RubyGems - ritm - Versions diffs - 0.0.1 → 0.0.2 - Mend

ritm 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/lib/ritm/certs/ca.rb +12 -3
data/lib/ritm/certs/certificate.rb +8 -1
data/lib/ritm/configuration.rb +18 -33
data/lib/ritm/interception/handlers.rb +2 -2
data/lib/ritm/interception/http_forwarder.rb +4 -24
data/lib/ritm/interception/intercept_utils.rb +50 -20
data/lib/ritm/main.rb +1 -33
data/lib/ritm/proxy/cert_signing_https_server.rb +2 -2
data/lib/ritm/version.rb +1 -1
metadata +16 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2eeab06c6fd5db111b87a1ff18694f4206f571c9
-  data.tar.gz: b1537590beb540d93cd9161b7a7fee6d4090f3cb
+  metadata.gz: 9f58ad7ec7b60adcb6d5644582b19da348fee831
+  data.tar.gz: 2e024c04e5527f91864055141e5cf39cbe18e326
 SHA512:
-  metadata.gz: a2e1a3bbb3b8c0b9ac87339152c9a3b726ea2295d3c14c48e67952e89a5b40ea5314446e445078b5e98556550faf8de6609af42d6e438509ae4b87604f98fd1a
-  data.tar.gz: 9ebf2c4991de1026d05cfd9e6226424f9feb0631b1d22a001819195d9d3e215f779a72feb0b65dc1f653c317d6dab62dac49ed45c29f592e37ed38ac0cc8897d
+  metadata.gz: 72464b798fc3fa1ee83ebc4f3a3865a9e1d0f77a4e5ee2161475c4659f392cff87395201090ace9f7006043adefbb30972ac709e130663005dc38a6557fbd031
+  data.tar.gz: a0cdb6a6999fee1e099706541f4ace66b2217ea6d005452cb5cf72937e819058f661e55b6b6b3678bc03a8e3e67d0d974d4017aacec533b355785d9d9f0c6a58

data/lib/ritm/certs/ca.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Ritm
     def self.create(common_name: 'RubyInTheMiddle')
       super(common_name, serial_number: 1) do |cert|
         cert.signing_entity = true
-        cert.sign!(signing_profile)
+        cert.sign!(ca_signing_profile)
         yield cert if block_given?
       end
     end
@@ -15,17 +15,26 @@ module Ritm
     def self.load(crt, private_key)
       super(crt, private_key) do |cert|
         cert.signing_entity = true
-        cert.sign!(signing_profile)
+        cert.sign!(ca_signing_profile)
         yield cert if block_given?
       end
     end
     def sign(certificate)
       certificate.cert.parent = @cert
-      certificate.cert.sign!
+      certificate.cert.sign!(self.class.signing_profile)
     end
     def self.signing_profile
+      {
+        'extensions' => {
+          'keyUsage' => { 'usage' => %w(keyEncipherment digitalSignature) },
+          'extendedKeyUsage' => { 'usage' => %w(serverAuth clientAuth) }
+        }
+      }
+    end
+    def self.ca_signing_profile
       { 'extensions' => { 'keyUsage' => { 'usage' => %w(critical keyCertSign keyEncipherment digitalSignature) } } }
     end
   end

data/lib/ritm/certs/certificate.rb CHANGED Viewed

@@ -16,8 +16,11 @@ module Ritm
     def self.create(common_name, serial_number: nil)
       cert = CertificateAuthority::Certificate.new
       cert.subject.common_name = common_name
+      cert.subject.organization = cert.subject.organizational_unit = 'RubyInTheMiddle'
+      cert.subject.country = 'AR'
+      cert.not_before = cert.not_before - 3600 * 24 * 30 # Substract 30 days
       cert.serial_number.number = serial_number || common_name.hash.abs
-      cert.key_material.generate_key
+      cert.key_material.generate_key(1024)
       yield cert if block_given?
       new cert
     end
@@ -37,5 +40,9 @@ module Ritm
     def pem
       @cert.to_pem
     end
+    def x509
+      @cert.openssl_body
+    end
   end
 end

