rubyment 0.6.25503334 → 0.6.25504825

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1d2807035baddb1234c0afa87f542e51ba5f296d
-  data.tar.gz: 4c07bbab0d4c586d9969d7976b79fea603cc94f5
+  metadata.gz: 8440fa12588f22767c0266b4216f301dc4061965
+  data.tar.gz: 9457f3e57be36f1cc9a60ba1f394f5b3c2ca4269
 SHA512:
-  metadata.gz: fa5fa82d9a68feae96c61808c7ee43ed91ab9f5718ffd8bb11621be9f7cb14fe7a0622ee30f7df8331298c5bb3856df379e601514dce8c564e839221edae6a50
-  data.tar.gz: e9f1a8161d423e43e9238bc2c6b24d6a8439498cbf0e807724402a975cdfe665656566ec42808a7935179173c008fe271298d1c492cec63999dd1b4ee2378dfb
+  metadata.gz: 9919b5731a08a1260fde09610f10ca4c6bf426d593b6fd9ae2bf59cb6149277db755dc3b07460867d1da32ad4ffb0b78167bc99fce8a9547753286859b240c15
+  data.tar.gz: 6d27e4dda449257ad792738fb00f3d4a440e3f3000a66f059022bf29ccfbf3982ce01392e27ad9339f06ebf45ae6941277fb28dc9562e18e74818620b424aa82

data/lib/rubyment.rb

@@ -206,6 +206,9 @@ class Rubyment
   # or not, and to be printed or not.
   # it is an interface for the run*
   # methods above
+  # in this right moment it is not
+  # yet possible to return the exception
+  # without printing (planned improvement)
   # @param [splat] +args+, an splat whose elements are expected to be +blea_args+ and +blocks_args+:
   # +blea_args+:: [Array] args to be used internally, which are expected to be:
   # +exception_admitted+:: [Boolean]
@@ -2520,9 +2523,9 @@ require '#{gem_name}'
   # +ip_addr+:: [String, nil] ip (no hostname) to bind the server. 0, nil, false, empty string will bind to all addresses possible.  0.0.0.0 => binds to all ipv4 . ::0 to all ipv4 and ipv6
   # +admit_plain+:: [Boolean] if +true+, tries to create a normal +TCPServer+, if not possible to create +SSLServer+ (default: +false+, for preventing unadvertnt non-SSL server creation)
   # +debug+:: [Object] for future use
-  # +priv_pemfile+:: [String] argument to be given to +OpenSSL::SSL::SSLContext.key+ method, after calling +OpenSSL::PKey::RSA.new+ with it. It's the private key file. letsencrypt example: +"/etc/letsencrypt/live/#{domain}/privkey.pem"+
-  # +cert_pem_file+:: [String] argument to be given to +OpenSSL::SSL::SSLContext.cert+ method, after calling +OpenSSL::X509::Certificate+.  It's the "Context certificate" accordingly to its ruby-doc page. letsencrypt example: +"/etc/letsencrypt/live/scatologies.com/fullchain.pem"+
-  # +extra_cert_pem_files+:: [Array] array of strings. Each string will be mapped with +OpenSSL::SSL::SSLContext.new+, and the resulting array is given to +OpenSSL::SSL::SSLContext.extra_chain_cert+. "An Array of extra X509 certificates to be added to the certificate chain" accordingly to its ruby-doc. letsencryptexample: +["/etc/letsencrypt/live/#{domain}/chain.pem"]+
+  # +priv_pemfile+:: [String] argument to be given to +OpenSSL::SSL::SSLContext.key+ method, after calling +OpenSSL::PKey::RSA.new+ with it. It's the private key file. letsencrypt example: +"/etc/letsencrypt/live/#{domain}/privkey.pem"+ (now it's accepted to pass the file contents instead, both must work).
+  # +cert_pem_file+:: [String] argument to be given to +OpenSSL::SSL::SSLContext.cert+ method, after calling +OpenSSL::X509::Certificate+.  It's the "Context certificate" accordingly to its ruby-doc page. letsencrypt example: +"/etc/letsencrypt/live/scatologies.com/fullchain.pem"+ (now it's accepted to pass the file contents instead, both must work).
