reedb 0.11 → 0.11.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7c1963fd6fa73990571af644539840c3be811404
-  data.tar.gz: 3683b3a01c65b2f5afeccd4b3439700281ea1ad0
+  metadata.gz: afb9d2df4f9599ee730410f9158f1f77f2d33563
+  data.tar.gz: 5ecfd9f68b28d29fd1a66b0cf67679994e957ed2
 SHA512:
-  metadata.gz: 27ce1d42d5be4b0c9f5dece31791e0ba75a29419a20cb44d6255529c775c42614ebab2482e45b046dd1d50db641baec127e0e161a6d5d8660c63fc25298f6500
-  data.tar.gz: c93e234433ec38740f6f45c5d0519331bb9b6d238ea3bbee1dcafc25e0b09fa1884d5c69afedc19092d38a6a1cc9215cf4b20d0ff9c9b39ff71afc7e49dde9c4
+  metadata.gz: 593db2a2b26de694231c17e75cb7c3f9e54a9bfff292f6da85015192e9a8d5ebe7083f78a15a91fe087087d4ed9763583800420d65ab2afe9bc190f4a931c4e1
+  data.tar.gz: d79c341ef3ac4dd42a5b045af456d4a774818534fe11527592e7f4542118e1986b1ec6688b4de08e6d2db56f7046cf3a2173d3c00f88e991c1922c2ea8273f0a

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    reedb (0.10.8)
+    reedb (0.11)
       aes (~> 0.5)
       daemons (~> 1.2)
       digest-tiger (~> 1.0)

data/lib/reedb/constants.rb

@@ -13,7 +13,7 @@ module Reedb
 	# The version of reedb. This is actually written into vaults to identify
 	# breaking changes and using an older sub-set of the API to interact with
 	# legacy vaults.
-	VERSION = '0.11'
+	VERSION = '0.11.2'
 	NET_PORT = 55736
 	TOKEN_BYTE_SIZE = 8 # in bytes
 	DEFAULT_PATH = '__sysmas__' # Placeholder
@@ -27,4 +27,7 @@ module Reedb
 	# Debouncer markers
 	DEB_ADD = :add
 	DEB_REM = :remove
+
+	CERT_PATH = 'reedb.crt'
+	KEY_PATH = 'reedb.key'
 end

data/lib/reedb/daemon_wrapper.rb

@@ -13,8 +13,16 @@
 # (unless you know what you're doing...)
 
 # System requirements (HTTP stuff)
-require 'optparse'
+require 'sinatra/base'
 require 'sinatra'
+
+require 'webrick/https'
+require 'webrick'
+
+require 'openssl/ssl'
+require 'openssl'
+
+require 'optparse'
 require 'rack'
 
 # Reedb requirements
@@ -25,30 +33,15 @@ rescue LoadError => e
 	require_relative '../reedb'
 end
 
+require_relative 'security/certificate'
 require_relative 'errors/exit_errors'
+require_relative 'constants'
 
 # HTTP handler class that registers the functions
 # for the vault interface
 #
 class ReedbHandler < Sinatra::Base
 
-	# 	funct 	url 										descr
-	#
-	# 	 GET 	/vaults 									List of all vaults
-	# 	 PUT 	/vaults 									Create a new vault.
-	# 	 PUT 	/vaults/scope 								Scope a vault that already exists
-
-	# 	 POST 	/vaults/*vault-id*/request_token			Auth for vault with ID
-	# [AUTH] POST 	/vaults/*vault-id*/headers					Return vault headers
-	# [AUTH] POST 	/vaults/*vault-id*/close					Close vault with ID
-
-	# [AUTH] POST 	/vaults/*vault-id*/files/*file-id*			Returns body of a file
-	# [AUTH] POST 	/vaults/*vault-id*/files/*file-id*/history	Returns history of a file (???)
-
-	# [AUTH] PUT 	/vaults/*vault-id*/files					Create file
-	# [AUTH] POST 	/vaults/*vault-id*/files/*file-id*			Update file contents
-	# [AUTH] POST 	/vaults/*vault-id*/files/*file-id*/remove	Removes a file
-
 	configure :production, :development do
 		enable :logging
 	end
@@ -65,7 +58,7 @@ class ReedbHandler < Sinatra::Base
 	# Returns a list of vaults scoped on the system
 	get '/vaults' do
 		payload = Reedb::Vault::available_vaults
-		return build_response(200, "Currently scoped vaults", payload)
+		return build_response(200, 'Currently scoped vaults', payload)
 	end
 
