saro-dat 4.0.0 → 4.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1981b6c7f0f207f6388f95f4cafaee56a44c49209b0961567f8f37dc3cb2187
-  data.tar.gz: 0e96927af41f3fb6c387a5ffceec5065f8ff6d2e723b8ed6dce41068e7c523fd
+  metadata.gz: 56415a92654a73befef882b2ca36674095155444492b8e8c8db99ebb4c3cd7cb
+  data.tar.gz: 670ad624aa1372b2d33f1bae79b877b462970ec20e4a40d1419dd12b3fceb27a
 SHA512:
-  metadata.gz: c4c8b7d3730883f2056841f0018ae4783223ffe417c35861a62ae56d6f0010a5b3d9687adbd6aeb7a87f358d9182af396df007313a493e0073681b4e4b474d72
-  data.tar.gz: 7af21459544e31f18c9edcae209fcb3181cdc40d6609e80b65ff8c4b002502c1687e7631e4ae2cd224d01a017447ee421a5ee754602e11d95f4616a792c06169
+  metadata.gz: '087cad97ce30b7d51e1e0ebed1c30749fd33c59e5cb7ccad1d197e21502f0d5e341fb713f937cd8315b0a56e5d94e1170a061d1967ce8778ec2e926ac7535b19'
+  data.tar.gz: a1c460e69d89564b6628d4b264d9f523133c350f0769caae6dff8b401822be8de59223889d9baf8cf7ed535acf15f1698852d60cc2e40da04a26dec4b587d7a4

data/.idea/saro-dat.iml

@@ -14,7 +14,8 @@
     <orderEntry type="library" scope="PROVIDED" name="base64 (v0.3.0, rbenv: 4.0.5) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="benchmark (v0.5.0, rbenv: 4.0.5) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="bundler (v4.0.12, rbenv: 4.0.5) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="concurrent-ruby (v1.3.6, rbenv: 4.0.5) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="concurrent-ruby (v1.3.7, rbenv: 4.0.5) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="logger (v1.7.0, rbenv: 4.0.5) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="minitest (v5.27.0, rbenv: 4.0.5) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="openssl (v4.0.2, rbenv: 4.0.5) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="parallel (v2.1.0, rbenv: 4.0.5) [gem]" level="application" />

data/PUBLISH.md

@@ -9,7 +9,7 @@ bundle install
 ```
 gem build saro-dat.gemspec
 gem signin
-gem push saro-dat-4.0.0.gem
+gem push saro-dat-4.3.0.gem
 ```
 
 ## install

data/README.md

@@ -4,9 +4,9 @@
 
 ### [DAT Run Online](https://dat.saro.me)
 
-### [What is DAT](https://dat.saro.me/--/intro)
+### [What is DAT](https://dat.saro.me/intro)
 
-### [Example](https://dat.saro.me/--/libs/gems-saro-dat)
+### [Example](https://dat.saro.me/libs/gems-saro-dat)
 
 ## Support algorithm
 ### Signature

data/lib/saro/dat/dat_certificate.rb

@@ -7,33 +7,33 @@ require_relative 'util'
 module Saro
   module Dat
     class DatCertificate
-      attr_reader :cid, :signature_key, :crypto_key, :dat_issue_begin, :dat_issue_end, :dat_ttl
+      attr_reader :cid, :signature_key, :crypto_key, :dat_issuance_start_seconds, :dat_issuance_end_seconds, :dat_ttl_seconds
 
-      def initialize(cid, issued_at, issuance_duration, dat_ttl, signature_key, crypto_key)
+      def initialize(cid, dat_issuance_start_seconds, dat_issuance_duration_seconds, dat_ttl_seconds, signature_key, crypto_key)
         @cid = cid
-        @dat_issue_begin = issued_at
-        @dat_issue_end = issued_at + issuance_duration
-        @dat_ttl = dat_ttl
+        @dat_issuance_start_seconds = dat_issuance_start_seconds
+        @dat_issuance_end_seconds = dat_issuance_start_seconds + dat_issuance_duration_seconds
+        @dat_ttl_seconds = dat_ttl_seconds
         @signature_key = signature_key
         @crypto_key = crypto_key
       end
 
       def exports(verify_only = false)
         cid_hex = @cid.to_s(16)
-        issued_at = @dat_issue_begin.to_s
-        issuance_duration = (@dat_issue_end - @dat_issue_begin).to_s
-        ttl = @dat_ttl.to_s
-        sig_alg = @signature_key.algorithm
-        cry_alg = @crypto_key.algorithm
-        sig_key = @signature_key.exports(verify_only)
-        cry_key = @crypto_key.exports
+        dat_issuance_start_seconds = @dat_issuance_start_seconds.to_s
+        dat_issuance_duration_seconds = (@dat_issuance_end_seconds - @dat_issuance_start_seconds).to_s
+        dat_ttl_seconds = @dat_ttl_seconds.to_s
+        signature_algorithm = @signature_key.algorithm
+        crypto_algorithm = @crypto_key.algorithm
+        signature_key = @signature_key.exports(verify_only)
+        crypto_key = @crypto_key.exports
 
-        "#{cid_hex}.#{issued_at}.#{issuance_duration}.#{ttl}.#{sig_alg}.#{cry_alg}.#{sig_key}.#{cry_key}"
+        "#{cid_hex}.#{dat_issuance_start_seconds}.#{dat_issuance_duration_seconds}.#{dat_ttl_seconds}.#{signature_algorithm}.#{crypto_algorithm}.#{signature_key}.#{crypto_key}"
       end
 
-      def self.generate(cid, issued_at, issuance_duration, dat_ttl, signature_algorithm, crypto_algorithm)
+      def self.generate(cid, dat_issuance_start_seconds, dat_issuance_duration_seconds, dat_ttl_seconds, signature_algorithm, crypto_algorithm)
         new(
-          cid, issued_at, issuance_duration, dat_ttl,
+          cid, dat_issuance_start_seconds, dat_issuance_duration_seconds, dat_ttl_seconds,
           Saro::Dat::DatSignature.generate(signature_algorithm),
           Saro::Dat::DatCrypto.generate(crypto_algorithm)
         )
@@ -44,24 +44,24 @@ module Saro
         raise ArgumentError, "Invalid Certificate format" if parts.length != 8
 
         cid = parts[0].to_i(16)
-        issued_at = parts[1].to_i
-        issuance_duration = parts[2].to_i
-        ttl = parts[3].to_i
-        sig_algo = parts[4]
-        cry_algo = parts[5]
-        signature_key = Saro::Dat::DatSignature.imports(sig_algo, parts[6])
-        crypto_key = Saro::Dat::DatCrypto.imports(cry_algo, parts[7])
+        dat_issuance_start_seconds = parts[1].to_i
+        dat_issuance_duration_seconds = parts[2].to_i
+        dat_ttl_seconds = parts[3].to_i
+        signature_algorithm = parts[4]
+        crypto_algorithm = parts[5]
+        signature_key = Saro::Dat::DatSignature.imports(signature_algorithm, parts[6])
+        crypto_key = Saro::Dat::DatCrypto.imports(crypto_algorithm, parts[7])
 
-        new(cid, issued_at, issuance_duration, ttl, signature_key, crypto_key)
+        new(cid, dat_issuance_start_seconds, dat_issuance_duration_seconds, dat_ttl_seconds, signature_key, crypto_key)
       end
 
       def issuable
         now = Time.now.to_i
-        signable && @dat_issue_begin <= now && now <= @dat_issue_end
+        signable && @dat_issuance_start_seconds <= now && now <= @dat_issuance_end_seconds
       end
 
       def expired
-        Time.now.to_i > (@dat_issue_end + @dat_ttl)
+        Time.now.to_i > (@dat_issuance_end_seconds + @dat_ttl_seconds)
       end
 
       def signable
@@ -72,6 +72,10 @@ module Saro
         @signature_key.pair
       end
 
+      def support_verify_only
+        @signature_key.support_verify_only
+      end
+
       # For Ruby conventions
       alias_method :issuable?, :issuable
       alias_method :expired?, :expired

data/lib/saro/dat/dat_cms_manager.rb

@@ -0,0 +1,187 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'uri'
+require 'logger'
+require 'thread'
+require_relative 'dat_manager'
+require_relative 'dat'
+
+module Saro
+  module Dat
+    class DatCmsManager
+      DAT_CMS_API_VERSION = "v1"
+
+      def initialize(uri:, token:, interval_seconds: 60, verify_only: false, dat_manager: nil)
+        @uri = uri
+        @token = token
+        @interval_seconds = interval_seconds
+        @verify_only = verify_only
+        @manager = dat_manager || DatManager.new
+        @version = 0
+        @lock = Mutex.new
+        @stopped = false
+        @logger = Logger.new($stdout)
+        @logger.level = Logger::DEBUG
+
+        sync
+
+        if @interval_seconds > 0
+          schedule_sync
+        end
+      end
+
+      def stop
+        @lock.synchronize do
+          @stopped = true
+          @thread&.kill # 혹은 다른 방식으로 스레드 중지
+        end
+      end
+
+      def sync
+        # non-blocking lock
+        unless @lock.try_lock
+          @logger.warn("Last request ignored (Duplicate request)")
+          return
+        end
+
+        begin
+          url = URI("#{@uri}?version=#{@version}")
+          request = Net::HTTP::Get.new(url)
+          request["Authorization"] = @token
+
+          response = Net::HTTP.start(url.host, url.port, use_ssl: url.scheme == 'https', open_timeout: 10, read_timeout: 10) do |http|
+            http.request(request)
+          end
+
+          if response.code != "200"
+            @logger.error("Response status error, status:#{response.code} in #{url}")
+            return
+          end
+
+          body = response.body
+          if body.nil? || body.empty?
+            @logger.debug("No new certificate: #{url}")
+            return
+          end
+
+          lines = body.split("\n", 2)
+          if lines.length < 2
+            if body.start_with?("\n")
+              @logger.error("Invalid response: #{url}")
+              return
+            end
+            @logger.debug("No new certificate: #{url}")
+            return
+          end
+
+          new_version_str = lines[0].strip
+          new_certificates = lines[1].strip
+
+          if new_version_str.empty?
+            @logger.error("Invalid version in response: #{url}")
+            return
+          end
+
+          begin
+            new_version = Integer(new_version_str)
+            renew_count = @manager.imports(new_certificates, clear: false)
+            @version = new_version
+            @logger.debug("Renewed #{renew_count} certificates for version #{new_version}: #{url}")
+          rescue ArgumentError => e
+            @logger.error("Failed to parse version or certificates: #{e.message}")
+          end
+
+        rescue StandardError => e
+          @logger.error("[Exception] DAT CMS Sync #{@uri}: #{e.message}")
+        ensure
+          @lock.unlock
+        end
+      end
+
+      def get_manager
+        @manager
+      end
+
+      def issue(plain, secure)
+        @manager.issue(plain, secure)
+      end
+
+      def parse(dat)
+        @manager.parse(dat)
+      end
+
+      def self.builder
+        DatCmsManagerBuilder.new
+      end
+
+      private
+
+      def schedule_sync
+        @thread = Thread.new do
+          loop do
+            sleep(@interval_seconds)
+            break if @stopped
+            run_sync_task
+          end
+        end
+      end
+
+      def run_sync_task
+        sync
+      rescue StandardError => e
+        @logger.error("Error in sync task: #{e.message}")
+      end
+    end
+
+    class DatCmsManagerBuilder
+      def initialize
+        @uri = "http://localhost:8088"
+        @token = ""
+        @verify_only = false
+        @interval_seconds = 60
+      end
+
+      def uri(uri)
+        @uri = uri.delete_suffix('/')
+        self
+      end
+
+      def token(token)
+        @token = token
+        self
+      end
+
+      def verify_only(verify_only)
+        @verify_only = verify_only
+        self
+      end
+
+      def interval_seconds(interval_seconds)
+        @interval_seconds = interval_seconds
+        self
+      end
+
+      def build
+        parsed = URI.parse(@uri)
+        
+        if parsed.path && parsed.path != '' && parsed.path != '/'
+          raise ArgumentError, "uri must be path-less: #{@uri}"
+        end
+        if parsed.query
+          raise ArgumentError, "uri must be query-less: #{@uri}"
+        end
+
+        path = @verify_only ? "/v1/certs/verify-only" : "/v1/certs"
+        final_uri = "#{parsed.scheme}://#{parsed.host}:#{parsed.port}#{path}"
+
+        DatCmsManager.new(
+          uri: final_uri,
+          token: @token,
+          interval_seconds: @interval_seconds,
+          verify_only: @verify_only
+        )
+      end
+    end
+  end
+end

data/lib/saro/dat/dat_manager.rb

@@ -17,9 +17,10 @@ module Saro
       end
 
       def import_certificates(input_certs, clear: false)
+        renew_count = 0
         @lock.with_write_lock do
           certificates = clear ? [] : @certificates.dup
-          
+
           before_cids = Set.new(certificates.map(&:cid))
           seen_cids = Set.new
 
@@ -30,9 +31,10 @@ module Saro
             next if before_cids.include?(cert.cid)
             
             certificates << cert
+            renew_count += 1
           end
 
-          certificates.sort_by!(&:dat_issue_end)
+          certificates.sort_by!(&:dat_issuance_end_seconds)
           
           # Find latest issuable certificate as issuer
           issuer = certificates.reverse_each.find(&:issuable)
@@ -40,6 +42,7 @@ module Saro
           @issuer = issuer
           @certificates = certificates
         end
+        renew_count
       end
 
       def imports(format_str, clear: false)
@@ -82,7 +85,7 @@ module Saro
 
       def self._issue(cert, plain, secure)
         now = Time.now.to_i
-        expire = now + cert.dat_ttl
+        expire = now + cert.dat_ttl_seconds
         cid_hex = cert.cid.to_s(16)
 
         plain_bytes = plain.is_a?(String) ? plain.encode('utf-8') : (plain || "".b)

data/lib/saro/dat/signature.rb

@@ -114,6 +114,10 @@ module Saro
       end
 
       def exports(verify_only = false)
+        if verify_only && !support_verify_only
+          raise ArgumentError, "#{config[:name]} does not supported verifying only key"
+        end
+
         if @config[:name] == "HMAC"
           Saro::Dat::Util.encode_base64_url_str(@verifying_key)
         else
@@ -182,6 +186,10 @@ module Saro
         @config[:name] == "ECDSA"
       end
 
+      def support_verify_only
+        @config[:name] == "ECDSA"
+      end
+
       private
 
       def der_to_raw_signature(signature_der)

data/lib/saro-dat.rb

@@ -6,6 +6,7 @@ require_relative 'saro/dat/signature'
 require_relative 'saro/dat/dat_certificate'
 require_relative 'saro/dat/dat'
 require_relative 'saro/dat/dat_manager'
+require_relative 'saro/dat/dat_cms_manager'
 
 module Saro
   module Dat

data/saro-dat.gemspec

@@ -2,13 +2,13 @@
 
 Gem::Specification.new do |spec|
   spec.name          = "saro-dat"
-  spec.version       = "4.0.0"
+  spec.version       = "4.3.1"
   spec.authors       = ["marker"]
   spec.email         = ["j@saro.me"]
 
   spec.summary       = "DAT (Data Access Token) Ruby implementation"
   spec.description   = "Ported from Python dat library"
-  spec.homepage      = "https://dat.saro.me/--/libs/gems-saro-dat"
+  spec.homepage      = "https://dat.saro.me/libs/gems-saro-dat"
   spec.license       = "MIT"
   spec.required_ruby_version = ">= 2.7.0"
 
@@ -30,6 +30,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "concurrent-ruby", "~> 1.3.6"
   spec.add_dependency "openssl", "~> 4.0.2"
   spec.add_dependency "base64"
+  spec.add_dependency "logger"
 
   spec.add_development_dependency "minitest", "~> 5.0"
   spec.add_development_dependency "benchmark"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: saro-dat
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.3.1
 platform: ruby
 authors:
 - marker
@@ -51,6 +51,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -113,15 +127,16 @@ files:
 - lib/saro/dat/crypto.rb
 - lib/saro/dat/dat.rb
 - lib/saro/dat/dat_certificate.rb
+- lib/saro/dat/dat_cms_manager.rb
 - lib/saro/dat/dat_manager.rb
 - lib/saro/dat/signature.rb
 - lib/saro/dat/util.rb
 - saro-dat.gemspec
-homepage: https://dat.saro.me/--/libs/gems-saro-dat
+homepage: https://dat.saro.me/libs/gems-saro-dat
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://dat.saro.me/--/libs/gems-saro-dat
+  homepage_uri: https://dat.saro.me/libs/gems-saro-dat
   source_code_uri: https://github.com/saro-lab/dat-ruby
   changelog_uri: https://github.com/saro-lab/dat-ruby/blob/main/CHANGELOG.md
   keywords: dat, distributed, access, token, web, session, security, authentication