+  # +extra_cert_pem_files+:: [Array] array of strings. Each string will be mapped with +OpenSSL::SSL::SSLContext.new+, and the resulting array is given to +OpenSSL::SSL::SSLContext.extra_chain_cert+. "An Array of extra X509 certificates to be added to the certificate chain" accordingly to its ruby-doc. letsencryptexample: +["/etc/letsencrypt/live/#{domain}/chain.pem"]+ (now it's accepted to pass the file contents instead, both must work).
   # +output_exception+:: [Bool] output exceptions even if they are admitted?
   #
   # @return [OpenSSL::SSL::SSLServer] returns an ssl server, which can be used to accept connections.
@@ -2544,6 +2547,18 @@ require '#{gem_name}'
       output_exception.nne || admit_plain.negate_me
     )
     debug && (stderr.puts "#{__method__} starting")
+    # openssl functions want contents, not filenames:
+    extra_cert_pem_files =  extra_cert_pem_files
+      .map! { |extra_cert_pem_file|
+        file_read [
+	  extra_cert_pem_file,
+	  nil,
+	  nil,
+	  extra_cert_pem_file
+	]
+      }
+    cert_pem_file = file_read [cert_pem_file, nil, nil, cert_pem_file]
+    priv_pemfile  = file_read [priv_pemfile, nil, nil, priv_pemfile]
     
     require 'socket'
     plain_server = TCPServer.new ip_addr, listening_port
@@ -2551,13 +2566,13 @@ require '#{gem_name}'
       require 'openssl'
       ssl_context = OpenSSL::SSL::SSLContext.new
       ssl_context.extra_chain_cert =
+	# TODO: extra_cert_pem_files could also accept strings instead
         extra_cert_pem_files
-          .map(&File.method(:read))
           .map(&OpenSSL::X509::Certificate.method(:new))
       ssl_context.cert = OpenSSL::X509::Certificate
-        .new File.read cert_pem_file
+        .new cert_pem_file
       ssl_context.key = OpenSSL::PKey::RSA
-        .new File.read priv_pemfile
+        .new priv_pemfile
       ssl_server = OpenSSL::SSL::SSLServer
         .new plain_server, ssl_context
       ssl_server
@@ -2735,6 +2750,13 @@ require '#{gem_name}'
   end
 
 
+  # generates a hash string based on current time
+  # @return [String] +Time.now.hash.abs.to_s+
+  def time_now_hash *args
+    Time.now.hash.abs.to_s
+  end
+
+
   # returns a sample self signed certificate-private key pair
   # that once was created with the command (no password, no
   # expire date):
@@ -2782,6 +2804,61 @@ n8mFEtUKobsK
   end
 
 
+  # has the same functionality as
+  # #ssl_sample_self_signed_cert.
+  # this one is left as an example on how
+  # safely place a certificate/private key
+  # pair inside this code, instead of leaving
+  # it in plain or somewhere in your filesystem.
+  # @param [splat] +args+::, an splat whose elements are expected to be:
+  # +reserved+:: [splat] reserved for future use
+  # @return [Array] where the first element is a certificate (suitable to be the contents of +cert_pem_file+  in #ssl_make_server) and the second a private key (suitable to be the contents of +priv_pemfile+ in #ssl_make_server)
