saro-dat 4.3.0 → 4.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1bc8964419d2aa39030dbec0e990d8a22d1fa29a8f8eec15235f69e70fa81054
4
- data.tar.gz: e2fb45d1bbb981ea6745fab4661db4f1db41063fe73bc147cd33276c60e4a0fa
3
+ metadata.gz: 0776a19c84f8d1791b89c6cc989077bda261fa7208444838f0486365e0af0287
4
+ data.tar.gz: 84d8a9286f34e501de1521184e3f6ddc12d05df401174d87e29ab20454cec604
5
5
  SHA512:
6
- metadata.gz: c306baa43850bc77ebd33a2c1717f1aaac63ca0c98b538da28cb8ca064e0ed475b0c2e866fee5b47700a49009c085621c5b21f1b989041028e0a481112092590
7
- data.tar.gz: c75ede02ecff59c9e18a85116247eb3bae95c594940f8fedec457434a8f9c9dc9690667d1be103cb4abf03b18c483997a9f0fe4b6adbbb3f3e19c644ad9e66e2
6
+ metadata.gz: b1b7592c0cfbc97a80aa987caa9dd4eff7294eb3c7105e10e69f057955ea854f27f8cf59b544316f3991fef2ce91634c889f6c91a9258d4a67f3a6310ad9d445
7
+ data.tar.gz: ae289f220cd1421f033811e2df11c2a4333e3af067a5dd53af56f0998f4bad0e984592d1f9447253827729a4b9b245439b0707cf872f99840e21c13bf320b589
data/PUBLISH.md CHANGED
@@ -9,7 +9,7 @@ bundle install
9
9
  ```
10
10
  gem build saro-dat.gemspec
11
11
  gem signin
12
- gem push saro-dat-4.3.0.gem
12
+ gem push saro-dat-4.3.2.gem
13
13
  ```
14
14
 
15
15
  ## install
@@ -7,11 +7,11 @@ require_relative 'util'
7
7
  module Saro
8
8
  module Dat
9
9
  class DatCryptoAlgorithm
10
- AES128GCMN = "IV-AES128-GCM"
11
- AES256GCMN = "IV-AES256-GCM"
10
+ IV_AES128_GCM = "IV-AES128-GCM"
11
+ IV_AES256_GCM = "IV-AES256-GCM"
12
12
 
13
13
  def self.all
14
- [AES128GCMN, AES256GCMN]
14
+ [IV_AES128_GCM, IV_AES256_GCM]
15
15
  end
16
16
  end
17
17
 