data/lib/ritm/configuration.rb CHANGED Viewed

@@ -18,41 +18,30 @@ module Ritm
           key: nil
         }
       },
       intercept: {
-        # Is interception enabled
         enabled: true,
-        # Do not intercept requests whose URLs match/start with the given regex/strings (blacklist)
-        skip_urls: [],
-        # Intercepts requests whose  URLs match/start with the given regex/strings (whitelist)
-        # By default everything will be intercepted.
-        intercept_urls: []
-      },
-      misc: {
-        add_request_headers: {},
-        add_response_headers: { 'connection' => 'clone' },
-        strip_request_headers: [/proxy-*/],
-        strip_response_headers: ['strict-transport-security', 'transfer-encoding'],
-        unpack_gzip_deflate_in_requests: true,
-        unpack_gzip_deflate_in_responses: true,
+        request: {
+          add_headers: {},
+          strip_headers: [/proxy-*/],
+          unpack_gzip_deflate: true,
+          update_content_length: true
+        },
+        response: {
+          add_headers: { 'connection' => 'close' },
+          strip_headers: ['strict-transport-security'],
+          unpack_gzip_deflate: true,
+          update_content_length: true
+        },
         process_chunked_encoded_transfer: true
       }
     }.freeze
     def initialize(settings = {})
-      settings = DEFAULT_SETTINGS.merge(settings)
-      @values = {
-        dispatcher: Dispatcher.new,
-        # Is interception enabled
-        enabled: true
-      }
+      reset(settings)
+    end
+    def reset(settings = {})
+      settings = DEFAULT_SETTINGS.merge(settings)
       @settings = settings.to_properties
     end
@@ -60,18 +49,14 @@ module Ritm
       @settings.send(m, *args, &block)
     end
-    def [](setting)
-      @values[setting]
-    end
     # Re-enable interception
     def enable
-      @values[:enabled] = true
+      @settings.intercept[:enabled] = true
     end
     # Disable interception
     def disable
-      @values[:enabled] = false
+      @settings.intercept[:enabled] = false
     end
   end
 end

data/lib/ritm/interception/handlers.rb CHANGED Viewed

@@ -2,9 +2,9 @@
 dispatcher = Ritm.dispatcher
 DEFAULT_REQUEST_HANDLER = proc do |req|
-  dispatcher.notify_request(req) if Ritm.conf[:enabled]
+  dispatcher.notify_request(req) if Ritm.conf.intercept.enabled
 end
 DEFAULT_RESPONSE_HANDLER = proc do |req, res|
-  dispatcher.notify_response(req, res) if Ritm.conf[:enabled]
+  dispatcher.notify_response(req, res) if Ritm.conf.intercept.enabled
 end

data/lib/ritm/interception/http_forwarder.rb CHANGED Viewed

@@ -28,7 +28,6 @@ module Ritm
     def forward(request, response)
       intercept_request(@request_interceptor, request)
       faraday_response = faraday_forward request
       to_webrick_response faraday_response, response
       intercept_response(@response_interceptor, request, response)
@@ -41,38 +40,19 @@ module Ritm
       @client.send req_method do |req|
         req.url request.request_uri
         req.body = request.body
-        add_request_headers(req, request)
-      end
-    end
-    def add_request_headers(faraday_request, webrick_request)
-      webrick_request.header.each do |name, value|
-        faraday_request.headers[name] = value unless strip?(name, Ritm.conf.misc.strip_request_headers)
+        request.header.each do |name, value|
+          req.headers[name] = value
+        end
       end
-      Ritm.conf.misc.add_request_headers.each { |k, v| faraday_request.headers[k] = v }
     end
     def to_webrick_response(faraday_response, webrick_response)
       webrick_response.status = faraday_response.status
       webrick_response.body = faraday_response.body
       faraday_response.headers.each do |name, value|
-        webrick_response[name] = value unless strip?(name, Ritm.conf.misc.strip_response_headers)
+        webrick_response[name] = value
       end
-      Ritm.conf.misc.add_response_headers.each { |k, v| webrick_response[k] = v }
       webrick_response
     end
-    def strip?(header, rules)
-      header = header.to_s.downcase
-      rules.each do |rule|
-        case rule
-        when String
-          return true if header == rule
-        when Regexp
-          return true if header =~ rule
-        end
-      end
-      false
-    end
   end
 end