+  def ssl_sample_self_signed_cert_encrypted *args
+    password = "onlyNSAknows"
+    # generated with:
+    # test__enc_dec_interactive [
+    #   ssl_sample_self_signed_cert[0],
+    #   password,
+    # ]:
+     self_signed_certificate = dec_interactive [
+      "owdfr76MvIhPb05PLsPiTw==\n",
+      "R1QSJSUmfXVB4ET2r5C2MN3MZC75V9Pi7nWl8+lTZ363IJOYK4/DJkKL0Y58\nMo8fp1mvoq0fjhCSdHqld6IMWxFXW3kzXGyuVScfbRbvYV83AAhmq+HTscUE\nYJLsfnUqTzGKN/AB/Kr1x3kIsZsb9oNSQMk3dFHV89AM9Z1d30ZMgtW8mn/c\nTHmxsLaFgKvg8bT9t+ERBr85bmJuphkDBlAc4hP2KS/xTFeKB1QL/lJ/oF9j\ncUmb5uWdmZ0REzLyYu9F1MfHv0lwENi+oJYW50lo7DUTYHnyKxYRo+rlUsDF\n0nyS4wcPQVxvY1vDrC34pFdMtcXLQTzzbAiyJx73fT7WfY40MNNKRZfz/zlG\nl/d4ILNlW43/fVnOwg4yZ1tGT1PovrDs1c8Mxu7zm0QCT7+Dp+nN0zes5K8A\n2aYIsR7Nvm+3OeKrRf2JXHv8J/10NEcPfuYocmitlzrr6yM3+4xMXM94Zt/7\n4+vONht+xOhOxUmJufC4HNOmqszX1480dL96qfhc9zXlvxpbD4DGkgU0AR17\nt1C6XNqI0jQxxDMQa0jn0HsX5C9dmtqunLIz8ZkgfSNJbsOtVYVS11YuXk+k\nbEdVimP6DT1x0KZ+UxpxOFJcuvtM6eBe3aMWRjlIf/xjobJ2GP9OlDq1hPJe\n+zz1lhUxobFZiqSIrVbYz8u6ZuvVSEa8NfQJ+GpE1poExzBAsM5RjSMWK0Yr\nLnasLNQwJkYoDlmZBNOX30pCaZPmLl9xLaJphIeHOcmNL0e209hST4H5s1oZ\np/k+sk/jgqtc6jVBeMVwSEDHLl4F4hiNHqeqW72bim7XlkbVjaZ8Q66hUCK/\nKBlJ9YH4QCm3zN4ZQtoTOwu7G8+GeO46ahShzE9+6uoj8DCN31zcbDA5sKgJ\nc6SkA1KG83cDq2rP9zKAMn8V1O/NMnV/09gqPiowl/60CVuepkpNmVehhBVi\noamQ5r1g2l/PaUr7hmwygLBjnMHYD2eu5M0gMLYtZxCQSiXTxryp8Xd7vBzs\n0oWO2km/RjVedhxIBMGxcL2O17lWvumcr8AQYOuuiciPqNj0p/KxDYUHvIqx\nW3vPHknUzug5gSwfYZF7t5HCAc8dyRyC/b5M7Mvl9OsWdRPpcv25Dr+x/i/r\nrRMyvBLd8cujRh532fuyDZVL8NwPqwkKoBSU/+hkSOfW6WEdwYWp8xHDFmrQ\nD/YTNSSVPhGNSxR4I/niEksgH43zp5MdowcVuVsIxQBI/ExGcloRJ3hVa1I=\n",
+      "IxDTD59cryQjCnFpYQTudw==\n",
+      "MjAwMDA=\n",
+      password,
+    ]
+    # generated with:
+    # test__enc_dec_interactive [
+    #   ssl_sample_self_signed_cert[1],
+    #   "onlyNSAknows",
+    # ]
+    private_key = dec_interactive [
+      "mxoZrTsIelpVmTAdSMQJaw==\n",
+      "ebsMBtAoESJAOrmffbRsNdjv3FUqyTetrKlw6WGCNLre8uChpt38ZRmi1XAr\nab2PxiNyz7OJ8PWwCnd/TjIOhvid3Zt7LbqUpR2ixRmVf/mEFoWrdwdXnOMz\nzQErlSok1dY2cAvGqBihP26yC9N4IGJU5Jrt4wivahnnvWZoC1gvsEZVPC+Q\nxLF69gu8fn4gUgFvzpjuhgcCXk6QyhW916pZxJrtwBRMEQWu9dGEcRqSPqNt\nLfw6cXyGHDNV1320Je2BRjzMrhIfiwkv88oWEjnHcbOzboxhGdvYG8oYNMgQ\nf9qouABXlQyOEnBIFfl2lKoJaizERs1ShsdNCAcyZZPgNdxWNawdcF3AawYh\nqlX+uOlxCsWQLV3AaSDPy9mDthF3IuMLLe/BlY3gkGLCvD4szZIsQhk6047+\n9euOuJxxu8X3r8TZDHQK9esm5O6YeNFIlGko6PXA2OwcdUWO9Umwr7Lu8Mgk\n/yldW0G/6dMZ6qKSSSLTvEnzZChz91GabcntxT2TrOR2b1zHJhfOUUxcHxWe\nkuqZZ6GmGFIPju22cCsstXDZ0Q1J19VnGBsrySR0AHDxS3sLgeihf8SjP1bn\n3B1nRR+1gHyKPthKiuzibJj+j6xcIgYBynyaNIeT0Wfcf7WXyBTZ+Idd7Z+R\nkiy9jnZPqCIEE5aebuVvAUXksPE2OvEgsCIiLSEylXXrHEdcEnfra7wvo0qb\n1G/vRNlOIYJiOsKLOqcg6KZVJ+QHHYPrir33g4N02Q64WEw4/eIzR5o4MV9c\n7tho/VLQBE1T3z8HPlhe8XOXvVIDJ/cDVJhTre6KbKBsA+Ow47Z1uNXAchAO\n2bwl1sN1iH+SNBsEjRiXpjbrk95I/H66+LZoz85kRBcoQIhfXU97qbskBUwX\nK//3HdYluo/xx5QSVNqQUzybQnRdNV7gy6xNIgpot9ZtPB2K00HulWW1dnRQ\nBMCWb5h3eUob826icleZ/bEFfcfY8FjNTh9zhyWra3wJOTGS4zhmnlfhBRFZ\njRUcKGX/zgfIrCKXum+2m7Cku3bez+mKpEMRWIBPweGzjq3DSdtY+qlKOgeV\nBxOOh0QoMw1kzRfqF0D0Nqn785lvcXjH28v1efHf6SgFrOXjFNl0ihXXxhMG\nivsoIGIblspGIddR6wbarq1L8xMBTCAorNo0OrWPYACz4ek2CmQUuLhwiNx/\nWsFmaElfdtNL/WM06D5zehAYnCfg02zVr4bIgrHkFaq+jsI+u7/3GhtAmnAC\nkUT9CQvGNXwki3jIHOJQL1X8vLA2T25lg9I7wU4EXA==\n",