 	# Create a new vault on the system
@@ -167,8 +160,8 @@ class ReedbHandler < Sinatra::Base
 			return build_response(400, 'JSON data was malformed!')
 		end
 
-		name = data["name"] if data["name"]
-		path = data["path"] if data["path"]
+		name = data['name'] if data['name']
+		path = data['path'] if data['path']
 
 		if name == nil || path == nil
 			return build_response(400, 'Required data fields are missing from JSON data body!')
@@ -181,7 +174,7 @@ class ReedbHandler < Sinatra::Base
 		end
 
 		# If everything went well
-		return build_response(200, "Vault successfully unscoped and will not show up in vault lists anymore.")
+		return build_response(200, 'Vault successfully unscoped and will not show up in vault lists anymore.')
 	end
 
 	#  Request a token for a vault
@@ -600,6 +593,9 @@ end
 @options[:dave] = false
 @options[:force] = false
 
+# Defines the folder to put the SSL certificate
+@options[:cert_path] = File.join('/home/spacekookie/.config/reedb', '.sec')
+
 # Create argument parsers and handle them
 opts = OptionParser.new
 opts.on('-l', '--pw-length INTEGER') { |o| @options[:pw_length] = o }
@@ -614,9 +610,45 @@ opts.parse! unless ARGV == []
 # Define what to do when that evil SIGTERM comes
 at_exit { Reedb::Core::terminate('root', true) }
 
+# TODO: Move this function into the FUCKING security package.
+def generate_cert(years, path)
+	root_key = OpenSSL::PKey::RSA.new 4096 # the CA's public/private key
+	root_ca = OpenSSL::X509::Certificate.new
+	root_ca.version = 2 # cf. RFC 5280 - to make it a "v3" certificate
+	root_ca.serial = 1
+	root_ca.subject = OpenSSL::X509::Name.parse('/DC=org/DC=ruby-lang/CN=Ruby CA')
+	root_ca.issuer = root_ca.subject # root CA's are "self-signed"
+	root_ca.public_key = root_key.public_key
+	root_ca.not_before = Time.now
+	root_ca.not_after = root_ca.not_before + years * 365 * 24 * 60 * 60 # 2 years validity
+
+	ef = OpenSSL::X509::ExtensionFactory.new
+	ef.subject_certificate = root_ca
+	ef.issuer_certificate = root_ca
+	root_ca.add_extension(ef.create_extension('basicConstraints', 'CA:TRUE', true))
+	root_ca.add_extension(ef.create_extension('keyUsage', 'keyCertSign, cRLSign', true))
+	root_ca.add_extension(ef.create_extension('subjectKeyIdentifier', 'hash', false))
+	root_ca.add_extension(ef.create_extension('authorityKeyIdentifier', 'keyid:always', false))
+	root_ca.sign(root_key, OpenSSL::Digest::SHA512.new)
+
+	FileUtils::mkdir_p(path) unless File.directory?(path)
+
+	File.open(File.join(path, Reedb::CERT_PATH), 'w+') { |file| file.write(root_ca) }
+	File.open(File.join(path, Reedb::KEY_PATH), 'w+') { |file| file.write(root_key) }
+end
+
 # Next up we start the HTTP server and that's that. We're up and running :)
 def http_server
-	Rack::Handler::WEBrick.run(ReedbHandler.new, { :Port => @options[:port], :BindAddress => 'localhost' })
+
+	if not Reedb::Utilities::check_port(@options[:port])
+		Rack::Handler::WEBrick.run(ReedbHandler.new, { :Port => @options[:port], :BindAddress => 'localhost' })
+	else
+		# This temporary
+		puts 'The port is closed. You should do this:'
+		puts '$ sudo netstat -lpn | grep 55736'
+		puts '$ kill -9 <pid>'
+		exit
+	end
 end
 