data/lib/ritm/interception/intercept_utils.rb CHANGED Viewed

@@ -2,32 +2,42 @@ require 'ritm/helpers/encodings'
 module Ritm
   # Interceptor callbacks calling logic shared by the HTTP Proxy Server and the SSL Reverse Proxy Server
-  # Passes request
   module InterceptUtils
     def intercept_request(handler, request)
       return if handler.nil?
+      preprocess(request, Ritm.conf.intercept.request)
       handler.call(request)
+      postprocess(request, Ritm.conf.intercept.request)
     end
     def intercept_response(handler, request, response)
       return if handler.nil?
-      # TODO: Disable the automated decoding from config
-      encoding = content_encoding(response)
-      decoded(encoding, response) do |decoded_response|
-        handler.call(request, decoded_response)
-      end
-      response.header.delete('content-length') if chunked?(response)
+      preprocess(response, Ritm.conf.intercept.response)
+      handler.call(request, response)
+      postprocess(response, Ritm.conf.intercept.response)
     end
     private
-    def chunked?(response)
-      response.header.fetch('transfer-encoding', '').casecmp 'chunked'
+    def preprocess(req_res, settings)
+      headers = header_obj(req_res)
+      decode(req_res) if settings.unpack_gzip_deflate
+      req_res.header.delete_if { |name, _v| strip?(name, settings.strip_headers) }
+      settings.add_headers.each { |name, value| headers[name] = value }
+      req_res.header.delete('transfer-encoding') if chunked?(headers)
+    end
+    def postprocess(req_res, settings)
+      header_obj(req_res)['content-length'] = (req_res.body || '').size.to_s if settings.update_content_length
+    end
+    def chunked?(headers)
+      headers['transfer-encoding'] && headers['transfer-encoding'].casecmp('chunked')
     end
-    def content_encoding(response)
-      case response.header.fetch('content-encoding', '').downcase
+    def content_encoding(req_res)
+      ce = header_obj(req_res)['content-encoding'] || ''
+      case ce.downcase
       when 'gzip', 'x-gzip'
         :gzip
       when 'deflate'
@@ -37,14 +47,34 @@ module Ritm
       end
     end
-    def decoded(encoding, res)
-      res.body = Encodings.decode(encoding, res.body)
-      _content_encoding = res.header.delete('content-encoding')
-      yield res
-      # TODO: should it be re-encoded?
-      # res.body = Encodings.encode(encoding, res.body)
-      # res.header['content-encoding'] = content_encoding
-      res.header['content-length'] = res.body.size.to_s
+    def header_obj(req_res)
+      case req_res
+      when WEBrick::HTTPRequest
+        req_res
+      when WEBrick::HTTPResponse
+        req_res.header
+      end
+    end
+    def decode(req_res)
+      encoding = content_encoding(req_res)
+      return if encoding == :identity
+      req_res.body = Encodings.decode(encoding, req_res.body)
+      _content_encoding = req_res.header.delete('content-encoding')
+      header_obj(req_res)['content-length'] = (req_res.body || '').size.to_s
+    end
+    def strip?(header, rules)
+      header = header.to_s.downcase
+      rules.each do |rule|
+        case rule
+        when String
+          return true if header == rule
+        when Regexp
+          return true if header =~ rule
+        end
+      end
+      false
     end
   end
 end

data/lib/ritm/main.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Ritm
   end
   def self.dispatcher
-    conf[:dispatcher]
+    @dispatcher ||= Dispatcher.new
   end
   def self.add_handler(handler)
@@ -35,36 +35,4 @@ module Ritm
   def self.on_response(&block)
     dispatcher.on_response(&block)
   end
-  # private class methods
-  def self.intercept?(request)
-    return false unless conf[:enabled]
-    url = request.url.to_s
-    whitelisted?(url) && !blacklisted?(url)
-  end
-  def self.whitelisted?(url)
-    conf[:attack_urls].empty? || url_matches_any?(url, conf[:attack_urls])
-  end
-  def self.blacklisted?(url)
-    url_matches_any? url, conf[:skip_urls]
-  end
-  def self.url_matches_any?(url, matchers)
-    matchers.each do |matcher|
-      case matcher
-      when Regexp
-        return true if url =~ matcher
-      when String
-        return true if url.include? matcher
-      else
-        raise 'URL matcher should be a String or Regexp'
-      end
-    end
-    false
-  end
-  private_class_method :intercept?, :whitelisted?, :blacklisted?, :url_matches_any?
 end

data/lib/ritm/proxy/cert_signing_https_server.rb CHANGED Viewed

@@ -41,8 +41,8 @@ module Ritm
       def context_with_cert(original_ctx, cert)
         ctx = original_ctx.dup
-        ctx.key = OpenSSL::PKey::RSA.new(cert.private_key)
-        ctx.cert = OpenSSL::X509::Certificate.new(cert.pem)
+        ctx.key = cert.private_key
+        ctx.cert = cert.x509
         ctx
       end
     end

data/lib/ritm/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # Ritm version
 module Ritm
-  VERSION = '0.0.1'.freeze
+  VERSION = '0.0.2'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ritm
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Sebastián Tello
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-05-30 00:00:00.000000000 Z
+date: 2016-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -94,6 +94,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.40'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement