public_key = root_key.public_key
|
622
|
+
root_ca.not_before = Time.now
|
623
|
+
root_ca.not_after = root_ca.not_before + years * 365 * 24 * 60 * 60 # 2 years validity
|
624
|
+
|
625
|
+
ef = OpenSSL::X509::ExtensionFactory.new
|
626
|
+
ef.subject_certificate = root_ca
|
627
|
+
ef.issuer_certificate = root_ca
|
628
|
+
root_ca.add_extension(ef.create_extension('basicConstraints', 'CA:TRUE', true))
|
629
|
+
root_ca.add_extension(ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true))
|
630
|
+
root_ca.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
|
631
|
+
root_ca.add_extension(ef.create_extension('authorityKeyIdentifier', 'keyid:always', false))
|
632
|
+
root_ca.sign(root_key, OpenSSL::Digest::SHA512.new)
|
633
|
+
|
634
|
+
FileUtils::mkdir_p(path) unless File.directory?(path)
|
635
|
+
|
636
|
+
File.open(File.join(path, Reedb::CERT_PATH), 'w+') { |file| file.write(root_ca) }
|
637
|
+
File.open(File.join(path, Reedb::KEY_PATH), 'w+') { |file| file.write(root_key) }
|
638
|
+
end
|
639
|
+
|
617
640
|
# Next up we start the HTTP server and that's that. We're up and running :)
|
618
641
|
def http_server
|
619
|
-
|
642
|
+
|
643
|
+
if not Reedb::Utilities::check_port(@options[:port])
|
644
|
+
Rack::Handler::WEBrick.run(ReedbHandler.new, { :Port => @options[:port], :BindAddress => 'localhost' })
|
645
|
+
else
|
646
|
+
# This temporary
|
647
|
+
puts 'The port is closed. You should do this:'
|
648
|
+
puts '$ sudo netstat -lpn | grep 55736'
|
649
|
+
puts '$ kill -9 <pid>'
|
650
|
+
exit
|
651
|
+
end
|
620
652
|
end
|
621
653
|
|
622
654
|
# This creates the Reedb module and binds it to a variable to be interacted with in the future
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# ====================================================
|
2
|
+
# Copyright 2015 Lonely Robot (see @author)
|
3
|
+
# @author: Katharina Sabel | www.lonelyrobot.io
|
4
|
+
#
|
5
|
+
# Distributed under the GNU Lesser GPL Version 3
|
6
|
+
# (See accompanying LICENSE file or get a copy at
|
7
|
+
# https://www.gnu.org/licenses/lgpl.html)
|
8
|
+
# ====================================================
|
9
|
+
|
10
|
+
require_relative '../constants'
|
11
|
+
require 'openssl/digest'
|
12
|
+
require 'openssl'
|
13
|
+
require 'digest'
|
14
|
+
|
15
|
+
module Reedb
|
16
|
+
|
17
|
+
# Class that generates SSL certificates.
|
18
|
+
#
|
19
|
+
class Certificates
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
@@ -8,12 +8,15 @@
|
|
8
8
|
# ====================================================
|
9
9
|
|
10
10
|
require 'socket'
|
11
|
+
require 'timeout'
|
12
|
+
|
11
13
|
|
12
14
|
module Reedb
|
13
15
|
|
14
16
|
class Timestamp
|
15
17
|
attr_accessor :utc
|
16
|
-
|
18
|
+
|
19
|
+
def initialize
|
17
20
|
@utc = Time.now.getutc
|
18
21
|
end
|
19
22
|
|
@@ -76,17 +79,18 @@ module Reedb
|
|
76
79
|
def is_i?(i)
|
77
80
|
i.to_i.to_s == i
|
78
81
|
end
|
82
|
+
|
79
83
|
is_i?(version[0]) and is_i?(version[2]) ? true : false
|
80
84
|
end
|
81
85
|
|
82
86
|
# Fix the actual inputs (aka test on virtual machines)
|
83
87
|
def self.parse_os
|
84
88
|
platform = RUBY_PLATFORM
|
85
|
-
if platform.end_with?(
|
89
|
+
if platform.end_with?('linux')
|
86
90
|
return :linux
|
87
|
-
elsif platform.end_with?(
|
91
|
+
elsif platform.end_with?('Windows')
|
88
92
|
return :win
|
89
|
-
elsif platform.end_with?(
|
93
|
+
elsif platform.end_with?('Mac OS X')
|
90
94
|
return :osx
|
91
95
|
end
|
92
96
|
end
|
@@ -105,11 +109,27 @@ module Reedb
|
|
105
109
|
end
|
106
110
|
end
|
107
111
|
|
112
|
+
def self.check_port(port)
|
113
|
+
begin
|
114
|
+
Timeout::timeout(1) do
|
115
|
+
begin
|
116
|
+
s = TCPSocket.new('127.0.0.1', port)
|
117
|
+
s.close
|
118
|
+
return true
|
119
|
+
rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH
|
120
|
+
return false
|
121
|
+
end
|
122
|
+
end
|
123
|
+
rescue Timeout::Error
|
124
|
+
return false
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
108
128
|
def self.get_time(only_date = false)
|
109
129
|
time = Time.now
|
110
130
|
val_h = "#{time.year}-#{'%02d' % time.month}-#{'%02d' % time.day}"
|
111
131
|
val_t = "#{time.hour}:#{'%02d' % time.min}:#{'%02d' % time.sec}"
|
112
|
-
|
132
|
+
|
113
133
|
# => TODO: Make this more Ruby-Like
|
114
134
|
if only_date
|
115
135
|
return "#{val_h}"
|
data/tests/http_tester.py
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: reedb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 0.11.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Katharina Sabel
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-06-
|
11
|
+
date: 2015-06-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -179,6 +179,7 @@ files:
|
|
179
179
|
- lib/reedb/errors/vault_errors.rb
|
180
180
|
- lib/reedb/reevault.rb
|
181
181
|
- lib/reedb/security/aes.rb
|
182
|
+
- lib/reedb/security/certificate.rb
|
182
183
|
- lib/reedb/security/encryption.rb
|
183
184
|
- lib/reedb/security/multifish.rb
|
184
185
|
- lib/reedb/security/secure_hash.rb
|
@@ -230,7 +231,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
230
231
|
version: '0'
|
231
232
|
requirements: []
|
232
233
|
rubyforge_project:
|
233
|
-
rubygems_version: 2.4.
|
234
|
+
rubygems_version: 2.4.7
|
234
235
|
signing_key:
|
235
236
|
specification_version: 4
|
236
237
|
summary: Ruby database that uses completely encrypted files for maximum security
|