 # This creates the Reedb module and binds it to a variable to be interacted with in the future

data/lib/reedb/security/certificate.rb

@@ -0,0 +1,22 @@
+# ====================================================
+# Copyright 2015 Lonely Robot (see @author)
+# @author: Katharina Sabel | www.lonelyrobot.io
+#
+# Distributed under the GNU Lesser GPL Version 3
+# (See accompanying LICENSE file or get a copy at
+# 	https://www.gnu.org/licenses/lgpl.html)
+# ====================================================
+
+require_relative '../constants'
+require 'openssl/digest'
+require 'openssl'
+require 'digest'
+
+module Reedb
+
+	# Class that generates SSL certificates.
+	#
+	class Certificates
+
+	end
+end

data/lib/reedb/utils/utilities.rb

@@ -8,12 +8,15 @@
 # ====================================================
 
 require 'socket'
+require 'timeout'
+
 
 module Reedb
 
 	class Timestamp
 		attr_accessor :utc
-		def initialize 
+
+		def initialize
 			@utc = Time.now.getutc
 		end
 
@@ -76,17 +79,18 @@ module Reedb
 			def is_i?(i)
 				i.to_i.to_s == i
 			end
+
 			is_i?(version[0]) and is_i?(version[2]) ? true : false
 		end
 
 		# Fix the actual inputs (aka test on virtual machines)
 		def self.parse_os
 			platform = RUBY_PLATFORM
-			if platform.end_with?("linux")
+			if platform.end_with?('linux')
 				return :linux
-			elsif platform.end_with?("Windows")
+			elsif platform.end_with?('Windows')
 				return :win
-			elsif platform.end_with?("Mac OS X")
+			elsif platform.end_with?('Mac OS X')
 				return :osx
 			end
 		end
@@ -105,11 +109,27 @@ module Reedb
 			end
 		end
 
+		def self.check_port(port)
+			begin
+				Timeout::timeout(1) do
+					begin
+						s = TCPSocket.new('127.0.0.1', port)
+						s.close
+						return true
+					rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH
+						return false
+					end
+				end
+			rescue Timeout::Error
+				return false
+			end
+		end
+
 		def self.get_time(only_date = false)
 			time = Time.now
 			val_h = "#{time.year}-#{'%02d' % time.month}-#{'%02d' % time.day}"
 			val_t = "#{time.hour}:#{'%02d' % time.min}:#{'%02d' % time.sec}"
-			
+
 			# => TODO: Make this more Ruby-Like
 			if only_date
 				return "#{val_h}"

data/tests/http_tester.py

@@ -190,7 +190,7 @@ class RestTester:
 		# self.get_headers()
 
 		# Insert a new file
-		# self.insert_file()
+		self.insert_file()
 
 		# Then update it
 		# self.update_file()

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: reedb
 version: !ruby/object:Gem::Version
-  version: '0.11'
+  version: 0.11.2
 platform: ruby
 authors:
 - Katharina Sabel
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-21 00:00:00.000000000 Z
+date: 2015-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -179,6 +179,7 @@ files:
 - lib/reedb/errors/vault_errors.rb
 - lib/reedb/reevault.rb
 - lib/reedb/security/aes.rb
+- lib/reedb/security/certificate.rb
 - lib/reedb/security/encryption.rb
 - lib/reedb/security/multifish.rb
 - lib/reedb/security/secure_hash.rb
@@ -230,7 +231,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.4.7
 signing_key: 
 specification_version: 4
 summary: Ruby database that uses completely encrypted files for maximum security