+      "IBBcvvM2/h7bW+tBcBbXeQ==\n",
+      "MjAwMDA=\n",
+      password,
+      ]
+    [self_signed_certificate, private_key]
+  end
+
+
+  # test for ssl_sample_self_signed_cert_encrypted
+  def test_enc_dec_interactive__ssl_sample_self_signed_cert args=ARGV
+    expectation = {
+      :self_signed_certificate => ssl_sample_self_signed_cert[0],
+      :private_key => ssl_sample_self_signed_cert[1],
+    }
+    actual = {
+      :self_signed_certificate => ssl_sample_self_signed_cert_encrypted[0],
+      :private_key => ssl_sample_self_signed_cert_encrypted[1],
+    }
+    judgement = actual.keys.map {|test_case|
+      [expectation[test_case], actual[test_case] , test_case]
+    }.map(&method("expect_equal")).all?
+  end
+
+
   # test for tcp_ssl_server (call #io_transform with
   # a function that processes an http request and returns
   # an http_response, by default #http_OK_response)
@@ -2794,7 +2871,7 @@ n8mFEtUKobsK
   #  +openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout pkey.pem -out cert.crt+
   # but if the files don't exist, they will be created
   # with a sample self signed certificate.
-  def test__tcp_ssl_server__ssl_self_signed args = ARGV
+  def test__tcp_ssl_server__io_transform args = ARGV
    http_processing_method,
      http_processing_method_args,
      http_server_port,
@@ -2802,17 +2879,17 @@ n8mFEtUKobsK
      priv_pemfile,
      cert_pem_file,
      extra_cert_pem_files,
+     ssl_cert_pkey_chain_method,
      reserved = args
    http_processing_method ||= http_processing_method.nne :http_OK_response
    http_processing_method_args ||= http_processing_method_args.nne []
    http_server_port ||= http_server_port.nne  8003
    http_ip_addr ||= http_ip_addr.nne "0"
-   priv_pemfile ||=  priv_pemfile.nne "pkey.pem"
-   cert_pem_file ||= cert_pem_file.nne  "cert.crt"
-   cert_contents, pkey_contents = ssl_sample_self_signed_cert
-   file_read_or_write cert_pem_file, cert_contents
-   file_read_or_write priv_pemfile, pkey_contents
-   extra_cert_pem_files ||=  extra_cert_pem_files.nne 
+   ssl_cert_pkey_chain_method ||=
+     ssl_cert_pkey_chain_method.nne :ssl_sample_self_signed_cert_encrypted
+   priv_pemfile  ||=   priv_pemfile.nne (send ssl_cert_pkey_chain_method)[1]
+   cert_pem_file ||=  cert_pem_file.nne (send ssl_cert_pkey_chain_method)[0]
+   extra_cert_pem_files ||=  extra_cert_pem_files.nne (send ssl_cert_pkey_chain_method)[2]
    thread =  tcp_ssl_server [
      http_server_port,
      http_ip_addr,
@@ -2835,6 +2912,89 @@ n8mFEtUKobsK
   end
 
 
+  # tests #file_read_or_write and #file_read
+  # specially its +return_on_rescue+ parameter.
