ssl_gate 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 6249ae8b79002d80de3d5710270887c8894834db
+  data.tar.gz: f3c9e97ddc513d3ebc72306f8c1ab5cca7c32ec6
+SHA512:
+  metadata.gz: 469ccb88950f8402c3d01576e19a02ab7ba720a47177e15c4337a97239c0d8001f407103bce7d8c6c4a819fd03237e2418219659dde972c2e1db514baab7ba8a
+  data.tar.gz: 9d6feea10dc30a8985f36293e314e7a44de9a147cc4c33774c17b1beace980bc36e65186d13c26efe5e68d196d3c2826067d972f62199560da49c1319859906f

data/bin/ssl_gate

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require 'ssl_gate'
+
+SSLGate::Runner.start

data/lib/ssl_gate/base_gate.rb

@@ -0,0 +1,47 @@
+require 'thin'
+require 'em-http'
+
+module SSLGate
+
+  class HTTPServer
+    class << self; attr_accessor :add_ons end
+    @add_ons = []
+
+    attr_reader :config
+    def initialize(config)
+      @config = { signals: false,
+                  # target: 'http://localhost:9000'
+      }.merge config
+    end
+
+    def call(env)
+      r_method = env['REQUEST_METHOD'].downcase.to_sym
+      r_query = env['QUERY_STRING']
+      r_path = env['REQUEST_PATH']
+      # input = env['rack.input'] #StringIO
+      env[:target_request_options] ||= { connect_timeout: 20, inactivity_timeout: 20 }
+
+      puts "head: #{env[:target_get_options][:head] rescue ''}"
+      request = EM::HttpRequest.new @config[:target], env[:target_request_options]
+      http = request.send r_method, (env[:target_get_options] || {}).merge( path: r_path, query: r_query) # body: input
+      puts "#{r_method}: #{r_path} #{r_query}"
+
+      ready = lambda {
+        headers = http.response_header.map{ |key, val| [key.tr('_', '-'), val] }.to_h
+        headers.delete 'TRANSFER-ENCODING'
+        headers.delete 'CONTENT-ENCODING'
+        headers.delete 'CONTENT-LENGTH'
+        puts "OK: #{headers}"
+        env['async.callback'].call [http.response_header.status, headers, [http.response]]
+      }
+      http.callback { ready.call }
+      http.errback { ready.call }
+      throw :async
+    end
+
+    def self.start(config)
+      server = new(config)
+      Thin::Server.start (config[:bind_interface] || '0.0.0.0'), config[:bind_port], server.config, server
+    end
+  end
+end

data/lib/ssl_gate/base_ssl_gate.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/ruby
+require 'thin'
+
+OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_NO_COMPRESSION
+OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers] = 'TLSv1.2:!aNULL:!eNULL'
+OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ssl_version] = 'TLSv1_2'
+
+module SSLGate
+
+  class SSLBackend < ::Thin::Backends::TcpServer
+    def initialize(host, port, options)
+      super(host, port)
+      @ssl = true
+      @ssl_options = options
+    end
+  end
+
+  module SSLBackendAddOn
+    def initialize(config)
+      super config.merge backend: SSLBackend
+      # private_key_file: File.dirname(__FILE__) + "/server.key",
+      # cert_chain_file: File.dirname(__FILE__) + "/server.crt",
+    end
+  end
+
+  HTTPServer.add_ons << SSLBackendAddOn
+end

data/lib/ssl_gate/client_cert.rb

@@ -0,0 +1,12 @@
+module SSLGate
+
+  module ClientCertAddOn
+    def initialize(config)
+      super config.merge verify_peer: true, fail_if_no_peer_cert: true
+      # ca:'ca.crt'
+      # add_cn_header: 'SSL_CLIENT_CN'
+    end
+  end
+
+  HTTPServer.add_ons << ClientCertAddOn
+end

data/lib/ssl_gate/headers_mod.rb

@@ -0,0 +1,27 @@
+module SSLGate
+
+  module HeadersModAddOn
+
+    def call(env)
+      prev = env['async.callback']
+      env['async.callback'] = lambda { |*args|
+        # puts 'I see you'
+        prev.call(*args)
+      }
+      headers = env.select { |k, _v| k.start_with? 'HTTP_' }
+                   .collect { |key, val| [key.sub(/^HTTP_/, '').gsub('_', '-'), val] }
+                   .to_h
+      headers.delete 'HOST'
+      headers.delete 'USER-AGENT'
+      headers['REFERER'].sub! %r{^https?://[^/]+(:\d+)?}, @config[:target] if headers['REFERER']
+      super env
+    end
+
+    def initialize(config)
+      super
+      # subst_host: 'name'
+    end
+  end
+
+  HTTPServer.add_ons << HeadersModAddOn
+end