@@ -0,0 +1,192 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'net/http'
4
+ require 'uri'
5
+ require 'logger'
6
+ require 'thread'
7
+ require_relative 'dat_manager'
8
+ require_relative 'dat'
9
+
10
+ module Saro
11
+ module Dat
12
+ class DatCmsManager
13
+ DAT_CMS_API_VERSION = "v1"
14
+
15
+ def initialize(uri:, token:, interval_seconds: 60, verify_only: false, dat_manager: nil)
16
+ @uri = uri
17
+ @token = token
18
+ @interval_seconds = interval_seconds
19
+ @verify_only = verify_only
20
+ @manager = dat_manager || DatManager.new
21
+ @version = 0
22
+ @lock = Mutex.new
23
+ @stopped = false
24
+ @logger = Logger.new($stdout)
25
+ @logger.level = Logger::DEBUG
26
+
27
+ sync
28
+
29
+ if @interval_seconds > 0
30
+ schedule_sync
31
+ end
32
+ end
33
+
34
+ def stop
35
+ @lock.synchronize do
36
+ @stopped = true
37
+ @thread&.kill # 혹은 다른 방식으로 스레드 중지
38
+ end
39
+ end
40
+
41
+ def sync
42
+ # non-blocking lock
43
+ unless @lock.try_lock
44
+ @logger.warn("Last request ignored (Duplicate request)")
45
+ return
46
+ end
47
+
48
+ begin
49
+ url = URI("#{@uri}?version=#{@version}")
50
+ request = Net::HTTP::Get.new(url)
51
+ request["Authorization"] = @token
52
+
53
+ response = Net::HTTP.start(url.host, url.port, use_ssl: url.scheme == 'https', open_timeout: 10, read_timeout: 10) do |http|
54
+ http.request(request)
55
+ end
56
+
57
+ if response.code != "200"
58
+ @logger.error("Response status error, status:#{response.code} in #{url}")
59
+ return
60
+ end
61
+
62
+ body = response.body
63
+ if body.nil? || body.empty?
64
+ @logger.debug("No new certificate: #{url}")
65
+ return
66
+ end
67
+
68
+ lines = body.split("\n", 2)
69
+ if lines.length < 2
70
+ if body.start_with?("\n")
71
+ @logger.error("Invalid response: #{url}")
72
+ return
73
+ end
74
+ @logger.debug("No new certificate: #{url}")
75
+ return
76
+ end
77
+
78
+ new_version_str = lines[0].strip
79
+ new_certificates = lines[1].strip
80
+
81
+ if new_version_str.empty?
82
+ @logger.error("Invalid version in response: #{url}")
83
+ return
84
+ end
85
+
86
+ begin
87
+ new_version = Integer(new_version_str)
88
+ renew_count = @manager.imports(new_certificates, clear: false)
89
+ @version = new_version
90
+ @logger.debug("Renewed #{renew_count} certificates for version #{new_version}: #{url}")
91
+ rescue ArgumentError => e
92
+ @logger.error("Failed to parse version or certificates: #{e.message}")
93
+ end
94
+
95
+ rescue StandardError => e
96
+ @logger.error("[Exception] DAT CMS Sync #{@uri}: #{e.message}")
97
+ ensure
98
+ @lock.unlock
99
+ end
100
+ end
101
+
102
+ def get_manager
103
+ @manager
104
+ end
105
+
106
+ def issue(plain, secure)
107
+ @manager.issue(plain, secure)
108
+ end
109
+
110
+ def parse(dat)
111
+ @manager.parse(dat)
112
+ end
113
+
114
+ def self.builder
115
+ DatCmsManagerBuilder.new
116
+ end
117
+
118
+ private
119
+
120
+ def schedule_sync
121
+ @thread = Thread.new do
122
+ loop do
123
+ sleep(@interval_seconds)
124
+ break if @stopped
125
+ run_sync_task
126
+ end
127
+ end
128
+ end
129
+
130
+ def run_sync_task
131
+ sync
132
+ rescue StandardError => e
133
+ @logger.error("Error in sync task: #{e.message}")
134
+ end
135
+ end
136
+
137
+ class DatCmsManagerBuilder
138
+ def initialize
139
+ @uri = "http://localhost:8088"
140
+ @token = ""
141
+ @verify_only = false
142
+ @interval_seconds = 60
143
+ end
144
+
145
+ def uri(uri)
146
+ @uri = uri.delete_suffix('/')
147
+ self
148
+ end
149
+
150
+ def token(token)
151
+ @token = token
152
+ self
153
+ end
154
+
155
+ def verify_only(verify_only)
156
+ @verify_only = verify_only
157
+ self
158
+ end
159
+
160
+ def interval_seconds(interval_seconds)
161
+ @interval_seconds = interval_seconds
162
+ self
163
+ end
164
+
165
+ def interval_off
166
+ @interval_seconds = 0
167
+ self
168
+ end
169
+
170
+ def build
171
+ parsed = URI.parse(@uri)
172
+
173
+ if parsed.path && parsed.path != '' && parsed.path != '/'
174
+ raise ArgumentError, "uri must be path-less: #{@uri}"
175
+ end
176
+ if parsed.query
177
+ raise ArgumentError, "uri must be query-less: #{@uri}"
178
+ end
179
+
180
+ path = @verify_only ? "/v1/certs/verify-only" : "/v1/certs"
181
+ final_uri = "#{parsed.scheme}://#{parsed.host}:#{parsed.port}#{path}"
182
+
183
+ DatCmsManager.new(
184
+ uri: final_uri,
185
+ token: @token,
186
+ interval_seconds: @interval_seconds,
187
+ verify_only: @verify_only
188
+ )
189
+ end
190
+ end
191
+ end
192
+ end
@@ -9,12 +9,12 @@ module Saro
9
9
  HMAC_SHA256_MFS = "HMAC-SHA256-MFS"
10
10
  HMAC_SHA384_MFS = "HMAC-SHA384-MFS"
11
11
  HMAC_SHA512_MFS = "HMAC-SHA512-MFS"
12
- P256 = "ECDSA-P256"
13
- P384 = "ECDSA-P384"
14
- P521 = "ECDSA-P521"
12
+ ECDSA_P256 = "ECDSA-P256"
13
+ ECDSA_P384 = "ECDSA-P384"
14
+ ECDSA_P521 = "ECDSA-P521"
15
15
 
16
16
  def self.all
17
- [HMAC_SHA256_MFS, HMAC_SHA384_MFS, HMAC_SHA512_MFS, P256, P384, P521]
17
+ [HMAC_SHA256_MFS, HMAC_SHA384_MFS, HMAC_SHA512_MFS, ECDSA_P256, ECDSA_P384, ECDSA_P521]
18
18
  end
19
19
  end
20
20
 
data/lib/saro-dat.rb CHANGED
@@ -6,7 +6,7 @@ require_relative 'saro/dat/signature'
6
6
  require_relative 'saro/dat/dat_certificate'
7
7
  require_relative 'saro/dat/dat'
8
8
  require_relative 'saro/dat/dat_manager'
9
- require_relative 'saro/dat/cms_manager'
9
+ require_relative 'saro/dat/dat_cms_manager'
10
10
 
11
11
  module Saro
12
12
  module Dat
data/saro-dat.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |spec|
4
4
  spec.name = "saro-dat"
5
- spec.version = "4.3.0"
5
+ spec.version = "4.3.2"
6
6
  spec.authors = ["marker"]
7
7
  spec.email = ["j@saro.me"]
8
8
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: saro-dat
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.3.0
4
+ version: 4.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - marker
@@ -127,6 +127,7 @@ files:
127
127
  - lib/saro/dat/crypto.rb
128
128
  - lib/saro/dat/dat.rb
129
129
  - lib/saro/dat/dat_certificate.rb
130
+ - lib/saro/dat/dat_cms_manager.rb
130
131
  - lib/saro/dat/dat_manager.rb
131
132
  - lib/saro/dat/signature.rb
132
133
  - lib/saro/dat/util.rb