+  # attention that files given by parameter
+  # will be mercilessly overwritten.
+  # writes the contents returned by 
+  # #ssl_sample_self_signed_cert
+  # to 2 files. then reads then.
+  # after it tries to give the contents of
+  # those files instead of the filenames.
+  # the idea behind is that, no matter if
+  # contents or filename were given, it
+  # should always return the contents of
+  # the file.
+  def test__file_read__return_on_rescue args=ARGV
+    priv_pemfile, cert_pem_file = args
+    priv_pemfile  ||=  priv_pemfile.nne "/tmp/pkey.pem"
+    cert_pem_file ||= cert_pem_file.nne "/tmp/cert.crt"
+    runef { 
+     File.delete priv_pemfile
+     File.delete cert_pem_file
+    }
+    cert_contents, pkey_contents = ssl_sample_self_signed_cert
+    # asserting that file_read_or_write is correct
+    read_or_write_cert_contents = file_read_or_write cert_pem_file, cert_contents
+    read_or_write_pkey_contents = file_read_or_write priv_pemfile,  pkey_contents
+    file_dot_read_cert_contents = File.read cert_pem_file
+    file_dot_read_pkey_contents = File.read priv_pemfile
+    # files exist case (will return the contents of 1st parameter filename):
+    existing_cert_contents = file_read [cert_pem_file, nil, nil, cert_pem_file]
+    existing_pkey_contents = file_read [priv_pemfile,  nil, nil, priv_pemfile ]
+    # files don't exist case (will return the 4th parameter):
+    rescue_cert_contents = file_read [cert_contents, nil, nil, cert_contents]
+    rescue_pkey_contents = file_read [pkey_contents, nil, nil, pkey_contents]
+    judgement =
+      [
+        [read_or_write_cert_contents, cert_contents, "read_or_write_cert_contents"],
+        [read_or_write_pkey_contents, pkey_contents, "read_or_write_pkey_contents"],
+        [file_dot_read_cert_contents, cert_contents, "file_dot_read_cert_contents"],
+        [file_dot_read_pkey_contents, pkey_contents, "file_dot_read_pkey_contents"],
+        [existing_cert_contents, cert_contents, "existing_cert_contents"],
+        [existing_pkey_contents, pkey_contents, "existing_pkey_contents"],
+        [rescue_cert_contents,   cert_contents, "rescue_cert_contents"],
+        [rescue_pkey_contents,   pkey_contents, "rescue_pkey_contents"],
+      ].map(&method("expect_equal")).all?
+  end
+
+
+  # test for tcp_ssl_server (call #io_transform with
+  # a function that processes an http request and returns
+  # an http_response, by default #http_OK_response)
+  # just like #test__tcp_ssl_server__non_ssl,
+  # calling directly #tcp_ssl_server, but making
+  # mandatory the server to be ssl one.
+  # requires, by default that the certificate and its
+  #  private key are found in the current dir, which
+  #  can be achieved with:
+  #  +openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout pkey.pem -out cert.crt+
+  # but if the files don't exist, they will be created
+  # with a sample self signed certificate.
+  def test__tcp_ssl_server__ssl_self_signed args = ARGV
+   http_processing_method,
+     http_processing_method_args,
+     http_server_port,
+     http_ip_addr,
+     priv_pemfile,
+     cert_pem_file,
+     extra_cert_pem_files,
+     reserved = args
+   ssl_cert_pkey_chain_method = :ssl_sample_self_signed_cert_encrypted
+   test__tcp_ssl_server__io_transform [
+   http_processing_method,
+     http_processing_method_args,
+     http_server_port,
+     http_ip_addr,
+     priv_pemfile,
+     cert_pem_file,
+     extra_cert_pem_files,
+     ssl_cert_pkey_chain_method,
+   ]
+   true
+  end
+
+
   # test for Object::nne
   def test__object_nne args = ARGV
     string_neutral = ""

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubyment
 version: !ruby/object:Gem::Version
-  version: 0.6.25503334
+  version: 0.6.25504825
 platform: ruby
 authors:
 - Ribamar Santarosa