data/lib/ssl_gate/raw_gate.rb

@@ -0,0 +1,56 @@
+require 'eventmachine'
+
+module SSLGate
+
+  class RawClient < EM::Connection
+    attr_reader :queue
+
+    def initialize(q, parent)
+      set_sock_opt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) # Nagle off
+
+      @parent = parent
+      @queue = q
+
+      cb = proc do |msg|
+        msg ? send_data(msg) : close_connection
+        q.pop(&cb)
+      end
+      q.pop(&cb)
+    end
+
+    def receive_data(data)
+      @parent.send_data data
+    end
+
+    def unbind
+      @parent.close_connection
+    end
+  end
+
+  class RawServer < EM::Connection
+    class << self; attr_accessor :add_ons end
+    @add_ons = []
+
+    def self.start(config)
+      EventMachine.start_server (config[:bind_interface] || '0.0.0.0'), config[:bind_port], self, config
+    end
+
+    def initialize(config)
+      @config = config
+    end
+
+    def post_init
+      @queue = EM::Queue.new
+      uri = URI.parse @config[:target]
+      EM.connect uri.host, uri.port, RawClient, @queue, self
+    end
+
+    def receive_data(data)
+      @queue.push data
+    end
+
+    def unbind
+      @queue.push nil
+    end
+  end
+end

data/lib/ssl_gate/raw_ssl.rb

@@ -0,0 +1,21 @@
+module SSLGate
+  module SSLRawAddOn
+    def post_init
+      super
+      start_tls private_key_file: @config[:private_key_file],
+                cert_chain_file: @config[:cert_chain_file]
+      # verify_peer: true,
+      # fail_if_no_peer_cert: true
+    end
+
+#    def ssl_verify_peer(cert)
+#      true
+#    end
+
+    def ssl_handshake_completed
+      $server_handshake_completed = true
+    end
+  end
+
+  RawServer.add_ons << SSLRawAddOn
+end

data/lib/ssl_gate/runner.rb

@@ -0,0 +1,29 @@
+require 'yaml'
+
+module SSLGate
+  # CLI runner.
+  class Runner
+
+    def self.symbolize_keys(hash)
+      hash.each_with_object({}) do |(key, value), result|
+        new_key = key.is_a?(String) ? key.to_sym : key
+        new_value = value.is_a?(Hash) ? symbolize_keys(value) : value
+        result[new_key] = new_value
+        result
+      end
+    end
+
+    def self.start
+      config = symbolize_keys YAML.load_file('SSLGate')
+
+      EventMachine.run do
+        Signal.trap('INT')  { EM.stop if EM.reactor_running? }
+        Signal.trap('TERM') { EM.stop if EM.reactor_running? }
+
+        SSLGate.factory config
+      end
+    rescue => e
+      STDERR.puts e.message
+    end
+  end
+end

data/lib/ssl_gate.rb

@@ -0,0 +1,35 @@
+require_relative 'ssl_gate/raw_gate'
+require_relative 'ssl_gate/raw_ssl'
+
+require_relative 'ssl_gate/base_gate'
+require_relative 'ssl_gate/base_ssl_gate'
+require_relative 'ssl_gate/headers_mod'
+#require_relative 'ssl_gate/client_cert'
+require_relative 'ssl_gate/runner'
+
+module SSLGate
+  class RawServerAll < RawServer
+    RawServer.add_ons.each { |add_on|
+      puts "Include server add-on: #{add_on}"
+      prepend add_on
+    }
+  end
+
+  class HTTPServerAll < HTTPServer
+    HTTPServer.add_ons.each { |add_on|
+      puts "Include server add-on: #{add_on}"
+      prepend add_on
+    }
+  end
+
+  def self.factory(config)
+    config.each do |key, conf|
+      case key.to_s
+      when 'http' then HTTPServerAll.start conf
+      when 'tcp' then RawServerAll.start conf
+      else STDERR.puts "Unknown gate type: #{key}"
+      end
+    end
+  end
+end
+

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: ssl_gate
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Artyom B
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-03-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: em-http-request
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: eventmachine
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: thin
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ''
+email: author@email.address
+executables:
+- ssl_gate
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/ssl_gate
+- lib/ssl_gate.rb
+- lib/ssl_gate/base_gate.rb
+- lib/ssl_gate/base_ssl_gate.rb
+- lib/ssl_gate/client_cert.rb
+- lib/ssl_gate/headers_mod.rb
+- lib/ssl_gate/raw_gate.rb
+- lib/ssl_gate/raw_ssl.rb
+- lib/ssl_gate/runner.rb
+homepage: http://rubygems.org/gems/ssl_gate
+licenses:
+- Nonstandard
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.14
+signing_key: 
+specification_version: 4
+summary: SSL Proxy
+test_files: []